diff --git a/storage_v1.19.1/migrations/tenant/0002-storage-schema.sql b/storage_v1.19.1/migrations/tenant/0002-storage-schema.sql
index 1867e3f..dafa872 100644
--- a/storage_v1.19.1/migrations/tenant/0002-storage-schema.sql
+++ b/storage_v1.19.1/migrations/tenant/0002-storage-schema.sql
@@ -221,3 +221,28 @@ BEGIN
              USING (bucket_id = ''profile_images'')';
   END IF;
 END$$;
+
+
+-- ✅ RLS 策略定义（files bucket，幂等）
+DO $$
+BEGIN
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_policies WHERE policyname = 'anon upload files'
+  ) THEN
+    EXECUTE 'CREATE POLICY "anon upload files"
+             ON storage.objects
+             FOR INSERT
+             TO anon
+             WITH CHECK (bucket_id = ''files'')';
+  END IF;
+
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_policies WHERE policyname = 'anon read files'
+  ) THEN
+    EXECUTE 'CREATE POLICY "anon read files"
+             ON storage.objects
+             FOR SELECT
+             TO anon
+             USING (bucket_id = ''files'')';
+  END IF;
+END$$;