-- 0010_hooks.sql
--
-- P2R-10: pre/post hooks on source groups + host-wide defaults.
--
-- Hook bodies are stored as AEAD ciphertext (existing crypto.AEAD)
-- because operators do put credentials in shell snippets — even
-- though we tell them not to. NULL means "no hook configured".
--
-- Hooks fire only for kind=backup jobs. forget/prune/check/unlock
-- skip them per spec.md §14.3 (P2R-11 enforces this in the agent
-- dispatcher).
--
-- Resolution order at dispatch time:
--   source_group.<phase>_hook  (per-group override, AEAD blob)
--   host.<phase>_hook_default  (host default, AEAD blob)
--   none → no hook runs
--
-- All four columns are added in-place via ALTER TABLE ADD COLUMN.
-- Per CLAUDE.md the table-rebuild pattern is unsafe with FK cascades.

ALTER TABLE source_groups ADD COLUMN pre_hook  BLOB;
ALTER TABLE source_groups ADD COLUMN post_hook BLOB;

ALTER TABLE hosts ADD COLUMN pre_hook_default  BLOB;
ALTER TABLE hosts ADD COLUMN post_hook_default BLOB;