-- Migration: Add blossom_seckey table for storing server private key
-- This table stores the Blossom server's secp256k1 private key used for:
-- - Signing admin response events (Kind 23457)
-- - Decrypting admin commands (NIP-44)

CREATE TABLE IF NOT EXISTS blossom_seckey (
    id INTEGER PRIMARY KEY CHECK (id = 1),  -- Only one row allowed
    seckey TEXT NOT NULL,                   -- Private key in hex format (64 chars)
    created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),
    CHECK (length(seckey) = 64)            -- Ensure valid secp256k1 key length
);

-- Add blossom_pubkey to config if not exists
INSERT OR IGNORE INTO config (key, value, description) VALUES
    ('blossom_pubkey', '', 'Blossom server public key derived from blossom_seckey');