-- Create temp-imports bucket for caching decompressed CSVs
INSERT INTO storage.buckets (id, name, public) VALUES ('temp-imports', 'temp-imports', false);

-- Allow service_role (edge functions) full access - no user-facing RLS needed
-- The edge function uses service_role key which bypasses RLS
-- But we add policies for authenticated admin users who may need to clean up
CREATE POLICY "Admins can manage temp imports"
ON storage.objects FOR ALL
USING (bucket_id = 'temp-imports' AND auth.role() = 'authenticated')
WITH CHECK (bucket_id = 'temp-imports' AND auth.role() = 'authenticated');