zuplo 6.67.32 → 6.68.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (644) hide show
  1. package/README.md +9 -0
  2. package/docs/_index.md +44 -0
  3. package/docs/ai-gateway/apps.mdx +28 -0
  4. package/docs/ai-gateway/custom-providers.mdx +54 -0
  5. package/docs/ai-gateway/getting-started.mdx +224 -0
  6. package/docs/ai-gateway/guardrails.mdx +65 -0
  7. package/docs/ai-gateway/integrations/ai-sdk.mdx +109 -0
  8. package/docs/ai-gateway/integrations/claude-code.mdx +49 -0
  9. package/docs/ai-gateway/integrations/codex.mdx +78 -0
  10. package/docs/ai-gateway/integrations/goose.mdx +104 -0
  11. package/docs/ai-gateway/integrations/langchain.mdx +66 -0
  12. package/docs/ai-gateway/integrations/openai.mdx +99 -0
  13. package/docs/ai-gateway/introduction.mdx +85 -0
  14. package/docs/ai-gateway/managing-apps.mdx +46 -0
  15. package/docs/ai-gateway/managing-providers.mdx +66 -0
  16. package/docs/ai-gateway/managing-teams.mdx +63 -0
  17. package/docs/ai-gateway/policies/akamai-ai-firewall.mdx +125 -0
  18. package/docs/ai-gateway/policies/comet-opik-tracing.mdx +139 -0
  19. package/docs/ai-gateway/policies/galileo-tracing.mdx +147 -0
  20. package/docs/ai-gateway/providers.mdx +32 -0
  21. package/docs/ai-gateway/teams.mdx +38 -0
  22. package/docs/ai-gateway/universal-api.mdx +43 -0
  23. package/docs/ai-gateway/usage-limits.mdx +89 -0
  24. package/docs/api-management/introduction.md +127 -0
  25. package/docs/articles/accounts/audit-logs.mdx +227 -0
  26. package/docs/articles/accounts/billing.mdx +25 -0
  27. package/docs/articles/accounts/default-api-key.mdx +30 -0
  28. package/docs/articles/accounts/delete-account.mdx +36 -0
  29. package/docs/articles/accounts/enterprise-sso.mdx +116 -0
  30. package/docs/articles/accounts/managing-account-members.mdx +45 -0
  31. package/docs/articles/accounts/managing-project-members.mdx +37 -0
  32. package/docs/articles/accounts/members-and-roles.mdx +21 -0
  33. package/docs/articles/accounts/roles-and-permissions.mdx +115 -0
  34. package/docs/articles/accounts/zuplo-api-keys.mdx +94 -0
  35. package/docs/articles/add-api-to-backstage.mdx +216 -0
  36. package/docs/articles/advanced-path-matching.mdx +139 -0
  37. package/docs/articles/api-key-administration.mdx +47 -0
  38. package/docs/articles/api-key-api.mdx +220 -0
  39. package/docs/articles/api-key-authentication.mdx +195 -0
  40. package/docs/articles/api-key-buckets.mdx +61 -0
  41. package/docs/articles/api-key-end-users.mdx +52 -0
  42. package/docs/articles/api-key-leak-detection.mdx +75 -0
  43. package/docs/articles/api-key-management.mdx +100 -0
  44. package/docs/articles/api-key-react-component.mdx +90 -0
  45. package/docs/articles/api-key-service-limits.mdx +14 -0
  46. package/docs/articles/archiving-requests-to-storage.mdx +119 -0
  47. package/docs/articles/branch-based-deployments.mdx +184 -0
  48. package/docs/articles/bypass-policy-for-testing.mdx +117 -0
  49. package/docs/articles/check-ip-address.mdx +17 -0
  50. package/docs/articles/ci-cd-azure/basic-deployment.mdx +49 -0
  51. package/docs/articles/ci-cd-azure/deploy-and-test.mdx +47 -0
  52. package/docs/articles/ci-cd-azure/local-testing.mdx +59 -0
  53. package/docs/articles/ci-cd-azure/multi-stage-deployment.mdx +88 -0
  54. package/docs/articles/ci-cd-azure/pr-preview-environments.mdx +50 -0
  55. package/docs/articles/ci-cd-azure/tag-based-releases.mdx +37 -0
  56. package/docs/articles/ci-cd-bitbucket/basic-deployment.mdx +27 -0
  57. package/docs/articles/ci-cd-bitbucket/deploy-and-test.mdx +41 -0
  58. package/docs/articles/ci-cd-bitbucket/local-testing.mdx +34 -0
  59. package/docs/articles/ci-cd-bitbucket/multi-stage-deployment.mdx +52 -0
  60. package/docs/articles/ci-cd-bitbucket/pr-preview-environments.mdx +46 -0
  61. package/docs/articles/ci-cd-bitbucket/tag-based-releases.mdx +27 -0
  62. package/docs/articles/ci-cd-circleci/basic-deployment.mdx +34 -0
  63. package/docs/articles/ci-cd-circleci/deploy-and-test.mdx +44 -0
  64. package/docs/articles/ci-cd-circleci/local-testing.mdx +50 -0
  65. package/docs/articles/ci-cd-circleci/multi-stage-deployment.mdx +82 -0
  66. package/docs/articles/ci-cd-circleci/pr-preview-environments.mdx +47 -0
  67. package/docs/articles/ci-cd-circleci/tag-based-releases.mdx +38 -0
  68. package/docs/articles/ci-cd-github/basic-deployment.mdx +48 -0
  69. package/docs/articles/ci-cd-github/cleanup-on-branch-delete.mdx +123 -0
  70. package/docs/articles/ci-cd-github/deploy-and-test.mdx +82 -0
  71. package/docs/articles/ci-cd-github/local-testing.mdx +102 -0
  72. package/docs/articles/ci-cd-github/multi-stage-deployment.mdx +136 -0
  73. package/docs/articles/ci-cd-github/pr-preview-environments.mdx +106 -0
  74. package/docs/articles/ci-cd-github/tag-based-releases.mdx +99 -0
  75. package/docs/articles/ci-cd-gitlab/basic-deployment.mdx +28 -0
  76. package/docs/articles/ci-cd-gitlab/deploy-and-test.mdx +44 -0
  77. package/docs/articles/ci-cd-gitlab/local-testing.mdx +39 -0
  78. package/docs/articles/ci-cd-gitlab/mr-preview-environments.mdx +52 -0
  79. package/docs/articles/ci-cd-gitlab/multi-stage-deployment.mdx +64 -0
  80. package/docs/articles/ci-cd-gitlab/tag-based-releases.mdx +28 -0
  81. package/docs/articles/composite-policy-reference.mdx +284 -0
  82. package/docs/articles/configuring-auth0-for-mcp-auth.mdx +186 -0
  83. package/docs/articles/configuring-okta-for-mcp-auth.mdx +208 -0
  84. package/docs/articles/convert-urls-to-openapi.mdx +62 -0
  85. package/docs/articles/cors.mdx +447 -0
  86. package/docs/articles/custom-audit-log-policy.mdx +95 -0
  87. package/docs/articles/custom-ci-cd-azure.mdx +81 -0
  88. package/docs/articles/custom-ci-cd-bitbucket.mdx +80 -0
  89. package/docs/articles/custom-ci-cd-circleci.mdx +78 -0
  90. package/docs/articles/custom-ci-cd-github.mdx +99 -0
  91. package/docs/articles/custom-ci-cd-gitlab.mdx +79 -0
  92. package/docs/articles/custom-ci-cd.mdx +82 -0
  93. package/docs/articles/custom-code-patterns.md +418 -0
  94. package/docs/articles/custom-domains.mdx +258 -0
  95. package/docs/articles/custom-logging-example.mdx +139 -0
  96. package/docs/articles/ddos-protection.mdx +138 -0
  97. package/docs/articles/development-options.mdx +49 -0
  98. package/docs/articles/environment-variables.mdx +134 -0
  99. package/docs/articles/environments.mdx +143 -0
  100. package/docs/articles/fastly-zuplo-host-setup.mdx +41 -0
  101. package/docs/articles/github-deployment-testing.mdx +101 -0
  102. package/docs/articles/gke-with-upstream-auth-policy.mdx +192 -0
  103. package/docs/articles/graphql-security.mdx +180 -0
  104. package/docs/articles/handling-form-data.mdx +61 -0
  105. package/docs/articles/health-checks.mdx +109 -0
  106. package/docs/articles/hosting-options.mdx +70 -0
  107. package/docs/articles/lazy-load-configuration-into-cache.mdx +92 -0
  108. package/docs/articles/limits.mdx +98 -0
  109. package/docs/articles/local-development-debugging.mdx +44 -0
  110. package/docs/articles/local-development-env-variables.mdx +23 -0
  111. package/docs/articles/local-development-installing-packages.mdx +23 -0
  112. package/docs/articles/local-development-routes-designer.mdx +27 -0
  113. package/docs/articles/local-development-services.mdx +40 -0
  114. package/docs/articles/local-development-troubleshooting.mdx +56 -0
  115. package/docs/articles/local-development.mdx +81 -0
  116. package/docs/articles/log-plugin-aws-cloudwatch.mdx +83 -0
  117. package/docs/articles/log-plugin-datadog.mdx +84 -0
  118. package/docs/articles/log-plugin-dynatrace.mdx +75 -0
  119. package/docs/articles/log-plugin-gcp.mdx +75 -0
  120. package/docs/articles/log-plugin-loki.mdx +136 -0
  121. package/docs/articles/log-plugin-new-relic.mdx +84 -0
  122. package/docs/articles/log-plugin-splunk.mdx +104 -0
  123. package/docs/articles/log-plugin-sumo.mdx +73 -0
  124. package/docs/articles/log-plugin-vmware-log-insight.mdx +154 -0
  125. package/docs/articles/log-request-response-data.mdx +398 -0
  126. package/docs/articles/logging.mdx +115 -0
