refactor(storage): trim to local + S3-compatible; add NAS exposure guide

Storage adapters trimmed from 9 to 2: keep LocalStorageAdapter and
S3StorageAdapter.  Remove Google Drive, OneDrive, Dropbox, FTP, GCS,
Azure, and rclone-as-adapter.  S3-compatible object storage covers
all of these use cases (MinIO, Cloudflare R2, Garage, SeaweedFS, Ceph
RGW, etc.) with a single, vendor-neutral code path that supports the
multipart semantics OpenCodeHub needs for large blobs.

Code:
- src/lib/storage.ts: rewrite (2331 -> 762 lines).  Drop 7 adapter
  classes and the driver-specific StorageConfig fields.  Factory is
  now strictly { local, s3 }.
- src/lib/git-storage.ts: isCloudStorage() = type === 's3' (fixes a
  pre-existing bug where dropbox/ftp were silently treated as local).
- src/lib/validation.ts: StorageConfigSchema restricted to
  ['local', 's3'].
- src/lib/env-validation.ts: STORAGE_TYPE validator + S3-required
  fields; gdrive/rclone validators removed.
- src/pages/api/admin/config/storage.ts: normalizeConfig() whitelists
  drivers and sanitises the payload (was a passthrough spread, which
  silently accepted removed fields).
- scripts/verify-env-config.ts: rewritten to verify the two supported
  drivers end-to-end (was hardcoded to STORAGE_TYPE=gdrive).
- package.json: drop @google-cloud/storage, @azure/storage-blob,
  googleapis, basic-ftp (4 packages, ~12 MB of transitive deps).

Configuration:
- .env.example: STORAGE_TYPE is the canonical var; drop the gcs/azure/
  ftp/rclone/gdrive sections.  Document that any S3-v4 vendor works
  via STORAGE_ENDPOINT.

Documentation:
- docs/guides/storage-adapters.md + docs-site mirror: full rewrite
  for local + S3 with preset configs for AWS S3, MinIO, Cloudflare R2,
  Garage, SeaweedFS, Ceph RGW, Wasabi, Backblaze B2, DigitalOcean
  Spaces.
- docs/administration/configuration.md (both versions): storage env
  table updated; removed drivers called out explicitly.
- docs/administration/deployment.md, deploy-cpanel.md,
  deploy-cyberpanel.md, deploy-cloudflare.md, installation.md
  (both versions): STORAGE_DRIVER -> STORAGE_TYPE; canonical env
  variable names throughout.
- docs/development/architecture.md: storage-layer diagram reduced to
  two adapters; removed driver rows replaced with explanatory note.
- AGENTS.md: 8+ backends -> 2 backends; env table; section 6.4
  rewritten.
- src/pages/admin/_storage-disabled.txt: rclone + rclone-sub-remote
  options removed (file is intentionally not routed).

NEW: docs/administration/expose-nas.md + docs-site mirror
  How to put OpenCodeHub on the public internet from a NAS or home
  server WITHOUT port forwarding, covering:
    1. Tailscale Funnel (WireGuard mesh + edge ingress)
    2. Cloudflare Tunnel (outbound cloudflared daemon)
  with a side-by-side comparison, NAS-specific install snippets
  (Synology DSM, TrueNAS SCALE, QNAP, generic Linux), the right
  TRUSTED_PROXIES values for each, an 8-item hardening checklist,
  SSH-git note, and a troubleshooting section.

Validation:
- bun install -> 4 packages removed cleanly.
- bun run typecheck -> 0 errors.
- bun run lint -> 0 errors, 0 warnings, 478 hints.
- SKIP_REDIS_CHECK=1 bun run test -> 546/546 pass.
- bun run security:audit -> PASSED (0 disallowed high/critical).
- bun run scripts/verify-env-config.ts -> 10/10 storage checks pass.

Author: swadhinbiswas

.env.example

@@ -64,31 +64,26 @@ GIT_SSH_PORT=2222
 GIT_SSH_HOST_KEY=./data/ssh/host_key
 
 # Storage Configuration
-# Supported: local, s3, gcs, azure, dropbox, gdrive, ftp, rclone
-STORAGE_DRIVER=local
+# Supported backends: local, s3
+#   local — filesystem rooted at STORAGE_PATH (default ./data/storage).
+#   s3    — any S3-compatible object store: AWS S3, MinIO, Cloudflare R2,
+#            Garage, SeaweedFS, Ceph RGW, Wasabi, Backblaze B2, etc.
+#            Set STORAGE_ENDPOINT for non-AWS vendors.  Path-style is
+#            enabled automatically when an endpoint is provided.
+#
+# Previously supported: gcs, azure, dropbox, gdrive, ftp, rclone-as-adapter.
+# These were removed in favour of S3-compatible object storage and the
+# rclone backup utility (see docs/administration/storage-adapters.md).
+STORAGE_TYPE=local
 STORAGE_PATH=./data/storage
 
