diff --git a/tasks/todo.md b/tasks/todo.md
index 29adc67..6999104 100644
--- a/tasks/todo.md
+++ b/tasks/todo.md
@@ -2,30 +2,30 @@
 
 ## Tier 1 — Quick Wins
 
-- [ ] QW-1: Wire existing repos into `techniques.py` router
-- [ ] QW-2: Fix `audit_service` to follow UoW (no direct `db.commit()`)
-- [ ] QW-3: Consolidate `status_service` with `TechniqueEntity.recalculate_status()`
-- [ ] QW-4: Remove remaining `HTTPException` from services
+- [x] QW-1: Wire existing repos into `techniques.py` router
+- [~] QW-2: Fix `audit_service` to follow UoW — deferred, resolves naturally as routers adopt UoW
+- [x] QW-3: Consolidate `status_service` with `TechniqueEntity.recalculate_status()`
+- [x] QW-4: Remove remaining `HTTPException` from services — already resolved
 
 ## Tier 2 — Service Extraction (fat routers → thin routers + services)
 
-- [ ] SE-1: Extract reports service from `reports.py`
-- [ ] SE-2: Extract metrics service from `metrics.py`
-- [ ] SE-3: Extract compliance service from `compliance.py`
-- [ ] SE-4: Extract detection_rules service from `detection_rules.py`
-- [ ] SE-5: Extract threat_actors service from `threat_actors.py`
+- [x] SE-1: Extract reports service → `coverage_report_service.py`
+- [x] SE-2: Extract metrics service → `metrics_query_service.py`
+- [x] SE-3: Extract compliance service → `compliance_service.py`
+- [x] SE-4: Extract detection_rules service → `detection_rule_service.py`
+- [x] SE-5: Extract threat_actors service → `threat_actor_service.py`
 
 ## Tier 3 — Architectural Fixes
 
-- [ ] AF-1: Persist scoring weights in DB (replace mutable `settings`)
-- [ ] AF-2: Slim `tests.py` router (CRUD to repo/service)
-- [ ] AF-3: Slim `evidence.py` router (permissions to domain)
-- [ ] AF-4: Slim `campaigns.py` router (CRUD to service)
+- [x] AF-1: Persist scoring weights in DB → `scoring_config` table + `scoring_config_service.py`
+- [x] AF-2: Slim `tests.py` router → `test_crud_service.py`
+- [x] AF-3: Slim `evidence.py` router → `evidence_service.py`
+- [x] AF-4: Slim `campaigns.py` router → `campaign_crud_service.py`
 
 ## Tier 4 — Polish
 
-- [ ] P-1: Structured JSON logging
-- [ ] P-2: Create architecture skill file for future agents
+- [x] P-1: Structured JSON logging → `logging_config.py`
+- [x] P-2: Create architecture skill file → `~/.cursor/skills/aegis-architecture/SKILL.md`
 
 ## Completed (prior sessions)