# Aegis — Architectural Refactoring Task Tracker

## Tier 1 — Quick Wins

- [ ] QW-1: Wire existing repos into `techniques.py` router
- [ ] QW-2: Fix `audit_service` to follow UoW (no direct `db.commit()`)
- [ ] QW-3: Consolidate `status_service` with `TechniqueEntity.recalculate_status()`
- [ ] QW-4: Remove remaining `HTTPException` from services

## Tier 2 — Service Extraction (fat routers → thin routers + services)

- [ ] SE-1: Extract reports service from `reports.py`
- [ ] SE-2: Extract metrics service from `metrics.py`
- [ ] SE-3: Extract compliance service from `compliance.py`
- [ ] SE-4: Extract detection_rules service from `detection_rules.py`
- [ ] SE-5: Extract threat_actors service from `threat_actors.py`

## Tier 3 — Architectural Fixes

- [ ] AF-1: Persist scoring weights in DB (replace mutable `settings`)
- [ ] AF-2: Slim `tests.py` router (CRUD to repo/service)
- [ ] AF-3: Slim `evidence.py` router (permissions to domain)
- [ ] AF-4: Slim `campaigns.py` router (CRUD to service)

## Tier 4 — Polish

- [ ] P-1: Structured JSON logging
- [ ] P-2: Create architecture skill file for future agents

## Completed (prior sessions)

- [x] Domain exceptions hierarchy (domain/errors.py)
- [x] TestEntity with state machine (domain/test_entity.py)
- [x] TechniqueEntity (domain/entities/technique.py)
- [x] Value objects: MitreId, ScoringWeights
- [x] Unit of Work (domain/unit_of_work.py)
- [x] Error handler middleware (middleware/error_handler.py)
- [x] Redis-backed token blacklist (auth.py)
- [x] CI pipeline (.github/workflows/ci.yml)
- [x] Heatmap service extracted (services/heatmap_service.py)
- [x] Scoring bulk queries (bulk_technique_scores)
- [x] Repository ports + implementations (Technique, Test)
- [x] Agent validation script (scripts/agent_validate_backend.sh)