diff --git a/Setup.md b/Setup.md
index 29fa5a2..a97f2d9 100644
--- a/Setup.md
+++ b/Setup.md
@@ -115,9 +115,20 @@ Thread-safety expectation:
 
 ## Current Status Snapshot (2026-04-24)
 
-- Python is available: `Python 3.13.12`.
-- `python3 fido2_probe.py --list` runs, but returns: `No CTAP HID devices found.`
-- No HID raw device nodes currently visible: `no hidraw devices visible`.
+- AppVM OS version is confirmed: Debian `13.4` (`k_server`, and same on `k_client`/`k_proxy`).
+- Python in AppVMs is available: `Python 3.13.5`.
+- `python3 /home/user/chromecard/fido2_probe.py --list` in `k_proxy` now detects ChromeCard on `/dev/hidraw0` (`vid:pid=4617:5`).
+- HID raw device nodes are now visible in `k_proxy`:
+  - `/dev/hidraw0` -> `crw-rw----+`
+  - `/dev/hidraw1` -> `crw-------`
+- `python3 /home/user/chromecard/fido2_probe.py --json` succeeds and returns CTAP2 `getInfo`:
+  - versions: `["FIDO_2_0"]`
+  - aaguid: `1234567890abcdef0123456789abcdef`
+  - options: `rk=false`, `up=true`, `uv=true`
+  - max_msg_size: `1024`
+- Local WebAuthn demo (`http://localhost:8765` in `k_proxy`) succeeded:
+  - register: `ok=true`, `username=alice`, `credential_count=1`
+  - login/auth: `ok=true`, `username=alice`, `authenticated=true`
 - `west` is not currently installed/in PATH: `west not found`.
 - The checked-out `CR_SDK_CK-main` tree appears incomplete for documented sysbuild role layout:
   - missing: `mvp`, `setup`, `components`, `samples`
@@ -126,7 +137,8 @@ Thread-safety expectation:
 - Qubes AppVM baseline is now up: `k_client`, `k_proxy`, `k_server` can start and have terminals running.
 
 Implication:
-- We cannot currently confirm live FIDO2 connectivity from this host.
+- Live FIDO2 connectivity from `k_proxy` to ChromeCard is confirmed over USB HID/CTAPHID.
+- Local browser WebAuthn register/login flow is confirmed working in `k_proxy`.
 - We cannot currently run the documented firmware build/flash flow.
 
 Session note (2026-04-24):
@@ -134,6 +146,10 @@ Session note (2026-04-24):
 - AppVM template decision recorded: use `debian-13-xfce` for `k_client`, `k_proxy`, and `k_server`.
 - VM start attempt failed with Xen toolstack error: `libxenlight have failed to create new domain 'k_client'`.
 - VM start blocker was resolved by reducing VM memory to `400` MiB; all three AppVMs now start.
+- Runtime check from VMs: Debian `13.4` and Python `3.13.5`; `k_proxy` still shows `no hidraw devices`.
+- After USB assignment to `k_proxy`, `/dev/hidraw0` and `/dev/hidraw1` appeared.
+- CTAP probe re-run succeeded with detected ChromeCard device and valid CTAP2 `getInfo` response.
+- Local WebAuthn demo completed successfully for user `alice` (register + login).
 
 ## Known FIDO2 Transport Boundary
 
diff --git a/Workplan.md b/Workplan.md
index 1d18c43..0c3e3b8 100644
--- a/Workplan.md
+++ b/Workplan.md
@@ -129,6 +129,11 @@ Exit criteria:
 Exit criteria:
 - Register and login both complete with card interaction prompts.
 
+Status (2026-04-24):
+- Completed in `k_proxy` using `http://localhost:8765`.
+- Registration result: `ok=true`, `username=alice`, `credential_count=1`.
+- Authentication result: `ok=true`, `username=alice`, `authenticated=true`.
+
 ## Phase 5: Implement Proxy Auth + Session Reuse
 
 1. Authenticate via card once per session window.