Zuplo Changelog

This release brings significant improvements to the Zuplo Developer Portal, including enhanced theme customization, improved authentication support, and a major navigation system overhaul. The highlight is the new unified navigation configuration that provides more flexibility for customizing your developer portal experience.

Key Highlights#

• Breaking Change: Completely redesigned navigation system with a unified configuration approach
• Enhanced Theme Support: Advanced theme customization with shadcn registry integration
• Azure B2C Authentication: Full support for Azure B2C as an authentication provider
• Improved Mobile Experience: Better navigation rendering on mobile devices
• Security Enhancements: New warnings to prevent accidental secrets exposure
• Better Defaults: Static error pages now enabled by default for optimal hosting

Breaking Changes 🛠#

Navigation Configuration Restructure #1174#

The Dev Portal navigation system has been completely redesigned to provide a more flexible and consistent configuration experience. The previous separate properties for topNavigation, sidebar, and customPages have been unified into a single navigation array structure.

Migration Required: If you have customized navigation in your Dev Portal, you'll need to update your configuration. See the migration guide for detailed instructions.

New Features 🎉#

Enhanced Theme Support with shadcn Registry #1160#

The Dev Portal now offers more granular theme customization options, including automatic shadcn registry style imports and Google Fonts auto-import capability. A new theme playground helps you test and preview your design changes with live theme invalidation. Learn more about customizing your Dev Portal theme.

Google Tag Manager Integration Example #1161#

Added comprehensive documentation and examples for integrating Google Tag Manager with your Dev Portal, making it easier to implement analytics tracking for your API documentation.

Bug Fixes 🐛#

Azure B2C Authentication Support #1159#

Fixed an issue where Azure B2C was not recognized as a valid authentication provider. The configuration validation schema now properly includes Azure B2C-specific fields (clientId, tenantName, policyName, issuer), enabling seamless authentication with Azure B2C. See our authentication setup guide for configuration details.

Mobile Navigation Rendering #1165#

Resolved an issue where the top-navigation-side slot wasn't rendering on mobile devices, ensuring a consistent navigation experience across all device sizes.

OAuth Callback Route History #1172#

Fixed the OAuth callback flow to prevent the /oauth/callback route from remaining in browser history, providing a cleaner user experience by using React Router's replace navigation.

Security & Documentation 📚#

Security Warnings for Configuration #1169#

Added important security warnings to prevent accidental exposure of secrets in Dev Portal configurations. The documentation now clearly states that only environment variables prefixed with ZUDOKU_PUBLIC_ are exposed to the client.

Documentation Improvements #1117#

Comprehensive documentation updates including grammar corrections, fixed component names (e.g., ZudokContext → ZudokuContext), and improved code snippet accuracy across all Dev Portal guides.

Other Improvements 🔄#

Default Expiration for Rolling Keys #1142#

Simplified API key management by removing the explicit expiresOn field when rolling keys. The system now automatically uses server-side default expiration policies, reducing complexity in key management workflows.

Static Error Pages Enabled by Default #1143#

Static HTML error pages for HTTP status codes (404, 500, etc.) are now enabled by default, providing a better out-of-the-box experience for hosting on platforms like Vercel, Netlify, and Zuplo. The enableStatusPages configuration now defaults to true.

Dependency Updates 📦#

This release includes various dependency updates to ensure compatibility and security:

• Updated React types (@types/react to 19.1.8, @types/react-dom to 19.1.6)
• Upgraded development tools (lint-staged to 16.1.0, vitest to 3.2.2, postcss to 8.5.4)
• Updated core dependencies (yaml to 2.8.0, zustand to 5.0.5, piscina to 5.0.0)
• GraphQL tooling updates (@graphql-codegen/cli to 5.0.7)

This release introduces powerful new features for API management including internal route invocation and improved authentication policies.

Breaking Changes 🛠#

• Removed the deprecated Aserto authorization policy due to Aserto shutting down. If you're currently using this policy, please migrate to an alternative authorization solution.

