-- ============================================================================
-- AUDIT SCHEMA - Tabla: security_events
-- ============================================================================
-- Eventos de seguridad específicos
-- ============================================================================

CREATE TABLE IF NOT EXISTS audit.security_events (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

    -- Categorización
    category audit.security_event_category NOT NULL,
    severity audit.event_severity NOT NULL,
    event_status audit.event_status NOT NULL DEFAULT 'success',

    -- Actor
    user_id UUID REFERENCES auth.users(id) ON DELETE SET NULL,
    ip_address INET NOT NULL,
    user_agent TEXT,
    geo_location JSONB,

    -- Detalles del evento
    event_code VARCHAR(50) NOT NULL,
    event_name VARCHAR(255) NOT NULL,
    description TEXT,

    -- Contexto técnico
    request_path VARCHAR(500),
    request_method VARCHAR(10),
    response_code INTEGER,

    -- Datos adicionales
    risk_score DECIMAL(3, 2),
    is_blocked BOOLEAN DEFAULT FALSE,
    block_reason TEXT,
    requires_review BOOLEAN DEFAULT FALSE,
    reviewed_by UUID REFERENCES auth.users(id),
    reviewed_at TIMESTAMPTZ,
    review_notes TEXT,

    -- Metadata
    raw_data JSONB DEFAULT '{}',

    -- Timestamps
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

-- Índices
CREATE INDEX idx_security_events_user ON audit.security_events(user_id);
CREATE INDEX idx_security_events_category ON audit.security_events(category);
CREATE INDEX idx_security_events_severity ON audit.security_events(severity);
CREATE INDEX idx_security_events_ip ON audit.security_events(ip_address);
CREATE INDEX idx_security_events_created ON audit.security_events(created_at DESC);
CREATE INDEX idx_security_events_blocked ON audit.security_events(is_blocked) WHERE is_blocked = TRUE;
CREATE INDEX idx_security_events_review ON audit.security_events(requires_review) WHERE requires_review = TRUE;

COMMENT ON TABLE audit.security_events IS 'Eventos de seguridad para monitoreo y respuesta a incidentes';
COMMENT ON COLUMN audit.security_events.risk_score IS 'Puntuación de riesgo calculada (0.00-1.00)';