Zuplo logo
How are you using MCP Servers?Take our 5-minute survey

Zuplo Changelog

We release improvements, new features, and fixes daily. Follow along here to see the most important updates.

ALL
DEV EXPERIENCE
DEV PORTAL
DOCS
CLI
MONETIZATION
POLICY
PORTAL
RUNTIME
SECURITY

What's New in Zuplo - November 2025

November 2025 brings significant enhancements across the Zuplo platform, with a major focus on MCP (Model Context Protocol) improvements, Dev Portal authentication options, and developer experience upgrades. This month's highlights include new MCP tool annotations support, Firebase authentication for the Dev Portal, multipart form file upload support in the API Playground, and powerful new CLI features.

Whether you're building AI-powered APIs with MCP, creating beautiful developer portals, or managing your API gateway through the CLI, this release delivers features that make your workflow faster and more powerful.

Highlights#

MCP Server Enhancements#

Zuplo's MCP Server capabilities received significant upgrades this month, making it easier to build sophisticated AI-ready APIs.

Tool Annotations and Metadata Support#

The MCP Server handler now supports tool annotations and _meta fields, giving you fine-grained control over how AI systems discover and interact with your API tools.

Key capabilities:

  • Tool annotations: Add hints like readOnlyHint, destructiveHint, idempotentHint, and openWorldHint to help AI agents understand tool behavior
  • Custom metadata: Include arbitrary _meta fields for additional context
  • Human-readable titles: Use the title annotation to provide friendly names for your tools

Configuration example:

{
  "paths": {
    "/weather": {
      "get": {
        "operationId": "getCurrentWeather",
        "x-zuplo-route": {
          "handler": {
            "export": "urlForwardHandler",
            "module": "$import(@zuplo/runtime)"
          },
          "mcp": {
            "type": "tool",
            "annotations": {
              "title": "Get Weather",
              "readOnlyHint": true,
              "openWorldHint": true
            },
            "_meta": {
              "category": "weather"
            }
          }
        }
      }
    }
  }
}

See the MCP Server Tools documentation for full configuration options.

New Operations Configuration#

The MCP Server handler introduces a new operations array configuration that provides explicit control over which API operations become MCP tools. This replaces the deprecated files, prompts, and resources configuration options.

{
  "options": {
    "name": "my-mcp-server",
    "version": "1.0.0",
    "operations": [
      {
        "file": "./config/routes.oas.json",
        "id": "getCurrentWeather"
      },
      {
        "file": "./config/routes.oas.json",
        "id": "createTodo"
      }
    ]
  }
}

See the MCP Server Handler documentation for migration guidance.

Dev Portal: Firebase Authentication#

The Dev Portal now supports Firebase Authentication, giving you another powerful option for managing user access to your API documentation and developer tools.

Key capabilities:

  • Multiple sign-in providers: Support for Google, GitHub, Facebook, Twitter, Microsoft, Apple, Yahoo, email/password, and phone authentication
  • Easy configuration: Simple setup with your Firebase project credentials
  • Custom redirect URLs: Configure where users go after sign-in, sign-up, and sign-out

Configuration example:

// zudoku.config.ts
import type { ZudokuConfig } from "zudoku";

const config: ZudokuConfig = {
  authentication: {
    type: "firebase",
    apiKey: "<your-api-key>",
    authDomain: "your-domain.firebaseapp.com",
    projectId: "your-project-id",
    appId: "1:296819355813:web:91d29f11cac6f073595d4c",
    providers: ["google", "github", "password"],
    redirectToAfterSignIn: "/docs",
    redirectToAfterSignUp: "/getting-started",
  },
};

export default config;

See the Firebase Authentication documentation for setup instructions.

The Firebase authentication UI provides a seamless sign-in experience with multiple provider options. It can be customized to match the styles of your Dev Portal for a consistent look and feel.

Dev Portal: Supabase UI Authentication#

The Dev Portal now includes a native Supabase UI login experience, making it even easier to integrate Supabase authentication with your API documentation.

Key capabilities:

  • Multiple OAuth providers: Support for Google, GitHub, Discord, and 20+ other providers supported by Supabase Auth
  • Email/password authentication: Built-in support for traditional email and password sign-up and sign-in
  • Automatic route handling: Authentication routes (/signin, /signup, /signout) are automatically created
  • Custom redirects: Configure where users go after sign-in, sign-up, and sign-out

Configuration example:

// zudoku.config.ts
import type { ZudokuConfig } from "zudoku";

const config: ZudokuConfig = {
  authentication: {
    type: "supabase",
    providers: ["google", "github"],
    supabaseUrl: "https://your-project.supabase.co",
    supabaseKey: "<your-anon-public-key>",
    redirectToAfterSignIn: "/dashboard",
    redirectToAfterSignUp: "/welcome",
    // Optional: disable email/password, use only OAuth
    onlyThirdPartyProviders: false,
  },
};

export default config;

See the Supabase Authentication documentation for setup instructions.

