{ "generated_at": "2026-04-28T23:58:28.629Z", "system": { "id": "topolo-pay", "name": "Topolo Pay", "slug": "topolo-pay", "kind": "application", "summary": "Payment worker handling orders, webhooks, admin APIs, and static-asset-backed application behavior.", "aliases": [], "lifecycle": "active", "last_verified": "2026-04-29", "owners": [ "commerce" ], "repo_paths": [ "PlatformApplications/TopoloPay" ], "service_ids": [ "srv_DJInUxp0dLLi" ], "visibility": "public", "api_contract": { "type": "curated", "source": "PlatformApplications/TopoloDocs/src/content/public/applications/pay.mdx", "notes": "Canonical public and internal docs cover the payment worker, local webhook boundary, Nexus-routed outbound payment operations, the authenticated `GET /api/widget` live-workspace endpoint for TopoloOne, code-exchange-only admin SSO with in-memory access-token handling, and the worker-owned `/login` redirect that must run before the SPA fallback. TopoloPay is also the only Stripe-mutating service for TopoloP2P settlement batches; P2P submits typed settlement requests to Pay and receives Pay status callbacks." }, "primary_hosts": [ "https://pay.topolo.app", "https://topolo-pay.topolo.workers.dev", "https://topolo-pay-staging.topolo-staging.workers.dev" ], "doc_paths": [ "applications/pay", "internal/apps/pay" ], "security_assurance": { "risk_tier": "critical", "auth_boundary": "Topolo Auth service access with Pay-owned financial workflow authorization. Pay admin handlers must run behind shared Auth middleware context; missing admin auth context fails closed instead of minting a local mock finance/admin user, and protected bearer-token authorization must validate with Auth instead of locally decoding JWT claims from a Worker secret.", "tenant_isolation": "organization_scoped", "external_inputs": [ "browser", "api", "callback", "webhook" ], "sensitive_data": [ "identity", "org_data", "payment", "telemetry" ], "last_security_review": "2026-04-20", "security_review_status": "in_progress", "pentest_status": "not_started", "evidence_doc": "internal/apps/pay" }, "dependencies": [ "topolo-auth", "topolo-nexus", "topolo-p2p", "applications-packages" ], "public_hub_url": "/systems/topolo-pay", "internal_hub_url": null, "application_api_url": "/reference/apps/topolo-pay", "generated_openapi_url": null, "machine_urls": { "system": "/machine/systems/topolo-pay.json", "application": "/machine/applications/topolo-pay.json" } }, "docs": { "public": [ { "id": "applications/commerce.mdx", "title": "TopoloCommerce", "summary": "Public overview of the multi-vertical commerce platform for venue operations, guest runtimes, and staff execution.", "audience": "public", "tags": [ "commerce", "venues", "kiosk" ], "url": "/applications/commerce.mdx", "last_verified": "2026-04-28" }, { "id": "applications/pay.mdx", "title": "Topolo Pay", "summary": "Public overview of the payment worker that handles orders, refunds, and payment operations.", "audience": "public", "tags": [ "payments", "orders", "worker" ], "url": "/applications/pay.mdx", "last_verified": "2026-04-29" } ], "internal": [], "runbooks": [] }, "authority": { "owners": [ "commerce" ], "repo_paths": [ "PlatformApplications/TopoloPay" ], "service_ids": [ "srv_DJInUxp0dLLi" ], "dependencies": [ "topolo-auth", "topolo-nexus", "topolo-p2p", "applications-packages" ], "aliases": [] }, "interfaces": { "contract_type": "curated", "contract_source": "PlatformApplications/TopoloDocs/src/content/public/applications/pay.mdx", "contract_source_exists": true, "openapi": null, "readme": { "path": "PlatformApplications/TopoloPay/README.md", "intro": [ "Canonical documentation for Topolo Pay lives in `PlatformApplications/TopoloDocs`.", "Use this directory for implementation only. Payment boundaries, deployment guidance, auth, and external-service integration rules are canonical in the docs application and should not be duplicated here." ], "headings": [ "Topolo Pay" ], "routeHighlights": [], "commandHighlights": [] } }, "auth": { "depends_on_topolo_auth": true, "api_key_scopes": [ { "id": "aks_pay_analytics_read", "name": "analytics.read", "description": "View payment analytics", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_audit_read", "name": "audit.read", "description": "View payment audit logs", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_customers_read", "name": "customers.read", "description": "View customer payment profiles", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_customers_write", "name": "customers.write", "description": "Manage customer payment methods", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_dashboard_read", "name": "dashboard.read", "description": "View TopoloPay dashboards and operational summaries", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_invoices_read", "name": "invoices.read", "description": "View