Agent

Authority

Service IDs:

Repos: PlatformApplications/TopoloAgent

Hosts:

Dependencies: topolo-auth, applications-packages, topolo-developers, topolo-p2p

Depends on Topolo Auth: yes

Contract Source

Type: curated

Source: PlatformApplications/TopoloDocs/src/content/public/applications/agent.mdx

Source exists: yes

Canonical Agent coverage now lives in the docs application. The backend worker now requires Topolo Auth validation for operator bearer tokens and no longer carries an Agent-local HS256/JWT secret verification path. The production Pages `/login` entry renders the shared branded first-party login surface from the `svc_topolo_agent` UI Kit registry entry and submits email/password credentials to Auth through the shared client; OAuth and other brokered flows still use hosted Auth. The connector catalog uses the Developers-owned mobile app catalog connector for Android and iOS artifact metadata. Agent exposes `GET /api/widget` for TopoloOne live workspace with active-flow, pending-task, pending-approval, and run-today stats. Cross-organization agent actions must enter through TopoloP2P and wait for the P2P policy decision before execution. Staging runs in the separate Topolo Staging Cloudflare account with staging Auth, Nexus, D1, R2, Queue, and Vectorize bindings.

API key scopes in Auth catalog: 6

Auth Requirements

No global OpenAPI security scheme is declared.

• approvals.write
• reports.read
• workflows.read
• workflows.write
• workspace.read
• workspace.write

Runtime and Deployment

Wrangler surfaces: PlatformApplications/TopoloAgent/app/wrangler.toml, PlatformApplications/TopoloAgent/packages/backend/wrangler.toml

Environment variables: CLOUDFLARE_ACCOUNT_ID, ENVIRONMENT, NEXUS_GATEWAY_URL, NODE_ENV, SERVICE_ID, TOPOLO_AUTH_URL, account_id

Routes: workers.dev or Pages-only delivery

Observability enabled: yes