diff --git a/docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md b/docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md
index 22d11f431..e8d8c7c1f 100644
--- a/docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md
+++ b/docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md
@@ -235,7 +235,7 @@ Completion criteria:
 - [ ] Retention status visible on dashboard overview tab
 
 ### AUDIT-007 - AuditPack export from unified store
-Status: TODO
+Status: DOING
 Dependency: AUDIT-001, AUDIT-002
 Owners: Developer (backend)
 Task description:
@@ -244,9 +244,9 @@ Task description:
 - Add DSSE signature on audit bundle manifests via Attestor integration.
 
 Completion criteria:
-- [ ] Audit bundle export pulls from unified Timeline store
-- [ ] Bundle includes chain verification certificate
-- [ ] Bundle manifest is DSSE-signed
+- [x] Audit bundle export pulls from unified Timeline store — `ITimelineAuditSource` + `HttpTimelineAuditSource` pull unified events from Timeline's `/api/v1/audit/events` with pagination and a MaxPages guardrail; `AuditBundleJobHandler` writes the events to `audit/events.ndjson` as an AUDIT_EVENTS artifact when the new `AuditBundleContentSelection.AuditEvents` flag is set.
+- [x] Bundle includes chain verification certificate — `ITimelineAuditSource.GetChainProofAsync` pulls `/api/v1/audit/verify-chain` per bundle and writes it as an `audit/chain-proof.json` AUDIT_CHAIN_PROOF artifact, independent of whether events were actually present in the window.
+- [ ] Bundle manifest is DSSE-signed — deferred: requires cross-service Signer handshake and manifest canonicalization separate from event export; tracked as follow-up.
 
 ## Execution Log
 | Date (UTC) | Update | Owner |