CREATE TABLE IF NOT EXISTS resource_policies (
    resource_id UUID PRIMARY KEY REFERENCES resources(id) ON DELETE CASCADE,
    max_concurrent_sessions INTEGER NOT NULL DEFAULT 1,
    takeover_policy TEXT NOT NULL DEFAULT 'trusted_device',
    require_trusted_device BOOLEAN NOT NULL DEFAULT TRUE,
    detach_grace_period_seconds INTEGER NOT NULL DEFAULT 1800,
    clipboard_enabled BOOLEAN NOT NULL DEFAULT TRUE,
    file_transfer_enabled BOOLEAN NOT NULL DEFAULT TRUE,
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

CREATE TABLE IF NOT EXISTS remote_sessions (
    id UUID PRIMARY KEY,
    resource_id UUID NOT NULL REFERENCES resources(id) ON DELETE RESTRICT,
    protocol TEXT NOT NULL,
    state TEXT NOT NULL,
    worker_id TEXT,
    controller_user_id UUID NOT NULL REFERENCES users(id) ON DELETE RESTRICT,
    detach_deadline_at TIMESTAMPTZ,
    last_heartbeat_at TIMESTAMPTZ,
    takeover_version INTEGER NOT NULL DEFAULT 1,
    metadata JSONB NOT NULL DEFAULT '{}'::JSONB,
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

CREATE INDEX IF NOT EXISTS idx_remote_sessions_resource_id
    ON remote_sessions(resource_id);

CREATE INDEX IF NOT EXISTS idx_remote_sessions_controller_user_id
    ON remote_sessions(controller_user_id);

CREATE INDEX IF NOT EXISTS idx_remote_sessions_state
    ON remote_sessions(state);

CREATE TABLE IF NOT EXISTS session_attachments (
    id UUID PRIMARY KEY,
    remote_session_id UUID NOT NULL REFERENCES remote_sessions(id) ON DELETE CASCADE,
    user_id UUID NOT NULL REFERENCES users(id) ON DELETE RESTRICT,
    device_id UUID NOT NULL REFERENCES devices(id) ON DELETE RESTRICT,
    role TEXT NOT NULL,
    state TEXT NOT NULL,
    superseded_by UUID REFERENCES session_attachments(id) ON DELETE SET NULL,
    takeover_of UUID REFERENCES session_attachments(id) ON DELETE SET NULL,
    attached_at TIMESTAMPTZ,
    detached_at TIMESTAMPTZ,
    last_input_at TIMESTAMPTZ,
    metadata JSONB NOT NULL DEFAULT '{}'::JSONB,
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

CREATE INDEX IF NOT EXISTS idx_session_attachments_remote_session_id
    ON session_attachments(remote_session_id);

CREATE INDEX IF NOT EXISTS idx_session_attachments_user_id
    ON session_attachments(user_id);

CREATE INDEX IF NOT EXISTS idx_session_attachments_state
    ON session_attachments(state);

CREATE TABLE IF NOT EXISTS audit_events (
    id UUID PRIMARY KEY,
    actor_user_id UUID REFERENCES users(id) ON DELETE SET NULL,
    actor_device_id UUID REFERENCES devices(id) ON DELETE SET NULL,
    event_type TEXT NOT NULL,
    target_type TEXT NOT NULL,
    target_id TEXT NOT NULL,
    remote_session_id UUID REFERENCES remote_sessions(id) ON DELETE SET NULL,
    payload JSONB NOT NULL DEFAULT '{}'::JSONB,
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

CREATE INDEX IF NOT EXISTS idx_audit_events_created_at
    ON audit_events(created_at DESC);

CREATE INDEX IF NOT EXISTS idx_audit_events_remote_session_id
    ON audit_events(remote_session_id);