========================================
[Sun Feb  8 22:08:03 AEDT 2026] CC VPS triggered by Rivet
========================================

Task:
Create 'avatars' storage bucket in Supabase with proper RLS policies for RateRight v2 project (ref: eciepjpcyfurbkfzekok). Workers and contractors should be able to upload their own avatars. Files should be publicly readable but only the owner can write/delete. Update any code references if needed.
----------------------------------------

## ✅ Done

Created the **'avatars' storage bucket** in Supabase with proper security:

**Bucket config:**
- 5MB file size limit
- Public read access
- Restricted to image types (jpeg, png, webp, gif)

**RLS Policies:**
- ✅ Anyone can view avatars (public bucket)
- ✅ Authenticated users can upload their own avatar (files stored as `user_id/avatar.ext`)
- ✅ Users can only update/delete their own avatars
- ✅ Enforced via path-based ownership check

**Code status:**
- `src/components/avatar-upload.tsx` already correctly references the bucket — no changes needed
- Migration documented in `supabase/migrations/20260208000005_create_avatars_bucket.sql`
- Committed and pushed to main

Avatar uploads are now fully functional with proper security 🎯

----------------------------------------
[Sun Feb  8 22:09:39 AEDT 2026] Task finished (exit code: 0)