  127. package/docs/articles/manual-mcp-oauth-testing.mdx +193 -0
  128. package/docs/articles/mcp-quickstart.mdx +135 -0
  129. package/docs/articles/metrics-plugins.mdx +371 -0
  130. package/docs/articles/migrate-from-apigee.md +408 -0
  131. package/docs/articles/migrate-from-aws-api-gateway.md +248 -0
  132. package/docs/articles/migrate-from-azure-apim.md +292 -0
  133. package/docs/articles/migrate-from-kong.md +300 -0
  134. package/docs/articles/migration-overview.md +81 -0
  135. package/docs/articles/monetization/api-access.mdx +69 -0
  136. package/docs/articles/monetization/billing-models.md +520 -0
  137. package/docs/articles/monetization/developer-portal.md +167 -0
  138. package/docs/articles/monetization/features.mdx +98 -0
  139. package/docs/articles/monetization/index.mdx +113 -0
  140. package/docs/articles/monetization/meters.mdx +135 -0
  141. package/docs/articles/monetization/monetization-policy.md +314 -0
  142. package/docs/articles/monetization/plan-examples.mdx +366 -0
  143. package/docs/articles/monetization/plans.mdx +266 -0
  144. package/docs/articles/monetization/pricing-models.mdx +225 -0
  145. package/docs/articles/monetization/private-plans.md +154 -0
  146. package/docs/articles/monetization/quickstart.md +355 -0
  147. package/docs/articles/monetization/rate-cards.mdx +171 -0
  148. package/docs/articles/monetization/stripe-integration.md +195 -0
  149. package/docs/articles/monetization/subscription-lifecycle.md +298 -0
  150. package/docs/articles/monetization/tax-collection.md +166 -0
  151. package/docs/articles/monetization/troubleshooting.md +272 -0
  152. package/docs/articles/monetization-custom.mdx +71 -0
  153. package/docs/articles/monetization-integrations.mdx +104 -0
  154. package/docs/articles/monitoring-your-gateway.mdx +53 -0
  155. package/docs/articles/monorepo-deployment.mdx +350 -0
  156. package/docs/articles/multiple-auth-policies.mdx +81 -0
  157. package/docs/articles/non-standard-ports.mdx +30 -0
  158. package/docs/articles/oauth-authentication.mdx +54 -0
  159. package/docs/articles/openapi-server-urls.mdx +60 -0
  160. package/docs/articles/openapi.mdx +130 -0
  161. package/docs/articles/opentelemetry.mdx +250 -0
  162. package/docs/articles/per-user-rate-limits-using-db.mdx +112 -0
  163. package/docs/articles/performance-testing.mdx +304 -0
  164. package/docs/articles/plugin-akamai-api-security.mdx +76 -0
  165. package/docs/articles/plugin-azure-blob.mdx +73 -0
  166. package/docs/articles/plugin-azure-event-hubs.mdx +64 -0
  167. package/docs/articles/plugin-hydrolix-traffic-peak.mdx +147 -0
  168. package/docs/articles/policies.mdx +33 -0
  169. package/docs/articles/rename-or-move-project.mdx +39 -0
  170. package/docs/articles/rick-and-morty-api-developer-portal-example.mdx +23 -0
  171. package/docs/articles/routing.mdx +193 -0
  172. package/docs/articles/s3-signed-url-uploads.mdx +521 -0
  173. package/docs/articles/secure-tunnel.mdx +84 -0
  174. package/docs/articles/securing-backend-mtls.mdx +268 -0
  175. package/docs/articles/securing-your-backend.mdx +148 -0
  176. package/docs/articles/security.mdx +105 -0
  177. package/docs/articles/sharing-code-across-projects.mdx +412 -0
  178. package/docs/articles/source-control-setup-azure.mdx +13 -0
  179. package/docs/articles/source-control-setup-bitbucket.mdx +43 -0
  180. package/docs/articles/source-control-setup-github.mdx +172 -0
  181. package/docs/articles/source-control-setup-gitlab.mdx +12 -0
  182. package/docs/articles/source-control.mdx +80 -0
  183. package/docs/articles/step-1-setup-basic-gateway-local.mdx +136 -0
  184. package/docs/articles/step-1-setup-basic-gateway.mdx +118 -0
  185. package/docs/articles/step-2-add-rate-limiting-local.mdx +126 -0
  186. package/docs/articles/step-2-add-rate-limiting.mdx +82 -0
  187. package/docs/articles/step-3-add-api-key-auth-local.mdx +199 -0
  188. package/docs/articles/step-3-add-api-key-auth.mdx +166 -0
  189. package/docs/articles/step-4-deploying-to-the-edge.mdx +220 -0
  190. package/docs/articles/step-5-dynamic-rate-limiting.mdx +167 -0
  191. package/docs/articles/support.mdx +144 -0
  192. package/docs/articles/terraform.mdx +114 -0
  193. package/docs/articles/testing-graphql.mdx +34 -0
  194. package/docs/articles/testing.mdx +522 -0
  195. package/docs/articles/troubleshooting-slow-responses.mdx +301 -0
  196. package/docs/articles/troubleshooting.md +302 -0
  197. package/docs/articles/tsconfig.mdx +105 -0
  198. package/docs/articles/tunnel-setup.mdx +195 -0
  199. package/docs/articles/tunnel-troubleshooting.mdx +50 -0
  200. package/docs/articles/update-zup-in-github-action.mdx +110 -0
  201. package/docs/articles/use-openapi-extension-data.mdx +79 -0
  202. package/docs/articles/users/multifactor-authentication.mdx +64 -0
  203. package/docs/articles/users/profile.mdx +13 -0
  204. package/docs/articles/versioning-on-zuplo.mdx +89 -0
  205. package/docs/articles/waf-ddos-akamai.md +133 -0
  206. package/docs/articles/waf-ddos-aws-waf-shield.mdx +85 -0
  207. package/docs/articles/waf-ddos-fastly.mdx +251 -0
  208. package/docs/articles/waf-ddos.mdx +140 -0
  209. package/docs/articles/zuplo-waf.mdx +156 -0
  210. package/docs/ask.mdx +3 -0
  211. package/docs/cli/authentication.mdx +56 -0
  212. package/docs/cli/connectivity.mdx +38 -0
  213. package/docs/cli/create-zuplo-api.mdx +80 -0
  214. package/docs/cli/delete.mdx +79 -0
  215. package/docs/cli/deploy.mdx +156 -0
  216. package/docs/cli/deploy.partial.mdx +46 -0
  217. package/docs/cli/dev.mdx +115 -0
  218. package/docs/cli/docs.mdx +66 -0
  219. package/docs/cli/editor.mdx +50 -0
  220. package/docs/cli/global-options.mdx +19 -0
  221. package/docs/cli/init.mdx +74 -0
  222. package/docs/cli/link.mdx +74 -0
  223. package/docs/cli/list.mdx +55 -0
  224. package/docs/cli/mtls-certificate-create.mdx +94 -0
  225. package/docs/cli/mtls-certificate-delete.mdx +55 -0
  226. package/docs/cli/mtls-certificate-describe.mdx +55 -0
  227. package/docs/cli/mtls-certificate-disable.mdx +55 -0
  228. package/docs/cli/mtls-certificate-list.mdx +47 -0
  229. package/docs/cli/mtls-certificate-update.mdx +72 -0
  230. package/docs/cli/openapi-convert.mdx +111 -0
  231. package/docs/cli/openapi-merge.mdx +138 -0
  232. package/docs/cli/openapi-merge.partial.mdx +29 -0
  233. package/docs/cli/openapi-overlay.mdx +123 -0
  234. package/docs/cli/overview.mdx +78 -0
  235. package/docs/cli/project-create.mdx +43 -0
  236. package/docs/cli/source-migrate.mdx +18 -0
  237. package/docs/cli/source-upgrade.mdx +41 -0
  238. package/docs/cli/test.mdx +70 -0
  239. package/docs/cli/test.partial.mdx +7 -0
  240. package/docs/cli/tunnel-create.mdx +53 -0
  241. package/docs/cli/tunnel-create.partial.mdx +9 -0
  242. package/docs/cli/tunnel-delete.mdx +35 -0
  243. package/docs/cli/tunnel-delete.partial.mdx +9 -0
  244. package/docs/cli/tunnel-describe.mdx +45 -0
  245. package/docs/cli/tunnel-describe.partial.mdx +5 -0
  246. package/docs/cli/tunnel-list.mdx +35 -0
  247. package/docs/cli/tunnel-list.partial.mdx +9 -0
  248. package/docs/cli/tunnel-rate-token.partial.mdx +9 -0
  249. package/docs/cli/tunnel-rotate-token.mdx +39 -0
  250. package/docs/cli/tunnel-services-describe.mdx +45 -0
  251. package/docs/cli/tunnel-services-describe.partial.mdx +9 -0
  252. package/docs/cli/tunnel-services-update.mdx +48 -0
  253. package/docs/cli/variable-create.mdx +91 -0
  254. package/docs/cli/variable-create.partial.mdx +5 -0
  255. package/docs/cli/variable-update.mdx +75 -0
  256. package/docs/cli/variable-update.partial.mdx +5 -0
  257. package/docs/concepts/api-keys.md +146 -0
  258. package/docs/concepts/authentication.mdx +109 -0
  259. package/docs/concepts/how-zuplo-works.mdx +120 -0
  260. package/docs/concepts/project-structure.mdx +174 -0
  261. package/docs/concepts/rate-limiting.md +246 -0
  262. package/docs/concepts/request-lifecycle.mdx +56 -0
  263. package/docs/concepts/source-control-and-deployment.mdx +229 -0
