Zuplo Changelog

November 2025 brings significant enhancements across the Zuplo platform, with a major focus on MCP (Model Context Protocol) improvements, Dev Portal authentication options, and developer experience upgrades. This month's highlights include new MCP tool annotations support, Firebase authentication for the Dev Portal, multipart form file upload support in the API Playground, and powerful new CLI features.

Whether you're building AI-powered APIs with MCP, creating beautiful developer portals, or managing your API gateway through the CLI, this release delivers features that make your workflow faster and more powerful.

Highlights#

MCP Server Enhancements#

Zuplo's MCP Server capabilities received significant upgrades this month, making it easier to build sophisticated AI-ready APIs.

Tool Annotations and Metadata Support#

The MCP Server handler now supports tool annotations and _meta fields, giving you fine-grained control over how AI systems discover and interact with your API tools.

Key capabilities:

• Tool annotations: Add hints like readOnlyHint, destructiveHint, idempotentHint, and openWorldHint to help AI agents understand tool behavior
• Custom metadata: Include arbitrary _meta fields for additional context
• Human-readable titles: Use the title annotation to provide friendly names for your tools

Configuration example:

{
  "paths": {
    "/weather": {
      "get": {
        "operationId": "getCurrentWeather",
        "x-zuplo-route": {
          "handler": {
            "export": "urlForwardHandler",
            "module": "$import(@zuplo/runtime)"
          },
          "mcp": {
            "type": "tool",
            "annotations": {
              "title": "Get Weather",
              "readOnlyHint": true,
              "openWorldHint": true
            },
            "_meta": {
              "category": "weather"
            }
          }
        }
      }
    }
  }
}

See the MCP Server Tools documentation for full configuration options.

New Operations Configuration#

The MCP Server handler introduces a new operations array configuration that provides explicit control over which API operations become MCP tools. This replaces the deprecated files, prompts, and resources configuration options.

{
  "options": {
    "name": "my-mcp-server",
    "version": "1.0.0",
    "operations": [
      {
        "file": "./config/routes.oas.json",
        "id": "getCurrentWeather"
      },
      {
        "file": "./config/routes.oas.json",
        "id": "createTodo"
      }
    ]
  }
}

See the MCP Server Handler documentation for migration guidance.

---

Dev Portal: Firebase Authentication#

The Dev Portal now supports Firebase Authentication, giving you another powerful option for managing user access to your API documentation and developer tools.

Key capabilities:

• Multiple sign-in providers: Support for Google, GitHub, Facebook, Twitter, Microsoft, Apple, Yahoo, email/password, and phone authentication
• Easy configuration: Simple setup with your Firebase project credentials
• Custom redirect URLs: Configure where users go after sign-in, sign-up, and sign-out

Configuration example:

// zudoku.config.ts
import type { ZudokuConfig } from "zudoku";

const config: ZudokuConfig = {
  authentication: {
    type: "firebase",
    apiKey: "<your-api-key>",
    authDomain: "your-domain.firebaseapp.com",
    projectId: "your-project-id",
    appId: "1:296819355813:web:91d29f11cac6f073595d4c",
    providers: ["google", "github", "password"],
    redirectToAfterSignIn: "/docs",
    redirectToAfterSignUp: "/getting-started",
  },
};

export default config;

See the Firebase Authentication documentation for setup instructions.

The Firebase authentication UI provides a seamless sign-in experience with multiple provider options. It can be customized to match the styles of your Dev Portal for a consistent look and feel.

---

Dev Portal: Supabase UI Authentication#

The Dev Portal now includes a native Supabase UI login experience, making it even easier to integrate Supabase authentication with your API documentation.

Key capabilities:

• Multiple OAuth providers: Support for Google, GitHub, Discord, and 20+ other providers supported by Supabase Auth
• Email/password authentication: Built-in support for traditional email and password sign-up and sign-in
• Automatic route handling: Authentication routes (/signin, /signup, /signout) are automatically created
• Custom redirects: Configure where users go after sign-in, sign-up, and sign-out

Configuration example:

// zudoku.config.ts
import type { ZudokuConfig } from "zudoku";

const config: ZudokuConfig = {
  authentication: {
    type: "supabase",
    providers: ["google", "github"],
    supabaseUrl: "https://your-project.supabase.co",
    supabaseKey: "<your-anon-public-key>",
    redirectToAfterSignIn: "/dashboard",
    redirectToAfterSignUp: "/welcome",
    // Optional: disable email/password, use only OAuth
    onlyThirdPartyProviders: false,
  },
};

export default config;

See the Supabase Authentication documentation for setup instructions.

