-- Add machine_id column to agents table for hardware fingerprint binding
-- This prevents config file copying attacks by validating hardware identity

ALTER TABLE agents
ADD COLUMN machine_id VARCHAR(64);

-- Create unique index to prevent duplicate machine IDs
CREATE UNIQUE INDEX idx_agents_machine_id ON agents(machine_id) WHERE machine_id IS NOT NULL;

-- Add comment for documentation
COMMENT ON COLUMN agents.machine_id IS 'SHA-256 hash of hardware fingerprint (prevents agent impersonation via config copying)';