public active Last verified 2026-04-28

TopoloOne

Public overview of the TopoloOne dashboard, worker-backed growth surfaces, and the public developer-acquisition funnel.

Owners
platform-experience
Source Repos
PlatformApplications/TopoloOne
Systems
Topolo Auth, Topolo Nexus, TopoloOne
Tags
dashboard, operators, api-keys

What It Is

TopoloOne is the unified operational dashboard for managing services, API keys, application access, and platform-level workflows across Topolo applications, plus the public growth surface for pricing, demos, waitlists, launch content, and developer-program acquisition.

Architecture

TopoloOne is split between the dashboard web application and the routing worker that serves the production hostname and worker-backed APIs. The authenticated dashboard now acts as the complete application hub for the organization. It uses the same Auth-owned store catalog as the embedded app switcher, but separates quick access from discovery: dashboard home keeps installed apps, favorites, widgets, and launch workflows close to hand, while one.topolo.app/store owns categories, collections, search, app detail, install/open state, and admin install audiences. The public topolo.io/app-store route and the embedded launcher both consume the same canonical store contract. Embedded launcher discovery cards use whole-card primary actions: installable apps open their audience chooser directly, while other discovery cards hand off into the authenticated TopoloOne store detail route instead of rendering a redundant nested open button. Discovery cards also keep square app-icon tiles across density changes and suppress the generic Available pill unless there is a meaningful pricing or state label to show. Launcher density preferences are Auth-owned alongside favorites and hidden apps, so compact, comfortable, and large tile modes follow the signed-in user across first-party applications instead of being local to one app. Auth service surface metadata is the boundary for this hub: only launchable application surfaces appear as apps, while APIs, runtimes, internal services, and organization-internal developer distributions stay out of the launcher and store discovery views. Live workspace still follows a platform rule that every launchable application in the active catalog must have a visible TopoloOne dashboard presence. Apps with a native /api/widget endpoint can expose richer live data, and TopoloOne backfills a fallback overview card for the rest so the workspace selector is not limited to the small native-widget subset.

The marketing and signup payment surfaces in the repo now route outbound Stripe checkout and subscription retrieval through Topolo Nexus while keeping Stripe webhook signature verification and subscription-state persistence local to the worker boundary. The public pricing story uses a moving early-customer seat price with packages layered on top: the current public base rate is $8.56 per seat per month, the free workspace exposes free apps through a $1/year verification subscription, paid bundles add 3, 5, 10, or every paid Topolo app while keeping free apps included, third-party app installs and customer-built apps stay unlimited through the Topolo app store, earlier customers already locked lower rates, the next paid seat price rises after each paid signup, and high-usage services stay separate from the subscription. Public pricing also sets the honest comparison against mature specialist SaaS: Topolo does not claim every app is feature-for-feature equivalent today, and instead positions each app around the 80% of key functionality most teams need while every signup funds more tokens, app coverage, and product expansion. Locked paid rates remain fixed while the subscription is active, except for external cost changes such as taxes, payment processing, infrastructure, AI, messaging, storage, or other provider costs. The marketing project also serves as the acquisition layer for changelog/content publishing, the curated /apps portfolio, developer-program overview content, and future SEO campaign or child-site surfaces, as long as those routes stay aligned to the canonical host and deployment contract. Public developer CTAs now continue into the separate TopoloDevelopers application at developers.topolo.app/signup, and the public /developers/apply plus /developers/submit-app pages now act as SEO-preserving handoff pages instead of primary system-of-record forms.

Runtime Surfaces

TopoloOne currently ships two public runtime surfaces: the dashboard at https://one.topolo.app and the primary marketing/growth site at https://topolo.io. https://one.topolo.io remains a secondary compatibility alias during launch. The authenticated developer portal at https://developers.topolo.app is a separate application.

API Reference

Use the per-app API page at /reference/apps/topolo-one for the current client contract and Auth-backed request paths.

Auth and Permissions

TopoloOne does not own service scope definitions or bindable resource catalogs. It reads both from Topolo Auth and submits key-management changes back to Auth. Its dashboard browser session flow now uses the shared Topolo cookie-refresh auth client and the canonical svc_oneclick_dash service identifier. Dashboard SSO callbacks delegate Auth /sso/exchange handling to the shared Auth client, so callback URLs carry one-time sso_code values rather than bearer tokens. The dashboard browser auth adapter does not expose a legacy /sso?token= handoff helper. Platform-wide API-key controls remain limited to Auth platform_super_admin and platform_admin users in the admin organization, while org-scoped super admins stay elevated only for organization-scoped dashboard management.

Anonymous checkout and webhook-side payment flows use Nexus trusted service credentials rather than app-local Stripe API keys. These calls are attributed to the Auth organization with slug topolo, and the default gateway base URL is https://topolo-nexus-gateway.topolo.workers.dev. Paid TopoloOne checkout carries the selected package ID, package name, app allowance, locked base seat price, locked package seat price, and locked-rate caveat in Stripe metadata. The paid package IDs are three, five, ten, and everything; they define paid Topolo app access, while third-party app installs and customer-built apps remain open-ended through the Topolo app store. Legacy core, growth, and business IDs normalize into the new bundle model. The free workspace path uses a Stripe subscription checkout for a $1/year workspace verification, and completed free-workspace verification subscriptions are stored separately from paid subscription records so they do not move the paid-price curve. Restricted admin views for subscriptions and demo bookings now use server-issued session cookies instead of any client-visible password gate. Public developer CTAs hand users into developers.topolo.app/signup, where the shared Topolo browser auth client and Auth-owned developer-platform routes take over instead of a separate local account store.