---

Dev Portal: API Playground File Uploads#

The Dev Portal's API Playground now supports multipart form data and file uploads, making it possible to test file upload endpoints directly from your documentation.

Key capabilities:

• Multipart form support: Test endpoints that accept multipart/form-data
• File upload UI: Intuitive interface for selecting and uploading files
• Mixed content: Combine file uploads with other form fields

This enhancement makes it easy for developers to test complex API endpoints without leaving your documentation.

---

Custom Code Examples in Dev Portal#

You can now generate custom code examples for your API operations, giving your developers tailored guidance in their preferred programming languages.

Key capabilities:

• Custom templates: Define your own code example templates
• Multiple languages: Support for additional programming languages beyond the defaults
• Operation-specific examples: Customize examples per endpoint

See the API Reference documentation for configuration options.

---

CLI Updates#

Watch Mode for OpenAPI Commands#

The openapi overlay and openapi convert CLI commands now support a --watch flag that automatically re-applies changes when your input files change. This dramatically speeds up development workflows when working with OpenAPI specifications.

# Watch for changes and automatically re-apply overlay
npx zuplo openapi overlay \
  --input openapi.json \
  --overlay changes.json \
  --output result.json \
  --watch

See the OpenAPI Overlay documentation for all available options.

Zudoku Docs During Local Development#

Running zup dev now automatically serves your Zudoku-powered Dev Portal documentation alongside your API, providing a complete local development experience.

---

Dev Portal Updates#

Improved OpenAPI Schema Handling#

The Dev Portal now handles allOf schemas more intelligently, providing cleaner documentation for complex API schemas.

Lazy Syntax Highlighting#

For APIs with large numbers of operations, syntax highlighting is now applied lazily, improving initial page load times and overall performance.

Auth0 Prompt Configuration#

You can now configure the prompt parameter for Auth0 authentication, including the option to disable the "always prompt login" behavior.

// zudoku.config.ts
const config: ZudokuConfig = {
  authentication: {
    type: "auth0",
    domain: "your-domain.auth0.com",
    clientId: "your-client-id",
    prompt: "login", // or "none", "consent", "select_account"
  },
};

Remember Skip Login#

A new "Remember skip login" checkbox option helps streamline the authentication experience for returning users.

llms.txt Support#

The Dev Portal now supports generating llms.txt files and markdown output, making your API documentation more accessible to AI systems and LLMs.

Copy Page Button#

A new "Copy page" button makes it easy for users to copy entire documentation pages, improving the developer experience when sharing content.

---

Portal & CLI Updates#

Route Description Editor#

A new markdown editor for route descriptions makes it easier to add rich documentation directly in the route configuration.

Custom AI Providers#

The AI Gateway now supports custom AI providers, giving you flexibility to integrate with any AI service beyond the built-in providers.

Source Control Dialog Updates#

The source control integration dialogs received styling updates and usability improvements for a more consistent experience across GitHub, GitLab, Bitbucket, and Azure DevOps.

---

Bug Fixes#

• Dev Portal: Fixed an issue where the API Playground would set an undefined body for GET and HEAD requests
• Dev Portal: Fixed style issues with consecutive paragraphs in documentation
• Dev Portal: Fixed scroll overflow in the SyntaxHighlight component
• Dev Portal: Fixed infinite re-renders caused by invalidateCache not being memoized
• Dev Portal: Fixed server resolution hierarchy and "Other Endpoints" bug in OpenAPI docs
• Dev Portal: Fixed SSR data corruption with large JSON payloads
• Portal: Fixed MCP virtual server copy URL button functionality
• Portal: Fixed dialog select hover behavior
• Portal: Fixed import operation handling
• Portal: Fixed overflowing text in various UI components
• Runtime: Fixed deleting deployments when a branch is deleted
• Runtime: Fixed GitHub status labels for consistency
• Runtime: Fixed v2 routing for root pages

---

Documentation Updates#

This month we added or improved documentation for:

• Firebase Authentication Setup - Complete guide for Firebase Auth integration
• MCP Server Tools - Updated with annotations and metadata support
• OpenAPI Overlays Guide - Comprehensive guide for using OpenAPI overlays
• Supabase Authentication - Updated documentation

This release includes improvements to the Zuplo CLI, Developer Portal, and runtime improvements, along with various portal updates.

