`55b6bb7`

users/sqlc: queries + generated for user_gpg_keys and user_gpg_subkeys

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 22 hours ago

SHA: 55b6bb7316ee69c5458037d98421a38e746fffdd
Parents: d1ae9af
Tree: 7f2299f

21 changed files

Status	File	+
M	`internal/actions/sqlc/models.go`	35
M	`internal/admin/sqlc/models.go`	35
M	`internal/auth/policy/sqlc/models.go`	70
M	`internal/billing/sqlc/models.go`	35
M	`internal/checks/sqlc/models.go`	35
M	`internal/issues/sqlc/models.go`	35
M	`internal/meta/sqlc/models.go`	35
M	`internal/notif/sqlc/models.go`	35
M	`internal/orgs/sqlc/models.go`	35
M	`internal/pulls/sqlc/models.go`	35
M	`internal/ratelimit/sqlc/models.go`	35
M	`internal/repos/sqlc/models.go`	35
M	`internal/social/sqlc/models.go`	35
A	`internal/users/queries/user_gpg_keys.sql`	74
A	`internal/users/queries/user_gpg_subkeys.sql`	50
M	`internal/users/sqlc/models.go`	35
M	`internal/users/sqlc/querier.go`	47
A	`internal/users/sqlc/user_gpg_keys.sql.go`	279
A	`internal/users/sqlc/user_gpg_subkeys.sql.go`	162
M	`internal/webhook/sqlc/models.go`	35
M	`internal/worker/sqlc/models.go`	35

internal/actions/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/admin/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/auth/policy/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type DeviceAuthorization struct {
 +	ID              int64
 +	DeviceCodeHash  []byte
 +	UserCode        string
 +	ClientID        string
 +	Scopes          []string
 +	UserID          pgtype.Int8
 +	ApprovedAt      pgtype.Timestamptz
 +	DeniedAt        pgtype.Timestamptz
 +	IssuedTokenID   pgtype.Int8
 +	IntervalSeconds int32
 +	ExpiresAt       pgtype.Timestamptz
 +	LastPolledAt    pgtype.Timestamptz
 +	CreatedAt       pgtype.Timestamptz
 +}
++
  type DomainEvent struct {
  	ID          int64
  	ActorUserID pgtype.Int8
  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string
  	CreatedAt pgtype.Timestamptz
+ }
 +type WorkflowCach struct {
 +	ID             int64
 +	RepoID         int64
 +	CacheKey       string
 +	CacheVersion   string
 +	GitRef         string
 +	ObjectKey      string
 +	SizeBytes      int64
 +	LastAccessedAt pgtype.Timestamptz
 +	CreatedAt      pgtype.Timestamptz
 +}
++
 +type WorkflowDisabled struct {
 +	RepoID           int64
 +	WorkflowFile     string
 +	DisabledByUserID pgtype.Int8
 +	DisabledAt       pgtype.Timestamptz
 +}
++
  type WorkflowJob struct {
  	ID              int64
  	RunID           int64

internal/billing/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/checks/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/issues/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/meta/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/notif/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/orgs/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/pulls/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/ratelimit/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/repos/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/users/queries/user_gpg_keys.sqladded

