{ "generated_at": "2026-06-12T22:05:57.140Z", "system": { "id": "topolo-support", "name": "Topolo Support", "slug": "topolo-support", "kind": "application", "summary": "Tenant-scoped support platform for Topolo internal operations and customer-organization ticket workflows, with support-owned workflow persistence kept outside Topolo Auth.", "aliases": [], "lifecycle": "active", "last_verified": "2026-05-14", "owners": [ "support-operations", "platform-experience" ], "repo_paths": [], "external_repo_paths": [ "Apps/business/TopoloSupport" ], "service_ids": [ "srv_tpwtbwFoSvYI" ], "visibility": "public", "api_contract": { "type": "curated", "source": "PlatformApplications/TopoloSupport/functions/api/support/[[path]].ts", "notes": "Topolo Support is a standalone Worker application with a support-owned /api/support/* route family for workspace context, ticket, message, notification-dispatch, and signed inbound webhook workflow. The browser app now consumes the canonical shared `PlatformApplications/packages/topolo-ui-kit` and `PlatformApplications/packages/topolo-auth-client` surfaces for its public landing/login pages, authenticated shell, launcher, local command palette, loading/auth transitions, and browser auth contract. Its signed desk should follow the same fixed responsive `TopoloShell` sidebar/header composition used by the other first-party apps rather than keeping a Support-local static layout inside the shell container. It uses the same-origin /api/auth/* gateway only for Auth-owned reads such as session, user, organization, and launcher-catalog context, with that gateway preserving the upstream Auth /api/* path instead of stripping it; browser login URL construction and callback completion delegate to the shared Topolo auth client, including one-time sso_code redemption before the signed workspace route continues, and do not support direct bearer-token callbacks or /sso?token= bridge routes. Support resolves the concrete Auth service id for `topolo-support` at runtime through Auth `/api/services/by-slug/topolo-support`; source, seed scripts, and browser bundles must not carry environment-specific `svc_*` or `srv_*` ids. Support workflow state is persisted in the support-owned D1 schema instead of Auth, including explicit Support-owned workspaces and inboxes for tenant queue routing, checked-in schema ownership in `PlatformApplications/TopoloSupport/scripts/support-schema.sql`, a first-party ticket activity ledger plus notification outbox for reply and assignment workflow, first-party retry-state fields and scheduled backlog processing for unattended notification recovery, a first-party `support_webhook_events` audit and idempotency table for inbound provider callbacks, the same Worker serving the built frontend asset bundle, workspace-scoped macros, and signed API tenant-safe queue access so Topolo operators can switch across workspaces while org operators and requester-grade users stay confined to their own support scope. Outbound email delivery is delegated to Topolo Nexus rather than being sent directly from the Support worker, using a dedicated Support trusted service token when no caller bearer token is available." }, "primary_hosts": [ "https://support.topolo.app", "https://support.stg.topolo.us" ], "doc_paths": [ "applications/support", "internal/apps/topolo-support" ], "security_assurance": { "risk_tier": "high", "auth_boundary": "Topolo Auth identity and Support-owned queue, requester, and workflow authorization.", "tenant_isolation": "mixed", "external_inputs": [ "browser", "api", "callback", "webhook" ], "sensitive_data": [ "identity", "org_data", "customer_content", "telemetry" ], "last_security_review": "2026-04-30", "security_review_status": "reviewed", "pentest_status": "passed", "evidence_doc": "internal/apps/topolo-support" }, "data_privacy": { "classification": "restricted", "sensitive_data_classes": [ "communications", "customer_content", "identity", "organization", "telemetry" ], "storage_locations": [ "d1", "external_provider" ], "encryption_at_rest": "application_layer_required", "encryption_in_transit": "https_only", "key_management": "versioned_platform_key_required", "retention_policy": "partial", "deletion_export_status": "planned", "logging_redaction_status": "needs_review", "privacy_review_status": "reviewed", "enterprise_ready": false, "evidence_doc": "internal/apps/topolo-support" }, "dependencies": [ "topolo-auth", "topolo-nexus", "applications-packages" ], "bugfix_policy": { "tier": "autonomous", "preferred_agent": "either", "require_validator": false }, "public_hub_url": "/systems/topolo-support", "internal_hub_url": null, "application_api_url": "/reference/apps/topolo-support", "generated_openapi_url": null, "machine_urls": { "system": "/machine/systems/topolo-support.json", "application": "/machine/applications/topolo-support.json" } }, "docs": { "public": [ { "id": "applications/support", "title": "Topolo Support", "summary": "Public overview of the Topolo support platform for internal operations and customer-organization ticket workflows.", "audience": "public", "tags": [ "support", "tickets", "auth" ], "url": "/applications/support", "last_verified": "2026-05-13" } ], "internal": [], "runbooks": [] }, "authority": { "owners": [ "support-operations", "platform-experience" ], "repo_paths": [], "service_ids": [ "srv_tpwtbwFoSvYI" ], "dependencies": [ "topolo-auth", "topolo-nexus", "applications-packages" ], "aliases": [] }, "interfaces": { "contract_type": "curated", "contract_source": "PlatformApplications/TopoloSupport/functions/api/support/[[path]].ts", "contract_source_exists": false, "openapi": null, "readme": null }, "auth": { "depends_on_topolo_auth": true, "api_key_scopes": [ { "id": "aks_topolo_support_context_read", "name": "context.read", "description": "Look up Auth-owned user and organization context from the support workspace", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_topolo_support_macros_read", "name": "macros.read", "description": "View support macros", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_topolo_support_macros_write", "name": "macros.write", "description": "Create and manage support macros", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_support_replies_invoke", "name": "replies.invoke", "description": "Send replies on support tickets", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_topolo_support_tickets_read", "name": "tickets.read", "description": "View support tickets, queues, and ticket conversations", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_topolo_support_tickets_write", "name": "tickets.write", "description": "Create and update support tickets, assignments, and messages", "resourcePattern": null, "kind": "api_key_scope" } ], "service_permissions": [ { "id": "perm_topolo_support_context_read", "name": "context:read", "description": "Look up Auth-owned user and organization context from the support workspace", "resourcePattern": null, "kind": "permission" }, { "id": "perm_topolo_support_macros_read", "name": "macros:read", "description": "View support macros", "resourcePattern": null, "kind": "permission" }, { "id": "perm_topolo_support_macros_write", "name": "macros:write", "description": "Create and manage support macros", "resourcePattern": null, "kind": "permission" }, { "id": "perm_support_replies_invoke", "name": "replies:invoke", "description": "Send replies on support tickets", "resourcePattern": null, "kind": "permission" }, { "id": "perm_topolo_support_tickets_read", "name": "tickets:read", "description": "View support tickets, queues, and ticket conversations", "resourcePattern": null, "kind": "permission" }, { "id": "perm_topolo_support_tickets_write", "name": "tickets:write", "description": "Create and update support tickets, assignments, and messages", "resourcePattern": null, "kind": "permission" } ] }, "runtime": { "primary_hosts": [ "https://support.topolo.app", "https://support.stg.topolo.us" ], "repo_entries": [], "wrangler_surfaces": [], "packages": [] }, "data": { "env_vars": [], "bindings": [], "queue_bindings": [], "storage_kinds": [], "workflow_signals": [] }, "deployment": { "commands": [], "routes": [], "environments": [], "assets_directories": [], "observability_enabled": false }, "debugging": { "failure_modes": [ "No wrangler.toml surface was discovered under the registered repo paths.", "The registered contract source is missing: PlatformApplications/TopoloSupport/functions/api/support/[[path]].ts", "Neither OpenAPI nor README-derived interface detail was found." ], "entrypoints": [ "PlatformApplications/TopoloSupport/functions/api/support/[[path]].ts" ] } }