T Topolo Docs

Application API

Topolo Forecast

Clear API and contract surface for Topolo Forecast, grouped under the application instead of split across generic reference sections.

curated srv_T0sKE7LIelMU

Documentation Map

Authority

Service IDs:

srv_T0sKE7LIelMU

Repos:

Hosts:

https://forecast.topolo.app https://forecast-api.stg.topolo.us https://forecast.stg.topolo.us

Dependencies: topolo-auth, topolo-one, applications-packages

Depends on Topolo Auth: yes

Contract Source

Type: curated

Source: PlatformApplications/TopoloDocs/src/content/public/applications/forecast.mdx

Source exists: no

Canonical Forecast coverage now lives in the docs application. Forecast resolves the concrete Auth service id for `topolo-forecast` at runtime through Auth `/api/services/by-slug/topolo-forecast`; source and browser bundles must not carry environment-specific `svc_*` or `srv_*` ids. The browser callback delegates Auth SSO one-time sso_code redemption to the shared Topolo auth client and does not support direct bearer-token callback URLs or /sso?token= bridge routes. Embedded first-party password-login success is completed by Forecast with in-app navigation after shared Auth token persistence so the first authenticated workspace refresh is not aborted by a hard redirect. Forecast keeps same-tab sessionStorage access-token restore enabled by default after login and refresh so normal browser reloads do not appear logged out before cookie refresh completes. The authenticated Forecast web workspace renders through the shared `TopoloAppShell` so account, launcher, command, theme, sidebar-collapse, and account-menu BugFix chrome stay package-owned while finance workspace switching remains in additive account-menu actions. Public landing, login, callback, and shared-workspace routes do not mount standalone BugFix controls. Auth home-path redirects to /dashboard are routed to the current-year dashboard in the browser, and Forecast static headers must not preload wildcard asset paths. Worker bearer-token authentication now requires Topolo Auth /validate and does not accept an app-local JWT secret.

API key scopes in Auth catalog: 9

Auth Requirements

No global OpenAPI security scheme is declared.

  • api_keys.write
  • dashboard.read
  • forecasts.read
  • forecasts.write
  • reports.read
  • settings.read
  • settings.write
  • transactions.read
  • transactions.write

Runtime and Deployment

Wrangler surfaces: none detected

Environment variables: none derived

Routes: workers.dev or Pages-only delivery

Observability enabled: no explicit signal found

Runtime Surface

Wrangler surfaces: No wrangler file detected in scanned surface

This application does not yet have a source-controlled OpenAPI spec in the docs platform. The current API page is derived from the registered contract source and repository surface.

Failure modes

  • No wrangler.toml surface was discovered under the registered repo paths.
  • The registered contract source is missing: PlatformApplications/TopoloDocs/src/content/public/applications/forecast.mdx
  • Neither OpenAPI nor README-derived interface detail was found.