{ "generated_at": "2026-06-12T22:05:57.118Z", "system": { "id": "topolo-admin", "name": "Topolo Admin", "slug": "topolo-admin", "kind": "application", "summary": "Administrative interface for centralized auth, org management, org-scoped role and user-access management, app-centric service assignment, support-facing personal and service-local identity visibility, household-connection context, org billing preview, service controls, audit surfaces, and cross-app handoff into other internal operator tools.", "aliases": [], "lifecycle": "active", "last_verified": "2026-06-03", "owners": [ "platform-admin" ], "repo_paths": [ "apps/TopoloAdmin" ], "external_repo_paths": [ "Apps/system/TopoloAdmin" ], "service_ids": [ "srv_SySYzmlOH5H1" ], "visibility": "public", "api_contract": { "type": "curated", "source": "PlatformApplications/TopoloDocs/src/content/public/applications/admin.mdx", "notes": "Canonical admin coverage now lives in the docs application. Admin resolves its environment-specific Auth service id from the `topolo-admin` service slug for browser auth, transition surfaces, and the TopoloOne widget endpoint. Admin first-party embedded password login completes through Admin-owned router navigation after shared Auth token persistence rather than a shared hard document redirect. Admin keeps same-tab sessionStorage access-token restore enabled by default after login and refresh so normal reloads do not appear logged out before cookie refresh completes. Service detail views expose app-centric organization and user assignment or revocation while Auth remains the source of truth for organization-service and user-service access evaluation. User detail views now use Auth's seat-assignment entitlement model for launchable applications: org-included apps stay enabled for everyone, while seat-based apps can be assigned or unassigned by same-org admins only when seats are available. Organization service-assignment views consume Auth service surface metadata so launchable applications are separated from API, runtime, and internal technical services, and the Available Services add flow excludes developer-owned third-party apps marked as organization-internal. Admin now classifies non-org identities from Auth principal metadata plus membership summaries instead of `orgId = null`, treats households as connected personal-account collections rather than separate identity principals, and surfaces Auth-backed org billable-seat summary plus TopoloOne billing preview and billing portal actions in the add-user and organization-detail flows. Platform-admin organization creation with an owner email now relies on Auth owner activation that opens password setup before TopoloOne onboarding. Admin exposes `GET /api/widget` as a stats widget for TopoloOne live workspace, with platform-admin versus org-admin counts aligned to the Admin dashboard." }, "primary_hosts": [ "https://admin.topolo.app", "https://admin.stg.topolo.us" ], "doc_paths": [ "applications/admin", "internal/apps/admin" ], "security_assurance": { "risk_tier": "critical", "auth_boundary": "Topolo Auth role, membership-summary, and service-permission context for platform-admin workflows, with first-party embedded password-login completion owned by the Admin app router and default same-tab access-token restore for browser refresh continuity.", "tenant_isolation": "platform_admin", "external_inputs": [ "browser", "api", "callback" ], "sensitive_data": [ "identity", "org_data", "telemetry" ], "last_security_review": "2026-04-30", "security_review_status": "reviewed", "pentest_status": "passed", "evidence_doc": "internal/apps/admin" }, "data_privacy": { "classification": "confidential", "sensitive_data_classes": [ "identity", "organization", "telemetry" ], "storage_locations": [ "d1", "external_provider" ], "encryption_at_rest": "platform_managed", "encryption_in_transit": "https_only", "key_management": "cloudflare_managed", "retention_policy": "needs_policy", "deletion_export_status": "planned", "logging_redaction_status": "partial", "privacy_review_status": "reviewed", "enterprise_ready": false, "evidence_doc": "internal/apps/admin" }, "dependencies": [ "topolo-auth", "applications-packages" ], "bugfix_policy": { "tier": "act", "preferred_agent": "either", "require_validator": true }, "public_hub_url": "/systems/topolo-admin", "internal_hub_url": null, "application_api_url": "/reference/apps/topolo-admin", "generated_openapi_url": null, "machine_urls": { "system": "/machine/systems/topolo-admin.json", "application": "/machine/applications/topolo-admin.json" } }, "docs": { "public": [ { "id": "applications/admin", "title": "Topolo Admin", "summary": "Public overview of the administrative interface used for org, user, service, and audit management across the Topolo platform.", "audience": "public", "tags": [ "admin", "auth", "organizations" ], "url": "/applications/admin", "last_verified": "2026-04-28" } ], "internal": [], "runbooks": [] }, "authority": { "owners": [ "platform-admin" ], "repo_paths": [ "apps/TopoloAdmin" ], "service_ids": [ "srv_SySYzmlOH5H1" ], "dependencies": [ "topolo-auth", "applications-packages" ], "aliases": [] }, "interfaces": { "contract_type": "curated", "contract_source": "PlatformApplications/TopoloDocs/src/content/public/applications/admin.mdx", "contract_source_exists": false, "openapi": null, "readme": null }, "auth": { "depends_on_topolo_auth": true, "api_key_scopes": [ { "id": "aks_admin_analytics_read", "name": "analytics.read", "description": "View operational analytics", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_billing_read", "name": "billing.read", "description": "View billing and subscription info", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_billing_write", "name": "billing.write", "description": "Manage billing and subscriptions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_branding_read", "name": "branding.read", "description": "View login and landing experiences", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_branding_write", "name": "branding.write", "description": "Manage login and landing experiences", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_dashboard_read", "name": "dashboard.read", "description": "View admin