Zuplo Changelog

November 2025 brings significant enhancements across the Zuplo platform, with a major focus on MCP (Model Context Protocol) improvements, Dev Portal authentication options, and developer experience upgrades. This month's highlights include new MCP tool annotations support, Firebase authentication for the Dev Portal, multipart form file upload support in the API Playground, and powerful new CLI features.

Whether you're building AI-powered APIs with MCP, creating beautiful developer portals, or managing your API gateway through the CLI, this release delivers features that make your workflow faster and more powerful.

Highlights#

MCP Server Enhancements#

Zuplo's MCP Server capabilities received significant upgrades this month, making it easier to build sophisticated AI-ready APIs.

Tool Annotations and Metadata Support#

The MCP Server handler now supports tool annotations and _meta fields, giving you fine-grained control over how AI systems discover and interact with your API tools.

Key capabilities:

• Tool annotations: Add hints like readOnlyHint, destructiveHint, idempotentHint, and openWorldHint to help AI agents understand tool behavior
• Custom metadata: Include arbitrary _meta fields for additional context
• Human-readable titles: Use the title annotation to provide friendly names for your tools

Configuration example:

{
  "paths": {
    "/weather": {
      "get": {
        "operationId": "getCurrentWeather",
        "x-zuplo-route": {
          "handler": {
            "export": "urlForwardHandler",
            "module": "$import(@zuplo/runtime)"
          },
          "mcp": {
            "type": "tool",
            "annotations": {
              "title": "Get Weather",
              "readOnlyHint": true,
              "openWorldHint": true
            },
            "_meta": {
              "category": "weather"
            }
          }
        }
      }
    }
  }
}

See the MCP Server Tools documentation for full configuration options.

New Operations Configuration#

The MCP Server handler introduces a new operations array configuration that provides explicit control over which API operations become MCP tools. This replaces the deprecated files, prompts, and resources configuration options.

{
  "options": {
    "name": "my-mcp-server",
    "version": "1.0.0",
    "operations": [
      {
        "file": "./config/routes.oas.json",
        "id": "getCurrentWeather"
      },
      {
        "file": "./config/routes.oas.json",
        "id": "createTodo"
      }
    ]
  }
}

See the MCP Server Handler documentation for migration guidance.

---

Dev Portal: Firebase Authentication#

The Dev Portal now supports Firebase Authentication, giving you another powerful option for managing user access to your API documentation and developer tools.

Key capabilities:

• Multiple sign-in providers: Support for Google, GitHub, Facebook, Twitter, Microsoft, Apple, Yahoo, email/password, and phone authentication
• Easy configuration: Simple setup with your Firebase project credentials
• Custom redirect URLs: Configure where users go after sign-in, sign-up, and sign-out

Configuration example:

// zudoku.config.ts
import type { ZudokuConfig } from "zudoku";

const config: ZudokuConfig = {
  authentication: {
    type: "firebase",
    apiKey: "<your-api-key>",
    authDomain: "your-domain.firebaseapp.com",
    projectId: "your-project-id",
    appId: "1:296819355813:web:91d29f11cac6f073595d4c",
    providers: ["google", "github", "password"],
    redirectToAfterSignIn: "/docs",
    redirectToAfterSignUp: "/getting-started",
  },
};

export default config;

See the Firebase Authentication documentation for setup instructions.

The Firebase authentication UI provides a seamless sign-in experience with multiple provider options. It can be customized to match the styles of your Dev Portal for a consistent look and feel.

---

Dev Portal: Supabase UI Authentication#

The Dev Portal now includes a native Supabase UI login experience, making it even easier to integrate Supabase authentication with your API documentation.

Key capabilities:

• Multiple OAuth providers: Support for Google, GitHub, Discord, and 20+ other providers supported by Supabase Auth
• Email/password authentication: Built-in support for traditional email and password sign-up and sign-in
• Automatic route handling: Authentication routes (/signin, /signup, /signout) are automatically created
• Custom redirects: Configure where users go after sign-in, sign-up, and sign-out

Configuration example:

// zudoku.config.ts
import type { ZudokuConfig } from "zudoku";

const config: ZudokuConfig = {
  authentication: {
    type: "supabase",
    providers: ["google", "github"],
    supabaseUrl: "https://your-project.supabase.co",
    supabaseKey: "<your-anon-public-key>",
    redirectToAfterSignIn: "/dashboard",
    redirectToAfterSignUp: "/welcome",
    // Optional: disable email/password, use only OAuth
    onlyThirdPartyProviders: false,
  },
};

export default config;

See the Supabase Authentication documentation for setup instructions.

