[AZ-529] [AZ-530] Cycle-2 documentation refresh

Refreshes _docs/02_document/ to reflect the cycle-2 auth-modernization
+ CMMC hardening landings (AZ-531..AZ-538). Authoritative source for
the ripple set is ripple_log_cycle2.md.

Covered:
- architecture.md (section 1 rewritten, ADRs 6-9 added)
- data_model.md (sessions, audit_events, user columns, migrations)
- system-flows.md (F1 rewritten; F11-F17 added; F2/F7/F9 minor)
- module-layout.md (cycle-2 sub-component table)
- diagrams/flows/flow_login.md (dual-token + MFA)
- components/{01_data_layer,03_auth_and_security,05_admin_api}
- modules/ (12 new, 8 modified — full Argon2id/ES256/MFA/refresh
  /mission/session/audit/jwks rollup)
- tests/{blackbox,security,traceability-matrix}

Step 13 (Update Docs) output for cycle 2.

Co-authored-by: Cursor <cursoragent@cursor.com>

_docs/02_document/modules/common_database_azaion_db.md

@@ -3,34 +3,42 @@
 ## Purpose
 linq2db `DataConnection` subclass representing the application's database context.
 
+> **Cycle 1 (2026-05-13)** — `DetectionClasses` ITable added (AZ-513).
+>
+> **Cycle 2 (2026-05-14)** — `AuditEvents` ITable added (AZ-537+534), `Sessions` ITable added (AZ-531+535+533+534).
+
 ## Public Interface
 
 | Member | Type | Description |
 |--------|------|-------------|
 | Constructor | `AzaionDb(DataOptions dataOptions)` | Initializes connection with pre-configured options |
-| `Users` | `ITable<User>` | Typed table accessor for the `users` table |
+| `Users` | `ITable<User>` | Typed accessor for `public.users` |
+| `DetectionClasses` | `ITable<DetectionClass>` | Typed accessor for `public.detection_classes` |
+| `AuditEvents` | `ITable<AuditEvent>` | **AZ-537+534** — typed accessor for `public.audit_events` |
+| `Sessions` | `ITable<Session>` | **AZ-531+535+533+534** — typed accessor for `public.sessions` (one row per refresh-token rotation; mission tokens live here too) |
 
 ## Internal Logic
-Delegates all connection management to the base `DataConnection` class. `Users` property calls `this.GetTable<User>()`.
+Delegates all connection management to the base `DataConnection` class. Each property calls `this.GetTable<T>()`. The actual column mapping and conversions live in `AzaionDbShemaHolder`.
 
 ## Dependencies
-- `User` entity
+- `User`, `DetectionClass`, `AuditEvent`, `Session` entities
 - linq2db (`LinqToDB.Data.DataConnection`, `LinqToDB.ITable<T>`)
 
 ## Consumers
-- `DbFactory` — creates `AzaionDb` instances inside `Run`/`RunAdmin` methods
+- `DbFactory` — creates `AzaionDb` instances inside `Run`/`RunAdmin`
+- `UserService`, `DetectionClassService`, `RefreshTokenService`, `SessionService`, `MissionTokenService`, `MfaService`, `AuditLog` — all consume the ITables via `IDbFactory.Run`/`RunAdmin` lambdas
 
 ## Data Models
-Provides access to the `users` table.
+Provides access to four tables: `users`, `detection_classes`, `audit_events`, `sessions`.
 
 ## Configuration
-Receives `DataOptions` (containing connection string + mapping schema) from `DbFactory`.
+Receives `DataOptions` (containing connection string + mapping schema) from `DbFactory`. The schema instance is shared between read and write `DataOptions` — produced by `AzaionDbShemaHolder.GetSchema()` once and reused.
 
 ## External Integrations
-PostgreSQL database via Npgsql.
+PostgreSQL via Npgsql.
 
 ## Security
-None at this level; connection string security is handled by `DbFactory`.
+None at this level. `IDbFactory.Run` selects the read-only connection (`AzaionDb` connection string), `RunAdmin` selects the read/write one (`AzaionDbAdmin`). The grant set on each table determines what each connection can do — see `data_model.md` §Permissions.
 
 ## Tests
-Indirectly used by `UserServiceTest`.
+Exercised end-to-end via the e2e suite (`e2e/Azaion.E2E/Tests/*`). All cycle-2 services have dedicated test files (`RefreshTokenFlowTests`, `LogoutRevocationTests`, `MissionTokenTests`, `MfaLoginTests`, `LoginRateLimitTests`, `PasswordHashingTests`, `AsymmetricSigningTests`, `CorsHttpsTests`).