{ "generated_at": "2026-04-28T23:58:28.658Z", "system": { "id": "topolo-auth", "name": "Topolo Auth", "slug": "topolo-auth", "kind": "service", "summary": "Central identity, personal workspace and household-membership authority, organization-scoped role catalog, service registry, service lifecycle/accessibility and surface-classification authority, API key authority, app-switcher catalog/preference authority, browser/headless Auth SDK owner, Flutter Auth SDK owner, principal metadata source for service-local identities, and billable org-seat authority across the platform.", "aliases": [], "lifecycle": "active", "last_verified": "2026-04-29", "owners": [ "identity-platform" ], "repo_paths": [ "PlatformApplications/TopoloAuth", "PlatformApplications/TopoloAuth/packages/topolo-auth-client", "PlatformApplications/TopoloAuth/packages/topolo_auth_flutter" ], "service_ids": [ "svc_auth" ], "visibility": "public", "api_contract": { "type": "curated", "source": "PlatformApplications/TopoloAuth/src/controllers/auth.js", "notes": "Curated Topolo Auth reference supplements controller-backed route behavior, including personal workspace plus household membership and selected-household ownership, verified personal recovery email ownership through `user_email_addresses`, `/api/me/recovery-email`, and `/recovery-email/verify`, explicit active-context resolution for only `personal` and `organization`, household and dependent management routes, `PUT /api/me/selected-household`, org-scoped role and bundle management, app-switcher service catalog/preference routes, service surface classification fields that distinguish launchable applications from API, runtime, and internal services, launcher `supported_contexts` metadata for workspace scopes only, launcher `household_capable` metadata for personal-profile family-aware apps, service-level `quick_links` and `command_palette.quick_links` persisted from Topolo Developers-owned app marketing metadata, included/free app-switcher install grants, first-party app onboarding completion through `organization_services.onboarding_completed_at`, per-user role walkthrough progress through `user_service_onboarding`, admin/owner-only app login while onboarding is pending, Auth billable-seat evaluation plus org billing preview and portal proxy routes, production Smart Placement for the D1-backed login and SSO hot path, first-party embedded password login restricted by browser Origin, return URL, and registered first-party service metadata, shared browser-client suppression of cookie-refresh probes on explicit first-party `/login` routes, shared first-party LoginPage password boundary-whitespace normalization, password reveal, Auth signup handoff, and failed-login submitted-length hints before credential submission, hosted Auth login/signup password reveal plus signup links that preserve return URL, service id, and response mode, public signup identity and personal-context creation that does not grant paid application entitlement except for the explicit Developers workspace grant path, Auth-hosted third-party OAuth browser consent that any signed-in Topolo identity can approve for a registered client while showing publisher, callback domain, requested scopes, and trust state, Auth audit events for third-party OAuth consent approvals and denials with actor, client, owner, callback-domain, scope, and trust-state context, edge-budget WebCrypto PBKDF2 password hashing with non-blocking rehash of older bcrypt/PBKDF2/SHA records and combined security/passkey reads, static-origin CORS handling that skips service-catalog hydration for first-party and no-Origin requests while preserving dynamic third-party host checks, signed MFA challenges that avoid repeated password verification during TOTP, backup-code, or passkey completion, browser and registered-native SSO one-time exchange codes with single-pass authorize-time active user, org, and service-access validation plus service-scoped browser token issue and atomic code consumption, the production SSO callback-origin catalog and live metadata audit, the manifest-derived service permission, role-bundle, API-key scope, and organization-role permission catalog synced to production D1 on 2026-04-19, the planned TopoloP2P human/agent principal classes, grants, API-key scopes, and org policy inputs enforced by Auth while P2P owns action, ledger, and settlement state, the production MDM service catalog migration from legacy `svc_nodo_*` identifiers to canonical `svc_topolo_*` identifiers on 2026-04-23, the canonical `@topolo/auth-client` package without a legacy token-based `exchangeSSOToken` handoff helper, the canonical `topolo_auth_flutter` package with SDK-started callback state validation and Auth-hydrated startup restore, TopoloOne developer-application intake, the approved-app registration handoff consumed by Topolo Developers review and first-party scaffold provisioning, optional first-party launcher plus login/landing/app UI config upserts during that handoff, explicit ownerType/portfolio/audience/tenancy/surface metadata plus distribution metadata for developer-owned services so Topolo first-party platform/personal apps and third-party business/personal apps stay distinct in one registration pipeline while organization-internal apps are filtered out of Auth-backed launcher discovery and Developers-owned store discovery, built-in bindable-resource catalogs such as `developer_app:*` for approved Developers registrations, and the rule that third-party partner/customer/supplier sub-surfaces stay under the owning application service id instead of registering separate platform services. Auth remains the identity and authorization source of truth and should not own Topolo Developers draft, submission, store read-model, build-request, review persistence, TopoloP2P action rail, ledger, settlement state, or paid marketplace checkout." }, "primary_hosts": [ "https://auth.topolo.app" ], "doc_paths": [ "applications/auth", "reference/api/topolo-auth", "internal/platform/identity-access-entitlements", "internal/platform/auth-and-identity", "internal/platform/topolo-auth-flutter-sdk", "internal/platform/notification-preferences", "internal/apps/topolo-auth" ], "security_assurance": { "risk_tier": "critical", "auth_boundary": "Topolo Auth is the authoritative identity, role, service, and API-key boundary.", "tenant_isolation": "mixed", "external_inputs": [ "browser", "api", "callback" ], "sensitive_data": [ "identity", "org_data", "telemetry" ], "last_security_review": "2026-04-19", "security_review_status": "in_progress", "pentest_status": "not_started", "evidence_doc": "internal/platform/auth-and-identity" }, "dependencies": [], "public_hub_url": "/systems/topolo-auth", "internal_hub_url": null, "application_api_url": null, "generated_openapi_url": null, "machine_urls": { "system": "/machine/systems/topolo-auth.json", "application": null } }, "docs": { "public": [ { "id": "applications/admin.mdx", "title": "Topolo Admin", "summary": "Public overview of the administrative interface used for org, user, service, and audit management across the Topolo platform.", "audience": "public", "tags": [ "admin", "auth", "organizations" ], "url": "/applications/admin.mdx", "last_verified": "2026-04-28" }, { "id": "applications/agent.mdx", "title": "Topolo Agent", "summary": "Public overview of the Cloudflare-first agent and automation platform in the Topolo portfolio.", "audience": "public", "tags": [ "agents", "automation", "workflows" ], "url": "/applications/agent.mdx", "last_verified": "2026-04-28" }, { "id": "applications/auth.mdx", "title": "Topolo Auth", "summary": "Public overview of identity, service registration, API keys, and permission ownership across the platform.", "audience": "public", "tags": [ "identity", "auth", "api-keys" ], "url": "/applications/auth.mdx", "last_verified": "2026-04-28" }, { "id": "applications/books.mdx", "title": "Topolo Books", "summary": "Public overview of Topolo Books in the Topolo application suite.", "audience": "public", "tags": [ "books", "application" ], "url": "/applications/books.mdx", "last_verified": "2026-04-28" }, { "id": "applications/bugfix.mdx", "title": "Topolo BugFix", "summary": "Public overview of BugFix, including AI-assisted bug analysis, fix generation, and Nexus-backed provider usage.", "audience": "public", "tags": [ "bugs", "ai", "automation", "github" ], "url": "/applications/bugfix.mdx", "last_verified": "2026-04-28" }, { "id": "applications/bytes.mdx", "title": "Topolo Bytes", "summary": "Public overview of the media-management and sharing surface built around Cloudflare edge storage and media tooling.", "audience": "public", "tags": [ "media", "assets", "sharing" ], "url": "/applications/bytes.mdx", "last_verified": "2026-04-28" }, { "id": "applications/calendar.mdx", "title": "Topolo Calendar", "summary": "Public overview of the scheduling and booking application — shareable event types, embeddable widgets, and cross-app event feeds.", "audience": "public", "tags": [ "calendar", "scheduling", "bookings", "embed" ], "url": "/applications/calendar.mdx", "last_verified": "2026-04-28" }, { "id": "applications/chat.mdx", "title": "Topolo Chat", "summary": "Public overview of the collaboration surface for channels, direct messages, meetings, guests, and remote-assist workflows.", "audience": "public", "tags": [ "chat", "meetings", "collaboration" ], "url": "/applications/chat.mdx", "last_verified": "2026-04-28" }, { "id": "applications/commerce.mdx", "title": "TopoloCommerce", "summary": "Public overview of the multi-vertical commerce platform for venue operations, guest runtimes, and staff execution.", "audience": "public", "tags": [ "commerce", "venues", "kiosk" ], "url": "/applications/commerce.mdx", "last_verified": "2026-04-28" }, { "id": "applications/crm.mdx", "title": "TopoloCRM", "summary": "Public overview of the CRM service, pipeline surface, SDR inbox control plane, and developer-key access model.", "audience": "public", "tags": [ "crm", "sales", "pipelines" ], "url": "/applications/crm.mdx", "last_verified": "2026-04-28" }, { "id": "applications/customer-success.mdx", "title": "Topolo Customer Success", "summary": "Public overview of Topolo Customer Success in the Topolo application suite.", "audience": "public", "tags": [ "customer-success", "application" ], "url": "/applications/customer-success.mdx", "last_verified": "2026-04-28" }, { "id": "applications/developers.mdx", "title": "Topolo Developers", "summary": "Public overview of the authenticated Topolo developer portal and its submission/request workflows.", "audience": "public", "tags": [ "developers", "portal", "auth" ], "url": "/applications/developers.mdx", "last_verified": "2026-04-28" }, { "id": "applications/device-platform.mdx", "title": "Topolo Device Platform", "summary": "Public overview of Topolo's device distribution, feed delivery, analytics, Android playback, and provisioning surfaces.", "audience": "public", "tags": [ "device-platform", "devices", "feeds" ], "url": "/applications/device-platform.mdx", "last_verified": "2026-04-28" }, { "id": "applications/flow.mdx", "title": "Topolo Flow", "summary": "Public overview of Topolo Flow in the Topolo application suite.", "audience": "public", "tags": [ "flow", "application" ], "url": "/applications/flow.mdx", "last_verified": "2026-04-28" }, { "id": "applications/forecast.mdx", "title": "Topolo Forecast", "summary": "Public overview of the forecasting product for cash-flow, P&L, KPI, and multi-scenario planning workflows.", "audience": "public", "tags": [ "forecasting", "finance", "planning" ], "url": "/applications/forecast.mdx", "last_verified": "2026-04-28" }, { "id": "applications/forms.mdx", "title": "Topolo Forms", "summary": "Public overview of Topolo Forms, the Topolo general forms and public submission application.", "audience": "public", "tags": [ "forms", "application" ], "url": "/applications/forms.mdx", "last_verified": "2026-04-28" }, { "id": "applications/insights.mdx", "title": "Topolo Insights", "summary": "Public overview of Topolo Insights in the Topolo application suite.", "audience": "public", "tags": [ "insights", "application" ], "url": "/applications/insights.mdx", "last_verified": "2026-04-28" }, { "id": "applications/inventory.mdx", "title": "Topolo Inventory", "summary": "Public overview of Topolo Inventory, the Topolo item, location, and stock movement workspace.", "audience": "public", "tags": [ "inventory", "application" ], "url": "/applications/inventory.mdx", "last_verified": "2026-04-28" }, { "id": "applications/learn.mdx", "title": "TopoloLearn", "summary": "Public overview of the Topolo-native multi-tenant learning platform for branded education businesses, cohort delivery, assessment, and certification.", "audience": "public", "tags": [ "learning", "multi-tenant", "assessment", "certification" ], "url": "/applications/learn.mdx", "last_verified": "2026-04-28" }, { "id": "applications/mdm.mdx", "title": "TopoloMDM", "summary": "Public overview of the device-management cluster spanning the MDM API, operator console, and mobile scaffold.", "audience": "public", "tags": [ "mdm", "devices", "operations" ], "url": "/applications/mdm.mdx", "last_verified": "2026-04-28" }, { "id": "applications/messaging.mdx", "title": "Topolo Messaging", "summary": "Public overview of the Topolo Messaging WhatsApp Business application for inboxes, campaigns, automations, and multi-number brand workspaces.", "audience": "public", "tags": [ "messaging", "whatsapp", "campaigns", "automations" ], "url": "/applications/messaging.mdx", "last_verified": "2026-04-28" }, { "id": "applications/nexus.mdx", "title": "Topolo