 +-- SPDX-License-Identifier: AGPL-3.0-or-later
++
 +-- name: InsertUserGPGKey :one
 +-- Inserts a parsed primary GPG key. Subkeys land in user_gpg_subkeys
 +-- in the same transaction (see InsertUserGPGSubkey). expires_at is
 +-- nullable; many keys have no expiration. revoked_at stays NULL on
 +-- insert; soft-delete sets it.
 +INSERT INTO user_gpg_keys (
 +    user_id, name, fingerprint, key_id, armored,
 +    can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +    uids, subkeys, primary_algo, expires_at
 +)
 +VALUES (
 +    $1, $2, $3, $4, $5,
 +    $6, $7, $8, $9, $10,
 +    $11, $12, $13, $14
 +)
 +RETURNING id, user_id, name, fingerprint, key_id, armored,
 +          can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +          uids, subkeys, primary_algo,
 +          created_at, last_used_at, revoked_at, expires_at;
++
 +-- name: ListUserGPGKeys :many
 +-- Paginated list for the REST surface; HTML settings page reuses with
 +-- a generous limit and no offset.
 +SELECT id, user_id, name, fingerprint, key_id, armored,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +       uids, subkeys, primary_algo,
 +       created_at, last_used_at, revoked_at, expires_at
 +FROM user_gpg_keys
 +WHERE user_id = $1 AND revoked_at IS NULL
 +ORDER BY created_at DESC
 +LIMIT $2 OFFSET $3;
++
 +-- name: CountUserGPGKeys :one
 +-- Excludes revoked rows so the per-user cap (100) counts live keys.
 +SELECT count(*) FROM user_gpg_keys WHERE user_id = $1 AND revoked_at IS NULL;
++
 +-- name: GetUserGPGKey :one
 +-- Scoped single-key lookup for REST GET-by-id. user_id filter prevents
 +-- cross-user reads (existence-leak-safe: returns no row if the id
 +-- belongs to another user).
 +SELECT id, user_id, name, fingerprint, key_id, armored,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +       uids, subkeys, primary_algo,
 +       created_at, last_used_at, revoked_at, expires_at
 +FROM user_gpg_keys
 +WHERE id = $1 AND user_id = $2;
++
 +-- name: GetUserGPGKeyByFingerprint :one
 +-- Uniqueness probe used by the add path to surface a friendly
 +-- "this key is already registered" error before the unique index
 +-- violation. Returns any row matching the fingerprint regardless of
 +-- which user owns it (global uniqueness is the contract).
 +SELECT id, user_id, name, fingerprint, key_id, armored,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +       uids, subkeys, primary_algo,
 +       created_at, last_used_at, revoked_at, expires_at
 +FROM user_gpg_keys
 +WHERE fingerprint = $1 AND revoked_at IS NULL;
++
 +-- name: SoftDeleteUserGPGKey :execrows
 +-- Scoped soft-delete: stamps revoked_at, preserves the row for audit
 +-- continuity. Returns the number of rows affected so the handler can
 +-- distinguish "not found" from "deleted" without a follow-up query.
 +UPDATE user_gpg_keys
 +SET revoked_at = now()
 +WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL;
++
 +-- name: TouchUserGPGKeyLastUsed :exec
 +-- Best-effort last-used stamp called from the verification path when
 +-- a signature successfully resolves to this key. No timeout / error
 +-- propagation; the caller fires-and-forgets via a goroutine.
 +UPDATE user_gpg_keys SET last_used_at = now() WHERE id = $1;

internal/users/queries/user_gpg_subkeys.sqladded

 +-- SPDX-License-Identifier: AGPL-3.0-or-later
++
 +-- name: InsertUserGPGSubkey :one
 +-- One row per subkey of a primary key. Always inserted in the same
 +-- transaction as the parent InsertUserGPGKey so the verification
 +-- hot path's fingerprint lookup is consistent with the REST nested
 +-- shape.
 +INSERT INTO user_gpg_subkeys (
 +    gpg_key_id, fingerprint, key_id,
 +    can_sign, can_encrypt_comms, can_encrypt_storage, can_certify,
 +    expires_at
 +)
 +VALUES (
 +    $1, $2, $3,
 +    $4, $5, $6, $7,
 +    $8
 +)
 +RETURNING id, gpg_key_id, fingerprint, key_id,
 +          can_sign, can_encrypt_comms, can_encrypt_storage, can_certify,
 +          expires_at, revoked_at, created_at;
++
 +-- name: GetUserGPGSubkeyByFingerprint :one
 +-- Hot path for commit/tag signature verification. The signature
 +-- packet carries the signing subkey's fingerprint; this query
 +-- resolves it back to the primary key (and via FK to the user).
 +-- Index lookup via the partial unique index.
 +SELECT id, gpg_key_id, fingerprint, key_id,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify,
 +       expires_at, revoked_at, created_at
 +FROM user_gpg_subkeys
 +WHERE fingerprint = $1 AND revoked_at IS NULL;
++
 +-- name: ListSubkeysForGPGKey :many
 +-- Reads all live subkeys for one primary; used when invalidating the
 +-- verification cache on primary soft-delete (every dependent subkey
 +-- needs its cache rows stamped invalidated too).
 +SELECT id, gpg_key_id, fingerprint, key_id,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify,
 +       expires_at, revoked_at, created_at
 +FROM user_gpg_subkeys
 +WHERE gpg_key_id = $1
 +ORDER BY id;
++
 +-- name: SoftDeleteSubkeysForGPGKey :exec
 +-- Stamps revoked_at on every live subkey of a primary. Called in the
 +-- same transaction as SoftDeleteUserGPGKey so the partial unique index
 +-- frees up the fingerprint for re-upload if the user rotates.
 +UPDATE user_gpg_subkeys
 +SET revoked_at = now()
 +WHERE gpg_key_id = $1 AND revoked_at IS NULL;

