-- Create job bypassing RLS foreign key check
-- This uses a SECURITY DEFINER function to bypass RLS

-- Step 1: Create a function that bypasses RLS
CREATE OR REPLACE FUNCTION create_processing_job(
  p_document_id UUID,
  p_user_id TEXT,
  p_options JSONB DEFAULT '{"strategy": "document_ai_agentic_rag"}'::jsonb,
  p_max_attempts INTEGER DEFAULT 3
)
RETURNS TABLE (
  job_id UUID,
  document_id UUID,
  status TEXT,
  created_at TIMESTAMP WITH TIME ZONE
)
LANGUAGE plpgsql
SECURITY DEFINER
SET search_path = public
AS $$
DECLARE
  v_job_id UUID;
BEGIN
  -- Insert job (bypasses RLS due to SECURITY DEFINER)
  INSERT INTO processing_jobs (
    document_id,
    user_id,
    status,
    attempts,
    max_attempts,
    options,
    created_at
  ) VALUES (
    p_document_id,
    p_user_id,
    'pending',
    0,
    p_max_attempts,
    p_options,
    NOW()
  )
  RETURNING id INTO v_job_id;
  
  -- Return the created job
  RETURN QUERY
  SELECT 
    pj.id,
    pj.document_id,
    pj.status,
    pj.created_at
  FROM processing_jobs pj
  WHERE pj.id = v_job_id;
END;
$$;

-- Step 2: Grant execute permission
GRANT EXECUTE ON FUNCTION create_processing_job TO postgres, authenticated, anon, service_role;

-- Step 3: Use the function to create the job
SELECT * FROM create_processing_job(
  '78359b58-762c-4a68-a8e4-17ce38580a8d'::uuid,
  'B00HiMnleGhGdJgQwbX2Ume01Z53',
  '{"strategy": "document_ai_agentic_rag"}'::jsonb,
  3
);

-- Step 4: Verify job was created
SELECT 
  id,
  document_id,
  status,
  created_at
FROM processing_jobs
WHERE document_id = '78359b58-762c-4a68-a8e4-17ce38580a8d'::uuid
ORDER BY created_at DESC;