  264. package/docs/conferences/conference-prize-terms.mdx +80 -0
  265. package/docs/dedicated/akamai/ai-powered-applications.mdx +223 -0
  266. package/docs/dedicated/akamai/architecture.mdx +280 -0
  267. package/docs/dedicated/akamai/caching.mdx +212 -0
  268. package/docs/dedicated/akamai/cdn.mdx +156 -0
  269. package/docs/dedicated/architecture.mdx +208 -0
  270. package/docs/dedicated/custom-domains.mdx +31 -0
  271. package/docs/dedicated/federated-gateways.mdx +80 -0
  272. package/docs/dedicated/networking.mdx +69 -0
  273. package/docs/dedicated/overview.mdx +80 -0
  274. package/docs/dedicated/source-control.mdx +63 -0
  275. package/docs/dev-portal/dev-portal-create-consumer-on-auth.mdx +134 -0
  276. package/docs/dev-portal/introduction.mdx +65 -0
  277. package/docs/dev-portal/local-development.mdx +72 -0
  278. package/docs/dev-portal/migration.mdx +526 -0
  279. package/docs/dev-portal/node-modules.mdx +45 -0
  280. package/docs/dev-portal/updating.mdx +28 -0
  281. package/docs/dev-portal/zudoku/components/alert.mdx +130 -0
  282. package/docs/dev-portal/zudoku/components/badge.mdx +70 -0
  283. package/docs/dev-portal/zudoku/components/button.mdx +132 -0
  284. package/docs/dev-portal/zudoku/components/callout.mdx +112 -0
  285. package/docs/dev-portal/zudoku/components/card.mdx +104 -0
  286. package/docs/dev-portal/zudoku/components/checkbox.mdx +72 -0
  287. package/docs/dev-portal/zudoku/components/client-only.mdx +79 -0
  288. package/docs/dev-portal/zudoku/components/code-tabs.mdx +179 -0
  289. package/docs/dev-portal/zudoku/components/dialog.mdx +167 -0
  290. package/docs/dev-portal/zudoku/components/head.mdx +199 -0
  291. package/docs/dev-portal/zudoku/components/icons.mdx +27 -0
  292. package/docs/dev-portal/zudoku/components/input.mdx +96 -0
  293. package/docs/dev-portal/zudoku/components/label.mdx +86 -0
  294. package/docs/dev-portal/zudoku/components/link.mdx +242 -0
  295. package/docs/dev-portal/zudoku/components/markdown.mdx +151 -0
  296. package/docs/dev-portal/zudoku/components/mermaid.mdx +81 -0
  297. package/docs/dev-portal/zudoku/components/playground.mdx +87 -0
  298. package/docs/dev-portal/zudoku/components/secret.mdx +78 -0
  299. package/docs/dev-portal/zudoku/components/select.mdx +176 -0
  300. package/docs/dev-portal/zudoku/components/shadcn.mdx +73 -0
  301. package/docs/dev-portal/zudoku/components/slider.mdx +108 -0
  302. package/docs/dev-portal/zudoku/components/slot.mdx +119 -0
  303. package/docs/dev-portal/zudoku/components/stepper.mdx +138 -0
  304. package/docs/dev-portal/zudoku/components/switch.mdx +96 -0
  305. package/docs/dev-portal/zudoku/components/syntax-highlight.mdx +602 -0
  306. package/docs/dev-portal/zudoku/components/textarea.mdx +78 -0
  307. package/docs/dev-portal/zudoku/components/tooltip.mdx +195 -0
  308. package/docs/dev-portal/zudoku/components/typography.mdx +61 -0
  309. package/docs/dev-portal/zudoku/configuration/ai-assistants.md +64 -0
  310. package/docs/dev-portal/zudoku/configuration/api-catalog.md +108 -0
  311. package/docs/dev-portal/zudoku/configuration/api-reference.md +397 -0
  312. package/docs/dev-portal/zudoku/configuration/authentication-auth0.md +173 -0
  313. package/docs/dev-portal/zudoku/configuration/authentication-azure-ad.md +238 -0
  314. package/docs/dev-portal/zudoku/configuration/authentication-clerk.md +110 -0
  315. package/docs/dev-portal/zudoku/configuration/authentication-firebase.md +61 -0
  316. package/docs/dev-portal/zudoku/configuration/authentication-pingfederate.md +136 -0
  317. package/docs/dev-portal/zudoku/configuration/authentication-supabase.md +225 -0
  318. package/docs/dev-portal/zudoku/configuration/authentication.md +199 -0
  319. package/docs/dev-portal/zudoku/configuration/build-configuration.mdx +147 -0
  320. package/docs/dev-portal/zudoku/configuration/docs.md +282 -0
  321. package/docs/dev-portal/zudoku/configuration/footer.mdx +214 -0
  322. package/docs/dev-portal/zudoku/configuration/llms.md +89 -0
  323. package/docs/dev-portal/zudoku/configuration/navigation.mdx +408 -0
  324. package/docs/dev-portal/zudoku/configuration/overview.md +380 -0
  325. package/docs/dev-portal/zudoku/configuration/protected-routes.md +149 -0
  326. package/docs/dev-portal/zudoku/configuration/search.md +169 -0
  327. package/docs/dev-portal/zudoku/configuration/sentry.mdx +44 -0
  328. package/docs/dev-portal/zudoku/configuration/site.md +124 -0
  329. package/docs/dev-portal/zudoku/configuration/slots.mdx +124 -0
  330. package/docs/dev-portal/zudoku/configuration/vite-config.md +18 -0
  331. package/docs/dev-portal/zudoku/custom-plugins.md +287 -0
  332. package/docs/dev-portal/zudoku/customization/colors-theme.mdx +275 -0
  333. package/docs/dev-portal/zudoku/customization/fonts.md +110 -0
  334. package/docs/dev-portal/zudoku/extending/events.md +124 -0
  335. package/docs/dev-portal/zudoku/guides/custom-pages.md +106 -0
  336. package/docs/dev-portal/zudoku/guides/environment-variables.md +99 -0
  337. package/docs/dev-portal/zudoku/guides/mermaid.mdx +70 -0
  338. package/docs/dev-portal/zudoku/guides/navigation-migration.md +87 -0
  339. package/docs/dev-portal/zudoku/guides/navigation-rules.mdx +197 -0
  340. package/docs/dev-portal/zudoku/guides/processors.mdx +234 -0
  341. package/docs/dev-portal/zudoku/guides/static-files.md +55 -0
  342. package/docs/dev-portal/zudoku/guides/transforming-examples.md +156 -0
  343. package/docs/dev-portal/zudoku/guides/using-multiple-apis.md +87 -0
  344. package/docs/dev-portal/zudoku/markdown/admonitions.md +128 -0
  345. package/docs/dev-portal/zudoku/markdown/code-blocks.md +196 -0
  346. package/docs/dev-portal/zudoku/markdown/frontmatter.md +172 -0
  347. package/docs/dev-portal/zudoku/markdown/mdx.md +68 -0
  348. package/docs/dev-portal/zudoku/markdown/overview.md +275 -0
  349. package/docs/dev-portal/zudoku/plugins.md +5 -0
  350. package/docs/dev-portal/zudoku/writing.mdx +72 -0
  351. package/docs/errors/bad-request.mdx +39 -0
  352. package/docs/errors/build-error.mdx +45 -0
  353. package/docs/errors/fatal-project-error.mdx +39 -0
  354. package/docs/errors/gateway-timeout.mdx +33 -0
  355. package/docs/errors/get-head-body-error.mdx +41 -0
  356. package/docs/errors/main-mod-error.mdx +40 -0
  357. package/docs/errors/no-project-set.mdx +41 -0
  358. package/docs/errors/not-found.mdx +43 -0
  359. package/docs/errors/rate-limit-exceeded.mdx +31 -0
  360. package/docs/errors/schema-validation-failed.mdx +51 -0
  361. package/docs/errors/system-configuration-error.mdx +44 -0
  362. package/docs/errors/unauthorized.mdx +50 -0
  363. package/docs/errors/unknown-error.mdx +42 -0
  364. package/docs/errors.mdx +14 -0
  365. package/docs/guides/canary-routing-for-employees.mdx +385 -0
  366. package/docs/guides/geolocation-backend-routing.mdx +404 -0
  367. package/docs/guides/modify-openapi-paths.mdx +371 -0
  368. package/docs/guides/openapi-overlays.mdx +492 -0
  369. package/docs/guides/overview.mdx +12 -0
  370. package/docs/guides/user-based-backend-routing.mdx +437 -0
  371. package/docs/handlers/aws-lambda.mdx +201 -0
  372. package/docs/handlers/custom-handler.mdx +112 -0
  373. package/docs/handlers/legacy-dev-portal-handler.mdx +135 -0
  374. package/docs/handlers/mcp-server.mdx +730 -0
  375. package/docs/handlers/openapi.mdx +78 -0
  376. package/docs/handlers/redirect.mdx +115 -0
  377. package/docs/handlers/system-handlers.mdx +41 -0
  378. package/docs/handlers/url-forward.mdx +204 -0
  379. package/docs/handlers/url-rewrite.mdx +224 -0
  380. package/docs/handlers/websocket-handler.mdx +154 -0
  381. package/docs/home.mdx +6 -0
  382. package/docs/managed-edge/overview.md +78 -0
  383. package/docs/mcp-server/configuration-migration-guide.mdx +344 -0
  384. package/docs/mcp-server/custom-tools.mdx +487 -0
  385. package/docs/mcp-server/graphql.mdx +241 -0
  386. package/docs/mcp-server/introduction.mdx +122 -0
  387. package/docs/mcp-server/openai-apps-sdk.mdx +160 -0
  388. package/docs/mcp-server/prompts.mdx +283 -0
