"""OSINT enrichment items — CVEs, blogs, PoCs, and advisories linked to techniques."""

import uuid
from datetime import datetime

from sqlalchemy import Column, String, Text, Boolean, DateTime, ForeignKey
from sqlalchemy.dialects.postgresql import UUID, JSONB
from sqlalchemy.orm import relationship

from app.database import Base


class OsintItem(Base):
    """Represents an OSINT data point (CVE, blog, PoC, advisory) associated
    with a MITRE ATT&CK technique.

    Used by the enrichment pipeline to surface relevant threat intelligence
    for each technique, flagging those that need review.
    """

    __tablename__ = "osint_items"

    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
    technique_id = Column(
        UUID(as_uuid=True),
        ForeignKey("techniques.id"),
        nullable=False,
        index=True,
    )
    source_type = Column(String(50), nullable=False)  # "cve", "blog", "poc", "advisory"
    source_url = Column(Text, nullable=False)
    title = Column(String(500), nullable=False)
    description = Column(Text, nullable=True)
    severity = Column(String(20), nullable=True)  # CRITICAL, HIGH, MEDIUM, LOW, UNKNOWN
    discovered_at = Column(DateTime, default=datetime.utcnow, nullable=False)
    reviewed = Column(Boolean, default=False)
    metadata_ = Column("metadata", JSONB, default={})

    # ── Relationships ─────────────────────────────────────────────────
    technique = relationship("Technique", backref="osint_items")