claudetools/api/schemas/security_incident.py

"""
Pydantic schemas for SecurityIncident model.

Request and response schemas for security incident tracking.
"""

from datetime import datetime
from typing import Optional
from uuid import UUID

from pydantic import BaseModel, Field


class SecurityIncidentBase(BaseModel):
    """Base schema with shared SecurityIncident fields."""

    client_id: Optional[UUID] = Field(None, description="Reference to affected client")
    service_id: Optional[UUID] = Field(None, description="Reference to affected service")
    infrastructure_id: Optional[UUID] = Field(None, description="Reference to affected infrastructure")
    incident_type: Optional[str] = Field(None, description="Type of incident: bec, backdoor, malware, unauthorized_access, data_breach, phishing, ransomware, brute_force")
    incident_date: datetime = Field(..., description="When the incident occurred")
    severity: Optional[str] = Field(None, description="Severity level: critical, high, medium, low")
    description: str = Field(..., description="Detailed description of the incident")
    findings: Optional[str] = Field(None, description="Investigation results and findings")
    remediation_steps: Optional[str] = Field(None, description="Steps taken to remediate the incident")
    status: str = Field("investigating", description="Status: investigating, contained, resolved, monitoring")
    resolved_at: Optional[datetime] = Field(None, description="When the incident was resolved")
    notes: Optional[str] = Field(None, description="Additional notes and context")


class SecurityIncidentCreate(SecurityIncidentBase):
    """Schema for creating a new SecurityIncident."""
    pass


class SecurityIncidentUpdate(BaseModel):
    """Schema for updating an existing SecurityIncident. All fields are optional."""

    client_id: Optional[UUID] = Field(None, description="Reference to affected client")
    service_id: Optional[UUID] = Field(None, description="Reference to affected service")
    infrastructure_id: Optional[UUID] = Field(None, description="Reference to affected infrastructure")
    incident_type: Optional[str] = Field(None, description="Type of incident")
    incident_date: Optional[datetime] = Field(None, description="When the incident occurred")
    severity: Optional[str] = Field(None, description="Severity level")
    description: Optional[str] = Field(None, description="Detailed description of the incident")
    findings: Optional[str] = Field(None, description="Investigation results and findings")
    remediation_steps: Optional[str] = Field(None, description="Steps taken to remediate the incident")
    status: Optional[str] = Field(None, description="Status of incident handling")
    resolved_at: Optional[datetime] = Field(None, description="When the incident was resolved")
    notes: Optional[str] = Field(None, description="Additional notes and context")


class SecurityIncidentResponse(SecurityIncidentBase):
    """Schema for SecurityIncident responses with ID and timestamps."""

    id: UUID = Field(..., description="Unique identifier for the security incident")
    created_at: datetime = Field(..., description="Timestamp when the incident was created")
    updated_at: datetime = Field(..., description="Timestamp when the incident was last updated")

    model_config = {"from_attributes": True}