  389. package/docs/mcp-server/resources.mdx +288 -0
  390. package/docs/mcp-server/testing.mdx +53 -0
  391. package/docs/mcp-server/tools.mdx +306 -0
  392. package/docs/policies/_index.md +92 -0
  393. package/docs/policies/ab-test-inbound/intro.md +8 -0
  394. package/docs/policies/ab-test-inbound/policy.ts +14 -0
  395. package/docs/policies/ab-test-inbound/schema.json +27 -0
  396. package/docs/policies/ab-test-outbound/intro.md +8 -0
  397. package/docs/policies/ab-test-outbound/policy.ts +26 -0
  398. package/docs/policies/ab-test-outbound/schema.json +27 -0
  399. package/docs/policies/acl-policy-inbound/intro.md +5 -0
  400. package/docs/policies/acl-policy-inbound/policy.ts +32 -0
  401. package/docs/policies/acl-policy-inbound/schema.json +52 -0
  402. package/docs/policies/akamai-ai-firewall/schema.json +98 -0
  403. package/docs/policies/amberflo-metering-inbound/doc.md +183 -0
  404. package/docs/policies/amberflo-metering-inbound/intro.md +20 -0
  405. package/docs/policies/amberflo-metering-inbound/schema.json +108 -0
  406. package/docs/policies/api-key-inbound/doc.md +77 -0
  407. package/docs/policies/api-key-inbound/intro.md +30 -0
  408. package/docs/policies/api-key-inbound/schema.json +84 -0
  409. package/docs/policies/archive-request-aws-s3-inbound/intro.md +4 -0
  410. package/docs/policies/archive-request-aws-s3-inbound/policy.ts +58 -0
  411. package/docs/policies/archive-request-aws-s3-inbound/schema.json +68 -0
  412. package/docs/policies/archive-request-azure-storage-inbound/doc.md +31 -0
  413. package/docs/policies/archive-request-azure-storage-inbound/intro.md +4 -0
  414. package/docs/policies/archive-request-azure-storage-inbound/policy.ts +54 -0
  415. package/docs/policies/archive-request-azure-storage-inbound/schema.json +53 -0
  416. package/docs/policies/archive-request-gcp-storage-inbound/doc.md +63 -0
  417. package/docs/policies/archive-request-gcp-storage-inbound/intro.md +4 -0
  418. package/docs/policies/archive-request-gcp-storage-inbound/policy.ts +68 -0
  419. package/docs/policies/archive-request-gcp-storage-inbound/schema.json +47 -0
  420. package/docs/policies/archive-response-aws-s3-outbound/intro.md +2 -0
  421. package/docs/policies/archive-response-aws-s3-outbound/policy.ts +59 -0
  422. package/docs/policies/archive-response-aws-s3-outbound/schema.json +68 -0
  423. package/docs/policies/archive-response-azure-storage-outbound/doc.md +31 -0
  424. package/docs/policies/archive-response-azure-storage-outbound/intro.md +3 -0
  425. package/docs/policies/archive-response-azure-storage-outbound/policy.ts +54 -0
  426. package/docs/policies/archive-response-azure-storage-outbound/schema.json +53 -0
  427. package/docs/policies/audit-log-inbound/doc.md +78 -0
  428. package/docs/policies/audit-log-inbound/intro.md +10 -0
  429. package/docs/policies/audit-log-inbound/schema.json +81 -0
  430. package/docs/policies/auth0-jwt-auth-inbound/doc.md +125 -0
  431. package/docs/policies/auth0-jwt-auth-inbound/intro.md +17 -0
  432. package/docs/policies/auth0-jwt-auth-inbound/schema.json +74 -0
  433. package/docs/policies/authzen-inbound/doc.md +24 -0
  434. package/docs/policies/authzen-inbound/intro.md +31 -0
  435. package/docs/policies/authzen-inbound/schema.json +126 -0
  436. package/docs/policies/axiomatics-authz-inbound/doc.md +144 -0
  437. package/docs/policies/axiomatics-authz-inbound/intro.md +11 -0
  438. package/docs/policies/axiomatics-authz-inbound/schema.json +161 -0
  439. package/docs/policies/basic-auth-inbound/intro.md +9 -0
  440. package/docs/policies/basic-auth-inbound/schema.json +99 -0
  441. package/docs/policies/bot-detection-inbound/intro.md +4 -0
  442. package/docs/policies/bot-detection-inbound/schema.json +56 -0
  443. package/docs/policies/brownout-inbound/doc.md +55 -0
  444. package/docs/policies/brownout-inbound/intro.md +12 -0
  445. package/docs/policies/brownout-inbound/schema.json +115 -0
  446. package/docs/policies/caching-inbound/doc.md +209 -0
  447. package/docs/policies/caching-inbound/intro.md +23 -0
  448. package/docs/policies/caching-inbound/schema.json +98 -0
  449. package/docs/policies/change-method-inbound/schema.json +56 -0
  450. package/docs/policies/clear-headers-inbound/schema.json +59 -0
  451. package/docs/policies/clear-headers-outbound/schema.json +59 -0
  452. package/docs/policies/clerk-jwt-auth-inbound/doc.md +85 -0
  453. package/docs/policies/clerk-jwt-auth-inbound/intro.md +4 -0
  454. package/docs/policies/clerk-jwt-auth-inbound/schema.json +68 -0
  455. package/docs/policies/cognito-jwt-auth-inbound/intro.md +7 -0
  456. package/docs/policies/cognito-jwt-auth-inbound/schema.json +74 -0
  457. package/docs/policies/comet-opik-tracing-inbound/schema.json +65 -0
  458. package/docs/policies/complex-rate-limit-inbound/doc.md +20 -0
  459. package/docs/policies/complex-rate-limit-inbound/intro.md +23 -0
  460. package/docs/policies/complex-rate-limit-inbound/schema.json +142 -0
  461. package/docs/policies/composite-inbound/doc.md +69 -0
  462. package/docs/policies/composite-inbound/intro.md +15 -0
  463. package/docs/policies/composite-inbound/schema.json +59 -0
  464. package/docs/policies/composite-outbound/intro.md +6 -0
  465. package/docs/policies/composite-outbound/schema.json +59 -0
  466. package/docs/policies/curity-phantom-token-inbound/doc.md +109 -0
  467. package/docs/policies/curity-phantom-token-inbound/intro.md +3 -0
  468. package/docs/policies/curity-phantom-token-inbound/schema.json +68 -0
  469. package/docs/policies/custom-code-inbound/doc.md +267 -0
  470. package/docs/policies/custom-code-inbound/intro.md +2 -0
  471. package/docs/policies/custom-code-inbound/schema.json +48 -0
  472. package/docs/policies/custom-code-outbound/doc.md +235 -0
  473. package/docs/policies/custom-code-outbound/intro.md +2 -0
  474. package/docs/policies/custom-code-outbound/schema.json +43 -0
  475. package/docs/policies/firebase-jwt-inbound/intro.md +6 -0
  476. package/docs/policies/firebase-jwt-inbound/schema.json +68 -0
  477. package/docs/policies/formdata-to-json-inbound/schema.json +60 -0
  478. package/docs/policies/galileo-tracing-inbound/schema.json +65 -0
  479. package/docs/policies/geo-filter-inbound/doc.md +33 -0
  480. package/docs/policies/geo-filter-inbound/schema.json +108 -0
  481. package/docs/policies/graphql-complexity-limit-inbound/doc.md +48 -0
  482. package/docs/policies/graphql-complexity-limit-inbound/intro.md +2 -0
  483. package/docs/policies/graphql-complexity-limit-inbound/schema.json +90 -0
  484. package/docs/policies/graphql-disable-introspection-inbound/doc.md +66 -0
  485. package/docs/policies/graphql-disable-introspection-inbound/intro.md +15 -0
  486. package/docs/policies/graphql-disable-introspection-inbound/schema.json +48 -0
  487. package/docs/policies/graphql-introspection-filter-outbound/doc.md +148 -0
  488. package/docs/policies/graphql-introspection-filter-outbound/schema.json +79 -0
  489. package/docs/policies/hmac-auth-inbound/doc.md +30 -0
  490. package/docs/policies/hmac-auth-inbound/intro.md +10 -0
  491. package/docs/policies/hmac-auth-inbound/policy.ts +70 -0
  492. package/docs/policies/hmac-auth-inbound/schema.json +53 -0
  493. package/docs/policies/http-deprecation-outbound/doc.md +73 -0
  494. package/docs/policies/http-deprecation-outbound/schema.json +83 -0
  495. package/docs/policies/ip-restriction-inbound/intro.md +8 -0
  496. package/docs/policies/ip-restriction-inbound/policy.ts +40 -0
  497. package/docs/policies/ip-restriction-inbound/schema.json +58 -0
  498. package/docs/policies/jwt-scopes-inbound/schema.json +59 -0
  499. package/docs/policies/ldap-auth-inbound/schema.json +56 -0
  500. package/docs/policies/mock-api-inbound/schema.json +72 -0
  501. package/docs/policies/moesif-inbound/doc.md +44 -0
  502. package/docs/policies/moesif-inbound/intro.md +6 -0
  503. package/docs/policies/moesif-inbound/schema.json +68 -0
  504. package/docs/policies/monetization-inbound/doc.md +87 -0
  505. package/docs/policies/monetization-inbound/intro.md +6 -0