Features#

CLI Enhancements

• Added comprehensive examples to all CLI commands to improve developer experience
• Enhanced OpenAPI overlay command with validation improvements and bug fixes
• Removed Windows warning messages for better cross-platform support

Developer Portal Migration

• Added proxy mode support for legacy dev portal handler to ensure backward compatibility
• Added GitHub status warning alerting of use of the legacy developer portal

Portal Updates#

Role-Based Access Control (RBAC) Improvements

• Enhanced role selection interface with improved dropdown functionality
• Simplified team management by separating invites from active team members
• Added role badge visualization for better clarity

User Experience Enhancements

• Updated product page hero image for improved visual appeal
• Overhauled policy picker with enhanced visual design and selection controls
• Fixed project deletion modal for better accessibility

This release introduces improvements to the CLI with new OpenAPI utility commands, enhanced route editor, and better Windows support.

Features#

CLI Improvements#

• Enhanced OpenAPI utility commands with overlay support and validation improvements. See docs for convert, merge, and overlay
• Added comprehensive examples to all CLI commands for better developer experience
• Removed Windows compatibility warnings for improved cross-platform support
• Normalized CLI input paths for better cross-platform compatibility

Portal Updates#

• Streamlined invite flow with simplified dialog interface and better user filtering
• Unified source control provider experience across GitLab, Bitbucket, Azure, and GitHub
• Added incident status display in portal with status badges
• Introduced keyboard shortcut component for better navigation
• Simplified account member management with new deletion flow

This changelog covers enhancements to the Zuplo Portal user interface, development tools, and runtime improvements from Monday, 2025-10-13 to Sunday, 2025-10-19.

Features#

• New Route Editor: Enabled the enhanced route editor for all users, providing an improved interface for managing API routes
• Documentation File Management: Improved handling of documentation files by removing unnecessary filtering restrictions

Fixes#

• Template Improvements: Enhanced project templates for better developer experience
• User Session Tracking: Fixed missing userSub property on latestRequest objects
• File Path Handling: Corrected POSIX path handling for route metadata filepath on Windows systems

Portal Updates#

• Dark Mode Enhancements: Optimized dark mode display across the portal interface for better visual consistency
• Azure Integration: Fixed Azure authentication settings display in the portal settings page
• Local Editor Improvements: Enhanced local development experience with better conflict detection and resolution workflows

This changelog covers changes from Monday, 2025-09-29 to Sunday, 2025-10-05, focusing on new policy features, runtime improvements, and portal enhancements.

Features#

• GraphQL Introspection Filter Policy: Added new MCP GraphQL tools with introspection filtering capabilities to help manage GraphQL schema exposure and improve security
• Logs in AI Gateway: Enhanced AI Gateway with comprehensive logging functionality, providing better visibility into gateway operations and events

Fixes#

• MCP Server Handler: Fixed issue with routes containing escaped colons that were not being handled correctly
• URL Forward Handler: Enhanced support for buffering request body during redirect transmission, improving reliability of URL forwarding
• Log Parsing: Fixed issue where log chunks were not being correctly parsed, improving log reliability and accuracy

Portal Updates#

• Copy Path Enhancement: Improved path copying functionality with visual feedback through flash animations
• Invite UI Improvements: Updated color scheme for invitation-related interface elements to improve visual clarity
• Secret Management UI: Enhanced the secret management interface for better user experience and security
• MCP Server Bug Fix: Resolved server-side issues affecting MCP functionality
• Button UI Cleanup: Removed count display from buttons to reduce user confusion

Audit Logs are now available for Zuplo Enterprise customers. This feature provides a record of activities within your Zuplo account, including project modifications, configuration changes, team management, API key operations, and deployment activities. Each log entry includes information about the actor, affected resources, timestamp, and geographic context.

Availability#

Available now as an add-on for Enterprise customers. Current enterprise customers can trial the feature for development and testing. Contact your account manager or sales@zuplo.com to enable it.

Audit Log Features#

• 90-day retention by default (extended retention available on request)
• Immutable audit trails suitable for compliance requirements
• Real-time activity logging
• Detailed context including IP address, user agent, and location data

How to access Audit Logs#

Once enabled, Audit Logs can be found in the Zuplo Portal (Account Settings → Audit Logs). You will see the most recent activities as well as options to filter the events by date range, action type, actor or success/failure status.

Programmatic Access to Audit Logs#

Audit Log data is also available via the API using the /accounts/{accountName}/audit-logs endpoint. Query parameters are available for filtering and pagination (maximum 100 results per request, 30-day query range limit).

Note: During beta, not all events may be captured.

See the Audit Logs documentation for more information.