New Features 🎉#

• Internal Route Invocation: Added context.invokeRoute capability that allows you to internally invoke a route without making an external HTTP request. This enables more efficient internal API calls and better performance for complex routing scenarios.

• Enhanced Client IP Parsing: Improved parsing of client IP addresses from the X-Forwarded-For header, providing more accurate client identification for rate limiting and analytics.

• CLI Log Verbosity Control: Added a new flag to control log verbosity levels in the Zuplo CLI, making debugging and troubleshooting easier during local development.

• Custom Domain Aliases: Introduced support for custom domain aliases, allowing you to map multiple domains to a single API deployment for more flexible domain management.

• Web Bot Authentication: New policy for authenticating and managing web bot traffic, helping you control automated access to your APIs. See the policy docs for more details

• API Key Management Enhancement: You can now delete the default API key, providing more flexibility in API key lifecycle management. See documentation

Bug Fixes 🐛#

• Fixed an issue that prevented changing deployments for custom domains.
• Increased the body size limit on GitHub webhooks to support larger payloads.
• Enhanced error handling in mock API policy to support single example responses.

Documentation 📚#

• Updated documentation for the Auth0 JWT authentication policy.

This release introduces Azure B2C authentication support, fixes several authentication and styling bugs, and updates multiple dependencies to their latest versions.

New Features 🎉#

• Azure B2C Authentication Support - Added comprehensive support for Azure B2C authentication, including a new AzureB2CAuthPlugin for handling login flows, configuration schema updates, and detailed documentation. This enables Dev Portal users to authenticate using Azure B2C identity providers. #1139
  • Special thanks to the community for the original implementation in #1042

Bug Fixes 🐛#

• Fixed CSS Classes in Markdown Images - Resolved an issue where custom CSS classes weren't being applied to images in Markdown content. The fix ensures proper class merging with the default "rounded-md" class, allowing developers to customize image styling while preserving default styles. #1135
• Fixed Auth0 Issuer URL Handling - Corrected a bug where Auth0 issuer URLs lacked the required trailing slash. Introduced a unified getIssuer implementation for consistent URL handling and improved error handling for authentication configuration. #1134
• Fixed Dev Portal Hooks Export - Resolved an issue where hooks weren't being properly exported from the package. Changed the hooks export path to ensure they are accessible when importing from zudoku/hooks. #1136
• Fixed Authentication Session Expiry Handling - Addressed an issue where expired sessions were still showing users as logged in. Added automatic token expiry checking on page load and proper session refresh handling to ensure users are correctly logged out when their session expires. #1119

Dependency Updates 📦#

• Updated @vitest/coverage-v8 from 3.1.1 to 3.2.1 #1130
• Updated graphql-yoga from 5.13.3 to 5.13.5 #1127
• Updated glob from 11.0.1 to 11.0.2 #1124
• Updated shiki-dependencies group with 5 updates #1123
• Updated estree-util-value-to-estree from 3.3.3 to 3.4.0 #1129
• Updated @sentry/node from 9.12.0 to 9.26.0 #1128
• Updated zod from 3.24.2 to 3.25.51 #1125

This release brings significant improvements to the Dev Portal with enhanced customization capabilities, better user experience features, and important infrastructure upgrades. Notable additions include a new API Key management UI, improved OpenAPI playground functionality, and enhanced slot system extensibility. Please note that this release includes breaking changes related to the slot system and Tailwind CSS upgrade.

Breaking Changes 🛠#

Extended Slot System - #1048
The slot system has been completely refactored and extended to provide more flexibility and customization options. Projects currently using slots will need to update their slot configuration or usage to match the new behavior. The enhanced system offers improved performance and better integration capabilities. Please refer to the updated slot documentation for migration guidance.

Tailwind CSS v4 Upgrade - #981
Upgraded to Tailwind CSS v4, bringing improved performance and new utility classes. This change primarily affects users who utilize custom class names in custom pages or MDX components—these class names may require updates to align with the new Tailwind utility syntax. For most users, the migration should be straightforward. For detailed migration guidance, see the official Tailwind upgrade guide.

