[DRAFT] feat: add blob storage foundation and backends

[0vertake]

What changed

• Added new pkg/blobs package with scoped storage API and shared errors/types.
• Added backends: memory, filesystem, gcs, s3.
• Added internal key generation from Scope + path (no caller-built keys).
• Added presigned URL support (cloud backends) and paginated listing.
• Added env-based backend config in pkg/blobs/config.go.
• Added pkg/blobs tests for core behavior.
• Updated go.mod / go.sum for required S3/GCS dependencies.

[superplanehq-integration]

👋 Commands for maintainers:

• /sp start - Start an ephemeral machine (takes ~30s)
• /sp stop - Stop a running machine (auto-executed on pr close)

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Scope IDs unsanitized, enabling filesystem cross-scope traversal

High Severity

validateScope only checks that scope IDs are non-empty, but doesn't reject IDs containing path traversal sequences like ../ or /. Since objectKey interpolates these IDs directly into the key via fmt.Sprintf, a crafted scope ID (e.g., NodeID = "../../organization/other-org") produces a key like blobs/node/c1/../../organization/other-org/file.txt. On the filesystem backend, filepath.Clean in resolvePath resolves the .. components, mapping this to a different scope's directory — while still passing the "within base path" check. This breaks the scope isolation guarantee.

Additional Locations (1)

• pkg/blobs/keys.go#L18-L31

 

[cursor]

Empty blob path creates trailing-slash key, corrupts filesystem

Medium Severity

cleanPath returns an empty string (no error) when the input is empty, whitespace, or resolves to "." (e.g., "a/.."). This causes objectKey to produce keys with a trailing slash like blobs/organization/org-1/. On the filesystem backend, this creates a regular file at a path that subsequent non-empty blob operations need to be a directory (e.g., blobs/organization/org-1/test.txt), breaking MkdirAll and rendering the scope unusable.