feat(fingerprint): consolidate posture checks into fingerprint table

server/db/pg/schema/schema.ts

@@ -726,6 +726,99 @@ export const clientPostureSnapshots = pgTable("clientPostureSnapshots", {
         onDelete: "cascade"
     }),
 
+    collectedAt: integer("collectedAt").notNull()
+});
+
+export const olms = pgTable("olms", {
+    olmId: varchar("id").primaryKey(),
+    secretHash: varchar("secretHash").notNull(),
+    dateCreated: varchar("dateCreated").notNull(),
+    version: text("version"),
+    agent: text("agent"),
+    name: varchar("name"),
+    clientId: integer("clientId").references(() => clients.clientId, {
+        // we will switch this depending on the current org it wants to connect to
+        onDelete: "set null"
+    }),
+    userId: text("userId").references(() => users.userId, {
+        // optionally tied to a user and in this case delete when the user deletes
+        onDelete: "cascade"
+    }),
+    archived: boolean("archived").notNull().default(false)
+});
+
+export const currentFingerprint = pgTable("currentFingerprint", {
+    fingerprintId: serial("id").primaryKey(),
+
+    olmId: text("olmId")
+        .references(() => olms.olmId, { onDelete: "cascade" })
+        .notNull(),
+
+    firstSeen: integer("firstSeen").notNull(),
+    lastSeen: integer("lastSeen").notNull(),
+    lastCollectedAt: integer("lastCollectedAt").notNull(),
+
+    username: text("username"),
+    hostname: text("hostname"),
+    platform: text("platform"),
+    osVersion: text("osVersion"),
+    kernelVersion: text("kernelVersion"),
+    arch: text("arch"),
+    deviceModel: text("deviceModel"),
+    serialNumber: text("serialNumber"),
+    platformFingerprint: varchar("platformFingerprint"),
+
+    // Platform-agnostic checks
+
+    biometricsEnabled: boolean("biometricsEnabled").notNull().default(false),
+    diskEncrypted: boolean("diskEncrypted").notNull().default(false),
+    firewallEnabled: boolean("firewallEnabled").notNull().default(false),
+    autoUpdatesEnabled: boolean("autoUpdatesEnabled").notNull().default(false),
+    tpmAvailable: boolean("tpmAvailable").notNull().default(false),
+
+    // Windows-specific posture check information
+
+    windowsDefenderEnabled: boolean("windowsDefenderEnabled")
+        .notNull()
+        .default(false),
+
+    // macOS-specific posture check information
+
+    macosSipEnabled: boolean("macosSipEnabled").notNull().default(false),
+    macosGatekeeperEnabled: boolean("macosGatekeeperEnabled")
+        .notNull()
+        .default(false),
+    macosFirewallStealthMode: boolean("macosFirewallStealthMode")
+        .notNull()
+        .default(false),
+
+    // Linux-specific posture check information
+
+    linuxAppArmorEnabled: boolean("linuxAppArmorEnabled")
+        .notNull()
+        .default(false),
+    linuxSELinuxEnabled: boolean("linuxSELinuxEnabled").notNull().default(false)
+});
+
+export const fingerprintSnapshots = pgTable("fingerprintSnapshots", {
+    snapshotId: serial("id").primaryKey(),
+
+    fingerprintId: integer("fingerprintId")
+        .references(() => currentFingerprint.fingerprintId, {
+            onDelete: "cascade"
+        })
+        .notNull(),
+
+    username: text("username"),
+    hostname: text("hostname"),
+    platform: text("platform"),
+    osVersion: text("osVersion"),
+    kernelVersion: text("kernelVersion"),
+    arch: text("arch"),
+    deviceModel: text("deviceModel"),
+    serialNumber: text("serialNumber"),
+    platformFingerprint: varchar("platformFingerprint"),
+
     // Platform-agnostic checks
 
     biometricsEnabled: boolean("biometricsEnabled").notNull().default(false),
@@ -759,67 +852,6 @@ export const clientPostureSnapshots = pgTable("clientPostureSnapshots", {
         .notNull()
         .default(false),
 
-    collectedAt: integer("collectedAt").notNull()
-});
-
-export const olms = pgTable("olms", {
-    olmId: varchar("id").primaryKey(),
-    secretHash: varchar("secretHash").notNull(),
-    dateCreated: varchar("dateCreated").notNull(),
-    version: text("version"),
-    agent: text("agent"),
-    name: varchar("name"),
-    clientId: integer("clientId").references(() => clients.clientId, {
-        // we will switch this depending on the current org it wants to connect to
-        onDelete: "set null"
-    }),
-    userId: text("userId").references(() => users.userId, {
-        // optionally tied to a user and in this case delete when the user deletes
-        onDelete: "cascade"
-    }),
-    archived: boolean("archived").notNull().default(false)
-});
-
-export const currentFingerprint = pgTable("currentFingerprint", {
-    fingerprintId: serial("id").primaryKey(),
-
-    olmId: text("olmId")
-        .references(() => olms.olmId, { onDelete: "cascade" })
-        .notNull(),
-
-    firstSeen: integer("firstSeen").notNull(),
-    lastSeen: integer("lastSeen").notNull(),
-
-    username: text("username"),
-    hostname: text("hostname"),
-    platform: text("platform"),
-    osVersion: text("osVersion"),
-    kernelVersion: text("kernelVersion"),
-    arch: text("arch"),
-    deviceModel: text("deviceModel"),
-    serialNumber: text("serialNumber"),
-    platformFingerprint: varchar("platformFingerprint")
-});
-
-export const fingerprintSnapshots = pgTable("fingerprintSnapshots", {
-    snapshotId: serial("id").primaryKey(),
-
-    fingerprintId: integer("fingerprintId")
-        .references(() => currentFingerprint.fingerprintId, {
-            onDelete: "cascade"
-        })
-        .notNull(),
-
-    username: text("username"),
-    hostname: text("hostname"),
-    platform: text("platform"),
-    osVersion: text("osVersion"),
-    kernelVersion: text("kernelVersion"),
-    arch: text("arch"),
-    deviceModel: text("deviceModel"),
-    serialNumber: text("serialNumber"),
-    platformFingerprint: varchar("platformFingerprint"),
-
     hash: text("hash").notNull(),
     collectedAt: integer("collectedAt").notNull()
 });