Topolo Admin
Administrative interface for centralized auth, org management, org-scoped role and user-access management, app-centric service assignment, support-facing personal and service-local identity visibility, household-connection context, org billing preview, service controls, audit surfaces, and cross-app handoff into other internal operator tools.
Documentation Map
What It Is
Administrative interface for centralized auth, org management, org-scoped role and user-access management, app-centric service assignment, support-facing personal and service-local identity visibility, household-connection context, org billing preview, service controls, audit surfaces, and cross-app handoff into other internal operator tools.
Architecture
Owners: platform-admin
Source repos:
Dependencies: topolo-auth, applications-packages
Repo shape
No repo surface entries were detected from the registered repo paths.
Runtime Surfaces
Hosts:
https://admin.topolo.app https://admin.stg.topolo.us No wrangler surface was discovered under the registered repo paths.
API Reference
Coverage: curated
Source: PlatformApplications/TopoloDocs/src/content/public/applications/admin.mdx
Source exists in repo: no
Canonical admin coverage now lives in the docs application. Admin resolves its environment-specific Auth service id from the `topolo-admin` service slug for browser auth, transition surfaces, and the TopoloOne widget endpoint. Admin first-party embedded password login completes through Admin-owned router navigation after shared Auth token persistence rather than a shared hard document redirect. Admin keeps same-tab sessionStorage access-token restore enabled by default after login and refresh so normal reloads do not appear logged out before cookie refresh completes. Service detail views expose app-centric organization and user assignment or revocation while Auth remains the source of truth for organization-service and user-service access evaluation. User detail views now use Auth's seat-assignment entitlement model for launchable applications: org-included apps stay enabled for everyone, while seat-based apps can be assigned or unassigned by same-org admins only when seats are available. Organization service-assignment views consume Auth service surface metadata so launchable applications are separated from API, runtime, and internal technical services, and the Available Services add flow excludes developer-owned third-party apps marked as organization-internal. Admin now classifies non-org identities from Auth principal metadata plus membership summaries instead of `orgId = null`, treats households as connected personal-account collections rather than separate identity principals, and surfaces Auth-backed org billable-seat summary plus TopoloOne billing preview and billing portal actions in the add-user and organization-detail flows. Platform-admin organization creation with an owner email now relies on Auth owner activation that opens password setup before TopoloOne onboarding. Admin exposes `GET /api/widget` as a stats widget for TopoloOne live workspace, with platform-admin versus org-admin counts aligned to the Admin dashboard.
App API page: /reference/apps/topolo-admin
This system currently relies on a curated or README-derived contract surface instead of a source-controlled OpenAPI spec.
Auth and Permissions
Depends on Topolo Auth: yes
Service IDs:
srv_SySYzmlOH5H1 API key scopes
View operational analytics
Resource pattern: none
View billing and subscription info
Resource pattern: none
Manage billing and subscriptions
Resource pattern: none
View login and landing experiences
Resource pattern: none
Manage login and landing experiences
Resource pattern: none
View admin dashboard and analytics
Resource pattern: none
View developer tooling and submissions
Resource pattern: none
Manage developer tooling and submissions
Resource pattern: none
View organizations
Resource pattern: none
Create and update organizations
Resource pattern: none
View security settings and sessions
Resource pattern: none
Manage security settings and sessions
Resource pattern: none
View services
Resource pattern: none
Create and update services
Resource pattern: none
View admin settings
Resource pattern: none
Manage admin settings
Resource pattern: none
View support tickets and issues
Resource pattern: none
Manage support tickets
Resource pattern: none
View system status and health
Resource pattern: none
Manage system configuration
Resource pattern: none
Service permissions
analytics:read, billing:read, billing:write, branding:read, branding:write, dashboard:read, developers:read, developers:write, organizations:read, organizations:write, security:read, security:write, services:read, services:write, settings:read, settings:write, support:read, support:write, system:read, system:write
Data Ownership
No storage bindings were derived from wrangler configuration.
Queues / Cron / Workflows
Queue bindings:
No queue bindings were detected.
Cron triggers
No cron triggers were detected.
Workflow signals
No explicit queue/workflow script or cron signal was discovered.
Environment Variables and Bindings
Environment variables:
No environment variables were derived from wrangler configuration.
All wrangler bindings
No bindings were derived from wrangler configuration.
Deployments
Deployment environments: default only or not declared
Routes: workers.dev or Pages-only delivery
Observability enabled: no explicit setting found
Failure Modes
- No wrangler.toml surface was discovered under the registered repo paths.
- The registered contract source is missing: PlatformApplications/TopoloDocs/src/content/public/applications/admin.mdx
- Neither OpenAPI nor README-derived interface detail was found.
Debugging Runbooks
Start with these entrypoints:
- PlatformApplications/TopoloDocs/src/content/public/applications/admin.mdx
Change Log / Verification
Lifecycle: active
Last verified: 2026-05-14
Any code change to this system is expected to update the canonical docs in PlatformApplications/TopoloDocs and refresh the verification date.