Zuplo Changelog

This changelog covers improvements to the runtime and portal from Monday, 2025-09-01 to Sunday, 2025-09-07.

Fixes#

• Runtime: Fixed MCP (Model Context Protocol) server handlers to return proper 405 Method Not Allowed responses instead of 404 Not Found when unsupported HTTP methods are used

Portal Updates#

• Added enhanced stack trace mapping and formatting in the log viewer for better debugging experience with loading states and improved readability

This changelog covers improvements to sourcemapping, configuration flexibility, MCP support, and Portal analytics from Monday, 2025-08-25 to Sunday, 2025-08-31.

Features#

• Sourcemapping Improvements: Enhanced sourcemap generation and file mapping capabilities for better debugging experience
• Configuration Flexibility: Updated zuplo.jsonc configuration shape to support additional customization options
• Certificate Validation Control: Added environment variable to disable certificate validation when needed for specific deployment scenarios
• MCP Prompts Support: Added support for Model Context Protocol (MCP) prompts functionality
• MCP Error Handling: Improved error display formatting for MCP operations

Fixes#

• CLI Template Fix: Corrected the create app readme to reference the correct template
• Request Validator: Improved handling of invalid parameter validators in the request-validator policy to prevent runtime errors

This changelog covers changes from Monday, 2025-08-18 to Sunday, 2025-08-24.

Summary#

This release includes improvements to the CLI login experience with device flow authentication and source map support for better debugging capabilities.

Features#

• Enhanced CLI Authentication: The CLI now uses device flow for login, providing a more secure and user-friendly authentication experience
• Source Maps Support: Enabled source maps on public builds to improve debugging and error tracking capabilities

This release introduces significant improvements to the Zuplo CLI, rate limiting capabilities, and developer portal experience. Key highlights include a new CLI command for migrating to the redesigned developer portal, enhanced rate limiting with adaptive timeouts, and support for wildcard subdomains in CORS policies.

New Features 🎉#

• New Developer Portal Migration Command - Added zuplo source migrate dev-portal CLI command to help users migrate to the new Zuplo Developer Portal built on the Zudoku framework. This simplifies the transition to the enhanced portal experience.

• Enhanced Rate Limiting with Adaptive Timeouts - The rate limiter policy now supports adaptive and configurable timeouts, providing more flexible control over API rate limiting behavior and improved performance under varying load conditions.

• CLI Project Creation - New CLI command for creating Zuplo projects directly from the command line, streamlining the project setup workflow. See the CLI documentation for usage details.

Bug Fixes 🐛#

• OpenAPI Transpiler Type Handling - Fixed an issue where the OpenAPI transpiler now correctly defaults to "type: object" when properties are defined, ensuring proper schema generation and type safety.

• CLI Tunnel Command Validation - Added missing account argument validation for the create tunnel command in the Zuplo CLI, preventing errors when setting up local development tunnels.

Improvements 🔄#

• Wildcard Subdomain Support for CORS - The CORS policy now supports wildcard subdomains, enabling more flexible cross-origin configurations for APIs serving multiple subdomains or multi-tenant applications.

• Enhanced SSO and MFA Security - Improved security for enterprise accounts by enforcing SSO and MFA requirements, ensuring better access control and compliance with enterprise security policies.

This release introduces enhanced debugging capabilities for MCP (Model Context Protocol) servers, implements OAuth protected resource discovery, and improves network reliability with automatic retry mechanisms. Additionally, we've fixed an issue with JWT service expiration times.

New Features 🎉#

MCP Server Handler Debug Mode We've added a debug mode for MCP Server handlers, making it easier to troubleshoot and develop your Model Context Protocol integrations. This enhancement provides better visibility into MCP server operations during development and testing. Learn more about MCP in Zuplo.

OAuth Protected Resource Discovery Implemented support for OAuth RFC 9728's .well-known/oauth-protected-resource endpoint for MCP OAuth flows. This standardized endpoint enables automatic discovery of OAuth-protected resources, simplifying the integration process for MCP-enabled applications. Read our guide on introducing remote MCP servers.

Enhanced Metrics Retry and Error Handling Improved the metrics functionality to automatically retry on network errors and timeouts, providing better resilience for API calls. This enhancement is now used when sending metrics to vector, ensuring more reliable telemetry data collection even during temporary network issues.

Bug Fixes 🐛#

JWT Service Expiration Time Fix Fixed an issue with JWT service expiration time handling and export options. This ensures proper token validation and prevents authentication issues related to incorrect expiration timestamps. For more information on JWT authentication, see our JWT API authentication guide.

This release introduces configurable memory sizing for the MemoryZoneReadThroughCache, improves runtime OpenAPI path handling, and fixes environment variable support for Zudoku dev portals.

New Features 🎉#

• Configurable memory size for MemoryZoneReadThroughCache - The runtime's MemoryZoneReadThroughCache now supports configurable memory size limits. This enhancement provides developers with greater control over memory allocation for cached data, helping to optimize performance while avoiding out-of-memory errors in memory-constrained environments.

Bug Fixes 🐛#

• Support for ZUDOKU_PUBLIC_ environment variables - Fixed an issue preventing the use of ZUDOKU_PUBLIC_ prefixed environment variables in Zudoku dev portals. These variables can now be properly exposed to the client-side for use in configuration and React components.

• Ignore non-method properties on OpenAPI operations - The runtime now properly ignores properties on OpenAPI opertations that are not methods. Perviously this could cause build errors.