---

Dev Portal: API Playground File Uploads#

The Dev Portal's API Playground now supports multipart form data and file uploads, making it possible to test file upload endpoints directly from your documentation.

Key capabilities:

• Multipart form support: Test endpoints that accept multipart/form-data
• File upload UI: Intuitive interface for selecting and uploading files
• Mixed content: Combine file uploads with other form fields

This enhancement makes it easy for developers to test complex API endpoints without leaving your documentation.

---

Custom Code Examples in Dev Portal#

You can now generate custom code examples for your API operations, giving your developers tailored guidance in their preferred programming languages.

Key capabilities:

• Custom templates: Define your own code example templates
• Multiple languages: Support for additional programming languages beyond the defaults
• Operation-specific examples: Customize examples per endpoint

See the API Reference documentation for configuration options.

---

CLI Updates#

Watch Mode for OpenAPI Commands#

The openapi overlay and openapi convert CLI commands now support a --watch flag that automatically re-applies changes when your input files change. This dramatically speeds up development workflows when working with OpenAPI specifications.

# Watch for changes and automatically re-apply overlay
npx zuplo openapi overlay \
  --input openapi.json \
  --overlay changes.json \
  --output result.json \
  --watch

See the OpenAPI Overlay documentation for all available options.

Zudoku Docs During Local Development#

Running zup dev now automatically serves your Zudoku-powered Dev Portal documentation alongside your API, providing a complete local development experience.

---

Dev Portal Updates#

Improved OpenAPI Schema Handling#

The Dev Portal now handles allOf schemas more intelligently, providing cleaner documentation for complex API schemas.

Lazy Syntax Highlighting#

For APIs with large numbers of operations, syntax highlighting is now applied lazily, improving initial page load times and overall performance.

Auth0 Prompt Configuration#

You can now configure the prompt parameter for Auth0 authentication, including the option to disable the "always prompt login" behavior.

// zudoku.config.ts
const config: ZudokuConfig = {
  authentication: {
    type: "auth0",
    domain: "your-domain.auth0.com",
    clientId: "your-client-id",
    prompt: "login", // or "none", "consent", "select_account"
  },
};

Remember Skip Login#

A new "Remember skip login" checkbox option helps streamline the authentication experience for returning users.

llms.txt Support#

The Dev Portal now supports generating llms.txt files and markdown output, making your API documentation more accessible to AI systems and LLMs.

Copy Page Button#

A new "Copy page" button makes it easy for users to copy entire documentation pages, improving the developer experience when sharing content.

---

Portal & CLI Updates#

Route Description Editor#

A new markdown editor for route descriptions makes it easier to add rich documentation directly in the route configuration.

Custom AI Providers#

The AI Gateway now supports custom AI providers, giving you flexibility to integrate with any AI service beyond the built-in providers.

Source Control Dialog Updates#

The source control integration dialogs received styling updates and usability improvements for a more consistent experience across GitHub, GitLab, Bitbucket, and Azure DevOps.

---

Bug Fixes#

• Dev Portal: Fixed an issue where the API Playground would set an undefined body for GET and HEAD requests
• Dev Portal: Fixed style issues with consecutive paragraphs in documentation
• Dev Portal: Fixed scroll overflow in the SyntaxHighlight component
• Dev Portal: Fixed infinite re-renders caused by invalidateCache not being memoized
• Dev Portal: Fixed server resolution hierarchy and "Other Endpoints" bug in OpenAPI docs
• Dev Portal: Fixed SSR data corruption with large JSON payloads
• Portal: Fixed MCP virtual server copy URL button functionality
• Portal: Fixed dialog select hover behavior
• Portal: Fixed import operation handling
• Portal: Fixed overflowing text in various UI components
• Runtime: Fixed deleting deployments when a branch is deleted
• Runtime: Fixed GitHub status labels for consistency
• Runtime: Fixed v2 routing for root pages

---

Documentation Updates#

This month we added or improved documentation for:

• Firebase Authentication Setup - Complete guide for Firebase Auth integration
• MCP Server Tools - Updated with annotations and metadata support
• OpenAPI Overlays Guide - Comprehensive guide for using OpenAPI overlays
• Supabase Authentication - Updated documentation

We've enhanced our GitHub integration to keep you better informed about your Zuplo deployments. When you connect GitHub to your project, we'll now automatically:

• Update deployment statuses for both your API and Developer Portal directly on your commits
• Post PR comments for important updates you shouldn't miss, such as the upcoming sunset of our legacy Developer Portal on November 15, 2025

This means you'll catch critical information, such as failed builds, right in your GitHub workflow, without having to check multiple places. No more missed deprecation notices or deployment status checks.

