-- Resources table — stores per-artifact metadata for fleet OTA updates. Populated by CI/CD
-- via POST /resources/publish; queried by devices via POST /get-update. AZ-183.

create table if not exists resources
(
    id              uuid          primary key,
    resource_name   varchar(120)  not null,
    dev_stage       varchar(40)   not null,
    architecture    varchar(40)   not null,
    version         varchar(40)   not null,
    cdn_url         varchar(500)  not null,
    sha256          varchar(128)  not null,
    encryption_key  text          not null, -- AES-encrypted at rest with ResourcesConfig.EncryptionMasterKey
    size_bytes      bigint        not null,
    created_at      timestamp     not null default now()
);

-- Latest-version-per-resource lookups filter by (architecture, dev_stage); index supports
-- both the in-memory cache miss path and the per-(arch,stage) GROUP BY.
create index if not exists resources_arch_stage_idx
    on public.resources (architecture, dev_stage, resource_name, version);

grant select, insert, update, delete on public.resources to azaion_admin;
grant select                              on public.resources to azaion_reader;