The Storage primitive proxies a fullstack app’s Supabase Storage API (/storage/v1) with the project service-role key injected. App-scoped, on both the company mount (/v1/apps/:id/...) and per-user mount (/v1/users/:user_id/apps/:id/...). On per-user mounts the kit must enable the storage primitive.
Endpoint
| Method | Path | Description |
|---|
ANY | /v1/apps/:id/storage/proxy/* | Supabase Storage API passthrough (/storage/v1/*) |
storage/proxy/ maps to the project’s /storage/v1/:
| Operation | Method + path |
|---|
| List buckets | GET storage/proxy/bucket |
| Create bucket | POST storage/proxy/bucket |
| Get / delete bucket | GET / DELETE storage/proxy/bucket/{id} |
| List objects | POST storage/proxy/object/list/{bucket} |
| Upload object | POST storage/proxy/object/{bucket}/{path} |
| Download object | GET storage/proxy/object/{bucket}/{path} |
| Delete objects | DELETE storage/proxy/object/{bucket} (body: { prefixes }) |
curl https://api.usenaive.ai/v1/apps/<app-id>/storage/proxy/bucket \
-H "Authorization: Bearer nv_sk_live_..."
Binary uploads are best done with a Supabase signed upload URL (POST .../storage/v1/object/upload/sign/{bucket}/{path}) then a direct PUT of the bytes — the JSON proxy is intended for metadata and text/JSON content.
SDK
await naive.storage.createBucket("avatars", { public: true });
await naive.forUser(userId).storage.list("avatars", { prefix: "users/" });
storage sub-client. 
