Corporate Documents
Overview
The Corporate Documents module is a secure, version-controlled repository for SONAN's most sensitive internal records — incorporation documents, tax filings, contracts, trademark registrations, board resolutions, and more. It is exclusively available to Super Admins and is gated by the ENABLE_CORPORATE_DOCUMENTS environment variable.
1. Dashboard
The dashboard provides a live overview of your document portfolio:
| Card | What it shows |
|---|---|
| Total Documents | All documents regardless of status |
| Expiring Soon | Documents whose expiry date falls within 90 days |
| Pending Review | Documents in pending_review status awaiting action |
| On Legal Hold | Documents locked from modification or deletion |
The Recent Documents list shows the 10 most recently updated records with status badge, confidentiality level, and a quick-link to the detail page.
2. Document Library
Navigate to Corporate Documents → Library to browse, search, and filter all documents.
Filters
- Search — full-text across file name, display name, description, and tags
- Category — Legal & Formation, Tax & Finance, Contracts, IP, Real Estate, and more
- Status — Draft, Active, Pending Review, Pending Approval, Approved, Archived
- Confidentiality — Internal, Confidential, Restricted, Executive Only, Legal Privileged
- Legal Hold — toggle to show only documents under hold
Results are paginated in batches of 25 with cursor-based Next / Previous navigation. On mobile the library switches to a card layout with a collapsible filter bar.
3. Uploading Documents
Click + Upload Document from the Library or Dashboard.
- Drag files onto the drop zone or click Browse. Up to 10 files per batch, max 500 MB per file.
- Accepted formats: PDF, DOCX, XLSX, PPTX, PNG, JPEG, WebP, GIF, SVG, TXT, CSV, ZIP.
- Fill in metadata for each file:
| Field | Description |
|---|---|
| Display Name | Human-readable title (defaults to filename) |
| Business Entity | Which SONAN entity this document belongs to |
| Category | Legal & Formation, Tax & Finance, Contracts, etc. |
| Document Type | Specific type within the category |
| Confidentiality | Internal / Confidential / Restricted / Executive Only / Legal Privileged |
| Status | Initial status — leave as Draft until ready for review |
| Effective Date | Date the document becomes effective |
| Expiry Date | Drives the Expiring Soon dashboard counter |
| Tags | Comma-separated keywords for full-text search |
- Click Upload All. A progress bar shows per-file status. On success a Done screen links to each uploaded document.
4. Document Detail Page
Click any document to open its detail page, which has three tabs:
Overview Tab
- All metadata fields — status, confidentiality, dates, tags, description
- Download — generates a 5-minute signed URL for the current version
- Edit — opens inline metadata editing
- Legal Hold card — enable or disable with a required reason
- Danger Zone — Permanently Delete action (hidden when legal hold is active)
Versions Tab
- Lists all versions in reverse-chronological order with version number, file size, uploader
- Current version highlighted with a Current badge
- Per-version signed download links
- Upload New Version — replaces the current version; previous version retained for history
Access Tab
- Lists active access grants (user + optional expiry date)
- Grant Access — select an admin user and optional expiry; re-granting auto-revokes the previous grant
- Revoke — removes access immediately; revoked record retained in audit log
5. Bulk Operations
Select multiple documents using the checkboxes. A floating action bar appears at the bottom of the screen:
| Action | Description |
|---|---|
| Set Status | Change all selected documents to a specified status |
| Archive | Move to Archived. Blocked if any selection has a legal hold |
| Restore | Move archived documents back to Active |
| Legal Hold On | Enable hold on all selected documents |
| Legal Hold Off | Clear hold on all selected documents |
Bulk actions are limited to 100 documents per operation.
6. Confidentiality Levels
| Level | Access |
|---|---|
| Public | Any authenticated admin with a grant |
| Internal | Standard internal — granted users |
| Confidential | Sensitive (contracts, financials) — granted users |
| Restricted | Highly sensitive (EINs, tax returns) — granted users |
| Executive Only | Super Admin only — grants not permitted |
| Legal Privileged | Super Admin only — grants not permitted |
7. Legal Hold
Legal hold freezes a document against modification or deletion — used during litigation, audits, or regulatory investigations.
- Enable: document detail → Legal Hold card → Enable Legal Hold → enter reason → Save
- Effect: blocks Archive, Upload New Version, and Permanently Delete
- Clear: return to Legal Hold card → Disable Legal Hold
- All hold changes are logged with user, timestamp, and reason
8. Permanently Deleting a Document
- Open the document detail page
- Ensure there is no active legal hold (Danger Zone is hidden when hold is active)
- Click Permanently Delete in the Danger Zone section
- Type
PERMANENTLY DELETE(exact, all capitals) in the phrase field - Enter a reason (minimum 10 characters)
- Click Delete Forever
All storage versions are removed, then the database record is hard-deleted (cascades to versions, access grants, collection links, and relations). The full action is logged to the audit trail.
9. Folders
Navigate to Corporate Documents → Folders to manage the folder hierarchy.
- Create Folder — name, optional parent folder, optional business entity
- Folders can be nested; paths are computed automatically
- Delete Folder — only permitted when the folder contains no documents or child folders
10. Audit Trail
Every action is logged to Admin → Audit Log:
- Document uploaded / new version uploaded
- Document metadata updated / downloaded (with version ID)
- Document archived / restored / status changed
- Legal hold enabled / disabled (with reason)
- Access granted / revoked (with user ID and expiry)
- Document permanently deleted (with reason and version count)
- Bulk operations (with document IDs, action, result)
Audit entries are immutable and cannot be edited or deleted.
11. Status Lifecycle
Draft → Pending Review → Pending Approval → Approved → Active → Archived
Documents can also be set to Rejected, Superseded, or Expired at any stage.
12. API Reference
| Method | Endpoint | Purpose |
|---|---|---|
| GET / POST | /api/admin/corporate-documents | List documents / create record |
| GET / PATCH / DELETE | /api/admin/corporate-documents/[id] | Get, update, soft-delete document |
| POST | /api/admin/corporate-documents/upload-auth | Get signed upload URL |
| POST | /api/admin/corporate-documents/finalize | Finalize upload, create version record |
| POST | /api/admin/corporate-documents/[id]/download | Get signed download URL |
| POST | /api/admin/corporate-documents/[id]/version-auth | Get signed URL for new version |
| POST | /api/admin/corporate-documents/[id]/version-finalize | Promote new version |
| POST | /api/admin/corporate-documents/bulk | Bulk operations |
| GET / POST | /api/admin/corporate-documents/[id]/access | List and grant access |
| DELETE | /api/admin/corporate-documents/[id]/access/[grantId] | Revoke access grant |
| POST | /api/admin/corporate-documents/[id]/permanent-delete | Permanently delete |
| GET / POST / DELETE | /api/admin/corporate-folders | Folder CRUD |
| GET | /api/admin/corporate-businesses | Business entity selector |
| GET | /api/admin/corporate-categories | Document category list |
| GET | /api/admin/corporate-types | Document type list |
| GET | /api/admin/corporate-stats | Dashboard statistics |
All routes require ENABLE_CORPORATE_DOCUMENTS=true, a valid session, and Super Admin role for write operations.