EP-MEL-16 — File Storage with Signed URLs, Virus Scan, Image Optimization

Companion: Backlog README · EPICS.md · canonical: 07-epics-and-user-stories.md §18

Summary


Wave	R1
Priority	P0
Primary owner	`file-storage-service`
Participating services	every consumer service (theme assets, receipts, photos, documents)
Journeys realised	J-22 (Theme upload + asset lifecycle)
Workflows	WF-11
Frontend surfaces	All upload-capable surfaces
Story count	4

Outcome

File uploads everywhere use signed URLs, are virus-scanned within 5 s, are isolated per tenant under a tenants/{tenant_id}/ prefix, get image-optimized variants served via CDN, and follow lifecycle policies (retention, archival).

Cross-cutting AC for this epic

Signed URLs scoped to tenant + content-type + max size; expire ≤ 15 minutes.
Virus scan via Cloud-managed AV; quarantine on positive with audit + alert.
CDN cache busting via content-hash filenames; never serve stale.
Lifecycle policies move objects to colder storage tiers per tenant plan.

Stories

ID	Title
US-MEL-0122	Upload with signed URL & virus scan
US-MEL-0123	Tenant prefix isolation
US-MEL-0124	Image optimization & CDN
US-MEL-0125	Lifecycle policies (retention, archival)

Full AC in ../07-epics-and-user-stories.md §18.

Cross-references

Definition of Done (Security + Data sections): ../standards/DEFINITION_OF_DONE.md

Summary​

Outcome​

Cross-cutting AC for this epic​

Stories​

Cross-references​

Summary

Outcome

Cross-cutting AC for this epic

Stories

Cross-references