{ "generated_at": "2026-06-12T22:05:57.081Z", "system": { "id": "topolo-crm", "name": "TopoloCRM", "slug": "topolo-crm", "kind": "application", "summary": "CRM workflows, records, and SDR inbox/control-plane services exposed through the platform auth layer.", "aliases": [], "lifecycle": "active", "last_verified": "2026-05-14", "owners": [ "crm" ], "repo_paths": [], "external_repo_paths": [ "Apps/business/TopoloCRM" ], "service_ids": [ "srv_iCwM4jGXcwlj" ], "visibility": "public", "openapi": { "path": "PlatformApplications/TopoloCRM/packages/backend/openapi.yaml", "format": "yaml" }, "api_contract": { "type": "openapi", "source": "PlatformApplications/TopoloCRM/packages/backend/openapi.yaml", "notes": "CRM owns its worker API contract and delegates browser login, cookie refresh, logout propagation, one-time `sso_code` callback exchange, and shared-launcher Auth data reads to the shared Auth client plus same-origin `/api/auth/*` worker gateway. CRM resolves its concrete Auth service id dynamically from the Auth catalog slug `topolo-crm`; the source-owned identity lives in the CRM repo `app-identity.ts`, and browser, backend, API-key, widget, notification, and seed-caller paths must not hardcode concrete `srv_*` or `svc_*` ids. The explicit `/login` route renders the branded shared LoginPage without an initial refresh probe, embedded password-login success returns to the CRM route tree after shared Auth token persistence, shared Auth token update events are treated as already-persisted state, and the browser app does not expose a legacy `/sso?token=` token handoff route or app-local `/sso/exchange` parser. CRM keeps same-tab sessionStorage access-token restore enabled by default after login and refresh so normal reloads do not appear logged out before cookie refresh completes. The callback route guards one-time code exchange with a fixed `/dashboard` completion target so Auth home-path re-resolution cannot retry an already consumed `sso_code`. CRM exposes `GET /api/widget` with the shared `@topolo/sdk` widget response contract for TopoloOne live workspace." }, "primary_hosts": [ "https://crm.topolo.app", "https://crm-api.stg.topolo.us", "https://crm.stg.topolo.us" ], "doc_paths": [ "applications/crm", "internal/apps/crm" ], "security_assurance": { "risk_tier": "high", "auth_boundary": "Topolo Auth `/validate` is the only accepted browser/API bearer-token authority; embedded password-login success is completed by CRM route-state after shared Auth token persistence with default same-tab access-token restore; CRM only performs CRM-record authorization after Auth returns user, organization, and service permissions.", "tenant_isolation": "organization_scoped", "external_inputs": [ "browser", "api", "callback" ], "sensitive_data": [ "identity", "org_data", "customer_content", "telemetry" ], "last_security_review": "2026-04-30", "security_review_status": "reviewed", "pentest_status": "passed", "evidence_doc": "internal/apps/crm" }, "data_privacy": { "classification": "restricted", "sensitive_data_classes": [ "communications", "customer_content", "identity", "organization", "telemetry" ], "storage_locations": [ "d1", "external_provider", "kv", "r2" ], "encryption_at_rest": "application_layer_required", "encryption_in_transit": "https_only", "key_management": "versioned_platform_key_required", "retention_policy": "partial", "deletion_export_status": "planned", "logging_redaction_status": "needs_review", "privacy_review_status": "reviewed", "enterprise_ready": false, "evidence_doc": "internal/apps/crm" }, "dependencies": [ "topolo-auth", "topolo-one", "applications-packages" ], "bugfix_policy": { "tier": "autonomous", "preferred_agent": "either", "require_validator": false }, "public_hub_url": "/systems/topolo-crm", "internal_hub_url": null, "application_api_url": "/reference/apps/topolo-crm", "generated_openapi_url": null, "machine_urls": { "system": "/machine/systems/topolo-crm.json", "application": "/machine/applications/topolo-crm.json" } }, "docs": { "public": [ { "id": "applications/crm", "title": "TopoloCRM", "summary": "Public overview of the CRM service, pipeline surface, SDR inbox control plane, and developer-key access model.", "audience": "public", "tags": [ "crm", "sales", "pipelines" ], "url": "/applications/crm", "last_verified": "2026-05-13" }, { "id": "applications/forms", "title": "Topolo Forms", "summary": "Public overview of Topolo Forms, the Topolo general forms and public submission application.", "audience": "public", "tags": [ "forms", "application" ], "url": "/applications/forms", "last_verified": "2026-05-13" } ], "internal": [], "runbooks": [] }, "authority": { "owners": [ "crm" ], "repo_paths": [], "service_ids": [ "srv_iCwM4jGXcwlj" ], "dependencies": [ "topolo-auth", "topolo-one", "applications-packages" ], "aliases": [] }, "interfaces": { "contract_type": "openapi", "contract_source": "PlatformApplications/TopoloCRM/packages/backend/openapi.yaml", "contract_source_exists": false, "openapi": null, "readme": null }, "auth": { "depends_on_topolo_auth": true, "api_key_scopes": [ { "id": "aks_crm_activities_read", "name": "activities.read", "description": "View customer activities and history", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_activities_write", "name": "activities.write", "description": "Log customer activities and notes", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_api_keys_write", "name": "api_keys.write", "description": "Manage CRM machine credentials", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_attachments_read", "name": "attachments.read", "description": "View CRM attachments and files", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_attachments_write", "name": "attachments.write", "description": "Upload and manage CRM attachments and files", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_commissions_read", "name": "commissions.read", "description": "View commission records and payouts", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_commissions_write", "name": "commissions.write", "description": "Create and manage commission records and payouts", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_companies_read", "name": "companies.read", "description": "View companies and account records", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_companies_write", "name": "companies.write", "description": "Create and manage companies and account records", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_contacts_read", "name": "contacts.read", "description": "View