dashboard and analytics", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_developers_read", "name": "developers.read", "description": "View developer tooling and submissions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_developers_write", "name": "developers.write", "description": "Manage developer tooling and submissions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_orgs_read", "name": "organizations.read", "description": "View organizations", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_orgs_write", "name": "organizations.write", "description": "Create and update organizations", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_security_read", "name": "security.read", "description": "View security settings and sessions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_security_write", "name": "security.write", "description": "Manage security settings and sessions", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_services_read", "name": "services.read", "description": "View services", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_services_write", "name": "services.write", "description": "Create and update services", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_settings_read", "name": "settings.read", "description": "View admin settings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_settings_write", "name": "settings.write", "description": "Manage admin settings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_support_read", "name": "support.read", "description": "View support tickets and issues", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_support_write", "name": "support.write", "description": "Manage support tickets", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_system_read", "name": "system.read", "description": "View system status and health", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_system_write", "name": "system.write", "description": "Manage system configuration", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_users_read", "name": "users.read", "description": "View users", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_admin_users_write", "name": "users.write", "description": "Create and update users", "resourcePattern": null, "kind": "api_key_scope" } ], "service_permissions": [ { "id": "perm_admin_analytics_read", "name": "analytics:read", "description": "View operational analytics", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_billing_read", "name": "billing:read", "description": "View billing and subscription info", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_billing_write", "name": "billing:write", "description": "Manage billing and subscriptions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_branding_read", "name": "branding:read", "description": "View login and landing experiences", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_branding_write", "name": "branding:write", "description": "Manage login and landing experiences", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_dashboard_read", "name": "dashboard:read", "description": "View admin dashboard and analytics", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_developers_read", "name": "developers:read", "description": "View developer tooling and submissions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_developers_write", "name": "developers:write", "description": "Manage developer tooling and submissions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_orgs_read", "name": "organizations:read", "description": "View organizations", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_orgs_write", "name": "organizations:write", "description": "Create and update organizations", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_security_read", "name": "security:read", "description": "View security settings and sessions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_security_write", "name": "security:write", "description": "Manage security settings and sessions", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_services_read", "name": "services:read", "description": "View services", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_services_write", "name": "services:write", "description": "Create and update services", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_settings_read", "name": "settings:read", "description": "View admin settings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_settings_write", "name": "settings:write", "description": "Manage admin settings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_support_read", "name": "support:read", "description": "View support tickets and issues", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_support_write", "name": "support:write", "description": "Manage support tickets", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_system_read", "name": "system:read", "description": "View system status and health", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_system_write", "name": "system:write", "description": "Manage system configuration", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_users_read", "name": "users:read", "description": "View users", "resourcePattern": null, "kind": "permission" }, { "id": "perm_admin_users_write", "name": "users:write", "description": "Create and update users", "resourcePattern": null, "kind": "permission" } ] }, "runtime": { "primary_hosts": [ "https://admin.topolo.app", "https://admin.stg.topolo.us" ], "repo_entries": [], "wrangler_surfaces": [], "packages": [] }, "data": { "env_vars": [], "bindings": [], "queue_bindings": [], "storage_kinds": [], "workflow_signals": [] }, "deployment": { "commands": [], "routes": [], "environments": [], "assets_directories": [], "observability_enabled": false }, "debugging": { "failure_modes": [ "No wrangler.toml surface was discovered under the registered repo paths.", "The registered contract source is missing: PlatformApplications/TopoloDocs/src/content/public/applications/admin.mdx", "Neither OpenAPI nor README-derived interface detail was found." ], "entrypoints": [ "PlatformApplications/TopoloDocs/src/content/public/applications/admin.mdx" ] } }