{ "generated_at": "2026-06-12T22:05:57.104Z", "system": { "id": "topolo-quro", "name": "Topolo Quro", "slug": "topolo-quro", "kind": "application", "summary": "QR creation, redirect, and scan-tracking application with modern and legacy UI surfaces.", "aliases": [], "lifecycle": "active", "last_verified": "2026-05-14", "owners": [ "growth-platform" ], "repo_paths": [], "external_repo_paths": [ "Apps/business/TopoloQuro" ], "service_ids": [ "srv_s0AgEtOfDvIa" ], "visibility": "public", "api_contract": { "type": "curated", "source": "PlatformApplications/TopoloDocs/src/content/public/applications/quro.mdx", "notes": "Canonical Quro coverage now lives in the docs application. Quro uses the stable topolo-quro slug and resolves the environment-specific Auth service ID at runtime instead of compiling opaque service IDs into the browser, API worker, or widget contract. The canonical browser callback delegates one-time sso_code redemption to the shared Topolo auth client and no longer exposes a /sso?token= bridge route. The canonical branded login surface completes embedded password sign-in through shared Auth persistence and app-owned navigation on quro.topolo.app. The browser keeps same-tab sessionStorage access-token restore enabled by default after login and refresh so normal reloads do not appear logged out before cookie refresh completes. The API worker now also exposes authenticated `GET /api/widget` for TopoloOne live workspace." }, "primary_hosts": [ "https://quro.topolo.app", "https://quro.stg.topolo.us" ], "doc_paths": [ "applications/quro", "internal/apps/quro" ], "security_assurance": { "risk_tier": "standard", "auth_boundary": "Topolo Auth service access with Quro-owned application authorization. The canonical Quro UI uses branded first-party embedded password login plus one-time sso_code callbacks, then performs app-owned navigation after shared Auth session persistence with default same-tab access-token restore. Protected Quro API bearer-token requests must validate through Auth and must not fall back to locally decoded JWT claims from a Worker secret.", "tenant_isolation": "organization_scoped", "external_inputs": [ "browser", "api", "callback" ], "sensitive_data": [ "identity", "org_data", "customer_content", "telemetry" ], "last_security_review": "2026-04-30", "security_review_status": "reviewed", "pentest_status": "passed", "evidence_doc": "internal/apps/quro" }, "data_privacy": { "classification": "restricted", "sensitive_data_classes": [ "customer_content", "identity", "organization", "telemetry" ], "storage_locations": [ "d1", "external_provider", "kv" ], "encryption_at_rest": "application_layer_required", "encryption_in_transit": "https_only", "key_management": "versioned_platform_key_required", "retention_policy": "partial", "deletion_export_status": "planned", "logging_redaction_status": "needs_review", "privacy_review_status": "reviewed", "enterprise_ready": false, "evidence_doc": "internal/apps/quro" }, "dependencies": [ "topolo-auth", "applications-packages" ], "bugfix_policy": { "tier": "autonomous", "preferred_agent": "either", "require_validator": false }, "public_hub_url": "/systems/topolo-quro", "internal_hub_url": null, "application_api_url": "/reference/apps/topolo-quro", "generated_openapi_url": null, "machine_urls": { "system": "/machine/systems/topolo-quro.json", "application": "/machine/applications/topolo-quro.json" } }, "docs": { "public": [ { "id": "applications/quro", "title": "Topolo Quro", "summary": "Public overview of the QR creation, redirect, analytics, and authenticated UI surface in the Topolo portfolio.", "audience": "public", "tags": [ "qr", "redirects", "analytics" ], "url": "/applications/quro", "last_verified": "2026-04-28" } ], "internal": [], "runbooks": [] }, "authority": { "owners": [ "growth-platform" ], "repo_paths": [], "service_ids": [ "srv_s0AgEtOfDvIa" ], "dependencies": [ "topolo-auth", "applications-packages" ], "aliases": [] }, "interfaces": { "contract_type": "curated", "contract_source": "PlatformApplications/TopoloDocs/src/content/public/applications/quro.mdx", "contract_source_exists": false, "openapi": null, "readme": null }, "auth": { "depends_on_topolo_auth": true, "api_key_scopes": [ { "id": "aks_quro_analytics_read", "name": "analytics.read", "description": "View QR analytics", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_analytics_write", "name": "analytics.write", "description": "Manage QR analytics exports", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_api_keys_write", "name": "api_keys.write", "description": "Manage Quro machine credentials", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_codes_read", "name": "codes.read", "description": "View generated codes", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_codes_write", "name": "codes.write", "description": "Manage generated codes", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_links_read", "name": "links.read", "description": "View shortlinks and their analytics", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_links_write", "name": "links.write", "description": "Create and update shortlinks", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_redirects_invoke", "name": "redirects.invoke", "description": "Invoke redirect resolution and click tracking", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_series_read", "name": "series.read", "description": "View QR series", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_series_write", "name": "series.write", "description": "Manage QR series", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_settings_read", "name": "settings.read", "description": "View Quro settings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_quro_settings_write", "name": "settings.write", "description": "Manage Quro settings", "resourcePattern": null, "kind": "api_key_scope" } ], "service_permissions": [ { "id": "perm_quro_analytics_read", "name": "analytics:read", "description": "View QR analytics", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_analytics_write", "name": "analytics:write", "description": "Manage QR analytics exports", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_api_keys_write", "name": "api_keys:write", "description": "Manage Quro machine credentials", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_codes_read", "name": "codes:read", "description": "View generated codes", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_codes_write", "name": "codes:write", "description": "Manage generated codes", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_links_read", "name": "links:read", "description": "View shortlinks and their analytics", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_links_write", "name": "links:write", "description": "Create and update shortlinks", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_redirects_invoke", "name": "redirects:invoke", "description": "Invoke redirect resolution and click tracking", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_series_read", "name": "series:read", "description": "View QR series", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_series_write", "name": "series:write", "description": "Manage QR series", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_settings_read", "name": "settings:read", "description": "View Quro settings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_quro_settings_write", "name": "settings:write", "description": "Manage Quro settings", "resourcePattern": null, "kind": "permission" } ] }, "runtime": { "primary_hosts": [ "https://quro.topolo.app", "https://quro.stg.topolo.us" ], "repo_entries": [], "wrangler_surfaces": [], "packages": [] }, "data": { "env_vars": [], "bindings": [], "queue_bindings": [], "storage_kinds": [], "workflow_signals": [] }, "deployment": { "commands": [], "routes": [], "environments": [], "assets_directories": [], "observability_enabled": false }, "debugging": { "failure_modes": [ "No wrangler.toml surface was discovered under the registered repo paths.", "The registered contract source is missing: PlatformApplications/TopoloDocs/src/content/public/applications/quro.mdx", "Neither OpenAPI nor README-derived interface detail was found." ], "entrypoints": [ "PlatformApplications/TopoloDocs/src/content/public/applications/quro.mdx" ] } }