This release includes improvements to the Zuplo CLI, Developer Portal, and runtime improvements, along with various portal updates.

Features#

CLI Enhancements

• Added comprehensive examples to all CLI commands to improve developer experience
• Enhanced OpenAPI overlay command with validation improvements and bug fixes
• Removed Windows warning messages for better cross-platform support

Developer Portal Migration

• Added proxy mode support for legacy dev portal handler to ensure backward compatibility
• Added GitHub status warning alerting of use of the legacy developer portal

Portal Updates#

Role-Based Access Control (RBAC) Improvements

• Enhanced role selection interface with improved dropdown functionality
• Simplified team management by separating invites from active team members
• Added role badge visualization for better clarity

User Experience Enhancements

• Updated product page hero image for improved visual appeal
• Overhauled policy picker with enhanced visual design and selection controls
• Fixed project deletion modal for better accessibility

This release introduces improvements to the CLI with new OpenAPI utility commands, enhanced route editor, and better Windows support.

Features#

CLI Improvements#

• Enhanced OpenAPI utility commands with overlay support and validation improvements. See docs for convert, merge, and overlay
• Added comprehensive examples to all CLI commands for better developer experience
• Removed Windows compatibility warnings for improved cross-platform support
• Normalized CLI input paths for better cross-platform compatibility

Portal Updates#

• Streamlined invite flow with simplified dialog interface and better user filtering
• Unified source control provider experience across GitLab, Bitbucket, Azure, and GitHub
• Added incident status display in portal with status badges
• Introduced keyboard shortcut component for better navigation
• Simplified account member management with new deletion flow

This changelog covers enhancements to the Zuplo Portal user interface, development tools, and runtime improvements from Monday, 2025-10-13 to Sunday, 2025-10-19.

Features#

• New Route Editor: Enabled the enhanced route editor for all users, providing an improved interface for managing API routes
• Documentation File Management: Improved handling of documentation files by removing unnecessary filtering restrictions

Fixes#

• Template Improvements: Enhanced project templates for better developer experience
• User Session Tracking: Fixed missing userSub property on latestRequest objects
• File Path Handling: Corrected POSIX path handling for route metadata filepath on Windows systems

Portal Updates#

• Dark Mode Enhancements: Optimized dark mode display across the portal interface for better visual consistency
• Azure Integration: Fixed Azure authentication settings display in the portal settings page
• Local Editor Improvements: Enhanced local development experience with better conflict detection and resolution workflows

This week's release brings several enhancements focused on security, API documentation, and developer experience. Key highlights include automatic masking of Authorization headers for improved security, a new option to auto-expand API information sections, and fixes for build configuration and documentation links. Dependency updates ensure the platform stays current with the latest versions of core libraries.

Features#

• Enhanced Security: Authorization headers are now automatically masked by default to prevent accidental exposure of sensitive credentials in logs and documentation #1574
• Auto-expand API Information: Added new expandApiInformation configuration option that automatically expands API information sections in the documentation for improved discoverability #1572
• MCP Remote Package: Corrected the NPX package configuration for mcp-remote to ensure proper installation and usage #1599

Fixes#

• Documentation Links: Fixed broken quick-start URL references to ensure users can access getting started guides #1591
• Conditional UI Elements: Reload button now only displays when a version is available, preventing confusion in environments where versioning isn't applicable #1573
• Build Configuration: Resolved issue preventing remark/rehype plugins from being properly loaded from build configuration files #1593

Dependency Updates#

• Updated @pothos/core from 4.8.0 to 4.10.0 for improved GraphQL schema building capabilities #1585
• Updated @zuplo/mcp from 0.0.18 to 0.0.22 with latest Model Context Protocol improvements #1543
• Updated Shiki syntax highlighting dependencies across 6 packages for better code rendering support #1565