  506. package/docs/policies/monetization-inbound/schema.json +102 -0
  507. package/docs/policies/mtls-auth-inbound/intro.md +6 -0
  508. package/docs/policies/mtls-auth-inbound/schema.json +68 -0
  509. package/docs/policies/okta-fga-authz-inbound/doc.md +181 -0
  510. package/docs/policies/okta-fga-authz-inbound/intro.md +20 -0
  511. package/docs/policies/okta-fga-authz-inbound/schema.json +104 -0
  512. package/docs/policies/okta-jwt-auth-inbound/intro.md +7 -0
  513. package/docs/policies/okta-jwt-auth-inbound/schema.json +74 -0
  514. package/docs/policies/open-id-jwt-auth-inbound/doc.md +58 -0
  515. package/docs/policies/open-id-jwt-auth-inbound/intro.md +30 -0
  516. package/docs/policies/open-id-jwt-auth-inbound/schema.json +128 -0
  517. package/docs/policies/openfga-authz-inbound/doc.md +207 -0
  518. package/docs/policies/openfga-authz-inbound/intro.md +17 -0
  519. package/docs/policies/openfga-authz-inbound/schema.json +191 -0
  520. package/docs/policies/openmeter-inbound/doc.md +163 -0
  521. package/docs/policies/openmeter-inbound/intro.md +18 -0
  522. package/docs/policies/openmeter-inbound/schema.json +183 -0
  523. package/docs/policies/prompt-injection-outbound/doc.md +106 -0
  524. package/docs/policies/prompt-injection-outbound/intro.md +4 -0
  525. package/docs/policies/prompt-injection-outbound/schema.json +74 -0
  526. package/docs/policies/propel-auth-jwt-inbound/doc.md +88 -0
  527. package/docs/policies/propel-auth-jwt-inbound/intro.md +4 -0
  528. package/docs/policies/propel-auth-jwt-inbound/schema.json +74 -0
  529. package/docs/policies/query-param-to-header-inbound/doc.md +70 -0
  530. package/docs/policies/query-param-to-header-inbound/intro.md +5 -0
  531. package/docs/policies/query-param-to-header-inbound/schema.json +74 -0
  532. package/docs/policies/quota-inbound/doc.md +235 -0
  533. package/docs/policies/quota-inbound/intro.md +7 -0
  534. package/docs/policies/quota-inbound/schema.json +133 -0
  535. package/docs/policies/rate-limit-inbound/doc.md +78 -0
  536. package/docs/policies/rate-limit-inbound/intro.md +30 -0
  537. package/docs/policies/rate-limit-inbound/schema.json +134 -0
  538. package/docs/policies/rbac-policy-inbound/intro.md +3 -0
  539. package/docs/policies/rbac-policy-inbound/policy.ts +42 -0
  540. package/docs/policies/rbac-policy-inbound/schema.json +52 -0
  541. package/docs/policies/readme-metrics-inbound/doc.md +1 -0
  542. package/docs/policies/readme-metrics-inbound/intro.md +3 -0
  543. package/docs/policies/readme-metrics-inbound/schema.json +84 -0
  544. package/docs/policies/remove-headers-inbound/schema.json +59 -0
  545. package/docs/policies/remove-headers-outbound/schema.json +59 -0
  546. package/docs/policies/remove-query-params-inbound/schema.json +59 -0
  547. package/docs/policies/replace-string-outbound/schema.json +69 -0
  548. package/docs/policies/request-size-limit-inbound/schema.json +60 -0
  549. package/docs/policies/request-validation-inbound/doc.md +72 -0
  550. package/docs/policies/request-validation-inbound/intro.md +24 -0
  551. package/docs/policies/request-validation-inbound/schema.json +98 -0
  552. package/docs/policies/require-origin-inbound/intro.md +12 -0
  553. package/docs/policies/require-origin-inbound/schema.json +65 -0
  554. package/docs/policies/secret-masking-outbound/doc.md +41 -0
  555. package/docs/policies/secret-masking-outbound/intro.md +13 -0
  556. package/docs/policies/secret-masking-outbound/schema.json +65 -0
  557. package/docs/policies/semantic-cache-inbound/doc.md +63 -0
  558. package/docs/policies/semantic-cache-inbound/intro.md +4 -0
  559. package/docs/policies/semantic-cache-inbound/schema.json +179 -0
  560. package/docs/policies/set-body-inbound/intro.md +7 -0
  561. package/docs/policies/set-body-inbound/schema.json +56 -0
  562. package/docs/policies/set-headers-inbound/doc.md +41 -0
  563. package/docs/policies/set-headers-inbound/intro.md +2 -0
  564. package/docs/policies/set-headers-inbound/schema.json +83 -0
  565. package/docs/policies/set-headers-outbound/schema.json +83 -0
  566. package/docs/policies/set-query-params-inbound/schema.json +83 -0
  567. package/docs/policies/set-status-outbound/schema.json +62 -0
  568. package/docs/policies/sleep-inbound/schema.json +56 -0
  569. package/docs/policies/stripe-webhook-verification-inbound/intro.md +2 -0
  570. package/docs/policies/stripe-webhook-verification-inbound/schema.json +60 -0
  571. package/docs/policies/supabase-jwt-auth-inbound/doc.md +29 -0
  572. package/docs/policies/supabase-jwt-auth-inbound/intro.md +12 -0
  573. package/docs/policies/supabase-jwt-auth-inbound/schema.json +86 -0
  574. package/docs/policies/transform-body-inbound/intro.md +8 -0
  575. package/docs/policies/transform-body-inbound/policy.ts +16 -0
  576. package/docs/policies/transform-body-inbound/schema.json +27 -0
  577. package/docs/policies/transform-body-outbound/intro.md +8 -0
  578. package/docs/policies/transform-body-outbound/policy.ts +19 -0
  579. package/docs/policies/transform-body-outbound/schema.json +27 -0
  580. package/docs/policies/upstream-azure-ad-service-auth-inbound/doc.md +82 -0
  581. package/docs/policies/upstream-azure-ad-service-auth-inbound/intro.md +20 -0
  582. package/docs/policies/upstream-azure-ad-service-auth-inbound/schema.json +84 -0
  583. package/docs/policies/upstream-firebase-admin-auth-inbound/intro.md +10 -0
  584. package/docs/policies/upstream-firebase-admin-auth-inbound/schema.json +68 -0
  585. package/docs/policies/upstream-firebase-user-auth-inbound/intro.md +2 -0
  586. package/docs/policies/upstream-firebase-user-auth-inbound/schema.json +113 -0
  587. package/docs/policies/upstream-gcp-federated-auth-inbound/doc.md +139 -0
  588. package/docs/policies/upstream-gcp-federated-auth-inbound/intro.md +21 -0
  589. package/docs/policies/upstream-gcp-federated-auth-inbound/schema.json +96 -0
  590. package/docs/policies/upstream-gcp-jwt-inbound/intro.md +10 -0
  591. package/docs/policies/upstream-gcp-jwt-inbound/schema.json +62 -0
  592. package/docs/policies/upstream-gcp-service-auth-inbound/doc.md +132 -0
  593. package/docs/policies/upstream-gcp-service-auth-inbound/intro.md +25 -0
  594. package/docs/policies/upstream-gcp-service-auth-inbound/schema.json +95 -0
  595. package/docs/policies/upstream-zuplo-jwt-auth-inbound/doc.md +213 -0
  596. package/docs/policies/upstream-zuplo-jwt-auth-inbound/intro.md +16 -0
  597. package/docs/policies/upstream-zuplo-jwt-auth-inbound/schema.json +101 -0
  598. package/docs/policies/validate-json-schema-inbound/doc.md +129 -0
  599. package/docs/policies/validate-json-schema-inbound/intro.md +7 -0
  600. package/docs/policies/validate-json-schema-inbound/schema.json +56 -0
  601. package/docs/policies/web-bot-auth-inbound/doc.md +104 -0
  602. package/docs/policies/web-bot-auth-inbound/intro.md +16 -0
  603. package/docs/policies/web-bot-auth-inbound/schema.json +76 -0
  604. package/docs/policies/xml-to-json-outbound/doc.md +71 -0
  605. package/docs/policies/xml-to-json-outbound/intro.md +4 -0
  606. package/docs/policies/xml-to-json-outbound/schema.json +117 -0
  607. package/docs/programmable-api/audit-log.mdx +74 -0
  608. package/docs/programmable-api/background-dispatcher.mdx +124 -0
  609. package/docs/programmable-api/background-loader.mdx +104 -0
  610. package/docs/programmable-api/cache.mdx +186 -0
  611. package/docs/programmable-api/compatibility-dates.mdx +201 -0
  612. package/docs/programmable-api/console-logging.mdx +48 -0
  613. package/docs/programmable-api/context-data.mdx +127 -0
  614. package/docs/programmable-api/custom-cors-policy.mdx +64 -0
  615. package/docs/programmable-api/environment.mdx +328 -0
  616. package/docs/programmable-api/hooks.mdx +569 -0
  617. package/docs/programmable-api/http-problems.mdx +385 -0
  618. package/docs/programmable-api/jwt-service-plugin.mdx +420 -0
  619. package/docs/programmable-api/logger.mdx +223 -0
  620. package/docs/programmable-api/memory-zone-read-through-cache.mdx +96 -0
