Multi-backend storage. Document workflow.
Four storage tiers from 10 GB to custom. Dual-write replication across four backends, file versioning, shareable links, three workflow document surfaces, compliance tracking, full audit trail, and a template library.
,0,
routes across storage, workflow, and compliance
,0,
storage backends with dual-write replication
,0,
Calisto products write files through Box
,0,
quota tiers from 10 GB to custom
Folders. Versions. Search. One file browser.
BoxBrowserClient renders your entire file library with list and grid views, live search, drag-drop upload with quota preflight, and per-file version history.
Folder Browser
BoxBrowserClient renders files and folders in list or grid view. Sort by name, size, date, or category. Filter by sourceApp, scope, and folder.
Multi-File Upload
BoxUploadClient with drag-drop zone. Progress bars per file. Preflight quota check via /api/box/quota/preflight before bytes move.
Global Search
BoxSearchClient with live results across files and folders. Searchable by filename, category, and metadata.
Version History
Every file tracks versions via /api/box/files/[id]/versions. View, download, or restore any previous version.
10 GB to custom. Four tiers. Preflight enforcement.
Every upload runs through checkBoxQuota() before bytes move. Four tiers from Free (10 GB) to Enterprise (custom limits). Addon packs for accounts that need more without changing tier.
Free
Starter
Pro
Enterprise
Contracts. Waivers. Customs. Three dedicated surfaces.
Each document type has its own route, category filters, and lifecycle tracking.
Contracts. Waivers. Customs. Three dedicated surfaces.
Contracts, waivers, and customs documents each have their own route, category filters, and lifecycle tracking.
Contracts
/box/contractsDedicated contracts browser. Filtered view of contract-category files with metadata and version tracking.
Waivers
/box/waiversAll waivers with signed-coverage tracking. Create from templates at /box/waivers/new. Individual detail and signature view at /box/waivers/[id].
Customs Documents
/box/customsCustoms and special documents browser. Separate route for import/export paperwork that needs distinct categorization.
Documents. Signatures. Proposals. Clone and reuse.
Three template categories with dedicated routes. Clone any template via API. Sign and Proposals templates feed into their respective products.
All Templates
/box/templatesMaster template library. Browse, clone, and create new templates. Entity count tracked as totalTemplates in the dashboard.
Sign Templates
/box/templates/signSignature document templates. Pre-built layouts for documents that require e-signature. Used by the Sign product for envelope creation.
Proposal Templates
/box/templates/proposalsProposal and estimate templates. Pre-configured layouts for client-facing quotes and project scopes.
Audit every operation. Track every expiration.
Compliance tracking for certifications and licenses. Full audit trail on every file operation.
Certifications. Licenses. Expiration tracking.
Track certifications and licenses with expiry dates. Dashboard tiles surface expiring documents before they lapse.
Certifications
Track active certifications with issue and expiry dates. Sidebar badge shows expiringSoon count from entity-counts API.
Licenses
License tracking with renewal alerts. Separate sidebar item under Compliance section in navigation config.
Expiration Tracker
Dashboard tile for documents expiring soon. AlertTriangle icon in row 0 of the product dashboard. Surfaced in entity counts as expiringSoon.
Attestations
CRUD at /api/box/attestation. Create, view, and delete attestation records tied to compliance documents.
Every file operation. Logged. Queryable.
recordBoxAudit() from box-server writes a structured entry for every upload, download, delete, share, and restore. The /box/audit route exposes the full log with filters by action, file, actor, and time range.
File Operation Occurs
Upload, download, delete, share, restore, version create, metadata update. Any write or access event on a box_files row.
recordBoxAudit() Called
box-server writes a structured audit entry with action type, fileId, actor, timestamp, and request context.
Audit Log Persisted
Entry stored in the audit table. Queryable by action, fileId, time range, and actor via GET /api/box/audit.
Dashboard Surfaced
The /box/audit route renders the full log. Filter, search, and paginate across all file operations for the account.
Flag. Review. Resolve. External webhook.
Content moderation queue at /box/moderation. Flag files for review, approve or reject, and integrate external scanning via webhook.
Flag Content
POST /api/box/moderation to flag a file for review. Any team member or automated rule can submit a flag with context.
Review Queue
GET /api/box/moderation lists all flagged items. The /box/moderation route renders the queue with file preview and flag details.
Resolve Actions
PUT /api/box/moderation/[id] to approve or reject. DELETE to remove from queue entirely. Resolution recorded with actor and timestamp.
External Webhook
POST /api/box/moderation/webhook receives callbacks from external moderation services. Integrates third-party content scanning into the queue.
,0,
entity counts tracked in the dashboard
,0,
sidebar sections with nested sub-items
,0,
quick actions: Upload Files, New Folder
,0,
dashboard tiles in row 0 key metrics
Dual-write replication. Six product consumers. One storage backbone.
Reconciler daemon re-uploads every file to an encrypted secondary backend. Six Calisto products route all storage through Box.
Dual-write replication. Database event notifications. Gap closure.
The box-reconciler package runs a daemon that watches for new file uploads via database event notifications. It re-uploads each file to a secondary encrypted backend. sweepOutOfSync() catches any rows with a missing arm and backfills them.
Primary Write Completes
uploadToBox() writes bytes to the primary storage backend. Sets primary_written_at on the box_files row.
Database Event Fires
The box_files insert triggers a database event notification. The reconciler daemon receives it via the same event channel.
handleNewFile() Executes
Tier-aware handler checks if the account qualifies for dual-write. getSecondaryAdapter() selects the encrypted storage adapter or secondary encrypted adapter based on tier.
Secondary Write
Bytes re-uploaded from the primary arm to the secondary backend. On success, secondary_written_at is set on the row.
sweepOutOfSync() Catches Gaps
Periodic sweep finds rows where primary_written_at or secondary_written_at is null. backfillOne() re-uploads the missing arm to close the gap.
Six products write to Box. One storage layer.
Studio, Tasks, Mail, Forms, Sign, and Proposals all store files through Box. Each write carries a sourceApp tag for per-app storage routing.
Studio
Media asset storage. Studio files land in Box with sourceApp set to "studio". resolveStorageBackend() routes them to the correct adapter.
Tasks
Task photo attachments stored in Box. File IDs linked to task records. BoxPicker modal used to attach existing files.
Email attachments saved to Box. Incoming and outgoing attachment bytes flow through uploadToBox() with sourceApp "mail".
Forms
File upload fields target Box folders via boxFolderId. Submissions store attachmentFileIds referencing box_files rows.
Sign
Signed documents stored in Box. Sign templates at /box/templates/sign. Completed envelopes written back as versioned box_files.
Proposals
Proposal attachments managed through Box. Proposal templates at /box/templates/proposals. Client-facing documents served via presigned URLs.
High-Performance Ops. Zero Monthly Overhead.
Get all 15 Core modules at no monthly cost. You only pay 2% of processed revenue.
Box
File storage across four backends with quota-enforced tiers.
Part of Work Suite
Wallet-debit
Add to Pro Shop