internal/users/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/users/sqlc/querier.gomodified

  	// Drives the 3-changes-per-60d cap.
  	CountRecentUsernameChanges(ctx context.Context, db DBTX, arg CountRecentUsernameChangesParams) (int64, error)
  	CountUnusedRecoveryCodes(ctx context.Context, db DBTX, userID int64) (int64, error)
 +	// Excludes revoked rows so the per-user cap (100) counts live keys.
 +	CountUserGPGKeys(ctx context.Context, db DBTX, userID int64) (int64, error)
  	CountUserSSHKeys(ctx context.Context, db DBTX, userID int64) (int64, error)
  	CountUserSSHKeysByKind(ctx context.Context, db DBTX, arg CountUserSSHKeysByKindParams) (int64, error)
  	CountUsers(ctx context.Context, db DBTX) (int64, error)
  	GetUserEmailByAddress(ctx context.Context, db DBTX, email string) (UserEmail, error)
  	GetUserEmailByID(ctx context.Context, db DBTX, id int64) (UserEmail, error)
  	GetUserEmailByVerificationHash(ctx context.Context, db DBTX, verificationTokenHash []byte) (UserEmail, error)
 +	// Scoped single-key lookup for REST GET-by-id. user_id filter prevents
 +	// cross-user reads (existence-leak-safe: returns no row if the id
 +	// belongs to another user).
 +	GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error)
 +	// Uniqueness probe used by the add path to surface a friendly
 +	// "this key is already registered" error before the unique index
 +	// violation. Returns any row matching the fingerprint regardless of
 +	// which user owns it (global uniqueness is the contract).
 +	GetUserGPGKeyByFingerprint(ctx context.Context, db DBTX, fingerprint string) (UserGpgKey, error)
 +	// Hot path for commit/tag signature verification. The signature
 +	// packet carries the signing subkey's fingerprint; this query
 +	// resolves it back to the primary key (and via FK to the user).
 +	// Index lookup via the partial unique index.
 +	GetUserGPGSubkeyByFingerprint(ctx context.Context, db DBTX, fingerprint string) (UserGpgSubkey, error)
  	// Like GetUserByID but returns the row even when deleted_at IS NOT NULL.
  	GetUserIncludingDeleted(ctx context.Context, db DBTX, id int64) (User, error)
  	// Single-key lookup for the REST GET-by-id endpoint. user_id filter so
  	// SPDX-License-Identifier: AGPL-3.0-or-later
  	InsertRecoveryCode(ctx context.Context, db DBTX, arg InsertRecoveryCodeParams) error
  	// SPDX-License-Identifier: AGPL-3.0-or-later
 +	// Inserts a parsed primary GPG key. Subkeys land in user_gpg_subkeys
 +	// in the same transaction (see InsertUserGPGSubkey). expires_at is
 +	// nullable; many keys have no expiration. revoked_at stays NULL on
 +	// insert; soft-delete sets it.
 +	InsertUserGPGKey(ctx context.Context, db DBTX, arg InsertUserGPGKeyParams) (UserGpgKey, error)
 +	// SPDX-License-Identifier: AGPL-3.0-or-later
 +	// One row per subkey of a primary key. Always inserted in the same
 +	// transaction as the parent InsertUserGPGKey so the verification
 +	// hot path's fingerprint lookup is consistent with the REST nested
 +	// shape.
 +	InsertUserGPGSubkey(ctx context.Context, db DBTX, arg InsertUserGPGSubkeyParams) (UserGpgSubkey, error)
