docs: update ARCHITECTURE.md and ARCHITECTURAL_ANALYSIS.md to reflect all low-priority items completed (LP-8)

docs/ARCHITECTURE.md

@@ -114,18 +114,39 @@ database.py       ← Engine + session management (lazy initialization)
 
 ### Services
 
+#### Business Logic Services
+
 | Service | Responsibility |
 |---------|---------------|
 | `test_workflow_service` | Test state machine (draft → validated/rejected) with dual validation |
+| `test_crud_service` | Test CRUD, query logic, permission validation |
 | `scoring_service` | 0–100 scoring for techniques, tactics, actors, organization |
+| `scoring_config_service` | DB-persisted scoring weights with validation |
 | `score_cache` | In-memory TTL cache (5 min) for expensive score/metric calculations |
 | `operational_metrics_service` | MTTD, MTTR, detection efficacy, alert fidelity, coverage velocity |
+| `metrics_query_service` | Dashboard aggregation queries |
 | `snapshot_service` | Coverage snapshot creation, temporal comparison, cleanup |
-| `campaign_service` | Campaign CRUD, progress tracking, circular dependency prevention |
+| `campaign_crud_service` | Campaign CRUD, lifecycle, scheduling |
+| `campaign_service` | Campaign progress tracking, circular dependency prevention |
 | `campaign_scheduler_service` | Recurring campaign execution (clone + schedule next run) |
 | `status_service` | Technique status recalculation from test results |
+| `coverage_report_service` | Coverage report generation and CSV export |
+| `compliance_service` | Compliance framework analysis and gap detection |
+| `detection_rule_service` | Detection rule queries, auto-association, evaluation |
+| `threat_actor_service` | Threat actor queries, coverage, gap analysis |
+| `evidence_service` | Evidence permission validation and queries |
+| `heatmap_service` | ATT&CK Navigator layer generation |
+| `user_service` | User CRUD, role validation, password hashing |
+| `audit_query_service` | Paginated audit log queries and distinct lookups |
+| `audit_service` | Immutable audit trail logging (write-only) |
+| `data_source_service` | Data source CRUD, sync dispatch, statistics |
 | `notification_service` | In-app notification CRUD and state-change alerts |
-| `audit_service` | Immutable audit trail logging |
+| `intel_service` | RSS-based threat intelligence scanning |
+
+#### Import Services (all satisfy `ImportService` protocol)
+
+| Service | Responsibility |
+|---------|---------------|
 | `mitre_sync_service` | MITRE ATT&CK sync via TAXII 2.0 / GitHub fallback |
 | `atomic_import_service` | Atomic Red Team template import from GitHub |
 | `sigma_import_service` | SigmaHQ detection rule import |
@@ -135,7 +156,26 @@ database.py       ← Engine + session management (lazy initialization)
 | `d3fend_import_service` | MITRE D3FEND defensive technique import |
 | `threat_actor_import_service` | MITRE CTI threat actor import (STIX) |
 | `compliance_import_service` | NIST 800-53 ↔ ATT&CK mapping import |
-| `intel_service` | RSS-based threat intelligence scanning |
+
+### Domain Layer
+
+```
+domain/
+├── entities/              # Rich domain entities with business logic
+│   ├── technique.py       # TechniqueEntity with status recalculation
+│   ├── campaign.py        # CampaignEntity with lifecycle state machine
+│   └── compliance.py      # ComplianceFrameworkEntity with coverage calculation
+├── value_objects/          # Immutable value types
+│   ├── mitre_id.py        # MITRE ATT&CK ID validation
+│   └── scoring_weights.py # Scoring weights (sum=100, non-negative)
+├── ports/                  # Interfaces (Protocol contracts)
+│   ├── repositories/      # TechniqueRepository, TestRepository
+│   └── import_service.py  # ImportService protocol + IMPORT_REGISTRY
+├── errors.py              # Domain exceptions (EntityNotFoundError, etc.)
+├── enums.py               # TestState, TechniqueStatus, TestResult
+├── test_entity.py         # TestEntity with state machine + domain events
+└── unit_of_work.py        # UnitOfWork context manager
+```
 
 ### Scheduled Jobs (APScheduler)