diff --git a/workplans/NK-WP-0002-local-identity.md b/workplans/NK-WP-0002-local-identity.md
index 7b25245..96beec1 100644
--- a/workplans/NK-WP-0002-local-identity.md
+++ b/workplans/NK-WP-0002-local-identity.md
@@ -73,8 +73,9 @@ it operates entirely at the filesystem level, pre-cluster. This is by design.
 ```task
 id: NK-WP-0002-T01
 state_hub_task_id: 656652dd-05af-4fa4-95b2-17ce029ac7bd
-status: todo
+status: done
 priority: high
+commit: 4491bea
 ```
 
 Define YAML user schema (`schema_version`, `username`, `fullname`, `email`,
@@ -221,7 +222,7 @@ expiry and revocation functional.
 
 ## Deliverables Checklist
 
-- [ ] `~/.local-identity/` store initialised from Linux identity; test users generated
+- [x] `~/.local-identity/` store initialised from Linux identity; test users generated
 - [ ] `local-identity list / show / export` working; Keycloak export validated
 - [ ] Minimal OIDC server passes conformance smoke test; binds localhost only
 - [ ] Filesystem permissions enforced on startup; `security-check` passes