  621. package/docs/programmable-api/node-modules.mdx +67 -0
  622. package/docs/programmable-api/not-found-handler.mdx +47 -0
  623. package/docs/programmable-api/oauth-protected-resource-plugin.mdx +46 -0
  624. package/docs/programmable-api/overview.mdx +213 -0
  625. package/docs/programmable-api/problem-response-formatter.mdx +183 -0
  626. package/docs/programmable-api/request-user.mdx +289 -0
  627. package/docs/programmable-api/reusing-code.mdx +26 -0
  628. package/docs/programmable-api/route-raw.mdx +55 -0
  629. package/docs/programmable-api/runtime-behaviors.mdx +25 -0
  630. package/docs/programmable-api/runtime-errors.mdx +246 -0
  631. package/docs/programmable-api/runtime-extensions.mdx +340 -0
  632. package/docs/programmable-api/safely-clone-a-request-or-response.mdx +57 -0
  633. package/docs/programmable-api/streaming-zone-cache.mdx +155 -0
  634. package/docs/programmable-api/web-crypto-apis.mdx +219 -0
  635. package/docs/programmable-api/web-standard-apis.mdx +109 -0
  636. package/docs/programmable-api/zone-cache.mdx +131 -0
  637. package/docs/programmable-api/zp-body-removed.mdx +32 -0
  638. package/docs/programmable-api/zuplo-context.mdx +414 -0
  639. package/docs/programmable-api/zuplo-id-token.mdx +90 -0
  640. package/docs/programmable-api/zuplo-json.mdx +91 -0
  641. package/docs/programmable-api/zuplo-request.mdx +200 -0
  642. package/docs/sample-apis.mdx +78 -0
  643. package/docs/self-hosted/overview.md +60 -0
  644. package/package.json +6 -5
@@ -0,0 +1,72 @@
1
+ The Request Validation Inbound policy validates incoming requests against your
2
+ OpenAPI schema definitions. This ensures that all requests to your API conform
3
+ to your specified data structure and types before they reach your backend
4
+ services.
5
+
6
+ ## How It Works
7
+
8
+ This policy automatically validates incoming requests based on the OpenAPI
9
+ schemas defined in your API specification. It checks:
10
+
11
+ - **Request Bodies**: Validates JSON/XML payloads against your schema
12
+ definitions
13
+ - **Query Parameters**: Ensures query parameters match expected types and
14
+ constraints
15
+ - **Path Parameters**: Validates URL path parameters against defined patterns
16
+ - **Headers**: Verifies required headers are present and conform to
17
+ specifications
18
+
19
+ When a request fails validation, the policy returns a detailed 400 Bad Request
20
+ response with specific information about which part of the request failed
21
+ validation and why.
22
+
23
+ ## Configuration
24
+
25
+ The policy requires minimal configuration as it automatically uses your existing
26
+ OpenAPI schemas. You can enable or disable validation for specific parts of the
27
+ request (body, query parameters, headers) through the policy options.
28
+
29
+ ## OpenAPI Schema Example
30
+
31
+ Here's an example of how to specify a schema for validation in a request body in
32
+ your OpenAPI specification:
33
+
34
+ ```json
35
+ "requestBody": {
36
+ "description": "user to add to the system",
37
+ "content": {
38
+ "application/json": {
39
+ "schema": {
40
+ "type": "object",
41
+ "properties": {
42
+ "name": {
43
+ "type": "string"
44
+ },
45
+ "age": {
46
+ "type": "integer"
47
+ }
48
+ },
49
+ "required": [
50
+ "name",
51
+ "age"
52
+ ]
53
+ }
54
+ }
55
+ }
56
+ }
57
+ ```
58
+
59
+ ## Advanced Validation
60
+
61
+ The policy supports the full range of OpenAPI schema validation features,
62
+ including:
63
+
64
+ - Type validation (string, number, boolean, array, object)
65
+ - Format validation (date, date-time, email, etc.)
66
+ - Pattern matching with regular expressions
67
+ - Numeric constraints (minimum, maximum, multipleOf)
68
+ - String constraints (minLength, maxLength)
69
+ - Array constraints (minItems, maxItems, uniqueItems)
70
+ - Required properties
71
+ - Enum values
72
+ - Complex schemas with allOf, anyOf, oneOf, and not
@@ -0,0 +1,24 @@
1
+ The Request Validation policy validates incoming requests against your OpenAPI
2
+ schema definitions, ensuring that all requests conform to your API's expected
3
+ structure and data types before they reach your backend services.
4
+
5
+ With this policy, you'll benefit from:
6
+
7
+ - **Data Integrity Protection**: Prevent malformed or invalid data from reaching
8
+ your backend systems
9
+ - **Automatic Schema Enforcement**: Leverage your existing OpenAPI definitions
10
+ for validation without additional code
11
+ - **Comprehensive Validation**: Validate request bodies, query parameters, path
12
+ parameters, and headers
13
+ - **Detailed Error Responses**: Return clear, actionable error messages that
14
+ help API consumers fix invalid requests
15
+ - **Developer-Friendly Experience**: Improve the developer experience by
16
+ providing immediate feedback on request issues
17
+ - **Reduced Backend Errors**: Minimize crashes and unexpected behavior caused by
18
+ invalid input data
19
+ - **API Contract Enforcement**: Ensure all API consumers adhere to your
20
+ documented API contract
21
+
22
+ When configured, any requests that do not conform to your OpenAPI schema will be
23
+ rejected with a `400: Bad Request` response containing a detailed error message
24
+ (in JSON) explaining why the request was not accepted.
@@ -0,0 +1,98 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft-07/schema",
3
+ "$id": "http://zuplo.com/schemas/policies/auth0-jwt-auth-inbound.json",
4
+ "type": "object",
5
+ "title": "Request Validation",
6
+ "isDeprecated": false,
7
+ "isPaidAddOn": false,
8
+ "isEnterprise": false,
9
+ "isInternal": false,
10
+ "isBeta": false,
11
+ "isHidden": false,
12
+ "products": ["api-gateway"],
13
+ "description": "Validates incoming requests against your OpenAPI specification. Checks query parameters, path parameters, headers, and request body to ensure they match the defined schema before processing.",
14
+ "deprecatedMessage": "",
15
+ "required": ["handler"],
16
+ "properties": {
17
+ "handler": {
18
+ "type": "object",
19
+ "default": {},
20
+ "required": ["export", "module", "options"],
21
+ "properties": {
22
+ "export": {
23
+ "const": "RequestValidationInboundPolicy",
24
+ "description": "The name of the exported type"
25
+ },
26
+ "module": {
27
+ "const": "$import(@zuplo/runtime)",
28
+ "description": "The module containing the policy"
29
+ },
30
+ "options": {
31
+ "title": "RequestValidationInboundPolicyOptions",
32
+ "type": "object",
33
+ "description": "The options for this policy.",
34
+ "additionalProperties": false,
35
+ "required": [],
36
+ "properties": {
37
+ "logLevel": {
38
+ "type": "string",
39
+ "default": "info",
40
+ "description": "The log level to use when logging validation errors.",
41
+ "enum": ["error", "warn", "info", "debug"]
42
+ },
43
+ "validateBody": {
44
+ "examples": ["reject-and-log"],
45
+ "type": "string",
46
+ "title": "ValidationOptions",
47
+ "default": "none",
48
+ "description": "The action to perform when validation fails.",
49
+ "enum": ["none", "log-only", "reject-and-log", "reject-only"]
50
+ },
51
+ "validateQueryParameters": {
52
+ "examples": ["log-only"],
53
+ "type": "string",
54
+ "title": "ValidationOptions",
55
+ "default": "none",
56
+ "description": "The action to perform when validation fails.",
57
+ "enum": ["none", "log-only", "reject-and-log", "reject-only"]
58
+ },
59
+ "validatePathParameters": {
60
+ "examples": ["log-only"],
61
+ "type": "string",
62
+ "title": "ValidationOptions",
63
+ "default": "none",
64
+ "description": "The action to perform when validation fails.",
65
+ "enum": ["none", "log-only", "reject-and-log", "reject-only"]
66
+ },
67
+ "validateHeaders": {
68
+ "type": "string",
69
+ "title": "ValidationOptions",
70
+ "default": "none",
71
+ "description": "The action to perform when validation fails.",
72
+ "enum": ["none", "log-only", "reject-and-log", "reject-only"]
73
+ },
74
+ "includeRequestInLogs": {
75
+ "type": "boolean",
76
+ "default": false,
77
+ "description": "Whether to include the request in the logs."
