Storage as a capability surface.

Three cloud providers shipped. Vendor-neutral upload / download / copy / move / signed URL / multi-part. Capability declarations expose what each one does natively vs runtime-supplemented.

Local for development and self-hosted. MinIO for S3-compatible storage on your own infrastructure. Same canonical surface — your code does not branch.

Core / Stream / Urls / Copy / Metadata / Directory / MultiPart / Query / Version / Batch / Move / AccessControl / ProviderIdentity. Capability mismatches surface explicitly, never silent.

Per-object pre-signed URLs for browser-direct uploads and downloads. Time-bounded, capability-gated, audited through canonical observability.

Large-file resumable uploads via canonical IMultiPartOperations. Chunked, parallel, fail-resumable. Same client API across vendors.

StorageEventEmitter routes through IUsageMeteringService for billing attribution and IQuotaEnforcementService for hard caps. Rides the canonical event substrate; no second metering pipeline.

Object create / update / delete fan out to realtime subscribers (field names only). Every storage mutation surfaces in the canonical observability relay.

ProjectStorageNamespace.PhysicalPrefix derives from immutable project IDs (anti-pattern #32). No slug-based paths. Storage namespaces are forever stable.

Storage provider bindings are scope-chain inherited. A staging branch can point S3 at a different bucket without touching production. Branch and environment, not feature flags.