storage
Use this Claude Code skill when your Butterbase app needs to handle file operations including uploading files to S3 storage and generating presigned URLs for downloads. The skill manages the complete file lifecycle: requesting upload URLs, downloading files via temporary signed URLs, listing stored objects, deleting files, and configuring storage settings. Always persist the returned `object_id` (a UUID) in your database tables rather than the internal S3 key, since URLs must be generated fresh on demand and expire after set periods like 15 minutes for uploads or one hour for downloads.
git clone --depth 1 https://github.com/butterbase-ai/butterbase-skills /tmp/storage && cp -r /tmp/storage/skills/storage ~/.claude/skills/storageSKILL.md
# Butterbase Storage
Butterbase stores files in S3 (or LocalStack in dev) and exposes them via presigned URLs. Every file gets a stable `object_id` (UUID) that you persist in your tables; URLs are generated on demand and expire.
All storage operations go through one tool: **`manage_storage`** with an `action` parameter.
| Action | Purpose |
|--------|---------|
| `upload_url` | Generate a 15-minute presigned PUT URL and reserve an `object_id` |
| `download_url` | Generate a 1-hour presigned GET URL for a stored object |
| `list` | List objects (scoped by caller's role) |
| `delete` | Permanently remove an object from S3 + database |
| `update_config` | Toggle app-level `publicReadEnabled` and other storage settings |
---
## 1. The mental model: `object_id` vs `s3_key`
| Field | What it is | When you use it |
|-------|-----------|-----------------|
| `object_id` | UUID, stable, app-level handle | Persist in your tables (e.g. `users.avatar_id`, `posts.image_id`) |
| `s3_key` | Internal bucket path like `app_abc/user_uuid/file.jpg` | Internal only — **never** treat this as a URL |
**Critical:** `s3_key` is **not** a URL. You cannot use it as `<img src>` or `<a href>`. Always store the `object_id` and resolve a fresh download URL at render time.
---
## 2. The upload lifecycle
A single upload is two HTTP calls and one DB insert in your app:
```
┌─────────────────────────┐
│ 1. manage_storage( │ → returns { upload_url, object_id, expires_at }
│ action: upload_url)│
├─────────────────────────┤
│ 2. PUT file -> S3 │ → must include exact Content-Type header
├─────────────────────────┤
│ 3. INSERT INTO ... │ → save object_id alongside the user/post/etc.
└─────────────────────────┘
```
If you skip step 3, the file lives in S3 but no row references it — an **orphaned object** counting against your quota. Always persist the `object_id`.
### Step 1 — request an upload URL
```js
manage_storage({
app_id: "app_abc123",
action: "upload_url",
filename: "avatar.jpg",
content_type: "image/jpeg",
size_bytes: 245123,
public: false // optional; default false
})
```
Returns:
```json
{
"upload_url": "https://s3.amazonaws.com/...",
"object_id": "9c14b2e0-...",
"expires_at": "2026-05-08T22:15:00Z"
}
```
The `object_id` is created **immediately** in the database; the file just hasn't been uploaded yet.
### Step 2 — PUT the bytes
The Content-Type on the PUT must match exactly the `content_type` you sent in step 1. If it doesn't, S3 rejects the upload or stores the wrong MIME — breaking browser previews.
```bash
curl -X PUT "{upload_url}" \
-H "Content-Type: image/jpeg" \
--data-binary @avatar.jpg
```
From the browser:
```js
await fetch(uploadUrl, {
method: "PUT",
headers: { "Content-Type": file.type },
body: file
});
```
### Step 3 — persist the `object_id`
```sql
UPDATE users SET avatar_id = $1 WHERE id = $2
```
Or via the auto-API / SDK — whatever your app uses for writes. Without this step, the file is unreachable.
---
## 3. Generating download URLs
Each call returns a fresh URL valid for 1 hour. Don't bake URLs into static HTML or long-lived caches — re-generate per render or per session.
```js
manage_storage({
app_id: "app_abc123",
action: "download_url",
object_id: "9c14b2e0-..."
})
// → { download_url: "https://s3.amazonaws.com/..." }
```
For lists with many files, resolve URLs in parallel:
```js
const urls = await Promise.all(
posts.map(p => getDownloadUrl(p.image_id))
);
```
If the caller is unauthorized, the response is `404` (not `403`) — Butterbase deliberately hides existence to avoid leaking object IDs.
---
## 4. Access control
Three tiers, evaluated in order:
| Caller | What they can read |
|--------|--------------------|
| Service key (`bb_sk_*`) | Everything in the app — RLS bypassed |
| End-user JWT | Files where `(user_id === caller_id) OR object.public === true OR app.publicReadEnabled === true` |
| Anonymous (no auth) | Only public objects (and only if app access mode allows anon) |
### Per-object public flag
Set at upload time:
```js
manage_storage({ app_id, action: "upload_url", filename, content_type, size_bytes, public: true })
```
Use this for one-off public files (a marketing image, a shared avatar) without flipping the whole app to public-read.
### App-wide public read
```js
manage_storage({
app_id: "app_abc123",
action: "update_config",
publicReadEnabled: true
})
```
When `true`, any authenticated user in the app can download any file. Uploads and deletes stay user-scoped.
> Storage ACL is hardcoded — you cannot layer Postgres RLS policies on top of `storage_objects`. If you need fine-grained custom rules, gate downloads through a serverless function instead of handing out direct presigned URLs.
---
## 5. Listing and deleting
```js
manage_storage({ app_id: "app_abc123", action: "list" })
```
Service key sees everything; end-user JWT sees only their own files. Each item has `id, user_id, key, filename, content_type, size_bytes, created_at`.
```js
manage_storage({ app_id: "app_abc123", action: "delete", object_id: "9c14b2e0-..." })
```
Permanently removes the S3 object and DB row. **Clear foreign-key references first** (e.g. `UPDATE users SET avatar_id = NULL`) — `manage_storage` doesn't.
---
## 6. Quotas & error codes
| Limit | Default | Override |
|-------|---------|----------|
| Per-file size | 10 MB | `storage_config` |
| Total app storage | Plan-dependent | Upgrade plan |
| Allowed content types | All by default | `storage_config.allowedContentTypes` whitelist |
| Error | When |
|-------|------|
| `QUOTA_FILE_SIZE_EXCEEDED` (400) | `size_bytes` > per-file limit |
| `QUOTA_STORAGE_EXCEEDED` (429) | App total exhausted |
| `VALIDATION_INVALID_TYPE` (400) | `content_type` not in whitelist |
| `RESOURCE_NOT_FOUND` (404) | Object missing or caller unauthorized (deliberately ambiguous) |
| `S3_ERROR` (503) | Transient S3 failure — retry |
---
## 7. CommoClaude Code plugin for Butterbase — 30+ guided skills and auto-configured MCP for the AI-native backend-as-a-service.
Use when calling the app's AI gateway from agent tools — chat completions, embeddings, listing models, configuring defaults or BYOK, reading token/cost usage
Configure OAuth providers, auth hooks, JWT lifetimes, and service keys for a Butterbase app
Use when building a new Butterbase app from scratch, creating a full-stack application, or when the user asks to set up a complete backend with database, auth, and deployment
Use when users report access denied errors, see wrong data, RLS policies are not working, or when troubleshooting Row-Level Security issues in Butterbase
Deploy a frontend (React, Next.js, or static HTML) to a live URL on Butterbase
Use when building stateful per-key actors — chat rooms, multiplayer rooms, rate limiters, long-running agents, leaderboards — that need persistent in-memory + storage state across requests
Develop, deploy, or debug a Butterbase serverless function