Overview

The Corporate Documents module is a secure, version-controlled repository for SONAN's most sensitive internal records — incorporation documents, tax filings, contracts, trademark registrations, board resolutions, and more. It is exclusively available to Super Admins and is gated by the ENABLE_CORPORATE_DOCUMENTS environment variable.

Access: Super Admin role required. Navigate to Corporate Documents in the left sidebar.

1. Dashboard

The dashboard provides a live overview of your document portfolio:

CardWhat it shows
Total DocumentsAll documents regardless of status
Expiring SoonDocuments whose expiry date falls within 90 days
Pending ReviewDocuments in pending_review status awaiting action
On Legal HoldDocuments locked from modification or deletion

The Recent Documents list shows the 10 most recently updated records with status badge, confidentiality level, and a quick-link to the detail page.


2. Document Library

Navigate to Corporate Documents → Library to browse, search, and filter all documents.

Filters

  • Search — full-text across file name, display name, description, and tags
  • Category — Legal & Formation, Tax & Finance, Contracts, IP, Real Estate, and more
  • Status — Draft, Active, Pending Review, Pending Approval, Approved, Archived
  • Confidentiality — Internal, Confidential, Restricted, Executive Only, Legal Privileged
  • Legal Hold — toggle to show only documents under hold

Results are paginated in batches of 25 with cursor-based Next / Previous navigation. On mobile the library switches to a card layout with a collapsible filter bar.


3. Uploading Documents

Click + Upload Document from the Library or Dashboard.

  1. Drag files onto the drop zone or click Browse. Up to 10 files per batch, max 500 MB per file.
  2. Accepted formats: PDF, DOCX, XLSX, PPTX, PNG, JPEG, WebP, GIF, SVG, TXT, CSV, ZIP.
  3. Fill in metadata for each file:
FieldDescription
Display NameHuman-readable title (defaults to filename)
Business EntityWhich SONAN entity this document belongs to
CategoryLegal & Formation, Tax & Finance, Contracts, etc.
Document TypeSpecific type within the category
ConfidentialityInternal / Confidential / Restricted / Executive Only / Legal Privileged
StatusInitial status — leave as Draft until ready for review
Effective DateDate the document becomes effective
Expiry DateDrives the Expiring Soon dashboard counter
TagsComma-separated keywords for full-text search
  1. Click Upload All. A progress bar shows per-file status. On success a Done screen links to each uploaded document.
Important: Executive Only and Legal Privileged documents are permanently restricted to Super Admins. Access grants cannot be created for these levels.

4. Document Detail Page

Click any document to open its detail page, which has three tabs:

Overview Tab

  • All metadata fields — status, confidentiality, dates, tags, description
  • Download — generates a 5-minute signed URL for the current version
  • Edit — opens inline metadata editing
  • Legal Hold card — enable or disable with a required reason
  • Danger Zone — Permanently Delete action (hidden when legal hold is active)

Versions Tab

  • Lists all versions in reverse-chronological order with version number, file size, uploader
  • Current version highlighted with a Current badge
  • Per-version signed download links
  • Upload New Version — replaces the current version; previous version retained for history

Access Tab

  • Lists active access grants (user + optional expiry date)
  • Grant Access — select an admin user and optional expiry; re-granting auto-revokes the previous grant
  • Revoke — removes access immediately; revoked record retained in audit log

5. Bulk Operations

Select multiple documents using the checkboxes. A floating action bar appears at the bottom of the screen:

ActionDescription
Set StatusChange all selected documents to a specified status
ArchiveMove to Archived. Blocked if any selection has a legal hold
RestoreMove archived documents back to Active
Legal Hold OnEnable hold on all selected documents
Legal Hold OffClear hold on all selected documents

Bulk actions are limited to 100 documents per operation.


6. Confidentiality Levels

LevelAccess
PublicAny authenticated admin with a grant
InternalStandard internal — granted users
ConfidentialSensitive (contracts, financials) — granted users
RestrictedHighly sensitive (EINs, tax returns) — granted users
Executive OnlySuper Admin only — grants not permitted
Legal PrivilegedSuper Admin only — grants not permitted

Legal hold freezes a document against modification or deletion — used during litigation, audits, or regulatory investigations.

  • Enable: document detail → Legal Hold card → Enable Legal Hold → enter reason → Save
  • Effect: blocks Archive, Upload New Version, and Permanently Delete
  • Clear: return to Legal Hold card → Disable Legal Hold
  • All hold changes are logged with user, timestamp, and reason

8. Permanently Deleting a Document

Warning: Permanent deletion is irreversible. All versions are purged from storage and the database. There is no undo.
  1. Open the document detail page
  2. Ensure there is no active legal hold (Danger Zone is hidden when hold is active)
  3. Click Permanently Delete in the Danger Zone section
  4. Type PERMANENTLY DELETE (exact, all capitals) in the phrase field
  5. Enter a reason (minimum 10 characters)
  6. Click Delete Forever

All storage versions are removed, then the database record is hard-deleted (cascades to versions, access grants, collection links, and relations). The full action is logged to the audit trail.


9. Folders

Navigate to Corporate Documents → Folders to manage the folder hierarchy.

  • Create Folder — name, optional parent folder, optional business entity
  • Folders can be nested; paths are computed automatically
  • Delete Folder — only permitted when the folder contains no documents or child folders

10. Audit Trail

Every action is logged to Admin → Audit Log:

  • Document uploaded / new version uploaded
  • Document metadata updated / downloaded (with version ID)
  • Document archived / restored / status changed
  • Legal hold enabled / disabled (with reason)
  • Access granted / revoked (with user ID and expiry)
  • Document permanently deleted (with reason and version count)
  • Bulk operations (with document IDs, action, result)

Audit entries are immutable and cannot be edited or deleted.


11. Status Lifecycle

DraftPending ReviewPending ApprovalApprovedActiveArchived

Documents can also be set to Rejected, Superseded, or Expired at any stage.


12. API Reference

MethodEndpointPurpose
GET / POST/api/admin/corporate-documentsList documents / create record
GET / PATCH / DELETE/api/admin/corporate-documents/[id]Get, update, soft-delete document
POST/api/admin/corporate-documents/upload-authGet signed upload URL
POST/api/admin/corporate-documents/finalizeFinalize upload, create version record
POST/api/admin/corporate-documents/[id]/downloadGet signed download URL
POST/api/admin/corporate-documents/[id]/version-authGet signed URL for new version
POST/api/admin/corporate-documents/[id]/version-finalizePromote new version
POST/api/admin/corporate-documents/bulkBulk operations
GET / POST/api/admin/corporate-documents/[id]/accessList and grant access
DELETE/api/admin/corporate-documents/[id]/access/[grantId]Revoke access grant
POST/api/admin/corporate-documents/[id]/permanent-deletePermanently delete
GET / POST / DELETE/api/admin/corporate-foldersFolder CRUD
GET/api/admin/corporate-businessesBusiness entity selector
GET/api/admin/corporate-categoriesDocument category list
GET/api/admin/corporate-typesDocument type list
GET/api/admin/corporate-statsDashboard statistics

All routes require ENABLE_CORPORATE_DOCUMENTS=true, a valid session, and Super Admin role for write operations.