Zuplo Changelog

This release introduces significant improvements to the Zuplo CLI, rate limiting capabilities, and developer portal experience. Key highlights include a new CLI command for migrating to the redesigned developer portal, enhanced rate limiting with adaptive timeouts, and support for wildcard subdomains in CORS policies.

New Features 🎉#

• New Developer Portal Migration Command - Added zuplo source migrate dev-portal CLI command to help users migrate to the new Zuplo Developer Portal built on the Zudoku framework. This simplifies the transition to the enhanced portal experience.

• Enhanced Rate Limiting with Adaptive Timeouts - The rate limiter policy now supports adaptive and configurable timeouts, providing more flexible control over API rate limiting behavior and improved performance under varying load conditions.

• CLI Project Creation - New CLI command for creating Zuplo projects directly from the command line, streamlining the project setup workflow. See the CLI documentation for usage details.

Bug Fixes 🐛#

• OpenAPI Transpiler Type Handling - Fixed an issue where the OpenAPI transpiler now correctly defaults to "type: object" when properties are defined, ensuring proper schema generation and type safety.

• CLI Tunnel Command Validation - Added missing account argument validation for the create tunnel command in the Zuplo CLI, preventing errors when setting up local development tunnels.

Improvements 🔄#

• Wildcard Subdomain Support for CORS - The CORS policy now supports wildcard subdomains, enabling more flexible cross-origin configurations for APIs serving multiple subdomains or multi-tenant applications.

• Enhanced SSO and MFA Security - Improved security for enterprise accounts by enforcing SSO and MFA requirements, ensuring better access control and compliance with enterprise security policies.

This release introduces Model Context Protocol (MCP) support for API development, new policies for query parameter manipulation and API metering, enhanced CLI commands, and improvements to console logging in the runtime.

New Features 🎉#

• Query Parameter to Header Inbound Policy - New policy that allows transforming query parameters into HTTP headers, enabling more flexible request handling and backend compatibility.

• Model Context Protocol (MCP) Support - Added comprehensive MCP server handler for local editing experience with improved schema validation, URL pattern support, parameter descriptions and examples. MCP enables AI-powered tools to interact with your APIs more effectively.

• Console Logging Support in Runtime (preview) - Developers can now use console logging directly in the runtime environment, making debugging and monitoring easier during development.

• OpenMeter Metering Inbound Policy - New integration with OpenMeter for API usage metering, enabling precise tracking and billing of API consumption.

• Enhanced Prompt Injection Policy - Added "strict" mode with more granular logging capabilities to better protect APIs from prompt injection attacks in AI-powered applications.

• Improved CLI Commands:

  • New zuplo source command replaces the deprecated zuplo project command
  • Added interactive selection for account, project, and environment values in authenticated commands
  • Environment variables from public vars are now written to .env files for better local development experience

This release includes improvements to OpenAPI schema reference handling and a fix for the Zuplo CLI login behavior on middleware platforms.

Bug Fixes 🐛#

• Improved nested schema reference traversing - Fixed an issue where deeply nested schema references in OpenAPI specifications were not being properly resolved. This enhancement ensures that complex OpenAPI documents with multiple levels of $ref pointers are correctly processed, improving compatibility with sophisticated API specifications.

• Fixed CLI login behavior on middleware platforms - Resolved an issue where the Zuplo CLI would unexpectedly exit after login when running on certain middleware platforms. The CLI now properly maintains the session after successful authentication, ensuring a smooth development experience.

This release introduces significant enhancements to request handling, CLI authentication, logging capabilities, and observability. Key features include a new pre-routing hook for request manipulation before routing, enhanced CLI authentication supporting both Auth0 and API Key methods, custom log fields across all logging plugins, and improved tracing for programmatically invoked policies.

New Features 🎉#

• Pre-routing hook - Introduces a powerful new hook that allows you to manipulate incoming requests before routing checks are performed. This enables use cases like making URLs case-insensitive or normalizing URL paths. Learn more about pre-routing hooks

• Custom log fields for all logging plugins - All logging plugins now support a fields option that allows you to append custom fields to every log entry. This enhancement enables better log enrichment and correlation across your observability stack. See custom log fields documentation

• Tracing for programmatically invoked policies - Policies that are invoked programmatically now include proper tracing information, improving observability and debugging capabilities when policies call other policies within your API gateway. Learn about API monitoring with OpenTelemetry

Bug Fixes 🐛#

• Enhanced error handling - Strengthened error handling checks for the throwOnError configuration option, ensuring more predictable behavior when errors occur in your API gateway.

Documentation 📚#

• CLI command consistency - Updated the CLI documentation and commands to consistently use zuplo instead of the shortened zup command, improving clarity and consistency across all documentation.

This release includes improvements to the local development experience with increased body size limits in the route designer and bug fixes.

New Features 🎉#

• Increased body limit in local route designer - The maximum request body size limit has been increased in the local route designer, allowing developers to test APIs with larger payloads during development.

Bug Fixes 🐛#

• Project template creation improvements - Fixed an issue where creating a project from a template would fail if the source control access token was not properly validated. The system now correctly checks for and handles access token availability during template-based project creation.