78
+ }
79
+ }
80
+ }
81
+ },
82
+ "examples": [
83
+ {
84
+ "export": "RequestValidationInboundPolicy",
85
+ "module": "$import(@zuplo/runtime)",
86
+ "options": {
87
+ "includeRequestInLogs": false,
88
+ "logLevel": "info",
89
+ "validateBody": "reject-and-log",
90
+ "validateHeaders": "none",
91
+ "validatePathParameters": "log-only",
92
+ "validateQueryParameters": "log-only"
93
+ }
94
+ }
95
+ ]
96
+ }
97
+ }
98
+ }
@@ -0,0 +1,12 @@
1
+ The Require Origin policy is used to enforce that the client is sending an
2
+ `origin` header that matches your allow-list specified in the policy options.
3
+
4
+ This is useful if you want to stop any browser traffic from different domains.
5
+
6
+ However, it is important to note that it does not guarantee that traffic is only
7
+ coming from a browser. Somebody could simulate a browser request from a backend
8
+ server and set any origin they like.
9
+
10
+ If the incoming origin is missing, or not allowed - a 400 Forbidden Problem
11
+ Response will be sent to the client. You can customize the `detail` property in
12
+ the policy options.
@@ -0,0 +1,65 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft-07/schema",
3
+ "$id": "http://zuplo.com/schemas/policies/auth0-jwt-auth-inbound.json",
4
+ "type": "object",
5
+ "title": "Require Origin",
6
+ "isDeprecated": false,
7
+ "isPaidAddOn": false,
8
+ "isEnterprise": false,
9
+ "isInternal": false,
10
+ "isBeta": false,
11
+ "isHidden": false,
12
+ "products": ["api-gateway"],
13
+ "description": "Sets an allow-list for an origin header",
14
+ "deprecatedMessage": "",
15
+ "required": ["handler"],
16
+ "properties": {
17
+ "handler": {
18
+ "type": "object",
19
+ "default": {},
20
+ "required": ["export", "module", "options"],
21
+ "properties": {
22
+ "export": {
23
+ "const": "RequireOriginInboundPolicy",
24
+ "description": "The name of the exported type"
25
+ },
26
+ "module": {
27
+ "const": "$import(@zuplo/runtime)",
28
+ "description": "The module containing the policy"
29
+ },
30
+ "options": {
31
+ "title": "RequireOriginInboundPolicyOptions",
32
+ "type": "object",
33
+ "description": "The options for this policy.",
34
+ "additionalProperties": false,
35
+ "required": ["origins"],
36
+ "properties": {
37
+ "origins": {
38
+ "type": "string",
39
+ "examples": ["https://example.com, https://example.org"],
40
+ "description": "A comma separated string containing valid origins."
41
+ },
42
+ "failureDetail": {
43
+ "type": "string",
44
+ "default": "Forbidden",
45
+ "examples": [
46
+ "Your origin is not authorized to make this request."
47
+ ],
48
+ "description": "The `detail` of the HTTP Problem response, if the origin is missing or disallowed."
49
+ }
50
+ }
51
+ }
52
+ },
53
+ "examples": [
54
+ {
55
+ "export": "RequireOriginInboundPolicy",
56
+ "module": "$import(@zuplo/runtime)",
57
+ "options": {
58
+ "failureDetail": "Your origin is not authorized to make this request.",
59
+ "origins": "https://example.com, https://example.org"
60
+ }
61
+ }
62
+ ]
63
+ }
64
+ }
65
+ }
@@ -0,0 +1,41 @@
1
+ This policy masks sensitive secrets in outgoing requests to prevent exposure to
2
+ downstream consumers. This is especially useful for AI agents and MCP clients
3
+ (where LLMs should not consume potentially sensitive user generated information
4
+ or poisoned agents are attempting to leak information they have access to).
5
+
6
+ ## Configuration
7
+
8
+ - `mask`: The mask to use when redacting information. **Default:** `[REDACTED]`
9
+ - `additionalPatterns`: Additional Regex patterns to mask secrets with (make
10
+ sure to correctly escape "meta escape" characters: i.e., `\b` should be
11
+ escaped `\\b` to avoid a JSON parsing error. Otherwise, you may see build
12
+ errors).
13
+
14
+ ## Usage
15
+
16
+ Apply this policy to outbound requests in your route configuration:
17
+
18
+ ```json
19
+ {
20
+ "policies": [
21
+ {
22
+ "name": "secret-masking-policy",
23
+ "policyType": "secret-masking-outbound",
24
+ "handler": {
25
+ "export": "SecretMaskingOutboundPolicy",
26
+ "module": "$import(@zuplo/runtime)",
27
+ "options": {
28
+ "mask": "<SECRET MASKED>",
29
+ "additionalPatterns": ["\\b(\\w+)=\\w+\\b"]
30
+ }
31
+ }
32
+ }
33
+ ]
34
+ }
35
+ ```
36
+
37
+ # Masked secrets
38
+
39
+ - Zuplo API keys (i.e. `zpka_xxx`)
40
+ - GitHub Tokens and Personal Access Tokens (i.e. `ghp_xxx`)
41
+ - Private key blocks (i.e. `BEGIN PRIVATE KEY` and `END PRIVATE KEY`)
@@ -0,0 +1,13 @@
1
+ The Secret Masking policy searches for and masks common secrets and replaces
2
+ them with a placeholder. Secrets that are automatically masked include:
3
+
4
+ - Zuplo API keys
5
+ - GitHub Tokens and Personal Access Tokens
6
+ - Private key blocks
7
+ - And more!
8
+
9
+ See the [policy documentation](https://zuplo.com/docs/policies/overview) for a
10
+ full description of secrets that are masked via this policy.
11
+
12
+ This is especially useful as an outbound policy for MCP servers, APIs that
13
+ interface with user generated content, or AI consumers.
@@ -0,0 +1,65 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft-07/schema",
3
+ "$id": "http://zuplo.com/schemas/policies/auth0-jwt-auth-inbound.json",
4
+ "type": "object",
5
+ "title": "Secret Masking",
6
+ "isDeprecated": false,
7
+ "isPaidAddOn": false,
8
+ "isEnterprise": false,
9
+ "isInternal": false,
10
+ "isBeta": false,
11
+ "isHidden": false,
12
+ "products": ["api-gateway"],
13
+ "description": "Masks common secrets like Zuplo API keys, GitHub tokens, or SSH private key in the response body.",
14
+ "deprecatedMessage": "",
15
+ "required": ["handler"],
16
+ "properties": {
17
+ "handler": {
18
+ "type": "object",
19
+ "default": {},
20
+ "required": ["export", "module", "options"],
21
+ "properties": {
22
+ "export": {
23
+ "const": "SecretMaskingOutboundPolicy",
24
+ "description": "The name of the exported type"
25
+ },
26
+ "module": {
27
+ "const": "$import(@zuplo/runtime)",
28
+ "description": "The module containing the policy"
29
+ },
30
+ "options": {
31
+ "title": "SecretMaskingOutboundPolicyOptions",
32
+ "type": "object",
33
+ "description": "The options for the secret masking policy.",
34
+ "additionalProperties": false,
35
+ "required": [],
36
+ "properties": {
37
+ "mask": {
38
+ "type": "string",
39
+ "description": "The string to replace detected secrets with.",
40
+ "examples": ["[REDACTED]"],
41
+ "default": "[REDACTED]"
42
+ },
43
+ "additionalPatterns": {
44
+ "type": "array",
45
+ "description": "Extra regex patterns for secrets to mask.",
46
+ "items": {
47
+ "type": "string"
48
+ }
49
+ }
50
+ }
51
+ }
52
+ },
53
+ "examples": [
54
+ {
55
+ "export": "SecretMaskingOutboundPolicy",
56
+ "module": "$import(@zuplo/runtime)",
57
+ "options": {
58
+ "additionalPatterns": [],
59
+ "mask": "[REDACTED]"
60
+ }
61
+ }
62
+ ]
63
+ }
64
+ }
65
+ }
@@ -0,0 +1,63 @@
1
+ ## How it works
2
+
3
+ 1. **Cache Key Generation**: The policy generates a cache key either through a
4
+ custom function or by extracting a value from the request body using a
5
+ property path.
6
+
7
+ 2. **Semantic Matching**: When a request comes in, the policy checks the
8
+ semantic cache service to find semantically similar cache keys based on the
9
+ configured similarity tolerance.
10
+
11
+ 3. **Response Caching**: Successful responses are cached in the semantic cache
12
+ service with the generated cache key.
13
+
14
+ 4. **LLM-powered Similarity**: The cache matching uses Large Language Model
15
+ (LLM) embeddings to determine semantic similarity between cache keys.
16
+
17
+ ## Configuration
18
+
19
+ The policy supports two modes for cache key generation:
20
+
21
+ - **Function Mode**: Use a custom function to generate cache keys
22
+ - **Property Path Mode**: Extract cache keys from JSON request body using a
23
+ property path
24
+
25
+ ### Key Parameters
26
+
27
+ - **semanticTolerance** (optional): A number between 0 and 1 that controls how
28
+ similar cache keys need to be for a match. Default is 0.8. Higher values
29
+ (closer to 1) require more similarity, while lower values allow more flexible
30
+ matching. Can be overridden by custom functions when using
31
+ `cacheBy: "function"`.
32
+ - **expirationSecondsTtl** (optional): Cache expiration time in seconds. Default
33
+ is 3600 (1 hour). Can be overridden by custom functions when using
34
+ `cacheBy: "function"`.
