-- =============================================================================
-- Migration 001: Source Policy Tables
--
-- Tables for managing allowed compliance data sources, operations matrix,
-- PII rules, and audit trail.
-- =============================================================================

CREATE TABLE IF NOT EXISTS compliance_allowed_sources (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    domain VARCHAR(255) UNIQUE NOT NULL,
    name VARCHAR(255) NOT NULL,
    description TEXT,
    license VARCHAR(100),
    legal_basis VARCHAR(200),
    trust_boost FLOAT DEFAULT 0.5,
    source_type VARCHAR(50) DEFAULT 'legal',
    active BOOLEAN DEFAULT true,
    metadata JSON,
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMPTZ
);

CREATE INDEX IF NOT EXISTS idx_allowed_sources_domain ON compliance_allowed_sources(domain);
CREATE INDEX IF NOT EXISTS idx_allowed_sources_active ON compliance_allowed_sources(active);

CREATE TABLE IF NOT EXISTS compliance_source_operations (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    source_id UUID NOT NULL REFERENCES compliance_allowed_sources(id) ON DELETE CASCADE,
    operation VARCHAR(50) NOT NULL,
    allowed BOOLEAN DEFAULT true,
    conditions TEXT,
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMPTZ
);

CREATE INDEX IF NOT EXISTS idx_source_operations_source ON compliance_source_operations(source_id);

CREATE TABLE IF NOT EXISTS compliance_pii_rules (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    name VARCHAR(255) NOT NULL,
    description TEXT,
    pattern TEXT,
    category VARCHAR(50) NOT NULL,
    action VARCHAR(20) DEFAULT 'mask',
    active BOOLEAN DEFAULT true,
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMPTZ
);

CREATE INDEX IF NOT EXISTS idx_pii_rules_category ON compliance_pii_rules(category);
CREATE INDEX IF NOT EXISTS idx_pii_rules_active ON compliance_pii_rules(active);

CREATE TABLE IF NOT EXISTS compliance_source_policy_audit (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    action VARCHAR(20) NOT NULL,
    entity_type VARCHAR(50) NOT NULL,
    entity_id UUID,
    old_values JSON,
    new_values JSON,
    user_id VARCHAR(100),
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

CREATE INDEX IF NOT EXISTS idx_source_audit_entity ON compliance_source_policy_audit(entity_type, entity_id);
CREATE INDEX IF NOT EXISTS idx_source_audit_created ON compliance_source_policy_audit(created_at);

-- Seed default PII rules
INSERT INTO compliance_pii_rules (name, category, pattern, action, description) VALUES
    ('E-Mail-Adresse', 'email', '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}', 'mask', 'E-Mail-Adressen erkennen und maskieren'),
    ('Telefonnummer', 'phone', '(\+49|0)[0-9\s/-]{8,15}', 'mask', 'Deutsche Telefonnummern erkennen'),
    ('IBAN', 'financial', 'DE[0-9]{2}\s?[0-9]{4}\s?[0-9]{4}\s?[0-9]{4}\s?[0-9]{4}\s?[0-9]{2}', 'redact', 'Deutsche IBAN-Nummern erkennen und entfernen'),
    ('Postadresse', 'address', '[0-9]{5}\s+[A-Z][a-z]', 'flag', 'Postleitzahlen mit Ortsnamen markieren')
ON CONFLICT DO NOTHING;