{ "generated_at": "2026-06-12T22:05:57.089Z", "system": { "id": "topolo-forecast", "name": "Topolo Forecast", "slug": "topolo-forecast", "kind": "application", "summary": "Cash-flow and P&L forecasting product.", "aliases": [], "lifecycle": "active", "last_verified": "2026-05-14", "owners": [ "finance-platform" ], "repo_paths": [], "external_repo_paths": [ "Apps/business/TopoloForecast" ], "service_ids": [ "srv_T0sKE7LIelMU" ], "visibility": "public", "api_contract": { "type": "curated", "source": "PlatformApplications/TopoloDocs/src/content/public/applications/forecast.mdx", "notes": "Canonical Forecast coverage now lives in the docs application. Forecast resolves the concrete Auth service id for `topolo-forecast` at runtime through Auth `/api/services/by-slug/topolo-forecast`; source and browser bundles must not carry environment-specific `svc_*` or `srv_*` ids. The browser callback delegates Auth SSO one-time sso_code redemption to the shared Topolo auth client and does not support direct bearer-token callback URLs or /sso?token= bridge routes. Embedded first-party password-login success is completed by Forecast with in-app navigation after shared Auth token persistence so the first authenticated workspace refresh is not aborted by a hard redirect. Forecast keeps same-tab sessionStorage access-token restore enabled by default after login and refresh so normal browser reloads do not appear logged out before cookie refresh completes. The authenticated Forecast web workspace renders through the shared `TopoloAppShell` so account, launcher, command, theme, sidebar-collapse, and account-menu BugFix chrome stay package-owned while finance workspace switching remains in additive account-menu actions. Public landing, login, callback, and shared-workspace routes do not mount standalone BugFix controls. Auth home-path redirects to /dashboard are routed to the current-year dashboard in the browser, and Forecast static headers must not preload wildcard asset paths. Worker bearer-token authentication now requires Topolo Auth /validate and does not accept an app-local JWT secret." }, "primary_hosts": [ "https://forecast.topolo.app", "https://forecast-api.stg.topolo.us", "https://forecast.stg.topolo.us" ], "doc_paths": [ "applications/forecast", "internal/apps/forecast" ], "security_assurance": { "risk_tier": "standard", "auth_boundary": "Topolo Auth /validate service access with Forecast-owned workspace authorization; first-party embedded password login persists through the shared Auth client before Forecast performs app-owned navigation; same-tab access-token restore is enabled by default for browser refresh continuity, and the Forecast worker does not accept app-local JWT validation.", "tenant_isolation": "organization_scoped", "external_inputs": [ "browser", "api", "callback" ], "sensitive_data": [ "identity", "org_data", "customer_content", "telemetry" ], "last_security_review": "2026-04-30", "security_review_status": "reviewed", "pentest_status": "passed", "evidence_doc": "internal/apps/forecast" }, "data_privacy": { "classification": "restricted", "sensitive_data_classes": [ "customer_content", "identity", "organization", "telemetry" ], "storage_locations": [ "d1", "external_provider", "kv" ], "encryption_at_rest": "application_layer_required", "encryption_in_transit": "https_only", "key_management": "versioned_platform_key_required", "retention_policy": "partial", "deletion_export_status": "planned", "logging_redaction_status": "needs_review", "privacy_review_status": "reviewed", "enterprise_ready": false, "evidence_doc": "internal/apps/forecast" }, "dependencies": [ "topolo-auth", "topolo-one", "applications-packages" ], "bugfix_policy": { "tier": "autonomous", "preferred_agent": "either", "require_validator": false }, "public_hub_url": "/systems/topolo-forecast", "internal_hub_url": null, "application_api_url": "/reference/apps/topolo-forecast", "generated_openapi_url": null, "machine_urls": { "system": "/machine/systems/topolo-forecast.json", "application": "/machine/applications/topolo-forecast.json" } }, "docs": { "public": [ { "id": "applications/forecast", "title": "Topolo Forecast", "summary": "Public overview of the forecasting product for cash-flow, P&L, KPI, and multi-scenario planning workflows.", "audience": "public", "tags": [ "forecasting", "finance", "planning" ], "url": "/applications/forecast", "last_verified": "2026-05-13" } ], "internal": [], "runbooks": [] }, "authority": { "owners": [ "finance-platform" ], "repo_paths": [], "service_ids": [ "srv_T0sKE7LIelMU" ], "dependencies": [ "topolo-auth", "topolo-one", "applications-packages" ], "aliases": [] }, "interfaces": { "contract_type": "curated", "contract_source": "PlatformApplications/TopoloDocs/src/content/public/applications/forecast.mdx", "contract_source_exists": false, "openapi": null, "readme": null }, "auth": { "depends_on_topolo_auth": true, "api_key_scopes": [ { "id": "aks_forecast_api_keys_write", "name": "api_keys.write", "description": "Manage Forecast machine credentials", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_forecast_dashboard_read", "name": "dashboard.read", "description": "View financial dashboard", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_forecast_forecasts_read", "name": "forecasts.read", "description": "View cashflow forecasts", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_forecast_forecasts_write", "name": "forecasts.write", "description": "Create and edit forecasts", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_forecast_reports_read", "name": "reports.read", "description": "View financial reports", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_forecast_settings_read", "name": "settings.read", "description": "View account settings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_forecast_settings_write", "name": "settings.write", "description": "Manage account configuration", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_forecast_transactions_read", "name": "transactions.read", "description": "View financial transactions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_forecast_transactions_write", "name": "transactions.write", "description": "Record financial transactions", "resourcePattern": null, "kind": "api_key_scope" } ], "service_permissions": [ { "id": "perm_forecast_api_keys_write", "name": "api_keys:write", "description": "Manage Forecast machine credentials", "resourcePattern": null, "kind": "permission" }, { "id": "perm_forecast_dashboard_read", "name": "dashboard:read", "description": "View financial dashboard", "resourcePattern": null, "kind": "permission" }, { "id": "perm_forecast_forecasts_read", "name": "forecasts:read", "description": "View cashflow forecasts", "resourcePattern": null, "kind": "permission" }, { "id": "perm_forecast_forecasts_write", "name": "forecasts:write", "description": "Create and edit forecasts", "resourcePattern": null, "kind": "permission" }, { "id": "perm_forecast_reports_read", "name": "reports:read", "description": "View financial reports", "resourcePattern": null, "kind": "permission" }, { "id": "perm_forecast_settings_read", "name": "settings:read", "description": "View account settings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_forecast_settings_write", "name": "settings:write", "description": "Manage account configuration", "resourcePattern": null, "kind": "permission" }, { "id": "perm_forecast_transactions_read", "name": "transactions:read", "description": "View financial transactions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_forecast_transactions_write", "name": "transactions:write", "description": "Record financial transactions", "resourcePattern": null, "kind": "permission" } ] }, "runtime": { "primary_hosts": [ "https://forecast.topolo.app", "https://forecast-api.stg.topolo.us", "https://forecast.stg.topolo.us" ], "repo_entries": [], "wrangler_surfaces": [], "packages": [] }, "data": { "env_vars": [], "bindings": [], "queue_bindings": [], "storage_kinds": [], "workflow_signals": [] }, "deployment": { "commands": [], "routes": [], "environments": [], "assets_directories": [], "observability_enabled": false }, "debugging": { "failure_modes": [ "No wrangler.toml surface was discovered under the registered repo paths.", "The registered contract source is missing: PlatformApplications/TopoloDocs/src/content/public/applications/forecast.mdx", "Neither OpenAPI nor README-derived interface detail was found." ], "entrypoints": [ "PlatformApplications/TopoloDocs/src/content/public/applications/forecast.mdx" ] } }