Aegis/tasks/todo.md

# Aegis — Architectural Refactoring Task Tracker

## Tier 1 — Quick Wins

- [x] QW-1: Wire existing repos into `techniques.py` router
- [~] QW-2: Fix `audit_service` to follow UoW — deferred, resolves naturally as routers adopt UoW
- [x] QW-3: Consolidate `status_service` with `TechniqueEntity.recalculate_status()`
- [x] QW-4: Remove remaining `HTTPException` from services — already resolved

## Tier 2 — Service Extraction (fat routers → thin routers + services)

- [x] SE-1: Extract reports service → `coverage_report_service.py`
- [x] SE-2: Extract metrics service → `metrics_query_service.py`
- [x] SE-3: Extract compliance service → `compliance_service.py`
- [x] SE-4: Extract detection_rules service → `detection_rule_service.py`
- [x] SE-5: Extract threat_actors service → `threat_actor_service.py`

## Tier 3 — Architectural Fixes

- [x] AF-1: Persist scoring weights in DB → `scoring_config` table + `scoring_config_service.py`
- [x] AF-2: Slim `tests.py` router → `test_crud_service.py`
- [x] AF-3: Slim `evidence.py` router → `evidence_service.py`
- [x] AF-4: Slim `campaigns.py` router → `campaign_crud_service.py`

## Tier 4 — Polish

- [x] P-1: Structured JSON logging → `logging_config.py`
- [x] P-2: Create architecture skill file → `~/.cursor/skills/aegis-architecture/SKILL.md`

## Completed (prior sessions)

- [x] Domain exceptions hierarchy (domain/errors.py)
- [x] TestEntity with state machine (domain/test_entity.py)
- [x] TechniqueEntity (domain/entities/technique.py)
- [x] Value objects: MitreId, ScoringWeights
- [x] Unit of Work (domain/unit_of_work.py)
- [x] Error handler middleware (middleware/error_handler.py)
- [x] Redis-backed token blacklist (auth.py)
- [x] CI pipeline (.github/workflows/ci.yml)
- [x] Heatmap service extracted (services/heatmap_service.py)
- [x] Scoring bulk queries (bulk_technique_scores)
- [x] Repository ports + implementations (Technique, Test)
- [x] Agent validation script (scripts/agent_validate_backend.sh)