Dev Portal: API Playground File Uploads#

The Dev Portal's API Playground now supports multipart form data and file uploads, making it possible to test file upload endpoints directly from your documentation.

Key capabilities:

  • Multipart form support: Test endpoints that accept multipart/form-data
  • File upload UI: Intuitive interface for selecting and uploading files
  • Mixed content: Combine file uploads with other form fields

This enhancement makes it easy for developers to test complex API endpoints without leaving your documentation.

File upload in API Playground

Custom Code Examples in Dev Portal#

You can now generate custom code examples for your API operations, giving your developers tailored guidance in their preferred programming languages.

Key capabilities:

  • Custom templates: Define your own code example templates
  • Multiple languages: Support for additional programming languages beyond the defaults
  • Operation-specific examples: Customize examples per endpoint

See the API Reference documentation for configuration options.

CLI Updates#

Watch Mode for OpenAPI Commands#

The openapi overlay and openapi convert CLI commands now support a --watch flag that automatically re-applies changes when your input files change. This dramatically speeds up development workflows when working with OpenAPI specifications.

# Watch for changes and automatically re-apply overlay
npx zuplo openapi overlay \
  --input openapi.json \
  --overlay changes.json \
  --output result.json \
  --watch

See the OpenAPI Overlay documentation for all available options.

Zudoku Docs During Local Development#

Running zup dev now automatically serves your Zudoku-powered Dev Portal documentation alongside your API, providing a complete local development experience.

Dev Portal Updates#

Improved OpenAPI Schema Handling#

The Dev Portal now handles allOf schemas more intelligently, providing cleaner documentation for complex API schemas.

Lazy Syntax Highlighting#

For APIs with large numbers of operations, syntax highlighting is now applied lazily, improving initial page load times and overall performance.

Auth0 Prompt Configuration#

You can now configure the prompt parameter for Auth0 authentication, including the option to disable the "always prompt login" behavior.

// zudoku.config.ts
const config: ZudokuConfig = {
  authentication: {
    type: "auth0",
    domain: "your-domain.auth0.com",
    clientId: "your-client-id",
    prompt: "login", // or "none", "consent", "select_account"
  },
};

Remember Skip Login#

A new "Remember skip login" checkbox option helps streamline the authentication experience for returning users.

llms.txt Support#

The Dev Portal now supports generating llms.txt files and markdown output, making your API documentation more accessible to AI systems and LLMs.

Copy Page Button#

A new "Copy page" button makes it easy for users to copy entire documentation pages, improving the developer experience when sharing content.

Copy Button

Portal & CLI Updates#

Route Description Editor#

A new markdown editor for route descriptions makes it easier to add rich documentation directly in the route configuration.

Route description editor

Custom AI Providers#

The AI Gateway now supports custom AI providers, giving you flexibility to integrate with any AI service beyond the built-in providers.

Source Control Dialog Updates#

The source control integration dialogs received styling updates and usability improvements for a more consistent experience across GitHub, GitLab, Bitbucket, and Azure DevOps.

Bug Fixes#

  • Dev Portal: Fixed an issue where the API Playground would set an undefined body for GET and HEAD requests
  • Dev Portal: Fixed style issues with consecutive paragraphs in documentation
  • Dev Portal: Fixed scroll overflow in the SyntaxHighlight component
  • Dev Portal: Fixed infinite re-renders caused by invalidateCache not being memoized
  • Dev Portal: Fixed server resolution hierarchy and "Other Endpoints" bug in OpenAPI docs
  • Dev Portal: Fixed SSR data corruption with large JSON payloads
  • Portal: Fixed MCP virtual server copy URL button functionality
  • Portal: Fixed dialog select hover behavior
  • Portal: Fixed import operation handling
  • Portal: Fixed overflowing text in various UI components
  • Runtime: Fixed deleting deployments when a branch is deleted
  • Runtime: Fixed GitHub status labels for consistency
  • Runtime: Fixed v2 routing for root pages

Documentation Updates#

This month we added or improved documentation for:

Zuplo Changelog - 2025-11-04

This release includes improvements to the Zuplo CLI, Developer Portal, and runtime improvements, along with various portal updates.

