TopoloOne

Authority

Service IDs:

Repos: PlatformApplications/TopoloOne, PlatformApplications/TopoloOne/apps/mobile, PlatformApplications/TopoloOne/packages/topolo_mobile_core

Hosts:

Dependencies: topolo-auth, topolo-nexus, topolo-developers, topolo-p2p, applications-packages

Depends on Topolo Auth: yes

Contract Source

Type: curated

Source: PlatformApplications/TopoloOne/apps/dashboard-web/src/lib/api.ts

Source exists: yes

The dashboard contract is defined by the Auth-backed client routes it calls, including the app-switcher catalog for installed live-workspace widgets, the same-origin `POST /api/widgets` batch route that fans out server-side to native app `GET /api/widget` endpoints, anonymous Developers-owned store catalog/search/detail routes for the authenticated /apps catalog, Auth service-surface metadata for separating launchable applications from technical services, workspace context and membership summaries, selected-household state for personal-profile family flows, backend launcher preferences, app commerce metadata, org-user install assignment data, household-management routes, API-key management routes, Auth recovery-email status through `/api/auth/me/recovery-email`, and the TopoloNotify-backed `/actions` queue. /dashboard is workspace-only, /apps is the canonical authenticated app catalog, /actions is the full human-required platform action surface, and /store is not a supported alias. The authenticated dashboard uses TopoloAppShell navigationMode=topbar and forwards only `personal` or `organization` active context into the shared launcher; household is not a peer workspace and instead stays attached to personal context through Auth `selectedHouseholdId` plus `selectedHousehold` with `svc_oneclick_dash` marked `household_capable`. The dashboard browser callback delegates Auth SSO one-time sso_code exchange to the shared Auth client and does not accept direct bearer-token callback URLs or expose a legacy `/sso?token=` handoff helper. The dashboard /login route is the first-party embedded password-login surface for One, lands password-authenticated users on /dashboard, and requires /api/auth/me hydration before organization-context users are treated as ready so service onboarding state is available. The dashboard /onboarding route starts with mandatory personal recovery-email verification, then completes organization service onboarding for svc_oneclick_dash through Auth's service onboarding route, and redirects already-complete users back to /dashboard on direct refresh. The widget batch route caches successful native payloads per user and active context for 45 seconds, keeps a five-minute KV stale fallback for degraded app responses, renders metadata-backed overview widgets only when native fetches fail, excludes merely available catalog apps from the live workspace grid so widget fan-out stays scoped to installed context apps, and supports explicit widget-host overrides for apps whose native widget endpoint is not served from the canonical browser origin, including Commerce, Learn, Nexus, Quro, Forecast, Roadmapper, and Socialize. The authenticated `/apps` catalog now mirrors the active workspace contract as well: organization context may surface the full business catalog, while personal context must use personal-context Auth access metadata, avoid borrowing an org id, and hide org-first categories and collections that do not apply outside personal or family use. The marketing worker adds public checkout, waitlist, demo-booking, admin-session, owner-linked subscription-webhook ingestion, org billing preview, org billing portal, and internal seat-reconciliation endpoints plus static portfolio and developer acquisition routes. Paid checkout carries TopoloOne package metadata for three, five, ten, and everything bundles through Nexus/Stripe; those bundles define paid Topolo app access while third-party apps and customer-built apps remain unlimited through the app store. The free workspace path uses a $1/year Stripe verification subscription and stores completed free-workspace subscriptions separately from paid subscription records. Platform subscription records now live in D1 by `owner_type` and `owner_id`. Public pricing includes the honest 80%-and-growing comparison against mature specialist SaaS stacks, states that each paid seat can be used by a human or one Topolo agent, frames the listed public price as the minimum, routes enterprise pricing to request-based demo or sales contact for larger rollouts and custom security, compliance, procurement, rollout, or usage needs, and says 50% of paid seat revenue goes directly back into tokens for improving Topolo and its available tools and applications. Public developer CTAs now hand off from TopoloOne into the separate TopoloDevelopers application on developers.topolo.app/signup. The TopoloOne mobile shell at PlatformApplications/TopoloOne/apps/mobile is a Flutter launchpad for iOS and Android that mirrors /dashboard, /apps, /actions, and /settings, but replaces in-app launching with install-aware app-store handoff: tapping a catalog entry first attempts the universal link at one.topolo.app/launch/<serviceId>?code=<one-time-handoff-code> minted from the dashboard worker, falls back to the platform-appropriate App Store or Play Store URL when the target native app is not installed, and falls back to the browser web launch URL when no native build exists. The shared PlatformApplications/TopoloOne/packages/topolo_mobile_core package is the canonical Dart/Flutter implementation of TopoloAuthClient OAuth/PKCE refresh-token storage in the iOS Keychain access group group.io.topolo.shared, the TopoloApi catalog and handoff-code mint client, and the TopoloAppShell wordmark lockup, and is the only place other Topolo Flutter apps adopt platform identity, design tokens, and deep-link reception.

API key scopes in Auth catalog: 12

Auth Requirements

No global OpenAPI security scheme is declared.

• api_keys.write
• apps.read
• apps.write
• dashboard.read
• launches.read
• notifications.read
• notifications.write
• settings.read
• settings.write
• widgets.read
• workflows.read
• workflows.write

Runtime and Deployment

Wrangler surfaces: PlatformApplications/TopoloOne/apps/ai-chat-rag/wrangler.toml, PlatformApplications/TopoloOne/apps/dashboard-web/wrangler.toml, PlatformApplications/TopoloOne/apps/dashboard-worker/wrangler.toml, PlatformApplications/TopoloOne/apps/marketing-site/wrangler.toml

Environment variables: ALLOWED_ORIGINS, AUTH_API_URL, DASHBOARD_APP_ORIGIN, ENVIRONMENT, LOG_LEVEL, NEXT_PUBLIC_AUTH_URL, NEXT_PUBLIC_DEVELOPER_PORTAL_URL, NEXT_PUBLIC_DOCS_URL, NEXT_PUBLIC_ONE_URL, NEXT_PUBLIC_SIGNUP_MODE, NEXT_PUBLIC_SITE_URL, NEXUS_GATEWAY_URL, NODE_ENV, SERVICE_NAME, TOPOLO_ONE_BILLING_URL, VITE_API_URL, VITE_AUTH_URL, VITE_P2P_API_URL, VITE_STORE_API_BASE_URL, VITE_TOPOLO_AUTH_URL

Routes: one.stg.topolo.us, one.topolo.app/*, stg.topolo.us

Observability enabled: yes