diff --git a/docs/work/2026-05-14-ci-security-and-supply-chain/02-socket-integration/_story.md b/docs/work/2026-05-14-ci-security-and-supply-chain/02-socket-integration/_story.md
index da95798..6c6046a 100644
--- a/docs/work/2026-05-14-ci-security-and-supply-chain/02-socket-integration/_story.md
+++ b/docs/work/2026-05-14-ci-security-and-supply-chain/02-socket-integration/_story.md
@@ -3,7 +3,7 @@ id: 02-socket-integration
 epic: 2026-05-14-ci-security-and-supply-chain
 title: Socket integration (skill + CI)
 type: technical-story
-status: in-progress
+status: done
 feature: tooling
 depends-on: [01-trace-schema-extensions]
 blocks: [08-reviewer-prompt-update]
@@ -42,4 +42,4 @@ CVE databases are lagging indicators — `event-stream`, `ua-parser-js`, and `tj
 ## Tasks
 
 - [x] Add `.socket.json` at repo root and extend `.claude/skills/evaluate-library/SKILL.md` with a "Filter 9 — Supply-chain behavior (Socket)" section: position Socket after cheap filters, document `socket-cli` as the verification command, specify how `clean`/`flagged`/`<finding-summary>` maps to the trace's `socket-risk` field; one commit, all gates pass.
-- [ ] Add a `socket-cli scan` step to `ci.yml`'s `validate` job, scoped to PRs touching `package.json` or `pnpm-lock.yaml` via a `paths:` condition; step exits non-zero on any `critical` finding; one commit, all gates pass.
+- [x] Add a `socket-cli scan` step to `ci.yml`'s `validate` job, scoped to PRs touching `package.json` or `pnpm-lock.yaml` via a `paths:` condition; step exits non-zero on any `critical` finding; one commit, all gates pass.
diff --git a/docs/work/_state.json b/docs/work/_state.json
index da09b1a..a446599 100644
--- a/docs/work/_state.json
+++ b/docs/work/_state.json
@@ -1,5 +1,5 @@
 {
-  "updated_at": "2026-05-14T17:11:35.212Z",
+  "updated_at": "2026-05-14T17:16:32.410Z",
   "epics": {
     "2026-05-13-binder-wrap-helper": {
       "status": "done",
@@ -53,10 +53,10 @@
           "blocks": []
         },
         "02-socket-integration": {
-          "status": "in-progress",
+          "status": "done",
           "title": "Socket integration (skill + CI)",
           "ac_total": 2,
-          "ac_completed": 1,
+          "ac_completed": 2,
           "depends_on": [
             "01-trace-schema-extensions"
           ],
@@ -258,11 +258,6 @@
     }
   },
   "ready": [
-    {
-      "epic": "2026-05-14-ci-security-and-supply-chain",
-      "story": "02-socket-integration",
-      "title": "Socket integration (skill + CI)"
-    },
     {
       "epic": "2026-05-14-ci-security-and-supply-chain",
       "story": "03-renovate-adoption",
@@ -303,7 +298,6 @@
       "story": "08-reviewer-prompt-update",
       "title": "Sandcastle reviewer prompt update",
       "waiting_on": [
-        "2026-05-14-ci-security-and-supply-chain/02-socket-integration",
         "2026-05-14-ci-security-and-supply-chain/06-codeql-and-audit-signatures"
       ]
     }