Automatic Logo Base Path Resolution
Logo path handling has been improved to automatically resolve base paths. Previously, logo URLs required manual base path prepending, but this is now handled automatically by the system, simplifying configuration and reducing potential errors.

New Features 🎉#

Enhanced API Operation Interface - #1035
Moved operation tabs into card layouts for improved visual organization and better user experience when navigating through API operations.

Simplified Authentication Architecture - #1047
Converted AuthProviders to regular plugins, streamlining the authentication system and making it more consistent with the overall plugin architecture.

Improved OpenAPI Playground Experience - #1065
The API playground now displays schema.default values, providing developers with better context and examples when testing API endpoints.

API Key Management UI - #827
Introduced a comprehensive API Key management interface, allowing users to create, manage, and monitor their API keys directly within the Dev Portal.

Enhanced Navigation - #1076
Added anchor link icons for headings, improving navigation and making it easier to share direct links to specific sections.

Improved Sidebar Usability - #1075
Implemented tooltips for truncated sidebar items, ensuring full text is always accessible even when space is limited.

Bug Fixes 🐛#

Development Experience Improvements - #1038, #1043, #1067
Fixed multiple issues with development configuration reloading, including more reliable file change detection based on modification time and simplified reload mechanisms.

Enhanced Schema Management - #1039
Added proper metadata to schema list pages, improving SEO and providing better context for documentation navigation.

Visual and Layout Fixes - #1063, #1083
Resolved various layout styling issues and fixed code block overflow problems in callouts and admonitions.

Plugin System Enhancements - #1064
Exported authentication plugin types for better TypeScript support and plugin development.

OpenAPI Processing Improvements - #1066, #1068
Improved error handling for mergeAllOf operations and removed unnecessary radio buttons from submit forms in the OpenAPI interface.

Playground Caching Fixes - #1070, #1072
Disabled inappropriate caching for playground mutations and requests to ensure accurate testing results.

Build System Improvements - #1069
Enhanced handling of multiple bundled CSS entries for better build reliability.

Code Syntax Highlighting - #1080
Fixed syntax highlighting copy functionality and empty line handling for better code display.

Markdown Processing - #1081
Restored rehype-raw functionality for proper HTML processing in markdown content.

Documentation 📚#

Configuration Documentation - #1040
Fixed frontmatter sidebar_icon property documentation to ensure proper icon configuration.

Developer Experience 🔄#

Enhanced Hook System - #1073
Exported hooks from zudoku/hooks for better developer experience and easier integration.

Dependency Updates 📦#

Updated multiple dependencies including:

• pnpm/action-setup to v4 - #1049
• @radix-ui/react-scroll-area to v1.2.9 - #1052
• @radix-ui/react-slot to v1.2.3 - #1051
• @radix-ui/react-slider to v1.3.5 - #1053
• Nx dependencies group with 4 updates - #1050

---

For complete technical details and additional changes, view the full release notes on GitHub.

The Zuplo CLI now has the option to enable debug logs for greater visibility into errors and warnings.

Supported flags are:

• -v enables verbose output (warnings and errors)
• -vv enables very verbose output (info, warnings and errors)
• -vvv enables extremely verbose output (debug, info, warnings and errors)

These flags are available in @zuplo/cli@6.51.50 or newer. You can also upgrade by running npm i @zuplo/cli@latest.

You can now set a custom domain for both your Zuplo-powered Dev Portal and your API.

To get started, log into Zuplo and open the project you want to configure. Navigate to Settings > Custom Domain, then click Add Custom Domain.

Next, choose the deployment branch you want to associate with the domain, and select whether it's for the API Gateway or the Dev Portal.

Once complete, you'll be provided with the DNS configuration details needed to correctly point your custom domain to the Dev Portal.

For more information see our documentation on custom domains.