Initial commit: add compliance_checks table, per-check metadata on assets, and compliance audit trail

app/models/compliance_check.py

@@ -0,0 +1,56 @@
+from datetime import datetime
+from app.extensions import db
+
+CHECK_TYPES = [
+    ('encryption', 'Encryption Verified'),
+    ('backup',     'Backup Configured'),
+    ('hr',         'HR Notified'),
+]
+
+
+class ComplianceCheck(db.Model):
+    """
+    Audit log for every compliance check/uncheck event on an asset.
+
+    One row is created each time a check field changes state, recording
+    who changed it, when, the new state, and an optional note explaining
+    the action (e.g. "Unverified – BitLocker disabled by user").
+    """
+    __tablename__ = 'compliance_checks'
+
+    id = db.Column(db.Integer, primary_key=True)
+
+    asset_id = db.Column(
+        db.Integer, db.ForeignKey('assets.id', ondelete='CASCADE'),
+        nullable=False, index=True
+    )
+    # 'encryption' | 'backup' | 'hr'
+    check_type = db.Column(db.String(30), nullable=False)
+
+    # True = checked/verified, False = unchecked/cleared
+    checked = db.Column(db.Boolean, nullable=False)
+
+    performed_by_id = db.Column(
+        db.Integer, db.ForeignKey('admin_users.id'),
+        nullable=True
+    )
+    performed_at = db.Column(
+        db.DateTime, default=datetime.utcnow, nullable=False
+    )
+
+    # Free-text reason / note supplied at the time of check or uncheck
+    notes = db.Column(db.Text, nullable=True)
+
+    # Relationships
+    asset = db.relationship('Asset', back_populates='compliance_checks')
+    performed_by = db.relationship('AdminUser', foreign_keys=[performed_by_id])
+
+    @property
+    def check_type_label(self):
+        return dict(CHECK_TYPES).get(self.check_type, self.check_type)
+
+    def __repr__(self):
+        return (
+            f'<ComplianceCheck asset={self.asset_id} type={self.check_type} '
+            f'checked={self.checked} by={self.performed_by_id}>'
+        )