-# S3 Configuration (if STORAGE_DRIVER=s3)
-S3_BUCKET=
-S3_REGION=
-S3_ACCESS_KEY=
-S3_SECRET_KEY=
-S3_ENDPOINT=
-
-# Google Cloud Storage (if STORAGE_DRIVER=gcs)
-GCS_BUCKET=
-GCS_PROJECT_ID=
-GCS_KEY_FILE=
-
-# FTP Configuration (if STORAGE_DRIVER=ftp)
-FTP_HOST=
-FTP_PORT=21
-FTP_USER=
-FTP_PASSWORD=
-
-# Rclone Configuration (if STORAGE_DRIVER=rclone)
-RCLONE_REMOTE=
-RCLONE_CONFIG_PATH=
+# S3 Configuration (required when STORAGE_TYPE=s3)
+STORAGE_BUCKET=
+STORAGE_REGION=us-east-1
+STORAGE_ENDPOINT=
+STORAGE_ACCESS_KEY_ID=
+STORAGE_SECRET_ACCESS_KEY=
+# STORAGE_PATH=  (left empty for s3; only used for local)
 
 # CI/CD Runner Configuration
 RUNNER_ENABLED=true

AGENTS.md

@@ -12,7 +12,7 @@
 - Stack-first PR workflows (Graphite-style stacked PRs)
 - Merge queue with speculative builds and priority lanes
 - GitHub Actions-compatible CI/CD pipeline engine + Docker-based runner
-- Pluggable storage (local, S3, GCS, Azure, Google Drive, OneDrive, Dropbox, FTP, rclone)
+- Pluggable storage (`local` filesystem or `s3` — any S3-compatible object store: AWS S3, MinIO, Cloudflare R2, Garage, SeaweedFS, Ceph RGW, Wasabi, Backblaze B2, etc.)
 - Multi-database support (PostgreSQL, SQLite, Turso/LibSQL)
 - Built-in AI code review, automations, webhooks
 
@@ -66,7 +66,7 @@
 | Git | Native `git` CLI + `simple-git` + `isomorphic-git` + `nodegit` |
 | SSH | `ssh2` library |
 | CI/CD | Dockerode (Docker API) |
-| Storage | Abstract adapter pattern with 8+ backends |
+| Storage | Abstract adapter pattern; 2 backends (`local`, `s3`-compatible) |
 | Realtime | Custom (see `src/lib/realtime.ts`) |
 | Queue | BullMQ + Redis |
 | CLI | Commander.js + Inquirer + Chalk + `simple-git` |
@@ -250,16 +250,12 @@ Browser/Git CLI → Astro middleware (auth, rate limit, CSRF)
 
 ### 6.4 Storage Abstraction
 All blob storage goes through `StorageAdapter` abstract class:
-- `LocalStorageAdapter` — filesystem
-- `S3StorageAdapter` — S3/MinIO/R2
-- `GCSStorageAdapter` — Google Cloud Storage
-- `AzureStorageAdapter` — Azure Blob
-- `GoogleDriveStorageAdapter` — Google Drive
-- `OneDriveStorageAdapter` — Microsoft OneDrive
-- `DropboxStorageAdapter` — Dropbox
-- `RcloneStorageAdapter` — Any rclone remote
+- `LocalStorageAdapter` — filesystem rooted at `STORAGE_PATH`
+- `S3StorageAdapter` — any S3-compatible object store (AWS S3, MinIO, Cloudflare R2, Garage, SeaweedFS, Ceph RGW, Wasabi, Backblaze B2, ...).  Path-style addressing is enabled automatically when `STORAGE_ENDPOINT` is set.
 
-Configured via `STORAGE_DRIVER` env var.
+> Previous releases also shipped GCS, Azure, Google Drive, OneDrive, Dropbox, FTP, and rclone-as-adapter backends.  These were removed in favour of S3-compatible object storage (one code path, multipart semantics, vendor-neutral).  rclone remains available as a separate optional backup utility (`scripts/sync-storage.ts` + `/api/admin/sync`).
+
+Configured via `STORAGE_TYPE` env var (`local` or `s3`).
 
 ### 6.5 Database Flexibility
 `src/db/index.ts` provides a factory pattern:
@@ -328,7 +324,7 @@ och focus                          # Terminal UI for PRs/queue/reviews
 | `RUNNER_SECRET` | Runner-server shared secret |
 | `AI_CONFIG_ENCRYPTION_KEY` | AI provider key encryption |
 | `WORKFLOW_SECRET_ENCRYPTION_KEY` | CI secret encryption |
-| `STORAGE_DRIVER` | Blob storage backend |
+| `STORAGE_TYPE` | Blob storage backend (`local` or `s3`) |
 | `REDIS_URL` | Redis for sessions/queues |
 | `GIT_REPOS_PATH` | Local git repo storage |
 | `GIT_SSH_PORT` | SSH git server port |

