Audience: Contributors, PMs, Reviewers, Devs, Security
Outcomes: Clean, reviewable submissions; secure storage; traceable feedback
Limits & security (defaults; policy-tunable)
10 MB/file, 6 files/request
Allowed: PNG/JPG, PDF, DOC/DOCX, TXT/MD, JSON/CSV/XML, ZIP/RAR/7z
Virus scan + MIME validation on upload
Storage outside web root; signed URLs or role-checked access
Upload (with metadata)
curl -X POST $API_BASE/api/orders/ord_123/deliverables -b cookies.txt \ -F 'milestoneId=m1' \ -F 'notes=Initial wireframes' \ -F '[email protected]' \ -F '[email protected]'
Best practices
Filenames:
ord123-m1-wireframes-v1.pdfAdd checksums for large archives
Add short notes stating what changed
Versioning
Re-uploads create a new deliverable version; reviewers see diffs/history
Collaboration
Threaded comments on each deliverable; @mentions notify teammates
Internal notes visible only within your org; counterparties can’t see them
Good style: one issue per comment; checklists for multi-point feedback
Retention
Deliverables retained per contract retention policy
Purge schedules documented under Admin → Compliance
Anti-patterns
Accepting in chat only — always click Accept for auditability
QA checklist
Oversized or wrong-MIME uploads rejected with
400Version history preserved; internal notes hidden from counterparty
Runbook: “Large backlog of uploads”
Increase worker concurrency; stagger retries; add UI banner with ETA