Data Ownership

The dashboard owns its delivery and UI state, but the canonical API key scope and bindable-resource catalogs remain in Auth. Nexus owns the standardized outbound payment provider invocation used by the marketing site. Application catalog, service surface classification, pricing/discovery metadata, canonical store catalog/search/detail responses, launcher preferences, and user-level app assignment remain Auth-owned. TopoloOne presents and mutates those records through Auth APIs instead of storing a separate app marketplace state.

Deployments

TopoloOne deploys as a dashboard web surface plus a worker-backed delivery/routing layer. The public marketing Worker also owns the curated app-portfolio routes, developer-program routes, waitlist, demo-booking, checkout, and acquisition-content delivery for https://topolo.io, with https://one.topolo.io kept as a secondary launch alias. The device-network marketing surface is not part of the launch apex messaging. The authenticated developer continuation lives in the separate TopoloDevelopers application on https://developers.topolo.app.

Failure Modes

  • stale or incorrect hostname/bundle serving the dashboard
  • UI pointing at the wrong Auth route
  • selected service IDs not matching the Auth registry
  • missing Nexus service credentials or fixed org attribution on marketing checkout or payment routes
  • webhook verification and outbound payment API calls being treated as the same integration boundary
  • canonical host drift between .app and older .io URLs
  • broken marketing admin sessions due to missing worker-side admin secrets

Debugging

Start with /systems/topolo-one for the generated handbook and /reference/apps/topolo-one for the contract surface.

For payment issues, distinguish local webhook-signature failures from outbound Nexus payment failures before checking Stripe. For public-site regressions, validate the canonical https://topolo.io URL, sitemap output, and worker /health route before assuming a content or design issue.

Change Log / Verification

  • Corrected embedded launcher tile sizing on 2026-04-26 so compact, comfortable, and large density modes now scale card spacing, typography, and action chrome together, while the selected density continues to persist through Auth-owned launcher preferences across first-party apps.
  • Preserved square discovery-card app icons and removed the redundant default Available state pill on 2026-04-26, so visible cards now only show a badge when pricing or a non-default state needs to be communicated.
  • Restored embedded launcher discovery-tile primary actions on 2026-04-26 so clicking the whole card now performs the canonical next step again, installable cards open their audience chooser directly, and non-installable discovery cards hand off to one.topolo.app/store instead of showing a redundant Open Apps footer button.
  • Consolidated the public topolo.io/app-store, authenticated one.topolo.app/store, and embedded launcher on 2026-04-25 so TopoloOne now presents one Auth-backed store contract instead of separate public, dashboard, and launcher discovery implementations.
  • Updated free workspace checkout on 2026-04-23 to use a $1/year verification subscription stored separately from paid subscriptions, while paid bundles continue to carry package metadata through Stripe/Nexus with locked-rate caveats visible on public pricing and checkout surfaces, third-party apps remain unlimited through the app store, and the pricing page now includes the honest 80%-and-growing comparison against traditional SaaS stacks
  • Set the current public early-customer seat price to $8.56 per month on 2026-04-23 while preserving earlier lower locked rates, the existing curve, cap, annual multiplier, and high-usage service separation
  • Promoted TopoloOne launch acquisition to topolo.io on 2026-04-23, keeping one.topolo.io as a secondary alias and excluding device-network marketing from the launch apex contract
  • Verified TopoloOne dashboard browser SSO on 2026-04-18 so launch and callback documentation matches the one-time sso_code handoff contract
  • Delegated TopoloOne dashboard callback exchange to the shared Auth client on 2026-04-18 and removed the remaining local token-bridge helper from the browser auth adapter
  • Enforced the TopoloOne live-workspace platform rule on 2026-04-25 so every launchable application in the active catalog now appears through either a native /api/widget endpoint or a TopoloOne fallback overview card, and the compact dashboard layout keeps the application hub visible higher in the viewport.
  • Corrected TopoloOne dashboard role normalization on 2026-04-24 so non-admin-tenant super admins keep owner-scoped dashboard access without receiving platform-wide selectors.
  • Upgraded the authenticated TopoloOne dashboard on 2026-04-16 into the full organization app hub, adding Auth-backed favorites, density, source grouping, available-app discovery, and admin install audiences for everyone, the current admin, or selected organization users
  • Restored the moving early-customer per-seat pricing model on 2026-04-10 so the public TopoloOne pricing surface again rewards early customers with a permanently lower locked rate while keeping high-usage services separate from base subscription seats
  • Converted the public /developers/apply and /developers/submit-app pages into signed-console handoff pages on 2026-04-13 so TopoloOne keeps discovery and acquisition while the actual developer records move into developers.topolo.app
  • Repointed the public developer CTA handoff to developers.topolo.app/signup on 2026-04-10 while keeping TopoloOne focused on overview and acquisition content rather than multiple public developer forms
  • Hardened the public marketing and pricing surface on 2026-04-10 so TopoloOne now serves worker-backed checkout, waitlist/demo flows, cookie-based admin sessions, and canonical marketing metadata from the same production delivery boundary
  • Refreshed the TopoloOne marketing portfolio on 2026-04-10 so /apps now reflects the wider Topolo application set with curated product media, and /developers/* now acts as the public intake surface for developer applications and app submissions
  • Standardized the TopoloOne dashboard browser auth layer on the shared Topolo auth client on 2026-03-31
  • Verified against the current TopoloOne API key flow and Nexus-backed marketing payment routes on 2026-03-30