-- Migration 009: Deployment Checks / Pre-Deployment Enforcement (G4)
-- Schema: compliance
-- Run: ssh macmini "docker exec -i bp-core-postgres psql -U breakpilot -d breakpilot_db" < control-pipeline/migrations/009_deployment_checks.sql

SET search_path TO compliance, public;

CREATE TABLE IF NOT EXISTS deployment_checks (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    tenant_id UUID NOT NULL,

    -- Deploy Info
    commit_hash VARCHAR(64) NOT NULL,
    branch VARCHAR(200),
    environment VARCHAR(50) DEFAULT 'production',

    -- Result
    verdict VARCHAR(20) NOT NULL DEFAULT 'pending'
        CHECK (verdict IN ('pending', 'approved', 'blocked', 'override')),

    -- Impact
    affected_control_ids JSONB DEFAULT '[]',
    blocking_controls JSONB DEFAULT '[]',
    warning_controls JSONB DEFAULT '[]',
    risk_score NUMERIC(5,2) DEFAULT 0.0,

    -- Override
    override_by VARCHAR(200),
    override_reason TEXT,

    summary TEXT,
    metadata JSONB DEFAULT '{}',
    created_at TIMESTAMPTZ DEFAULT NOW()
);

CREATE INDEX IF NOT EXISTS idx_dc_tenant ON deployment_checks(tenant_id);
CREATE INDEX IF NOT EXISTS idx_dc_hash ON deployment_checks(commit_hash);
CREATE INDEX IF NOT EXISTS idx_dc_verdict ON deployment_checks(verdict);
CREATE INDEX IF NOT EXISTS idx_dc_created ON deployment_checks(created_at);