Nexus", "summary": "Public overview of Nexus as the platform gateway for metered third-party API usage across Topolo applications.", "audience": "public", "tags": [ "ai", "gateway", "usage", "platform" ], "url": "/applications/nexus.mdx", "last_verified": "2026-04-28" }, { "id": "applications/pay.mdx", "title": "Topolo Pay", "summary": "Public overview of the payment worker that handles orders, refunds, and payment operations.", "audience": "public", "tags": [ "payments", "orders", "worker" ], "url": "/applications/pay.mdx", "last_verified": "2026-04-29" }, { "id": "applications/one.mdx", "title": "TopoloOne", "summary": "Public overview of the TopoloOne dashboard, worker-backed growth surfaces, and the public developer-acquisition funnel.", "audience": "public", "tags": [ "dashboard", "operators", "api-keys" ], "url": "/applications/one.mdx", "last_verified": "2026-04-28" }, { "id": "applications/quro.mdx", "title": "Topolo Quro", "summary": "Public overview of the QR creation, redirect, analytics, and authenticated UI surface in the Topolo portfolio.", "audience": "public", "tags": [ "qr", "redirects", "analytics" ], "url": "/applications/quro.mdx", "last_verified": "2026-04-28" }, { "id": "applications/people.mdx", "title": "Topolo People", "summary": "Public overview of Topolo People in the Topolo application suite.", "audience": "public", "tags": [ "people", "application" ], "url": "/applications/people.mdx", "last_verified": "2026-04-28" }, { "id": "applications/roadmapper.mdx", "title": "Topolo Roadmapper", "summary": "Public overview of Roadmapper, including AI-assisted project onboarding, durable planning sessions, and stakeholder presentation delivery.", "audience": "public", "tags": [ "roadmaps", "projects", "planning", "ai" ], "url": "/applications/roadmapper.mdx", "last_verified": "2026-04-28" }, { "id": "applications/sign.mdx", "title": "Topolo Sign", "summary": "Public overview of Topolo Sign in the Topolo application suite.", "audience": "public", "tags": [ "sign", "application" ], "url": "/applications/sign.mdx", "last_verified": "2026-04-28" }, { "id": "applications/social-studio.mdx", "title": "Topolo Social Studio", "summary": "Public overview of the hybrid desktop and Cloudflare runtime used for AI-assisted social content planning and generation.", "audience": "public", "tags": [ "desktop", "social", "generation", "creative" ], "url": "/applications/social-studio.mdx", "last_verified": "2026-04-28" }, { "id": "applications/socialize.mdx", "title": "Socialize", "summary": "Public overview of the social publishing platform, brand-scoped resource bindings, and content operations.", "audience": "public", "tags": [ "social", "publishing", "brands" ], "url": "/applications/socialize.mdx", "last_verified": "2026-04-28" }, { "id": "applications/support.mdx", "title": "Topolo Support", "summary": "Public overview of the Topolo support platform for internal operations and customer-organization ticket workflows.", "audience": "public", "tags": [ "support", "tickets", "auth" ], "url": "/applications/support.mdx", "last_verified": "2026-04-28" }, { "id": "applications/survey.mdx", "title": "Topolo Survey", "summary": "Public overview of Topolo Survey, the Topolo survey builder and public response collection application.", "audience": "public", "tags": [ "survey", "application" ], "url": "/applications/survey.mdx", "last_verified": "2026-04-28" }, { "id": "applications/voice.mdx", "title": "Topolo Voice", "summary": "Public overview of Topolo Voice in the Topolo application suite.", "audience": "public", "tags": [ "voice", "application" ], "url": "/applications/voice.mdx", "last_verified": "2026-04-28" }, { "id": "guides/authentication.mdx", "title": "Authentication", "summary": "How authentication and authorization flow through Topolo Auth and downstream services.", "audience": "public", "tags": [ "auth", "identity", "authorization" ], "url": "/guides/authentication.mdx", "last_verified": "2026-04-21" }, { "id": "guides/quick-start.mdx", "title": "Quick Start", "summary": "Fast onboarding path for developers integrating with Topolo services.", "audience": "public", "tags": [ "onboarding", "auth", "api-keys" ], "url": "/guides/quick-start.mdx", "last_verified": "2026-04-07" }, { "id": "guides/third-party-auth-integration.mdx", "title": "Third-Party Auth Integration", "summary": "Canonical guide for external developers integrating with Topolo Auth without relying on first-party repo