 +	// SPDX-License-Identifier: AGPL-3.0-or-later
  	InsertUserSSHKey(ctx context.Context, db DBTX, arg InsertUserSSHKeyParams) (UserSshKey, error)
  	// SPDX-License-Identifier: AGPL-3.0-or-later
  	InsertUserToken(ctx context.Context, db DBTX, arg InsertUserTokenParams) (UserToken, error)
  	// MarkUserEmailPrimaryVerified after the user clicks the verification link.
  	LinkUserPrimaryEmail(ctx context.Context, db DBTX, arg LinkUserPrimaryEmailParams) error
  	ListAuditLogForTarget(ctx context.Context, db DBTX, arg ListAuditLogForTargetParams) ([]AuthAuditLog, error)
 +	// Reads all live subkeys for one primary; used when invalidating the
 +	// verification cache on primary soft-delete (every dependent subkey
 +	// needs its cache rows stamped invalidated too).
 +	ListSubkeysForGPGKey(ctx context.Context, db DBTX, gpgKeyID int64) ([]UserGpgSubkey, error)
  	ListUserEmailsForUser(ctx context.Context, db DBTX, userID int64) ([]UserEmail, error)
 +	// Paginated list for the REST surface; HTML settings page reuses with
 +	// a generous limit and no offset.
 +	ListUserGPGKeys(ctx context.Context, db DBTX, arg ListUserGPGKeysParams) ([]UserGpgKey, error)
  	// SPDX-License-Identifier: AGPL-3.0-or-later
  	ListUserNotificationPrefs(ctx context.Context, db DBTX, userID int64) ([]UserNotificationPref, error)
  	ListUserSSHKeys(ctx context.Context, db DBTX, userID int64) ([]UserSshKey, error)
  	// user and is verified.
  	SetUserEmailPrimary(ctx context.Context, db DBTX, arg SetUserEmailPrimaryParams) error
  	SetVerificationToken(ctx context.Context, db DBTX, arg SetVerificationTokenParams) error
 +	// Stamps revoked_at on every live subkey of a primary. Called in the
 +	// same transaction as SoftDeleteUserGPGKey so the partial unique index
 +	// frees up the fingerprint for re-upload if the user rotates.
 +	SoftDeleteSubkeysForGPGKey(ctx context.Context, db DBTX, gpgKeyID int64) error
  	SoftDeleteUser(ctx context.Context, db DBTX, id int64) error
 +	// Scoped soft-delete: stamps revoked_at, preserves the row for audit
 +	// continuity. Returns the number of rows affected so the handler can
 +	// distinguish "not found" from "deleted" without a follow-up query.
 +	SoftDeleteUserGPGKey(ctx context.Context, db DBTX, arg SoftDeleteUserGPGKeyParams) (int64, error)
  	SuspendUser(ctx context.Context, db DBTX, arg SuspendUserParams) error
  	TouchDeviceAuthorizationPoll(ctx context.Context, db DBTX, id int64) error
  	TouchSSHKeyLastUsed(ctx context.Context, db DBTX, arg TouchSSHKeyLastUsedParams) error
 +	// Best-effort last-used stamp called from the verification path when
 +	// a signature successfully resolves to this key. No timeout / error
 +	// propagation; the caller fires-and-forgets via a goroutine.
 +	TouchUserGPGKeyLastUsed(ctx context.Context, db DBTX, id int64) error
  	TouchUserLastLogin(ctx context.Context, db DBTX, id int64) error
  	TouchUserTokenLastUsed(ctx context.Context, db DBTX, arg TouchUserTokenLastUsedParams) error
  	// Clears the suspended state. Mirrors SuspendUser; used by the