35
+ - **namespace** (optional): An optional string to isolate cache entries within a
36
+ specific namespace. This is useful for multi-tenant scenarios or when you want
37
+ to separate different cache contexts. When specified, only cache entries
38
+ within the same namespace will be matched and retrieved.
39
+
40
+ ### Custom Functions
41
+
42
+ When using `cacheBy: "function"`, your custom function should return an object
43
+ with the following structure:
44
+
45
+ ```typescript
46
+ {
47
+ cacheKey: string; // Required: The cache key for semantic matching
48
+ semanticTolerance?: number; // Optional: Override the policy's similarity tolerance
49
+ expirationSecondsTtl?: number; // Optional: Override the policy's cache expiration time
50
+ }
51
+ ```
52
+
53
+ This allows for dynamic configuration where different requests can have
54
+ different caching behaviors based on your custom logic.
55
+
56
+ ## Use Cases
57
+
58
+ - Caching API responses where requests may be semantically similar but not
59
+ identical
60
+ - Natural language query caching where similar questions should return the same
61
+ response
62
+ - User-specific caching where slight variations in user identifiers map to the
63
+ same cache entry
@@ -0,0 +1,4 @@
1
+ The Semantic Cache Inbound policy caches responses based on semantic similarity
2
+ of cache keys rather than exact matches. This allows for more flexible caching
3
+ where similar requests can return cached responses even if the cache key is not
4
+ exactly the same.
@@ -0,0 +1,179 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft-07/schema",
3
+ "$id": "http://zuplo.com/schemas/policies/auth0-jwt-auth-inbound.json",
4
+ "type": "object",
5
+ "title": "Semantic Cache",
6
+ "isDeprecated": false,
7
+ "isPaidAddOn": false,
8
+ "isEnterprise": true,
9
+ "isInternal": false,
10
+ "isBeta": true,
11
+ "isHidden": false,
12
+ "products": ["api-gateway"],
13
+ "description": "Respond to matched incoming requests with semantically cached content\n\nThe Semantic Cache Inbound policy caches responses based on semantic similarity of cache keys rather than exact matches. This allows for more flexible caching where similar requests can return cached responses even if the cache key is not exactly the same.\n\nThe policy uses Large Language Model (LLM) embeddings to determine semantic similarity between cache keys based on a configurable similarity tolerance.\n\nOptions: - semanticTolerance: The semantic similarity threshold for semantic cache matches (0-1, default: 0.2). Values closer to 0 require higher similarity. Can be overridden by custom functions. - expirationSecondsTtl: The timeout of the cache in seconds (default: 3600, 1 hour). Can be overridden by custom functions. - namespace: Optional namespace to isolate cache entries (default: \"default\"). Useful for multi-tenant scenarios or different cache contexts. - cacheBy: Determines how cache keys are generated: 'function' for custom logic or 'propertyPath' to extract from JSON body.",
14
+ "deprecatedMessage": "",
15
+ "required": ["handler"],
16
+ "properties": {
17
+ "handler": {
18
+ "type": "object",
19
+ "default": {},
20
+ "required": ["export", "module", "options"],
21
+ "properties": {
22
+ "export": {
23
+ "const": "SemanticCacheInboundPolicy",
24
+ "description": "The name of the exported type"
25
+ },
26
+ "module": {
27
+ "const": "$import(@zuplo/runtime)",
28
+ "description": "The module containing the policy"
29
+ },
30
+ "options": {
31
+ "title": "SemanticCacheInboundPolicyOptions",
32
+ "type": "object",
33
+ "description": "The options for this policy.",
34
+ "additionalProperties": false,
35
+ "required": ["cacheBy"],
36
+ "properties": {
37
+ "semanticTolerance": {
38
+ "type": "number",
39
+ "default": 0.2,
40
+ "minimum": 0,
41
+ "maximum": 1,
42
+ "description": "The semantic similarity threshold for semantic cache matches. Values closer to 0 require closer similarity, while larger values allow more flexible matching. Default is 0.2."
43
+ },
44
+ "expirationSecondsTtl": {
45
+ "type": "number",
46
+ "default": 3600,
47
+ "minimum": 60,
48
+ "description": "The timeout of the cache in seconds. Defaults to 1 hour."
49
+ },
50
+ "namespace": {
51
+ "type": "string",
52
+ "default": "default",
53
+ "description": "Optional namespace to isolate cache entries. Useful for multi-tenant scenarios or different cache contexts."
54
+ },
55
+ "cacheBy": {
56
+ "type": "string",
57
+ "enum": ["function", "propertyPath"],
58
+ "description": "Determines how the cache key is generated. Use 'function' for custom logic or 'propertyPath' to extract from JSON body."
59
+ },
60
+ "cacheByFunction": {
61
+ "type": "object",
62
+ "additionalProperties": false,
63
+ "description": "The function that returns dynamic cache key data. Used only with `cacheBy=function`.",
64
+ "required": ["export", "module"],
65
+ "properties": {
66
+ "export": {
67
+ "type": "string",
68
+ "description": "Specifies the export to load your custom cache key function, e.g. `default`, `cacheKeyIdentifier`.",
69
+ "examples": ["default", "cacheKeyIdentifier"]
70
+ },
71
+ "module": {
72
+ "type": "string",
73
+ "description": "Specifies the module to load your custom cache key function, in the format `$import(./modules/my-module)`.",
74
+ "examples": ["$import(./modules/my-module)"]
75
+ }
76
+ }
77
+ },
78
+ "cacheByPropertyPath": {
79
+ "type": "string",
80
+ "description": "The path to the property in the request body (JSON) to use as cache key. For example '.userId' would read the 'userId' property from the request body. Only works with cacheBy=propertyPath.",
81
+ "examples": [".userId", ".data.customerId"]
82
+ },
83
+ "statusCodes": {
84
+ "type": "array",
85
+ "items": {
86
+ "type": "number"
87
+ },
88
+ "examples": [[200, 201]],
89
+ "default": [200, 206, 301, 302, 303, 410],
90
+ "description": "Response status codes to be cached."
91
+ },
92
+ "returnCacheStatusHeader": {
93
+ "type": "boolean",
94
+ "default": false,
95
+ "description": "If true, the policy will return a custom header with the cache status. The default header name is `zp-semantic-cache`."
96
+ },
97
+ "cacheStatusHeaderName": {
98
+ "type": "string",
99
+ "default": "zp-semantic-cache",
100
+ "description": "The name of the header to return the cache status. Only used if `returnCacheStatusHeader` is true."
101
+ }
102
+ },
103
+ "allOf": [
104
+ {
105
+ "if": {
106
+ "properties": {
107
+ "cacheBy": {
108
+ "const": "function"
109
+ }
110
+ }
111
+ },
112
+ "then": {
113
+ "required": ["cacheByFunction"]
114
+ }
115
+ },
116
+ {
117
+ "if": {
118
+ "properties": {
119
+ "cacheBy": {
120
+ "const": "propertyPath"
121
+ }
122
+ }
123
+ },
124
+ "then": {
125
+ "required": ["cacheByPropertyPath"]
126
+ }
127
+ }
128
+ ],
129
+ "examples": [
130
+ {
131
+ "cacheBy": "propertyPath",
132
+ "cacheByPropertyPath": ".userId",
133
+ "semanticTolerance": 0.8,
134
+ "expirationSecondsTtl": 3600,
135
+ "namespace": "user-cache"
136
+ },
137
+ {
138
+ "cacheBy": "function",
139
+ "cacheByFunction": {
140
+ "export": "cacheKeyFunction",
141
+ "module": "$import(./modules/cache-key)"
142
+ },
143
+ "semanticTolerance": 0.9,
144
+ "expirationSecondsTtl": 1800,
145
+ "namespace": "api-cache"
146
+ }
147
+ ]
148
+ }
149
+ },
150
+ "examples": [
151
+ {
152
+ "export": "SemanticCacheInboundPolicy",
153
+ "module": "$import(@zuplo/runtime)",
154
+ "options": {
155
+ "cacheBy": "propertyPath",
156
+ "cacheByPropertyPath": ".userId",
157
+ "expirationSecondsTtl": 3600,
158
+ "namespace": "user-cache",
159
+ "semanticTolerance": 0.8
160
+ }
161
+ },
162
+ {
163
+ "export": "SemanticCacheInboundPolicy",
164
+ "module": "$import(@zuplo/runtime)",
165
+ "options": {
166
+ "cacheBy": "function",
167
+ "cacheByFunction": {
168
+ "export": "cacheKeyFunction",
169
+ "module": "$import(./modules/cache-key)"
170
+ },
171
+ "expirationSecondsTtl": 1800,
172
+ "namespace": "api-cache",
173
+ "semanticTolerance": 0.9
174
+ }
175
+ }
176
+ ]
177
+ }
178
+ }
179
+ }
@@ -0,0 +1,7 @@
1
+ The Set Body policy allows you to set or override the incoming request body.
2
+ [GET or HEAD requests do not support bodies on Zuplo](https://zuplo.com/docs/articles/zp-body-removed),
3
+ so be sure to use the
4
+ [Change Method](https://zuplo.com/docs/policies/change-method-inbound) policy to
5
+ update the method to a `POST` or whatever is appropriate. You might also need to
6
+ use the [Set Header](https://zuplo.com/docs/policies/set-headers-inbound) policy
7
+ to set a `content-type`.