{"query": "create extension if not exists pgcrypto;\n\ncreate table if not exists public.app_users (\n  username text primary key check (username ~ '^[a-zA-Z0-9_.-]{1,64}$'),\n  password_hash text not null,\n  role text not null default 'user' check (role in ('admin','user')),\n  created_at timestamptz not null default now(),\n  last_login timestamptz\n);\n\ncreate table if not exists public.sessions (\n  token_hash text primary key,\n  username text not null references public.app_users(username) on delete cascade,\n  created_at timestamptz not null default now(),\n  expires_at timestamptz not null\n);\ncreate index if not exists sessions_expires_idx on public.sessions(expires_at);\n\ncreate table if not exists public.api_tokens (\n  id bigint generated by default as identity primary key,\n  token_hash text not null unique,\n  token_prefix text not null,\n  username text not null references public.app_users(username) on delete cascade,\n  label text not null,\n  scope text not null default 'track',\n  created_at timestamptz not null default now(),\n  last_used_at timestamptz,\n  revoked_at timestamptz\n);\ncreate index if not exists api_tokens_user_idx on public.api_tokens(username);\ncreate index if not exists api_tokens_revoked_idx on public.api_tokens(revoked_at);\n\ncreate table if not exists public.containers (\n  container text primary key check (container ~ '^[A-Z0-9]{4,20}$'),\n  interval_minutes integer not null default 360 check (interval_minutes between 5 and 1440),\n  added_at timestamptz not null default now(),\n  last_poll_ts double precision,\n  last_poll_at timestamptz,\n  last_data jsonb,\n  last_status text,\n  last_error text\n);\n\ncreate table if not exists public.track_requests (\n  id bigint generated by default as identity primary key,\n  container text not null,\n  requested_by text,\n  source text not null default 'api',\n  status text,\n  error text,\n  created_at timestamptz not null default now()\n);\ncreate index if not exists track_requests_container_created_idx on public.track_requests(container, created_at desc);\n\nalter table public.app_users enable row level security;\nalter table public.sessions enable row level security;\nalter table public.api_tokens enable row level security;\nalter table public.containers enable row level security;\nalter table public.track_requests enable row level security;\n\n-- Vercel server-side uses service_role; no public RLS policies needed.\n"}