docs.", "audience": "public", "tags": [ "auth", "integration", "third-party" ], "url": "/guides/third-party-auth-integration.mdx", "last_verified": "2026-04-23" }, { "id": "platform/api-keys.mdx", "title": "API Keys", "summary": "Central API key model, scope ownership, and resource binding behavior across Topolo services.", "audience": "public", "tags": [ "api-keys", "security", "platform" ], "url": "/platform/api-keys.mdx", "last_verified": "2026-04-07" }, { "id": "platform/architecture.mdx", "title": "Platform Architecture", "summary": "Top-level platform shape, authority boundaries, and how the unified documentation platform maps onto the codebase.", "audience": "public", "tags": [ "architecture", "platform", "systems" ], "url": "/platform/architecture.mdx", "last_verified": "2026-04-10" }, { "id": "reference/api/topolo-auth.mdx", "title": "Topolo Auth API", "summary": "Curated reference overlay for the Topolo Auth service where platform semantics matter more than raw route listing.", "audience": "public", "tags": [ "auth", "reference", "api" ], "url": "/reference/api/topolo-auth.mdx", "last_verified": "2026-04-23" }, { "id": "applications/compose.mdx", "title": "TopoloCompose", "summary": "AI-native document generation, revision, styling, and export for formal documents in Topolo.", "audience": "public", "tags": [ "compose", "documents", "ai", "application" ], "url": "/applications/compose.mdx", "last_verified": "2026-04-28" } ], "internal": [], "runbooks": [] }, "authority": { "owners": [ "identity-platform" ], "repo_paths": [ "PlatformApplications/TopoloAuth", "PlatformApplications/TopoloAuth/packages/topolo-auth-client", "PlatformApplications/TopoloAuth/packages/topolo_auth_flutter" ], "service_ids": [ "svc_auth" ], "dependencies": [], "aliases": [] }, "interfaces": { "contract_type": "curated", "contract_source": "PlatformApplications/TopoloAuth/src/controllers/auth.js", "contract_source_exists": true, "openapi": null, "readme": { "path": "PlatformApplications/TopoloAuth/README.md", "intro": [ "Canonical documentation for Topolo Auth lives in `PlatformApplications/TopoloDocs`.", "Use this repository for implementation only. Local product and operational docs have been retired in favor of the docs application." ], "headings": [ "Topolo Auth" ], "routeHighlights": [], "commandHighlights": [] } }, "auth": { "depends_on_topolo_auth": true, "api_key_scopes": [ { "id": "aks_auth_api_keys_read", "name": "api_keys.read", "description": "View machine credentials", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_api_keys_write", "name": "api_keys.write", "description": "Create or revoke machine credentials", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_audit_read", "name": "audit.read", "description": "View audit logs and security events", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_orgs_read", "name": "organizations.read", "description": "View organization details", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_orgs_write", "name": "organizations.write", "description": "Create and edit organizations", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_permissions_read", "name": "permissions.read", "description": "View permission assignments", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_permissions_write", "name": "permissions.write", "description": "Manage user permissions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_roles_read", "name": "roles.read", "description": "View service role bundles", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_roles_write", "name": "roles.write", "description": "Manage service role bundles", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_services_read", "name": "services.read", "description": "View registered services", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_services_write", "name": "services.write", "description": "Manage service registrations", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_sessions_read", "name": "sessions.read", "description": "View user sessions and access state", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_sessions_write", "name": "sessions.write", "description": "Revoke or rotate user sessions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_users_delete", "name": "users.delete", "description": "Delete or suspend user accounts", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_users_read", "name": "users.read", "description": "View user accounts and profiles", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_auth_users_write", "name": "users.write", "description": "Create