customer contacts and profiles", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_contacts_write", "name": "contacts.write", "description": "Create and edit customer contacts", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_deals_read", "name": "deals.read", "description": "View sales deals and opportunities", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_deals_write", "name": "deals.write", "description": "Manage sales deals and pipeline", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_documents_read", "name": "documents.read", "description": "View CRM documents and transaction files", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_documents_write", "name": "documents.write", "description": "Create and manage CRM documents and transaction files", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_listings_read", "name": "listings.read", "description": "View property listings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_listings_write", "name": "listings.write", "description": "Create and manage property listings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_notes_read", "name": "notes.read", "description": "View CRM notes and contact history", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_notes_write", "name": "notes.write", "description": "Create and manage CRM notes", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_offers_read", "name": "offers.read", "description": "View offers and negotiation records", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_offers_write", "name": "offers.write", "description": "Create and manage offers and negotiation records", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_pipeline_read", "name": "pipeline.read", "description": "View pipeline stages and contact movement", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_pipeline_write", "name": "pipeline.write", "description": "Manage pipeline stages and contact movement", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_portal_connections_read", "name": "portal_connections.read", "description": "View portal and lead-source connections", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_portal_connections_write", "name": "portal_connections.write", "description": "Create and manage portal and lead-source connections", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_portal_leads_read", "name": "portal_leads.read", "description": "View portal lead intake and routing state", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_portal_leads_write", "name": "portal_leads.write", "description": "Manage portal lead intake and routing state", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_portal_sync_read", "name": "portal_sync.read", "description": "View portal sync status and runs", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_portal_sync_write", "name": "portal_sync.write", "description": "Manage portal sync runs and mappings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_properties_read", "name": "properties.read", "description": "View property records and metadata", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_properties_write", "name": "properties.write", "description": "Create and manage property records and metadata", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_reports_read", "name": "reports.read", "description": "View CRM reports and analytics", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_sdr_override", "name": "sdr.override", "description": "Override SDR readiness and suppressions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_sdr_read", "name": "sdr.read", "description": "View SDR control-plane data and readiness state", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_sdr_write", "name": "sdr.write", "description": "Create and manage SDR control-plane data and readiness state", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_search_read", "name": "search.read", "description": "Search CRM records and SDR data", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_settings_read", "name": "settings.read", "description": "View CRM settings and module configuration", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_settings_write", "name": "settings.write", "description": "Manage CRM settings and module configuration", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_showings_read", "name": "showings.read", "description": "View showings and visit schedules", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_showings_write", "name": "showings.write", "description": "Create and manage showings and visit schedules", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_tasks_read", "name": "tasks.read", "description": "View CRM tasks and follow-up queues", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_tasks_write", "name": "tasks.write", "description": "Create and manage CRM tasks and follow-up queues", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_transactions_read", "name": "transactions.read", "description": "View transaction records and milestones", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_crm_transactions_write", "name": "transactions.write", "description": "Create and manage transaction records and milestones", "resourcePattern": null, "kind": "api_key_scope" } ], "service_permissions": [ { "id": "perm_crm_activities_read", "name": "activities:read", "description": "View customer activities and history", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_activities_write", "name": "activities:write", "description": "Log customer activities and notes", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_api_keys_write", "name": "api_keys:write", "description": "Manage CRM machine credentials", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_attachments_read", "name": "attachments:read", "description": "View CRM attachments and files", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_attachments_write", "name": "attachments:write", "description": "Upload and manage CRM attachments and files", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_commissions_read", "name": "commissions:read", "description": "View commission records and payouts", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_commissions_write", "name": "commissions:write", "description": "Create and manage commission records and