-- Migration 014: Security Backlog
-- Tracking security findings, vulnerabilities, and compliance issues

CREATE TABLE IF NOT EXISTS compliance_security_backlog (
    id              UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    tenant_id       UUID NOT NULL DEFAULT '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e',
    title           TEXT NOT NULL,
    description     TEXT,
    type            TEXT NOT NULL DEFAULT 'vulnerability',
    -- vulnerability | misconfiguration | compliance | hardening
    severity        TEXT NOT NULL DEFAULT 'medium',
    -- critical | high | medium | low
    status          TEXT NOT NULL DEFAULT 'open',
    -- open | in-progress | resolved | accepted-risk
    source          TEXT,
    cve             TEXT,
    cvss            NUMERIC(4,1),
    affected_asset  TEXT,
    assigned_to     TEXT,
    due_date        TIMESTAMPTZ,
    remediation     TEXT,
    created_at      TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at      TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

CREATE INDEX IF NOT EXISTS idx_security_backlog_tenant   ON compliance_security_backlog(tenant_id);
CREATE INDEX IF NOT EXISTS idx_security_backlog_status   ON compliance_security_backlog(status);
CREATE INDEX IF NOT EXISTS idx_security_backlog_severity ON compliance_security_backlog(severity);