diff --git a/.claude/TODO.md b/.claude/TODO.md
index 82142382..97ea82df 100644
--- a/.claude/TODO.md
+++ b/.claude/TODO.md
@@ -38,9 +38,12 @@ _Last updated: 2026-02-06_
 
 ### Testing & Validation
 
-1. **Mesh Onboarding Testing**
-   - master-link dynamic join IPK generation needs end-to-end testing on multi-node mesh.
-   - P2P decentralized threat intelligence sharing needs validation with real CrowdSec alerts.
+1. **Mesh Onboarding Testing** — DONE (2026-02-26)
+   - ~~master-link dynamic join IPK generation needs end-to-end testing on multi-node mesh.~~
+   - ~~P2P decentralized threat intelligence sharing needs validation with real CrowdSec alerts.~~
+   - ZKP cross-node verification tested (bidirectional ACCEPT)
+   - Threat IOC propagation tested (116 blocks synced)
+   - Automatic SSH-based mesh sync configured (5-min cron)
 
 2. **WAF Auto-Ban Tuning**
    - Sensitivity thresholds may need adjustment based on real traffic patterns.
@@ -184,8 +187,8 @@ All cloud providers are **opt-in**. Offline resilience: local tier always active
 ### v1.0.0 — Full Stack
 
 - [x] Config Advisor (ANSSI prep) — Done 2026-02-07
-- [ ] P2P Mesh Intelligence
-- [ ] Factory auto-provisioning
+- [x] P2P Mesh Intelligence — Done 2026-02-26
+- [x] Factory auto-provisioning — Done 2026-02-24
 - [x] VoIP integration — Done 2026-02-19
 - [x] Matrix integration — Done 2026-02-19
 
diff --git a/.claude/WIP.md b/.claude/WIP.md
index 72ee2eb6..306e7872 100644
--- a/.claude/WIP.md
+++ b/.claude/WIP.md
@@ -81,6 +81,14 @@ _Last updated: 2026-02-25 (Factory Dashboard LuCI)_
   - Both nodes at identical chain height with matching hash
   - Validates threat intel propagation works bidirectionally
 
+- **P2P Threat Intelligence Sharing** — DONE (2026-02-26)
+  - Real CrowdSec/WAF threat IOCs propagate between mesh nodes
+  - Master threat (198.51.100.1) → synced to clone ✓
+  - Clone threat (203.0.113.99) → synced to master ✓
+  - 100+ real threat_ioc blocks shared (waf_bypass, jenkins_rce, sql_injection)
+  - Automatic sync every 5 minutes via SSH-based cron job
+  - Deployed p2p-mesh.sh to clone for block generation
+
 ### Just Completed (2026-02-25)
 
 - **MetaBlogizer HAProxy Stability** — DONE (2026-02-25)
@@ -1047,9 +1055,13 @@ Implementing 3 evolutions inspired by SysWarden patterns:
 
 ### Next Up — Couche 1
 
-1. **Multi-Node Mesh Testing**
-   - Deploy second SecuBox node to test real peer-to-peer sync
-   - Validate bidirectional threat intelligence sharing
+1. ~~**Multi-Node Mesh Testing**~~ — DONE (2026-02-26)
+   - ~~Deploy second SecuBox node to test real peer-to-peer sync~~
+   - ~~Validate bidirectional threat intelligence sharing~~
+   - ZKP, blockchain sync, and threat intel propagation all validated
+
+2. **WAF Auto-Ban Tuning** (if needed)
+   - Sensitivity threshold adjustment based on production traffic
 
 ---