internal/users/sqlc/user_gpg_keys.sql.goadded

 +// Code generated by sqlc. DO NOT EDIT.
 +// versions:
 +//   sqlc v1.31.1
 +// source: user_gpg_keys.sql
++
 +package usersdb
++
 +import (
 +	"context"
++
 +	"github.com/jackc/pgx/v5/pgtype"
 +)
++
 +const countUserGPGKeys = `-- name: CountUserGPGKeys :one
 +SELECT count(*) FROM user_gpg_keys WHERE user_id = $1 AND revoked_at IS NULL
 +`
++
 +// Excludes revoked rows so the per-user cap (100) counts live keys.
 +func (q *Queries) CountUserGPGKeys(ctx context.Context, db DBTX, userID int64) (int64, error) {
 +	row := db.QueryRow(ctx, countUserGPGKeys, userID)
 +	var count int64
 +	err := row.Scan(&count)
 +	return count, err
 +}
++
 +const getUserGPGKey = `-- name: GetUserGPGKey :one
 +SELECT id, user_id, name, fingerprint, key_id, armored,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +       uids, subkeys, primary_algo,
 +       created_at, last_used_at, revoked_at, expires_at
 +FROM user_gpg_keys
 +WHERE id = $1 AND user_id = $2
 +`
++
 +type GetUserGPGKeyParams struct {
 +	ID     int64
 +	UserID int64
 +}
++
 +// Scoped single-key lookup for REST GET-by-id. user_id filter prevents
 +// cross-user reads (existence-leak-safe: returns no row if the id
 +// belongs to another user).
 +func (q *Queries) GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error) {
 +	row := db.QueryRow(ctx, getUserGPGKey, arg.ID, arg.UserID)
 +	var i UserGpgKey
 +	err := row.Scan(
 +		&i.ID,
 +		&i.UserID,
 +		&i.Name,
 +		&i.Fingerprint,
 +		&i.KeyID,
 +		&i.Armored,
 +		&i.CanSign,
 +		&i.CanEncryptComms,
 +		&i.CanEncryptStorage,
 +		&i.CanCertify,
 +		&i.CanAuthenticate,
 +		&i.Uids,
 +		&i.Subkeys,
 +		&i.PrimaryAlgo,
 +		&i.CreatedAt,
 +		&i.LastUsedAt,
 +		&i.RevokedAt,
 +		&i.ExpiresAt,
 +	)
 +	return i, err
 +}
++
 +const getUserGPGKeyByFingerprint = `-- name: GetUserGPGKeyByFingerprint :one
 +SELECT id, user_id, name, fingerprint, key_id, armored,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +       uids, subkeys, primary_algo,
 +       created_at, last_used_at, revoked_at, expires_at
 +FROM user_gpg_keys
 +WHERE fingerprint = $1 AND revoked_at IS NULL
 +`
++
 +// Uniqueness probe used by the add path to surface a friendly
 +// "this key is already registered" error before the unique index
 +// violation. Returns any row matching the fingerprint regardless of
 +// which user owns it (global uniqueness is the contract).
 +func (q *Queries) GetUserGPGKeyByFingerprint(ctx context.Context, db DBTX, fingerprint string) (UserGpgKey, error) {
 +	row := db.QueryRow(ctx, getUserGPGKeyByFingerprint, fingerprint)
 +	var i UserGpgKey
 +	err := row.Scan(
 +		&i.ID,
 +		&i.UserID,
 +		&i.Name,
 +		&i.Fingerprint,
 +		&i.KeyID,
 +		&i.Armored,
 +		&i.CanSign,
 +		&i.CanEncryptComms,
 +		&i.CanEncryptStorage,
 +		&i.CanCertify,
 +		&i.CanAuthenticate,
 +		&i.Uids,
 +		&i.Subkeys,
 +		&i.PrimaryAlgo,
 +		&i.CreatedAt,
 +		&i.LastUsedAt,
 +		&i.RevokedAt,
 +		&i.ExpiresAt,
 +	)
 +	return i, err
 +}
++
 +const insertUserGPGKey = `-- name: InsertUserGPGKey :one
++
 +INSERT INTO user_gpg_keys (
 +    user_id, name, fingerprint, key_id, armored,
 +    can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +    uids, subkeys, primary_algo, expires_at
 +)
 +VALUES (
 +    $1, $2, $3, $4, $5,
 +    $6, $7, $8, $9, $10,
 +    $11, $12, $13, $14
 +)
 +RETURNING id, user_id, name, fingerprint, key_id, armored,
 +          can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +          uids, subkeys, primary_algo,
 +          created_at, last_used_at, revoked_at, expires_at
 +`
++
 +type InsertUserGPGKeyParams struct {
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +// SPDX-License-Identifier: AGPL-3.0-or-later
 +// Inserts a parsed primary GPG key. Subkeys land in user_gpg_subkeys
