Topolo Developers

Documentation Map

• Application hub
• Application API surface
• Machine system JSON
• Machine application JSON
• applications/developers

What It Is

Standalone developer application with a public signup entrypoint, the Developers-owned Topolo app store read model, and the authenticated workspace-backed console where publishers manage apps, uploaded app icons, App Store taxonomy-backed section/category marketing metadata, launcher deep-link exposure, Android/iOS mobile artifacts, submissions, and build requests while internal operators review app submissions, set app visibility/status, manage developer commerce controls, configure app pricing, and track payout readiness from staff-only routes inside the same product.

API Reference

Coverage: curated

Source: PlatformApplications/TopoloDevelopers/src/App.tsx

Source exists in repo: no

Topolo Developers owns its own Pages Functions + D1 backend for authenticated workspace summary, onboarding, app drafts, uploaded app icons, Android/iOS mobile artifact records, public /api/apps catalog output, Developers-owned /api/store/catalog, /api/store/search, /api/store/apps/:idOrSlug app store reads, and /api/store/assets/app-icons/:appId/:filename icon assets for TopoloOne and public store surfaces, app submissions, build requests, transfer codes, internal review workflows, app commerce controls, payout-account state, payout ledger events, P2P capability source records plus the public /api/p2p/capabilities/:id read-through endpoint, scaffold-provisioning routes for authenticated developer self-service with or without generated files, first-party Topolo scaffold registration into the Topolo-owned developer workspace with Auth handoff at scaffold time for Auth `admin` org platform operators and Topolo developer-workspace admins only, and per-app launcher quick-link authoring through the signed marketing editor. That D1 schema is now migration-managed from checked-in SQL in the Developers repo rather than being created on request. The app still exposes shared public landing and first-party embedded password-login surfaces at / and /login plus a dedicated public signup handoff at /signup, creates the org-backed developer workspace in Auth during signup, treats that workspace as the publisher boundary for many developer apps, and consumes Auth only for identity, central API-key surfaces, app-switcher entitlements, approved-app registration into the shared service catalog under the `topolo-developers` service slug, install/launch authorization, and Auth-hosted end-user OAuth consent for registered third-party clients. Browser preboot, worker auth headers, widget output, public catalog enrichment, P2P sync headers, seed validation, and error attribution resolve concrete environment service ids from Auth service slugs at runtime instead of carrying concrete service ids in source or deployed browser assets. The legacy Developers browser consent route forwards to Auth and must not require developer workspace admission. Developer apps now also carry explicit ownerType, portfolio, audience, tenancy, surfaceModel, optional containerAppId, distribution metadata, launcher quick-link metadata, uploaded icon metadata, and marketplace lifecycle state so Topolo first-party platform/personal apps stay distinct from third-party business/personal apps, organization-internal apps stay private to the owning workspace, scaffolded first-party apps start as `developer_only`, operators can promote them through `early_access`, `production_ready`, and `active`, public catalog routes expose only `active` apps, and the Topolo-owned public store catalog is reconciled against Auth's first-party launcher-visible application set so TopoloOne /apps and the embedded app switcher expose the same suite rather than separate launch-week allowlists. App visibility and mutation resolve from workspace org membership plus per-app owner/editor/viewer membership metadata, owner-issued transfer codes with destination-workspace claim, built-in developer_app API-key resource bindings for approved apps, explicit review:read/review:write permissions for staff-only review routes, explicit commerce:read/commerce:write permissions or Topolo super-admin access for staff-only commerce routes, the production Topolo Technology developer profile and first-party platform plus mobile app rows used to exercise the publisher workflow as Topolo, the Topolo Mobile records for the 22 retained Flutter apps under Apps/<domain>/Topolo<App> with finalized app.topolo.mobile.* identifiers and Android APK artifacts published to the shared topolo-apks R2 bucket through apk.topolo.app, cleanup for 8 retired one-off mobile app records, the completed demo-suite developer profile used for platform auth audits, and the repo-level CI gate recorded in CloudControl.

App API page: /reference/apps/topolo-developers

This system currently relies on a curated or README-derived contract surface instead of a source-controlled OpenAPI spec.

Auth and Permissions

Depends on Topolo Auth: yes

Service IDs:

API key scopes

Service permissions

apps:read, apps:write, commerce:read, commerce:write, credentials:read, credentials:write, marketplace:read, marketplace:write, oauth_clients:write, requests:read, requests:write, review:read, review:write, settings:read, settings:write, submissions:read, submissions:write, workspace:read, workspace:write

Data Ownership

No storage bindings were derived from wrangler configuration.

Deployments

Deployment environments: default only or not declared

Routes: workers.dev or Pages-only delivery

Observability enabled: no explicit setting found

Failure Modes

• No wrangler.toml surface was discovered under the registered repo paths.
• The registered contract source is missing: PlatformApplications/TopoloDevelopers/src/App.tsx
• Neither OpenAPI nor README-derived interface detail was found.

Debugging Runbooks

Start with these entrypoints:

• PlatformApplications/TopoloDevelopers/src/App.tsx

Change Log / Verification

Lifecycle: active

Last verified: 2026-05-14

Any code change to this system is expected to update the canonical docs in PlatformApplications/TopoloDocs and refresh the verification date.