Skip to content

US-204: Document Upload & Antivirus Scan

1. Story Title

Secure employee document upload with antivirus scanning

2. Context / Background

Documents (contracts, IDs) must be ingested securely and scanned before availability.

3. User Persona

Primary: Priya – HR Manager Secondary: Employee (self-upload limited types)

4. Problem Statement

Manual document exchange increases security risk and lacks audit trail.

5. Desired Outcome

HR / employee uploads file → scanned asynchronously → stored encrypted with status (Pending, Clean, Infected) & clean files accessible via signed URL.

6. Business Value

Reduces security exposure; creates centralized auditable repository.

7. Scope (In / Out)

In: upload endpoint, size/type validation, scan job, status tracking, signed URL retrieval. Out: Versioning, bulk upload, OCR, preview rendering.

8. Acceptance Criteria (BDD)

Scenario: Successful clean upload
  Given a PDF under size limit
  When HR uploads document
  Then status is Pending
  And after scan completes status becomes Clean
  And signed URL can be requested

Scenario: Virus detected
  Given a malicious file
  When upload occurs
  Then status becomes Infected
  And file not accessible via signed URL
  And notification event emitted

Scenario: Unauthorized tenant access
  Given document belongs to tenant A
  When user from tenant B requests URL
  Then access is denied

Scenario: Oversized file rejected
  Given file exceeds size limit
  When upload attempted
  Then validation error returned

9. UX Notes / References

Upload component with progress; status badge list; retry for infected removal (future).

10. Data / Domain Model Impact

Document entity: id, tenantId, ownerId, type, size, status, storageKey, createdAt.

11. NFR Touchpoints

  • Security: antivirus scan isolation; signed URLs expire quickly.
  • Performance: scan turnaround p95 < 30s.
  • Observability: DocumentUploaded, DocumentScanCompleted events.

12. Dependencies

Document Service adapter; object storage; event publisher.

13. Risks & Mitigations

Risk Impact Probability Mitigation
Slow scanning backlog Delayed availability Medium Parallel scanning workers + queue metrics
False positive infection User frustration Low Option for manual override flow (later)

14. Estimation Support

  1. Upload API & validation
  2. Scan job integration
  3. Status polling
  4. Signed URL retrieval logic

15. Analytics / Success Metrics

Average scan time; infection rate; upload success vs failures.

16. Rollout / Release Strategy

Enable for HR-only; expand to employee self-upload after stability.

17. Definition of Ready Checklist

  • Size & type limits agreed
  • Scan engine chosen

18. Definition of Done Checklist

  • All scenarios covered by tests
  • Events visible
  • Storage encryption verified

19. Open Questions

  1. Retention period for infected files?
  2. Need content-type detection vs extension only?

Version: 1.0