 +// in the same transaction (see InsertUserGPGSubkey). expires_at is
 +// nullable; many keys have no expiration. revoked_at stays NULL on
 +// insert; soft-delete sets it.
 +func (q *Queries) InsertUserGPGKey(ctx context.Context, db DBTX, arg InsertUserGPGKeyParams) (UserGpgKey, error) {
 +	row := db.QueryRow(ctx, insertUserGPGKey,
 +		arg.UserID,
 +		arg.Name,
 +		arg.Fingerprint,
 +		arg.KeyID,
 +		arg.Armored,
 +		arg.CanSign,
 +		arg.CanEncryptComms,
 +		arg.CanEncryptStorage,
 +		arg.CanCertify,
 +		arg.CanAuthenticate,
 +		arg.Uids,
 +		arg.Subkeys,
 +		arg.PrimaryAlgo,
 +		arg.ExpiresAt,
 +	)
 +	var i UserGpgKey
 +	err := row.Scan(
 +		&i.ID,
 +		&i.UserID,
 +		&i.Name,
 +		&i.Fingerprint,
 +		&i.KeyID,
 +		&i.Armored,
 +		&i.CanSign,
 +		&i.CanEncryptComms,
 +		&i.CanEncryptStorage,
 +		&i.CanCertify,
 +		&i.CanAuthenticate,
 +		&i.Uids,
 +		&i.Subkeys,
 +		&i.PrimaryAlgo,
 +		&i.CreatedAt,
 +		&i.LastUsedAt,
 +		&i.RevokedAt,
 +		&i.ExpiresAt,
 +	)
 +	return i, err
 +}
++
 +const listUserGPGKeys = `-- name: ListUserGPGKeys :many
 +SELECT id, user_id, name, fingerprint, key_id, armored,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate,
 +       uids, subkeys, primary_algo,
 +       created_at, last_used_at, revoked_at, expires_at
 +FROM user_gpg_keys
 +WHERE user_id = $1 AND revoked_at IS NULL
 +ORDER BY created_at DESC
 +LIMIT $2 OFFSET $3
 +`
++
 +type ListUserGPGKeysParams struct {
 +	UserID int64
 +	Limit  int32
 +	Offset int32
 +}
++
 +// Paginated list for the REST surface; HTML settings page reuses with
 +// a generous limit and no offset.
 +func (q *Queries) ListUserGPGKeys(ctx context.Context, db DBTX, arg ListUserGPGKeysParams) ([]UserGpgKey, error) {
 +	rows, err := db.Query(ctx, listUserGPGKeys, arg.UserID, arg.Limit, arg.Offset)
 +	if err != nil {
 +		return nil, err
 +	}
 +	defer rows.Close()
 +	items := []UserGpgKey{}
 +	for rows.Next() {
 +		var i UserGpgKey
 +		if err := rows.Scan(
 +			&i.ID,
 +			&i.UserID,
 +			&i.Name,
 +			&i.Fingerprint,
 +			&i.KeyID,
 +			&i.Armored,
 +			&i.CanSign,
 +			&i.CanEncryptComms,
 +			&i.CanEncryptStorage,
 +			&i.CanCertify,
 +			&i.CanAuthenticate,
 +			&i.Uids,
 +			&i.Subkeys,
 +			&i.PrimaryAlgo,
 +			&i.CreatedAt,
 +			&i.LastUsedAt,
 +			&i.RevokedAt,
 +			&i.ExpiresAt,
 +		); err != nil {
 +			return nil, err
 +		}
 +		items = append(items, i)
 +	}
 +	if err := rows.Err(); err != nil {
 +		return nil, err
 +	}
 +	return items, nil
 +}
++
 +const softDeleteUserGPGKey = `-- name: SoftDeleteUserGPGKey :execrows
 +UPDATE user_gpg_keys
 +SET revoked_at = now()
 +WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL
 +`
++
 +type SoftDeleteUserGPGKeyParams struct {
 +	ID     int64
 +	UserID int64
 +}
++
 +// Scoped soft-delete: stamps revoked_at, preserves the row for audit
 +// continuity. Returns the number of rows affected so the handler can
 +// distinguish "not found" from "deleted" without a follow-up query.
 +func (q *Queries) SoftDeleteUserGPGKey(ctx context.Context, db DBTX, arg SoftDeleteUserGPGKeyParams) (int64, error) {
 +	result, err := db.Exec(ctx, softDeleteUserGPGKey, arg.ID, arg.UserID)
 +	if err != nil {
 +		return 0, err
 +	}
 +	return result.RowsAffected(), nil
 +}
++
 +const touchUserGPGKeyLastUsed = `-- name: TouchUserGPGKeyLastUsed :exec
 +UPDATE user_gpg_keys SET last_used_at = now() WHERE id = $1
 +`
++
 +// Best-effort last-used stamp called from the verification path when
 +// a signature successfully resolves to this key. No timeout / error
 +// propagation; the caller fires-and-forgets via a goroutine.
 +func (q *Queries) TouchUserGPGKeyLastUsed(ctx context.Context, db DBTX, id int64) error {
 +	_, err := db.Exec(ctx, touchUserGPGKeyLastUsed, id)
 +	return err
 +}

