Zuplo Changelog

This changelog covers changes from Monday, 2025-09-29 to Sunday, 2025-10-05, focusing on new policy features, runtime improvements, and portal enhancements.

Features#

• GraphQL Introspection Filter Policy: Added new MCP GraphQL tools with introspection filtering capabilities to help manage GraphQL schema exposure and improve security
• Logs in AI Gateway: Enhanced AI Gateway with comprehensive logging functionality, providing better visibility into gateway operations and events

Fixes#

• MCP Server Handler: Fixed issue with routes containing escaped colons that were not being handled correctly
• URL Forward Handler: Enhanced support for buffering request body during redirect transmission, improving reliability of URL forwarding
• Log Parsing: Fixed issue where log chunks were not being correctly parsed, improving log reliability and accuracy

Portal Updates#

• Copy Path Enhancement: Improved path copying functionality with visual feedback through flash animations
• Invite UI Improvements: Updated color scheme for invitation-related interface elements to improve visual clarity
• Secret Management UI: Enhanced the secret management interface for better user experience and security
• MCP Server Bug Fix: Resolved server-side issues affecting MCP functionality
• Button UI Cleanup: Removed count display from buttons to reduce user confusion

This changelog covers improvements to the runtime and portal from Monday, 2025-09-01 to Sunday, 2025-09-07.

Fixes#

• Runtime: Fixed MCP (Model Context Protocol) server handlers to return proper 405 Method Not Allowed responses instead of 404 Not Found when unsupported HTTP methods are used

Portal Updates#

• Added enhanced stack trace mapping and formatting in the log viewer for better debugging experience with loading states and improved readability

This changelog covers improvements to sourcemapping, configuration flexibility, MCP support, and Portal analytics from Monday, 2025-08-25 to Sunday, 2025-08-31.

Features#

• Sourcemapping Improvements: Enhanced sourcemap generation and file mapping capabilities for better debugging experience
• Configuration Flexibility: Updated zuplo.jsonc configuration shape to support additional customization options
• Certificate Validation Control: Added environment variable to disable certificate validation when needed for specific deployment scenarios
• MCP Prompts Support: Added support for Model Context Protocol (MCP) prompts functionality
• MCP Error Handling: Improved error display formatting for MCP operations

Fixes#

• CLI Template Fix: Corrected the create app readme to reference the correct template
• Request Validator: Improved handling of invalid parameter validators in the request-validator policy to prevent runtime errors

This changelog covers changes from Monday, 2025-08-18 to Sunday, 2025-08-24.

Summary#

This release includes improvements to the CLI login experience with device flow authentication and source map support for better debugging capabilities.

Features#

• Enhanced CLI Authentication: The CLI now uses device flow for login, providing a more secure and user-friendly authentication experience
• Source Maps Support: Enabled source maps on public builds to improve debugging and error tracking capabilities

This release introduces significant improvements to the Zuplo CLI, rate limiting capabilities, and developer portal experience. Key highlights include a new CLI command for migrating to the redesigned developer portal, enhanced rate limiting with adaptive timeouts, and support for wildcard subdomains in CORS policies.

New Features 🎉#

• New Developer Portal Migration Command - Added zuplo source migrate dev-portal CLI command to help users migrate to the new Zuplo Developer Portal built on the Zudoku framework. This simplifies the transition to the enhanced portal experience.

• Enhanced Rate Limiting with Adaptive Timeouts - The rate limiter policy now supports adaptive and configurable timeouts, providing more flexible control over API rate limiting behavior and improved performance under varying load conditions.

• CLI Project Creation - New CLI command for creating Zuplo projects directly from the command line, streamlining the project setup workflow. See the CLI documentation for usage details.

Bug Fixes 🐛#

• OpenAPI Transpiler Type Handling - Fixed an issue where the OpenAPI transpiler now correctly defaults to "type: object" when properties are defined, ensuring proper schema generation and type safety.

• CLI Tunnel Command Validation - Added missing account argument validation for the create tunnel command in the Zuplo CLI, preventing errors when setting up local development tunnels.

Improvements 🔄#

• Wildcard Subdomain Support for CORS - The CORS policy now supports wildcard subdomains, enabling more flexible cross-origin configurations for APIs serving multiple subdomains or multi-tenant applications.

• Enhanced SSO and MFA Security - Improved security for enterprise accounts by enforcing SSO and MFA requirements, ensuring better access control and compliance with enterprise security policies.

This release introduces enhanced debugging capabilities for MCP (Model Context Protocol) servers, implements OAuth protected resource discovery, and improves network reliability with automatic retry mechanisms. Additionally, we've fixed an issue with JWT service expiration times.

New Features 🎉#

MCP Server Handler Debug Mode We've added a debug mode for MCP Server handlers, making it easier to troubleshoot and develop your Model Context Protocol integrations. This enhancement provides better visibility into MCP server operations during development and testing. Learn more about MCP in Zuplo.

OAuth Protected Resource Discovery Implemented support for OAuth RFC 9728's .well-known/oauth-protected-resource endpoint for MCP OAuth flows. This standardized endpoint enables automatic discovery of OAuth-protected resources, simplifying the integration process for MCP-enabled applications. Read our guide on introducing remote MCP servers.

Enhanced Metrics Retry and Error Handling Improved the metrics functionality to automatically retry on network errors and timeouts, providing better resilience for API calls. This enhancement is now used when sending metrics to vector, ensuring more reliable telemetry data collection even during temporary network issues.

Bug Fixes 🐛#

JWT Service Expiration Time Fix Fixed an issue with JWT service expiration time handling and export options. This ensures proper token validation and prevents authentication issues related to incorrect expiration timestamps. For more information on JWT authentication, see our JWT API authentication guide.