-- 016_agent_actions.sql — queue + audit trail for Little Blue's infra actions.
-- Risky actions land here as 'pending' for owner approval; every executed action
-- (safe or approved-risky) is recorded with its result. Deliberately separate from
-- pending_changes (entity CRUD) to isolate command execution.
CREATE TABLE agent_actions (
  id           uuid PRIMARY KEY DEFAULT gen_random_uuid(),
  action_id    text NOT NULL,                 -- whitelist id from config/actions.json
  params       jsonb NOT NULL DEFAULT '{}'::jsonb,
  agent_id     uuid REFERENCES agents(id),
  tier         text NOT NULL CHECK (tier IN ('safe','risky')),
  status       text NOT NULL DEFAULT 'pending'
               CHECK (status IN ('pending','executed','failed','rejected')),
  result       jsonb,
  requested_by jsonb,
  resolved_by  jsonb,
  created_at   timestamptz NOT NULL DEFAULT now(),
  resolved_at  timestamptz
);
CREATE INDEX idx_agent_actions_pending ON agent_actions(status) WHERE status='pending';