🏢 Company Settings

Organization-wide configuration — company info, org chart, users & roles, integrations, theming, billing, API tokens, PII rules, and AI configuration.

🌟 Overview#

Company Settings is the administrative home of your Sniffer organization. While project-level settings let you customize a single project, Company Settings define everything that applies across every project — company info, the org hierarchy, users, role-based auth, billing, integration credentials, brand themes, and AI/LLM configuration.

The page is a left-sidebar layout: every section is a sidebar entry that loads its panel on the right.

Base route: /company-settings/*

Section	Icon	Doc Link
Company Information	🏢	This page (below)
Users	👤	This page (below)
Role Based Auth	🔐	This page (below)
Integration	🔗	🔗 Integrations
Appearance	🎨	🎨 Appearance
PII Management	🛡️	This page (below)
API Info / Tokens	🔑	🔑 API Tokens
Billing	💳	💳 Billing & Plans
SecretManager	🔒	This page (below)
Super Admin	🛡️	This page (below — visible to platform admins only)

🏢 Company Information#

The first section users land on. Edit core company details.

Field	Description
Company Name	Display name
Logo	Upload square + horizontal logo variants
Phone Number	International phone input with country dial code
Domain	Custom domain (for self-hosted) with status
Language	Default language for the org
Date Format	dd/mm/yyyy / mm/dd/yyyy / ISO
Timezone	Default timezone
Records per Page	Default pagination size
Billing Email	Where invoices are sent
API Tokens	Generate / rotate / revoke org-level tokens (see 🔑 API Tokens )
Billing Details	Plan, seats, usage — links to 💳 Billing
Danger Zone	Delete company (requires re-authentication and a typed confirmation)

🔐 Role Based Auth#

Configure custom roles and the permission matrix.

Components#

Sub-section	Description
Roles	Create / edit / clone custom roles
Screens	Configure which roles can access which screens
Screen Mapping	Map roles to screens with VIEW / CREATE / EDIT / DELETE actions
Bulk import	CSV import of role definitions

Built-in Roles#

COMPANY_ADMIN, PROJECT_ADMIN, MEMBER, VIEWER, CLIENT are non-deletable.

Custom Role#

Click + New Role → fill in name + description.
Map the role to each screen/module with the permitted actions.
Save — the role appears in user-invite dropdowns.

🛡️ PII Management#

Define how personally identifiable information is detected and masked across the org.

Section	Description
PII Tags	Tag system fields (email, phone, ssn, dob, card, etc.)
Custom rules	Regex / field-name rules to flag custom PII
Masking policy	Replace / hash / blur / redact for each PII type
Compliance	GDPR / CCPA / HIPAA flags drive retention and access controls

When PII is detected (in 📡 Live Logs , 🤖 Sniffer AutoBug , or 🛢️ Database ), the masking policy kicks in.

📂 API Exposure Types#

Categorize API endpoints by exposure level:

Category	Description
Public	Open to all (e.g., marketing site API)
Internal	Authenticated users only
Restricted	Privileged / admin-only

Used to:

Surface high-risk APIs in 🛢️ Schema views
Drive different rate-limit defaults
Tag PII-related compliance flows

🔑 API Info#

Generate and manage API tokens for the org.

Field	Description
Token Name	Friendly label
Scopes	Read / Write / Admin
Expiry	Custom or never
Created By	User who generated
Last Used	Last request timestamp
Actions	Rotate · Revoke

Plus a documentation sub-page with code samples (curl, Node, Python, Go), endpoint reference, and SDK download links — useful for 🤖 MCP Integration .

🔒 SecretManager#

Centralized storage for encrypted credentials used across integrations and database connections.

Field	Description
Secret Name	Reference name (e.g., `prod_postgres`)
Type	DB credential / API key / OAuth token
Scope	Which projects/teams can reference it
Created By	User
Last Used	Timestamp
Actions	Rotate · View masked · Delete

Values are written using envelope encryption (KMS). The plaintext is never exposed in the UI after creation.

🏷️ Metadata#

Define custom metadata fields that can be attached to projects, bugs, or applications.

Field	Type	Description
Key	Text	Field name
Type	Selector	Text, Number, Date, Dropdown, Boolean
Required	Toggle	Force value on creation
Apply To	Multi-select	Project / Bug / Feedback / Application
Default	Conditional	Default value if any

Used for custom fields the standard schema doesn’t cover.

🧠 AI Config#

Beyond the basic key in Company Information, AI Config lets you:

Choose per-feature providers (e.g., Claude for bug analysis, GPT-4 for code review)
Set rate limits per user / per project
Enable / disable specific AI tools
Configure temperature, max tokens, system prompts for each agent
Toggle the company-wide kill switch for AI

🛡️ Super Admin (platform admins only)#

A privileged section visible only to Sniffer platform administrators (typically internal). Lets you manage multiple companies, pricing plans, coupons, assessment models, and emergency controls.

Sub-section	Description
Companies	List all companies on the platform
Roles	Manage platform-wide built-in roles
Pricing Plans	Create / reorder plans
Plan Categories	Group plans by category
Pay-As-You-Go	Configure metered pricing
Coupons	Create discount codes
Assessment Models	Onboarding assessment configuration
Plan Rearrange	Reorder plans on the pricing page

🔐 Permissions#

Most Company Settings sections require COMPANY_ADMIN. Specific permission requirements:

Section	Required Permission
Company Information	`COMPANY.EDIT`
Users	`USERS.INVITE`
Role Based Auth	`ROLES.EDIT`
Integration	`INTEGRATIONS.CONFIGURE`
Billing	`BILLING.MANAGE`
SecretManager	`SECRETS.EDIT`
API Info	`API_TOKEN.MANAGE`
Super Admin	`PLATFORM_ADMIN`

Topic	Description
⚙️ Project Settings →	Per-project overrides
🔗 Integrations →	Company-level integration credentials
🎨 Appearance →	Themes and branding
💳 Billing & Plans →	Plan and invoice management
🔑 API Tokens →	Generate and use API tokens
🤖 MCP Integration →	API tokens generated here power MCP