"""INDL-55: add users.password_changed_at (Settings → Security → Change Password).

Single additive nullable column, zero-downtime. NULL means "not changed since
this column was introduced" — that is accurate historical data for existing
rows, not something to backfill/synthesize, so there is no data migration
here (no UPDATE statement backfilling e.g. created_at as a proxy value).

No index: nothing queries users by password_changed_at (it is written on
change-password and read only via the single-row user lookup that already
happens by primary key / email, both of which have their own indexes). Adding
one would just be write-amplification with no read benefit.

Revision ID: 0067
Revises: 0066
"""
import sqlalchemy as sa
from alembic import op

revision = "0067"
down_revision = "0066"
branch_labels = None
depends_on = None


def upgrade() -> None:
    op.add_column(
        "users",
        sa.Column("password_changed_at", sa.DateTime(timezone=True), nullable=True),
    )


def downgrade() -> None:
    op.drop_column("users", "password_changed_at")