bun.lock

@@ -33,13 +33,18 @@ OpenCodeHub is configured exclusively via environment variables.
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `STORAGE_TYPE` | `local`, `s3`, `gdrive`, `azure` | `local` |
-| `STORAGE_PATH` | Path for local storage | `./data` |
-| `STORAGE_BUCKET` | Bucket name (S3/GCP) | |
-| `STORAGE_REGION` | AWS Region | `us-east-1` |
-| `STORAGE_ENDPOINT` | Custom S3 endpoint | |
-| `S3_ACCESS_KEY` | AWS Access Key | |
-| `S3_SECRET_KEY` | AWS Secret Key | |
+| `STORAGE_TYPE` | `local` (filesystem) or `s3` (any S3-compatible object store) | `local` |
+| `STORAGE_PATH` | Path for local storage | `./data/storage` |
+| `STORAGE_BUCKET` | Bucket name (required for `s3`) | |
+| `STORAGE_REGION` | S3 region | `us-east-1` |
+| `STORAGE_ENDPOINT` | Custom S3 endpoint (MinIO, R2, Garage, SeaweedFS, Ceph RGW, etc.) | |
+| `STORAGE_ACCESS_KEY_ID` | S3 access key | |
+| `STORAGE_SECRET_ACCESS_KEY` | S3 secret key | |
+
+> Only `local` and `s3` storage backends are supported.  Previous releases
+> also supported `gdrive`, `azure`, `gcs`, `dropbox`, `onedrive`, `ftp`, and
+> an rclone-as-adapter option; these have been removed in favour of
+> S3-compatible object storage.  See `docs/guides/storage-adapters.md`.
 
 ## AI Review
 

docs-site/src/content/docs/administration/configuration.md

@@ -130,8 +130,8 @@ STORAGE_TYPE=s3
 STORAGE_BUCKET=opencodehub-repos
 STORAGE_REGION=auto
 STORAGE_ENDPOINT=https://<account-id>.r2.cloudflarestorage.com
-S3_ACCESS_KEY=<your-r2-access-key-id>
-S3_SECRET_KEY=<your-r2-secret-access-key>
+STORAGE_ACCESS_KEY_ID=<your-r2-access-key-id>
+STORAGE_SECRET_ACCESS_KEY=<your-r2-secret-access-key>
 ```
 
 Find your account ID in Cloudflare Dashboard → R2 → Overview.
@@ -298,8 +298,8 @@ STORAGE_TYPE=s3
 STORAGE_BUCKET=opencodehub-repos
 STORAGE_REGION=auto
 STORAGE_ENDPOINT=https://<account-id>.r2.cloudflarestorage.com
-S3_ACCESS_KEY=<r2-access-key>
-S3_SECRET_KEY=<r2-secret-key>
+STORAGE_ACCESS_KEY_ID=<r2-access-key>
+STORAGE_SECRET_ACCESS_KEY=<r2-secret-key>
 ```
 
 ---

docs-site/src/content/docs/administration/deploy-cloudflare.md

@@ -153,7 +153,7 @@ SITE_URL=https://git.yourdomain.com
 NODE_ENV=production
 
 # Storage (local is fine for single-server cPanel)
-STORAGE_DRIVER=local
+STORAGE_TYPE=local
 STORAGE_PATH=./data/storage
 REPOS_PATH=./data/repos
 

docs-site/src/content/docs/administration/deploy-cpanel.md

@@ -143,7 +143,7 @@ SITE_URL=https://git.yourdomain.com
 NODE_ENV=production
 
 # Storage
-STORAGE_DRIVER=local
+STORAGE_TYPE=local
 STORAGE_PATH=/data/storage
 REPOS_PATH=/data/repos
 SSH_HOST_KEY_PATH=/data/ssh/host_key

docs-site/src/content/docs/administration/deploy-cyberpanel.md

@@ -90,18 +90,21 @@ DATABASE_DRIVER=postgres
 DATABASE_URL=postgresql://user:password@host:5432/opencodehub
 ```
 
-**Storage (Use cloud storage, not local):**
+**Storage (S3-compatible; works with AWS S3, MinIO, Cloudflare R2, Garage, SeaweedFS, Ceph RGW, etc.):**
 ```bash
 STORAGE_TYPE=s3
 STORAGE_BUCKET=opencodehub-production
 STORAGE_REGION=us-east-1
-S3_ACCESS_KEY=<your-access-key>
-S3_ACCESS_KEY=<your-access-key>
-S3_SECRET_KEY=<your-secret-key>
+STORAGE_ACCESS_KEY_ID=<your-access-key>
+STORAGE_SECRET_ACCESS_KEY=<your-secret-key>
+# STORAGE_ENDPOINT=https://<account>.r2.cloudflarestorage.com   # set for non-AWS vendors
 ```
 
-**Google Drive + Turso Stack:**
-See [docs/GDRIVE_STACK.md](docs/GDRIVE_STACK.md) for detailed setup.
+> Only `local` and `s3` storage backends are supported.  Google Drive,
+> OneDrive, Dropbox, FTP, GCS, Azure, and rclone-as-adapter have been
+> removed; use the `s3` driver with a vendor-specific `STORAGE_ENDPOINT`
+> for object storage.  See `docs/guides/storage-adapters.md` for the
+> full list of compatible object stores.
 ```bash
 STORAGE_TYPE=gdrive
 GOOGLE_CLIENT_ID=...