and edit user accounts", "resourcePattern": null, "kind": "api_key_scope" } ], "service_permissions": [ { "id": "perm_auth_api_keys_read", "name": "api_keys:read", "description": "View machine credentials", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_api_keys_write", "name": "api_keys:write", "description": "Create or revoke machine credentials", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_audit_read", "name": "audit:read", "description": "View audit logs and security events", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_orgs_read", "name": "organizations:read", "description": "View organization details", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_orgs_write", "name": "organizations:write", "description": "Create and edit organizations", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_permissions_read", "name": "permissions:read", "description": "View permission assignments", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_permissions_write", "name": "permissions:write", "description": "Manage user permissions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_roles_read", "name": "roles:read", "description": "View service role bundles", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_roles_write", "name": "roles:write", "description": "Manage service role bundles", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_services_read", "name": "services:read", "description": "View registered services", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_services_write", "name": "services:write", "description": "Manage service registrations", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_sessions_read", "name": "sessions:read", "description": "View user sessions and access state", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_sessions_write", "name": "sessions:write", "description": "Revoke or rotate user sessions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_users_delete", "name": "users:delete", "description": "Delete or suspend user accounts", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_users_read", "name": "users:read", "description": "View user accounts and profiles", "resourcePattern": null, "kind": "permission" }, { "id": "perm_auth_users_write", "name": "users:write", "description": "Create and edit user accounts", "resourcePattern": null, "kind": "permission" } ] }, "runtime": { "primary_hosts": [ "https://auth.topolo.app" ], "repo_entries": [ "PlatformApplications/TopoloAuth/README.md", "PlatformApplications/TopoloAuth/ROADMAP_HANDOFF_2026-03-31_topoloauth.md", "PlatformApplications/TopoloAuth/catalog/", "PlatformApplications/TopoloAuth/cloudcontrol-deployment-report-topolo-auth.json", "PlatformApplications/TopoloAuth/migration.config.ts", "PlatformApplications/TopoloAuth/package-lock.json", "PlatformApplications/TopoloAuth/package.json", "PlatformApplications/TopoloAuth/packages/", "PlatformApplications/TopoloAuth/schema-evolution-local.sql", "PlatformApplications/TopoloAuth/schema-evolution.sql", "PlatformApplications/TopoloAuth/schema-oauth.sql", "PlatformApplications/TopoloAuth/schema-update.sql", "PlatformApplications/TopoloAuth/schema.sql", "PlatformApplications/TopoloAuth/scripts/", "PlatformApplications/TopoloAuth/src/", "PlatformApplications/TopoloAuth/test/", "PlatformApplications/TopoloAuth/topolo.cloudcontrol.json", "PlatformApplications/TopoloAuth/wrangler.toml", "PlatformApplications/TopoloAuth/packages/topolo-auth-client/package-lock.json", "PlatformApplications/TopoloAuth/packages/topolo-auth-client/package.json" ], "wrangler_surfaces": [ { "path": "PlatformApplications/TopoloAuth/wrangler.toml", "observabilityEnabled": true, "environments": [ "production" ], "routes": [ "auth.stg.topolo.us", "auth.topolo.app" ], "vars": [ "AUTH_ACCESS_TOKEN_TTL_SECONDS", "AUTH_ALLOW_REFRESH_TOKEN_IN_BODY", "AUTH_CLIENT_COMPAT_ALLOWLIST", "AUTH_COOKIE_DOMAIN", "AUTH_COOKIE_MODE_DEFAULT", "AUTH_LEGACY_TOKEN_DELIVERY_ENABLED", "AUTH_MAGIC_LINK_ENABLED", "AUTH_MFA_CHALLENGE_TTL_SECONDS", "AUTH_REFRESH_COOKIE_NAME", "AUTH_REFRESH_SKIP_SESSION_CHECK", "AUTH_REFRESH_TOKEN_TTL_SECONDS", "AUTH_SESSION_TTL_SECONDS", "ENVIRONMENT", "GITHUB_CLIENT_ID", "NEXUS_GATEWAY_URL", "TOPOLO_NOTIFY_URL" ], "bindings": [ { "kind": "d1", "binding": "DB", "sourcePath": "PlatformApplications/TopoloAuth/wrangler.toml", "target": "7b2ede91-717b-47c5-ae8a-4d2f195a4672" }, { "kind": "d1", "binding": "DB", "environment": "production", "sourcePath": "PlatformApplications/TopoloAuth/wrangler.toml", "target": "9f2c0e78-738a-41c0-95bf-9968ff369926" } ], "cronTriggers": [ "0 3 * * *" ], "workerName": "topolo-auth-staging", "main": "src/index.js", "compatibilityDate": "2026-04-10" } ], "packages": [ { "path": "PlatformApplications/TopoloAuth/package.json", "name": "topolo-auth", "description": "Authentication service for Topolo MDM multi-tenant system", "scripts": [ "dev", "build", "test", "deploy", "deploy:staging", "deploy:production", "deploy:dry-run", "bootstrap", "local-dev", "remote-dev", "seed-test-data", "setup-oauth", "catalog:bootstrap", "catalog:generate", "catalog:check", "validate:catalog" ], "scriptCommands": [ { "name": "dev", "command": "wrangler dev" }, { "name": "build", "command": "wrangler deploy --dry-run --outdir .wrangler/build" }, { "name": "test", "command": "node --test" }, { "name": "deploy", "command": "wrangler deploy" }, { "name": "deploy:staging", "command": "wrangler deploy" }, { "name": "deploy:production", "command": "wrangler deploy --env production" }, { "name": "deploy:dry-run", "command": "wrangler deploy --dry-run --outdir .wrangler/build" }, { "name": "bootstrap", "command": "node scripts/bootstrap.js" }, { "name": "local-dev", "command": "node scripts/local-dev.js" }, { "name": "remote-dev", "command": "node scripts/local-dev.js --remote" }, { "name": "seed-test-data", "command": "node scripts/seed-test-data.js" }, { "name": "setup-oauth", "command": "node scripts/setup-oauth.js" }, { "name": "catalog:bootstrap", "command": "node scripts/bootstrap-service-manifests.mjs" }, { "name": "catalog:generate", "command": "node scripts/generate-service-catalog-sql.mjs" }, { "name": "catalog:check", "command": "node scripts/generate-service-catalog-sql.mjs --check" }, { "name": "validate:catalog", "command": "npm run catalog:check && node scripts/validate-service-catalog.mjs" } ] }, { "path": "PlatformApplications/TopoloAuth/packages/topolo-auth-client/package.json", "name": "@topolo/auth-client", "description": "Shared authentication client for Topolo applications", "scripts": [ "build", "dev", "typecheck" ], "scriptCommands": [ { "name": "build", "command": "tsup src/index.ts --format esm,cjs --dts" }, { "name": "dev", "command": "tsup src/index.ts --format esm,cjs --dts --watch" }, { "name": "typecheck", "command": "tsc --noEmit" } ] } ] }, "data": { "env_vars": [ "AUTH_ACCESS_TOKEN_TTL_SECONDS", "AUTH_ALLOW_REFRESH_TOKEN_IN_BODY", "AUTH_CLIENT_COMPAT_ALLOWLIST", "AUTH_COOKIE_DOMAIN", "AUTH_COOKIE_MODE_DEFAULT", "AUTH_LEGACY_TOKEN_DELIVERY_ENABLED", "AUTH_MAGIC_LINK_ENABLED", "AUTH_MFA_CHALLENGE_TTL_SECONDS", "AUTH_REFRESH_COOKIE_NAME", "AUTH_REFRESH_SKIP_SESSION_CHECK", "AUTH_REFRESH_TOKEN_TTL_SECONDS", "AUTH_SESSION_TTL_SECONDS", "ENVIRONMENT", "GITHUB_CLIENT_ID", "NEXUS_GATEWAY_URL", "TOPOLO_NOTIFY_URL" ], "bindings": [ { "kind": "d1", "binding": "DB", "sourcePath": "PlatformApplications/TopoloAuth/wrangler.toml", "target": "7b2ede91-717b-47c5-ae8a-4d2f195a4672" }, { "kind": "d1", "binding": "DB", "environment": "production", "sourcePath": "PlatformApplications/TopoloAuth/wrangler.toml", "target": "9f2c0e78-738a-41c0-95bf-9968ff369926" } ], "queue_bindings": [], "storage_kinds": [ "d1" ], "workflow_signals": [ "cron 0 3 * * *" ] }, "deployment": { "commands": [ { "name": "build", "command": "PlatformApplications/TopoloAuth/package.json :: wrangler deploy --dry-run --outdir .wrangler/build" }, { "name": "deploy", "command": "PlatformApplications/TopoloAuth/package.json :: wrangler deploy" }, { "name": "deploy:staging", "command": "PlatformApplications/TopoloAuth/package.json :: wrangler deploy" }, { "name": "deploy:production", "command": "PlatformApplications/TopoloAuth/package.json :: wrangler deploy --env production" }, { "name": "deploy:dry-run", "command": "PlatformApplications/TopoloAuth/package.json :: wrangler deploy --dry-run --outdir .wrangler/build" }, { "name": "build", "command": "PlatformApplications/TopoloAuth/packages/topolo-auth-client/package.json :: tsup src/index.ts --format esm,cjs --dts" } ], "routes": [ "auth.stg.topolo.us", "auth.topolo.app" ], "environments": [ "production" ], "assets_directories": [], "observability_enabled": true }, "debugging": { "failure_modes": [], "entrypoints": [ "PlatformApplications/TopoloAuth/wrangler.toml", "PlatformApplications/TopoloAuth/src/controllers/auth.js", "PlatformApplications/TopoloAuth/README.md", "PlatformApplications/TopoloAuth/package.json", "PlatformApplications/TopoloAuth/packages/topolo-auth-client/package.json" ] } }