invoices and billing", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_invoices_write", "name": "invoices.write", "description": "Create and manage invoices", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_payments_create", "name": "payments.create", "description": "Create payment or checkout sessions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_payments_read", "name": "payments.read", "description": "Read payment and charge state", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_reports_read", "name": "reports.read", "description": "View payment reports and analytics", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_settings_read", "name": "settings.read", "description": "View payment gateway settings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_settings_write", "name": "settings.write", "description": "Configure payment processing", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_settlements_write", "name": "settlements.write", "description": "Accept TopoloP2P settlement batches", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_transactions_read", "name": "transactions.read", "description": "View payment transactions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_transactions_refund", "name": "transactions.refund", "description": "Refund transactions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_transactions_write", "name": "transactions.write", "description": "Process payments and refunds", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_venues_read", "name": "venues.read", "description": "View venue configuration", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_pay_venues_write", "name": "venues.write", "description": "Manage venue configuration", "resourcePattern": null, "kind": "api_key_scope" } ], "service_permissions": [ { "id": "perm_pay_analytics_read", "name": "analytics:read", "description": "View payment analytics", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_audit_read", "name": "audit:read", "description": "View payment audit logs", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_customers_read", "name": "customers:read", "description": "View customer payment profiles", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_customers_write", "name": "customers:write", "description": "Manage customer payment methods", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_dashboard_read", "name": "dashboard:read", "description": "View TopoloPay dashboards and operational summaries", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_invoices_read", "name": "invoices:read", "description": "View invoices and billing", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_invoices_write", "name": "invoices:write", "description": "Create and manage invoices", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_payments_create", "name": "payments:create", "description": "Create payment or checkout sessions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_payments_read", "name": "payments:read", "description": "Read payment and charge state", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_reports_read", "name": "reports:read", "description": "View payment reports and analytics", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_settings_read", "name": "settings:read", "description": "View payment gateway settings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_settings_write", "name": "settings:write", "description": "Configure payment processing", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_settlements_write", "name": "settlements:write", "description": "Accept TopoloP2P settlement batches", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_transactions_read", "name": "transactions:read", "description": "View payment transactions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_transactions_refund", "name": "transactions:refund", "description": "Refund transactions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_transactions_write", "name": "transactions:write", "description": "Process payments and refunds", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_venues_read", "name": "venues:read", "description": "View venue configuration", "resourcePattern": null, "kind": "permission" }, { "id": "perm_pay_venues_write", "name": "venues:write", "description": "Manage venue configuration", "resourcePattern": null, "kind": "permission" } ] }, "runtime": { "primary_hosts": [ "https://pay.topolo.app", "https://topolo-pay.topolo.workers.dev", "https://topolo-pay-staging.topolo-staging.workers.dev" ], "repo_entries": [ "PlatformApplications/TopoloPay/README.md", "PlatformApplications/TopoloPay/admin/", "PlatformApplications/TopoloPay/dist-admin/", "PlatformApplications/TopoloPay/migration.config.ts", "PlatformApplications/TopoloPay/package-lock.json", "PlatformApplications/TopoloPay/package.json", "PlatformApplications/TopoloPay/public/", "PlatformApplications/TopoloPay/schema.sql", "PlatformApplications/TopoloPay/src/", "PlatformApplications/TopoloPay/test/", "PlatformApplications/TopoloPay/topolo.cloudcontrol.json", "PlatformApplications/TopoloPay/tsconfig.json", "PlatformApplications/TopoloPay/vitest.config.mts", "PlatformApplications/TopoloPay/worker-configuration.d.ts", "PlatformApplications/TopoloPay/wrangler.jsonc" ], "wrangler_surfaces": [], "packages": [ { "path": "PlatformApplications/TopoloPay/admin/package.json", "name": "@topolo/pay-admin", "scripts": [ "dev", "build", "lint", "typecheck", "preview" ], "scriptCommands": [ { "name": "dev", "command": "vite" }, { "name": "build", "command": "tsc -b && vite build" }, { "name": "lint", "command": "eslint src --ext .ts,.tsx" }, { "name": "typecheck", "command": "tsc --noEmit" }, { "name": "preview", "command": "vite preview" } ] }, { "path": "PlatformApplications/TopoloPay/package.json", "name": "topolo-pay", "scripts": [ "deploy", "deploy:staging", "build", "deploy:dry-run", "deploy:dry-run:staging", "dev", "dev:admin", "build:admin", "build:admin:staging", "start", "test", "cf-typegen" ], "scriptCommands": [ { "name": "deploy", "command": "npm run build:admin && wrangler deploy" }, { "name": "deploy:staging", "command": "npm run build:admin:staging && env -u CLOUDFLARE_API_TOKEN CLOUDFLARE_ACCOUNT_ID=4f4e1c69a3830946f9fea7b1eb7531ac wrangler deploy --env staging" }, { "name": "build", "command": "npm run build:admin" }, { "name": "deploy:dry-run", "command": "npm run build:admin && wrangler deploy --dry-run --outdir .wrangler/build" }, { "name": "deploy:dry-run:staging", "command": "npm run build:admin:staging && env -u CLOUDFLARE_API_TOKEN CLOUDFLARE_ACCOUNT_ID=4f4e1c69a3830946f9fea7b1eb7531ac wrangler deploy --env staging --dry-run --outdir .wrangler/build-staging" }, { "name": "dev", "command": "wrangler dev" }, { "name": "dev:admin", "command": "cd admin && npm run dev" }, { "name": "build:admin", "command": "cd admin && npm install && env VITE_AUTH_URL=https://auth.topolo.app VITE_PAY_APP_URL=https://pay.topolo.app npm run build" }, { "name": "build:admin:staging", "command": "cd admin && npm install && env VITE_AUTH_URL=https://auth.stg.topolo.us VITE_PAY_APP_URL=https://topolo-pay-staging.topolo-staging.workers.dev npm run build" }, { "name": "start", "command": "wrangler dev" }, { "name": "test", "command": "vitest" }, { "name": "cf-typegen", "command": "wrangler types" } ] } ] }, "data": { "env_vars": [], "bindings": [], "queue_bindings": [], "storage_kinds": [], "workflow_signals": [] }, "deployment": { "commands": [ { "name": "build", "command": "PlatformApplications/TopoloPay/admin/package.json :: tsc -b && vite build" }, { "name": "preview", "command": "PlatformApplications/TopoloPay/admin/package.json :: vite preview" }, { "name": "deploy", "command": "PlatformApplications/TopoloPay/package.json :: npm run build:admin && wrangler deploy" }, { "name": "deploy:staging", "command": "PlatformApplications/TopoloPay/package.json :: npm run build:admin:staging && env -u CLOUDFLARE_API_TOKEN CLOUDFLARE_ACCOUNT_ID=4f4e1c69a3830946f9fea7b1eb7531ac wrangler deploy --env staging" }, { "name": "build", "command": "PlatformApplications/TopoloPay/package.json :: npm run build:admin" }, { "name": "deploy:dry-run", "command": "PlatformApplications/TopoloPay/package.json :: npm run build:admin && wrangler deploy --dry-run --outdir .wrangler/build" }, { "name": "deploy:dry-run:staging", "command": "PlatformApplications/TopoloPay/package.json :: npm run build:admin:staging && env -u CLOUDFLARE_API_TOKEN CLOUDFLARE_ACCOUNT_ID=4f4e1c69a3830946f9fea7b1eb7531ac wrangler deploy --env staging --dry-run --outdir .wrangler/build-staging" }, { "name": "build:admin", "command": "PlatformApplications/TopoloPay/package.json :: cd admin && npm install && env VITE_AUTH_URL=https://auth.topolo.app VITE_PAY_APP_URL=https://pay.topolo.app npm run build" }, { "name": "build:admin:staging", "command": "PlatformApplications/TopoloPay/package.json :: cd admin && npm install && env VITE_AUTH_URL=https://auth.stg.topolo.us VITE_PAY_APP_URL=https://topolo-pay-staging.topolo-staging.workers.dev npm run build" } ], "routes": [], "environments": [], "assets_directories": [], "observability_enabled": false }, "debugging": { "failure_modes": [ "No wrangler.toml surface was discovered under the registered repo paths." ], "entrypoints": [ "PlatformApplications/TopoloDocs/src/content/public/applications/pay.mdx", "PlatformApplications/TopoloPay/README.md", "PlatformApplications/TopoloPay/admin/package.json", "PlatformApplications/TopoloPay/package.json" ] } }