Features#

CLI Enhancements

  • Added comprehensive examples to all CLI commands to improve developer experience
  • Enhanced OpenAPI overlay command with validation improvements and bug fixes
  • Removed Windows warning messages for better cross-platform support

Developer Portal Migration

  • Added proxy mode support for legacy dev portal handler to ensure backward compatibility
  • Added GitHub status warning alerting of use of the legacy developer portal

Portal Updates#

Role-Based Access Control (RBAC) Improvements

  • Enhanced role selection interface with improved dropdown functionality
  • Simplified team management by separating invites from active team members
  • Added role badge visualization for better clarity

User Experience Enhancements

  • Updated product page hero image for improved visual appeal
  • Overhauled policy picker with enhanced visual design and selection controls
  • Fixed project deletion modal for better accessibility

Dev Portal Changelog - 2025-10-21

This week's release brings several enhancements focused on security, API documentation, and developer experience. Key highlights include automatic masking of Authorization headers for improved security, a new option to auto-expand API information sections, and fixes for build configuration and documentation links. Dependency updates ensure the platform stays current with the latest versions of core libraries.

Features#

  • Enhanced Security: Authorization headers are now automatically masked by default to prevent accidental exposure of sensitive credentials in logs and documentation #1574
  • Auto-expand API Information: Added new expandApiInformation configuration option that automatically expands API information sections in the documentation for improved discoverability #1572
  • MCP Remote Package: Corrected the NPX package configuration for mcp-remote to ensure proper installation and usage #1599

Fixes#

  • Documentation Links: Fixed broken quick-start URL references to ensure users can access getting started guides #1591
  • Conditional UI Elements: Reload button now only displays when a version is available, preventing confusion in environments where versioning isn't applicable #1573
  • Build Configuration: Resolved issue preventing remark/rehype plugins from being properly loaded from build configuration files #1593

Dependency Updates#

  • Updated @pothos/core from 4.8.0 to 4.10.0 for improved GraphQL schema building capabilities #1585
  • Updated @zuplo/mcp from 0.0.18 to 0.0.22 with latest Model Context Protocol improvements #1543
  • Updated Shiki syntax highlighting dependencies across 6 packages for better code rendering support #1565

Zuplo Changelog - 2025-10-14

This release includes improvements to request validation, trusted modules support, policy documentation fixes, and significant enhancements to the Zuplo Portal UI including self-serve SSO setup and improved project creation workflows.

Features#

  • Trusted Modules Support: Enabled trusted modules in npm publish to enhance package security and reliability

Fixes#

  • Request Validation: Fixed issue with request validation when no body is present in the request
  • Policy Documentation: Corrected lint error in Galileo policy documentation

Portal Updates#

  • Self-Serve SSO Setup: Added ability for users to configure SSO settings independently without requiring support assistance
  • Local Route Editor: Introduced new local file editor with conflict detection and improved styling for better development experience
  • Enhanced Project Creation: Streamlined project creation workflow with improved UI, removal of checkboxes for simpler user experience, and added support for MCP (Model Context Protocol) integration
  • Account Management Improvements:
    • Enhanced error display on account management pages with better user feedback
    • Redesigned account page interface for improved usability
    • Removed deprecated error message components for better consistency
  • Galileo Tracing Policy UI: Added minimal user interface for configuring Galileo tracing policy settings
  • Team and App Management: Simplified team overview interface with better icons, improved details display, and enhanced app overview functionality
  • Service Worker Updates: Removed service worker unregistration and improved timestamp parsing functionality

Dev Portal Changelog - 2025-09-23

This changelog covers releases from Monday, 2025-09-15 to Sunday, 2025-09-21, featuring enhancements to customization options and bug fixes for the API playground functionality.

Features#

  • Link Target Customization: Added new option to customize link target behavior, providing greater flexibility in how external and internal links are handled within documentation #1557

Fixes#

  • API Playground Parameter Consistency: Fixed an issue where the API Playground component in MDX files was not properly using the same parameters as expected, ensuring consistent behavior across documentation pages #1549

Dev Portal Changelog - 2025-09-09

This changelog covers all releases from Monday, 2025-09-01 to Sunday, 2025-09-07, introducing performance optimizations for prerendering and important bug fixes for directive parsing. Key highlights include configurable prerender workers for better build performance and resolution of remark-directive parsing issues that were affecting content processing.

Features#

  • Configurable prerender workers - Added ability to configure the number of prerender workers during build process for improved performance and resource utilization #1521

Fixes#

  • Remark-directive parsing - Fixed critical parsing issues with remark-directive that were preventing proper content processing #1530

Documentation#

  • API Keys documentation - Corrected typo in API keys documentation for improved clarity #1528
123456