public active Last verified 2026-04-28

Topolo Bytes

Public overview of the media-management and sharing surface built around Cloudflare edge storage and media tooling.

Owners
media-platform
Source Repos
PlatformApplications/TopoloBytes, PlatformApplications/TopoloDocs
Systems
Topolo Auth, Bytes
Tags
media, assets, sharing

What It Is

Topolo Bytes is the media and asset-management surface in the Topolo portfolio. It manages uploads, organization, sharing, and guest-friendly access flows over Cloudflare-backed storage.

Architecture

Bytes combines a browser interface with a worker/API surface and Cloudflare storage primitives such as R2 and KV. It also exposes guest-sharing and media-processing workflows.

Runtime Surfaces

Use /systems/topolo-bytes for the current deployment inventory and service metadata.

API Reference

The contract is currently curated in the docs platform rather than OpenAPI-backed. The active surface centers on asset listing, upload, organization, sharing, and media-processing workflows.

Auth and Permissions

Authenticated operator flows rely on Topolo Auth. Guest collection views are a distinct sharing surface and should be treated separately from operator access. The operator browser session path now uses the shared Topolo cookie-refresh auth client. Browser SSO callbacks delegate Auth /sso/exchange handling to the shared Auth client, so callback URLs carry one-time sso_code values rather than bearer tokens. Callback completion stays inside the SPA so the memory-only access token can hydrate the protected media workspace. Bytes does not expose a legacy /sso?token= browser handoff route. The operator API now requires Topolo Auth validation for bearer tokens and does not retain a Bytes-local JWT secret or development auth bypass path. Platform-wide Bytes operator access is reserved for Auth users whose role is super_admin in the admin organization.

Data Ownership

Bytes owns asset metadata, folder organization, sharing links, and media-processing state while depending on Cloudflare storage bindings for object persistence.

Deployments

Bytes deploys as a Cloudflare worker plus browser app pair with storage and sharing bindings.

Failure Modes

  • guest-sharing behavior drifts from operator permission rules
  • storage bindings or sharing namespaces are misconfigured
  • auth assumptions leak into guest-only access paths

Debugging

Start with /systems/topolo-bytes, then verify whether the issue belongs to storage, guest sharing, auth, or media-processing flows.

Change Log / Verification

  • Restricted Bytes platform-wide operator recognition to Auth super_admin users in the admin organization on 2026-04-23.
  • Deferred closed Bytes lazy panels and modals on 2026-04-21 so the signed-in media browser reaches a usable workspace without mounting hidden panel loaders during startup.
  • Corrected the Bytes post-callback SPA navigation on 2026-04-20 so successful handoff reaches the media workspace without losing the memory-only Auth token.
  • Removed the remaining Bytes worker-local JWT secret handoff and unused development auth bypass on 2026-04-18
  • Promoted Bytes browser SSO callbacks to Auth /sso/exchange on 2026-04-17 so callback URLs require a one-time sso_code instead of bearer tokens
  • Delegated Bytes browser callback exchange to the shared Auth client on 2026-04-18 and removed the legacy /sso?token= browser route
  • Standardized Topolo Bytes browser auth on the shared Topolo auth client on 2026-03-31
  • Standardized the public product label to Bytes, aligned the frontend launcher/catalog source with Auth-managed metadata, and removed stale CloudControl placeholder frontend targets on 2026-04-04
  • Added canonical Topolo Bytes coverage and retired repo-local media-manager docs on 2026-03-30