docs: update ARCHITECTURE.md, ARCHITECTURAL_ANALYSIS.md, and skill file with Tier 1-4 changes

docs/ARCHITECTURE.md

@@ -125,7 +125,9 @@ database.py       ← Engine + session management (lazy initialization)
 | `score_cache` | In-memory TTL cache (5 min) for expensive score/metric calculations |
 | `operational_metrics_service` | MTTD, MTTR, detection efficacy, alert fidelity, coverage velocity |
 | `metrics_query_service` | Dashboard aggregation queries |
-| `snapshot_service` | Coverage snapshot creation, temporal comparison, cleanup |
+| `advanced_metrics_service` | Coverage by tactic, never-tested, avg validation time, detection trends |
+| `analytics_service` | BI-ready flat datasets (coverage, tests, trends, operators) |
+| `snapshot_service` | Coverage snapshot CRUD, temporal comparison, cleanup |
 | `campaign_crud_service` | Campaign CRUD, lifecycle, scheduling |
 | `campaign_service` | Campaign progress tracking, circular dependency prevention |
 | `campaign_scheduler_service` | Recurring campaign execution (clone + schedule next run) |
@@ -136,11 +138,17 @@ database.py       ← Engine + session management (lazy initialization)
 | `threat_actor_service` | Threat actor queries, coverage, gap analysis |
 | `evidence_service` | Evidence permission validation and queries |
 | `heatmap_service` | ATT&CK Navigator layer generation |
+| `test_template_service` | Test template CRUD, stats, bulk-activate, filtered queries |
+| `auth_service` | Credential validation, password management |
 | `user_service` | User CRUD, role validation, password hashing |
 | `audit_query_service` | Paginated audit log queries and distinct lookups |
 | `audit_service` | Immutable audit trail logging (write-only) |
 | `data_source_service` | Data source CRUD, sync dispatch, statistics |
-| `notification_service` | In-app notification CRUD and state-change alerts |
+| `notification_service` | In-app notification CRUD, state-change alerts, role-based dispatch |
+| `technique_query_service` | Technique detail queries with test/D3FEND aggregation |
+| `d3fend_query_service` | D3FEND defensive technique listing and tactic queries |
+| `osint_enrichment_service` | OSINT item queries, enrichment, summary statistics |
+| `worklog_service` | Worklog CRUD, integrity verification |
 | `intel_service` | RSS-based threat intelligence scanning |
 
 #### Import Services (all satisfy `ImportService` protocol)
@@ -164,7 +172,8 @@ domain/
 ├── entities/              # Rich domain entities with business logic
 │   ├── technique.py       # TechniqueEntity with status recalculation
 │   ├── campaign.py        # CampaignEntity with lifecycle state machine
-│   └── compliance.py      # ComplianceFrameworkEntity with coverage calculation
+│   ├── compliance.py      # ComplianceFrameworkEntity with coverage calculation
+│   └── threat_actor.py    # ThreatActorEntity with coverage analysis
 ├── value_objects/          # Immutable value types
 │   ├── mitre_id.py        # MITRE ATT&CK ID validation
 │   └── scoring_weights.py # Scoring weights (sum=100, non-negative)