diff --git a/docs/gitea-issues.md b/docs/gitea-issues.md
index 17a4431..c880ee3 100644
--- a/docs/gitea-issues.md
+++ b/docs/gitea-issues.md
@@ -47,3 +47,19 @@
 33. Add README setup instructions
 34. Add architecture documentation
 35. Add security documentation
+
+## Current Implementation Snapshot
+
+Completed in the initial scaffold:
+
+- Repository structure, Docker Compose development stack, README, and docs.
+- FastAPI backend skeleton with auth, roles, database models, and Alembic migration.
+- React frontend skeleton with authenticated layout.
+- Worker skeleton with working HTTP website monitor polling.
+- Website monitor create/edit/delete UI.
+- Basic alert evaluation, incidents, acknowledge, and silence actions.
+- Generic webhook, Mattermost, and Zoom Team Chat channel foundations.
+- Encrypted webhook URL storage.
+- Configurable notification post username.
+
+Recommended next Gitea issues are listed in [progress.md](progress.md).
diff --git a/docs/progress.md b/docs/progress.md
new file mode 100644
index 0000000..cd7ccd3
--- /dev/null
+++ b/docs/progress.md
@@ -0,0 +1,78 @@
+# InfraPulse Progress
+
+Last updated: 2026-05-22
+
+## Current State
+
+InfraPulse has a working Docker Compose development stack with PostgreSQL, Redis, FastAPI backend, Python worker, and React/Vite frontend.
+
+Implemented foundation:
+
+- Monorepo layout, README, MIT license, Dockerfiles, Compose files, helper scripts, and initial docs.
+- FastAPI backend with health endpoint, JWT login, local initial owner bootstrap, and role checks.
+- SQLAlchemy models and Alembic initial migration for users, assets, credentials, monitors, check results, metrics, alert rules, incidents, notification channels, and audit events.
+- React frontend with login, authenticated shell, dashboard, assets, websites, alerts, notifications, and placeholder admin/discovery/graphs/credentials pages.
+- Worker process that polls HTTP website monitors, records check results, updates monitor/asset status, opens incidents, resolves incidents on recovery, and sends webhook notifications.
+
+Implemented website-monitor slice:
+
+- Create, edit, delete website monitors from the UI.
+- HTTP status and expected-text checks.
+- Monitor status and recent incident visibility on dashboard.
+- Basic alert rules created with website monitors.
+- Incidents can be acknowledged and silenced from the UI.
+- Deleting a monitor resolves any open incidents tied to that monitor.
+
+Implemented notification slice:
+
+- Create, edit, test, and delete notification channels from the UI.
+- Generic webhook, Mattermost, and Zoom Team Chat channel types.
+- Webhook URLs encrypted at rest using `INFRAPULSE_SECRET_KEY`.
+- Saved webhook URLs are not returned to the UI.
+- Configurable post username per notification channel.
+- Worker sends incident open and recovery notifications.
+- Notification state/history is stored in incident details to avoid duplicate sends.
+
+## Known Gaps
+
+- Credential vault UI and real credential encryption workflows are not complete.
+- Audit logging tables exist, but events are not consistently written yet.
+- User management UI is not implemented.
+- Role management is basic and needs full admin flows.
+- Alert rule editing UI is not implemented.
+- Notification routing/policies are not implemented; all enabled webhook channels receive incident notifications.
+- Email/SMTP notifications are not implemented yet.
+- TLS certificate expiry checks are not implemented yet.
+- Ping and TCP checks are not implemented yet.
+- Graphing exists only as placeholders; metric visualization is not implemented.
+- Worker scheduling is simple polling, not a Redis queue yet.
+- Tests are still minimal and need meaningful backend/worker/frontend coverage.
+- Production deployment hardening is not done.
+
+## Recommended Next Work
+
+1. Add TLS certificate expiry monitor support.
+2. Add ping and TCP port monitors.
+3. Add alert rule editing UI and richer alert conditions.
+4. Add notification policy/routing controls.
+5. Add email/SMTP notification channel.
+6. Add audit event writes for auth, monitor, credential, notification, and incident actions.
+7. Build credential vault UI with masked secret handling.
+8. Add user administration UI.
+9. Add graphs for website response time and monitor status history.
+10. Add backend and worker tests for the website-monitor and notification flows.
+
+## Operational Notes
+
+Development URLs:
+
+- Frontend: `http://localhost:5173`
+- Backend API: `http://localhost:8000`
+- API docs: `http://localhost:8000/docs`
+
+Default local login comes from `.env`:
+
+- `INITIAL_ADMIN_EMAIL=admin@example.com`
+- `INITIAL_ADMIN_PASSWORD=change-me`
+
+Change these values before using InfraPulse outside local development.