payouts", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_companies_read", "name": "companies:read", "description": "View companies and account records", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_companies_write", "name": "companies:write", "description": "Create and manage companies and account records", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_contacts_read", "name": "contacts:read", "description": "View customer contacts and profiles", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_contacts_write", "name": "contacts:write", "description": "Create and edit customer contacts", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_deals_read", "name": "deals:read", "description": "View sales deals and opportunities", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_deals_write", "name": "deals:write", "description": "Manage sales deals and pipeline", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_documents_read", "name": "documents:read", "description": "View CRM documents and transaction files", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_documents_write", "name": "documents:write", "description": "Create and manage CRM documents and transaction files", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_listings_read", "name": "listings:read", "description": "View property listings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_listings_write", "name": "listings:write", "description": "Create and manage property listings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_notes_read", "name": "notes:read", "description": "View CRM notes and contact history", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_notes_write", "name": "notes:write", "description": "Create and manage CRM notes", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_offers_read", "name": "offers:read", "description": "View offers and negotiation records", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_offers_write", "name": "offers:write", "description": "Create and manage offers and negotiation records", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_pipeline_read", "name": "pipeline:read", "description": "View pipeline stages and contact movement", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_pipeline_write", "name": "pipeline:write", "description": "Manage pipeline stages and contact movement", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_portal_connections_read", "name": "portal_connections:read", "description": "View portal and lead-source connections", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_portal_connections_write", "name": "portal_connections:write", "description": "Create and manage portal and lead-source connections", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_portal_leads_read", "name": "portal_leads:read", "description": "View portal lead intake and routing state", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_portal_leads_write", "name": "portal_leads:write", "description": "Manage portal lead intake and routing state", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_portal_sync_read", "name": "portal_sync:read", "description": "View portal sync status and runs", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_portal_sync_write", "name": "portal_sync:write", "description": "Manage portal sync runs and mappings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_properties_read", "name": "properties:read", "description": "View property records and metadata", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_properties_write", "name": "properties:write", "description": "Create and manage property records and metadata", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_reports_read", "name": "reports:read", "description": "View CRM reports and analytics", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_sdr_override", "name": "sdr:override", "description": "Override SDR readiness and suppressions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_sdr_read", "name": "sdr:read", "description": "View SDR control-plane data and readiness state", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_sdr_write", "name": "sdr:write", "description": "Create and manage SDR control-plane data and readiness state", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_search_read", "name": "search:read", "description": "Search CRM records and SDR data", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_settings_read", "name": "settings:read", "description": "View CRM settings and module configuration", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_settings_write", "name": "settings:write", "description": "Manage CRM settings and module configuration", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_showings_read", "name": "showings:read", "description": "View showings and visit schedules", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_showings_write", "name": "showings:write", "description": "Create and manage showings and visit schedules", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_tasks_read", "name": "tasks:read", "description": "View CRM tasks and follow-up queues", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_tasks_write", "name": "tasks:write", "description": "Create and manage CRM tasks and follow-up queues", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_transactions_read", "name": "transactions:read", "description": "View transaction records and milestones", "resourcePattern": null, "kind": "permission" }, { "id": "perm_crm_transactions_write", "name": "transactions:write", "description": "Create and manage transaction records and milestones", "resourcePattern": null, "kind": "permission" } ] }, "runtime": { "primary_hosts": [ "https://crm.topolo.app", "https://crm-api.stg.topolo.us", "https://crm.stg.topolo.us" ], "repo_entries": [], "wrangler_surfaces": [], "packages": [] }, "data": { "env_vars": [], "bindings": [], "queue_bindings": [], "storage_kinds": [], "workflow_signals": [] }, "deployment": { "commands": [], "routes": [], "environments": [], "assets_directories": [], "observability_enabled": false }, "debugging": { "failure_modes": [ "No wrangler.toml surface was discovered under the registered repo paths.", "The registered contract source is missing: PlatformApplications/TopoloCRM/packages/backend/openapi.yaml", "Neither OpenAPI nor README-derived interface detail was found." ], "entrypoints": [ "PlatformApplications/TopoloCRM/packages/backend/openapi.yaml" ] } }