"""OSINT enrichment items — CVEs, blogs, PoCs, and advisories linked to techniques."""

import uuid

from sqlalchemy import Boolean, Column, DateTime, ForeignKey, String, Text, func
from sqlalchemy.dialects.postgresql import JSONB, UUID
from sqlalchemy.orm import relationship

from app.database import Base


class OsintItem(Base):
    """Represents an OSINT data point (CVE, blog, PoC, advisory) associated
    with a MITRE ATT&CK technique.

    Used by the enrichment pipeline to surface relevant threat intelligence
    for each technique, flagging those that need review.
    """

    __tablename__ = "osint_items"

    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
    technique_id = Column(
        UUID(as_uuid=True),
        ForeignKey("techniques.id"),
        nullable=False,
        index=True,
    )
    source_type = Column(String(50), nullable=False)  # "cve", "blog", "poc", "advisory"
    source_url = Column(Text, nullable=False)
    title = Column(String(500), nullable=False)
    description = Column(Text, nullable=True)
    severity = Column(String(20), nullable=True)  # CRITICAL, HIGH, MEDIUM, LOW, UNKNOWN
    discovered_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
    reviewed = Column(Boolean, default=False)
    metadata_ = Column("metadata", JSONB, default={})

    # ── Relationships ─────────────────────────────────────────────────
    technique = relationship("Technique", backref="osint_items")