internal/users/sqlc/user_gpg_subkeys.sql.goadded

 +// Code generated by sqlc. DO NOT EDIT.
 +// versions:
 +//   sqlc v1.31.1
 +// source: user_gpg_subkeys.sql
++
 +package usersdb
++
 +import (
 +	"context"
++
 +	"github.com/jackc/pgx/v5/pgtype"
 +)
++
 +const getUserGPGSubkeyByFingerprint = `-- name: GetUserGPGSubkeyByFingerprint :one
 +SELECT id, gpg_key_id, fingerprint, key_id,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify,
 +       expires_at, revoked_at, created_at
 +FROM user_gpg_subkeys
 +WHERE fingerprint = $1 AND revoked_at IS NULL
 +`
++
 +// Hot path for commit/tag signature verification. The signature
 +// packet carries the signing subkey's fingerprint; this query
 +// resolves it back to the primary key (and via FK to the user).
 +// Index lookup via the partial unique index.
 +func (q *Queries) GetUserGPGSubkeyByFingerprint(ctx context.Context, db DBTX, fingerprint string) (UserGpgSubkey, error) {
 +	row := db.QueryRow(ctx, getUserGPGSubkeyByFingerprint, fingerprint)
 +	var i UserGpgSubkey
 +	err := row.Scan(
 +		&i.ID,
 +		&i.GpgKeyID,
 +		&i.Fingerprint,
 +		&i.KeyID,
 +		&i.CanSign,
 +		&i.CanEncryptComms,
 +		&i.CanEncryptStorage,
 +		&i.CanCertify,
 +		&i.ExpiresAt,
 +		&i.RevokedAt,
 +		&i.CreatedAt,
 +	)
 +	return i, err
 +}
++
 +const insertUserGPGSubkey = `-- name: InsertUserGPGSubkey :one
++
 +INSERT INTO user_gpg_subkeys (
 +    gpg_key_id, fingerprint, key_id,
 +    can_sign, can_encrypt_comms, can_encrypt_storage, can_certify,
 +    expires_at
 +)
 +VALUES (
 +    $1, $2, $3,
 +    $4, $5, $6, $7,
 +    $8
 +)
 +RETURNING id, gpg_key_id, fingerprint, key_id,
 +          can_sign, can_encrypt_comms, can_encrypt_storage, can_certify,
 +          expires_at, revoked_at, created_at
 +`
++
 +type InsertUserGPGSubkeyParams struct {
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +// SPDX-License-Identifier: AGPL-3.0-or-later
 +// One row per subkey of a primary key. Always inserted in the same
 +// transaction as the parent InsertUserGPGKey so the verification
 +// hot path's fingerprint lookup is consistent with the REST nested
 +// shape.
 +func (q *Queries) InsertUserGPGSubkey(ctx context.Context, db DBTX, arg InsertUserGPGSubkeyParams) (UserGpgSubkey, error) {
 +	row := db.QueryRow(ctx, insertUserGPGSubkey,
 +		arg.GpgKeyID,
 +		arg.Fingerprint,
 +		arg.KeyID,
 +		arg.CanSign,
 +		arg.CanEncryptComms,
 +		arg.CanEncryptStorage,
 +		arg.CanCertify,
 +		arg.ExpiresAt,
 +	)
 +	var i UserGpgSubkey
 +	err := row.Scan(
 +		&i.ID,
 +		&i.GpgKeyID,
 +		&i.Fingerprint,
 +		&i.KeyID,
 +		&i.CanSign,
 +		&i.CanEncryptComms,
 +		&i.CanEncryptStorage,
 +		&i.CanCertify,
 +		&i.ExpiresAt,
 +		&i.RevokedAt,
 +		&i.CreatedAt,
 +	)
 +	return i, err
 +}
++
 +const listSubkeysForGPGKey = `-- name: ListSubkeysForGPGKey :many
 +SELECT id, gpg_key_id, fingerprint, key_id,
 +       can_sign, can_encrypt_comms, can_encrypt_storage, can_certify,
 +       expires_at, revoked_at, created_at
 +FROM user_gpg_subkeys
 +WHERE gpg_key_id = $1
 +ORDER BY id
 +`
++
 +// Reads all live subkeys for one primary; used when invalidating the
 +// verification cache on primary soft-delete (every dependent subkey
 +// needs its cache rows stamped invalidated too).
 +func (q *Queries) ListSubkeysForGPGKey(ctx context.Context, db DBTX, gpgKeyID int64) ([]UserGpgSubkey, error) {
 +	rows, err := db.Query(ctx, listSubkeysForGPGKey, gpgKeyID)
 +	if err != nil {
 +		return nil, err
 +	}
 +	defer rows.Close()
 +	items := []UserGpgSubkey{}
 +	for rows.Next() {
 +		var i UserGpgSubkey
 +		if err := rows.Scan(
 +			&i.ID,
 +			&i.GpgKeyID,
 +			&i.Fingerprint,
 +			&i.KeyID,
 +			&i.CanSign,
 +			&i.CanEncryptComms,
 +			&i.CanEncryptStorage,
 +			&i.CanCertify,
 +			&i.ExpiresAt,
 +			&i.RevokedAt,
 +			&i.CreatedAt,
 +		); err != nil {
 +			return nil, err
 +		}
 +		items = append(items, i)
 +	}
 +	if err := rows.Err(); err != nil {
 +		return nil, err
 +	}
 +	return items, nil
 +}
++
 +const softDeleteSubkeysForGPGKey = `-- name: SoftDeleteSubkeysForGPGKey :exec
 +UPDATE user_gpg_subkeys
 +SET revoked_at = now()
 +WHERE gpg_key_id = $1 AND revoked_at IS NULL
 +`
++
 +// Stamps revoked_at on every live subkey of a primary. Called in the
 +// same transaction as SoftDeleteUserGPGKey so the partial unique index
 +// frees up the fingerprint for re-upload if the user rotates.
 +func (q *Queries) SoftDeleteSubkeysForGPGKey(ctx context.Context, db DBTX, gpgKeyID int64) error {
 +	_, err := db.Exec(ctx, softDeleteSubkeysForGPGKey, gpgKeyID)
 +	return err
 +}

internal/webhook/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string

internal/worker/sqlc/models.gomodified

  	CreatedAt             pgtype.Timestamptz
+ }
 +type UserGpgKey struct {
 +	ID                int64
 +	UserID            int64
 +	Name              string
 +	Fingerprint       string
 +	KeyID             string
 +	Armored           string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	CanAuthenticate   bool
 +	Uids              []string
 +	Subkeys           []byte
 +	PrimaryAlgo       string
 +	CreatedAt         pgtype.Timestamptz
 +	LastUsedAt        pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	ExpiresAt         pgtype.Timestamptz
 +}
++
 +type UserGpgSubkey struct {
 +	ID                int64
 +	GpgKeyID          int64
 +	Fingerprint       string
 +	KeyID             string
 +	CanSign           bool
 +	CanEncryptComms   bool
 +	CanEncryptStorage bool
 +	CanCertify        bool
 +	ExpiresAt         pgtype.Timestamptz
 +	RevokedAt         pgtype.Timestamptz
 +	CreatedAt         pgtype.Timestamptz
 +}
++
  type UserNotificationPref struct {
  	UserID    int64
  	Key       string