zuplo 6.67.32 → 6.68.0

package/docs/articles/accounts/audit-logs.mdx

@@ -0,0 +1,227 @@
+---
+title: Audit Logs
+sidebar_label: Audit Logs
+---
+
+<EnterpriseFeature name="Audit Logs" />
+
+Audit logs provide a comprehensive record of activities within your Zuplo
+account, helping you track changes and maintain compliance requirements. Every
+change performed in your account is logged with detailed information about who
+performed the change, when it occurred, and what resources were affected.
+
+:::note{title="Beta Feature"}
+
+Audit logs are currently in beta. During the beta period not all events may be
+captured. Full coverage is in progress.
+
+:::
+
+## Overview
+
+Audit logs capture critical events across your Zuplo infrastructure, including:
+
+- Project and environment modifications
+- Configuration changes
+- Team member management
+- API key operations
+- Deployment activities
+- Security-related actions
+
+Each log entry provides complete visibility into the change performed, making it
+easy to investigate issues, track changes, and demonstrate compliance.
+
+## Accessing Audit Logs
+
+Audit logs are available for accounts on the Enterprise plan. To access your
+audit logs:
+
+1. Navigate to your account settings
+2. Click on **Audit Logs** in the left sidebar
+3. View the chronological list of all account activities
+
+:::note
+
+Audit logs are retained for 90 days by default. Contact support if you need
+extended retention periods.
+
+:::
+
+## Understanding Log Entries
+
+Each audit log entry contains the following information:
+
+### Core Fields
+
+- **Timestamp**: When the action occurred (ISO 8601 format)
+- **Action**: The specific operation performed (for example, `project.create`,
+  `user.invite`, `deployment.promote`)
+- **Request ID**: Unique identifier for tracking the request
+- **Success**: Whether the action completed successfully (true/false/null)
+- **Error**: Error message if the action failed
+- **Metadata**: Additional action-specific metadata
+
+### Actor Information
+
+- **Sub**: The subject identifier of the actor (user ID, API key, etc.)
+- **Email**: The email address of the actor (only for user actors)
+- **Type**: The type of actor (`user`, `consumer`, `service`, `anonymous`)
+- **Connection**: The authentication connection used (for example, `auth0`,
+  `google`)
+- **ActingAs**: Information about impersonated user, if applicable - this is
+  done by authorized Zuplo staff for support or diagnostic purposes only.
+  Contains:
+  - Sub: Subject identifier of the impersonated user
+  - Email: Email of the impersonated user
+- **Metadata**: Additional actor-specific metadata
+
+### Resource Information
+
+Actions that affect specific resources include detailed resource information:
+
+- **Type**: The type of resource affected (`account`, `project`, `deployment`,
+  etc.)
+- **ID**: Unique identifier of the resource
+- **Metadata**: Resource-specific metadata and additional details
+
+### Context Information
+
+Each log entry includes detailed context about where and how the action was
+performed:
+
+- **IP Address**: The IP address of the request
+- **User Agent**: The user agent string of the request
+- **Country**: The ISO 3166-1 alpha-2 country code (for example, 'US', 'GB')
+- **Region**: The region/state code (for example, 'CA' for California)
+- **City**: The city name from which the request originated
+- **Postal Code**: The postal/ZIP code
+- **Metro Code**: The metro code (DMA code in the US)
+- **AS Org**: The Autonomous System organization (ISP name)
+
+### Route Information
+
+- **Source**: The source system or API that handled the request (for example,
+  `api`, `gateway`)
+- **URL**: The full URL path of the request
+- **Method**: The HTTP method used for the request
+
+## Filtering and Searching
+
+The audit logs interface provides powerful filtering capabilities:
+
+### Available Filters
+
+- **Date Range**: Filter logs within a specific time period
+- **Action**: View specific actions (for example, all deployment activities)
+- **Actor**: Filter by the user who performed actions
+- **Success/Failure**: View only successful or failed operations
+
+## API Access
+
+Audit logs can be accessed programmatically via the Zuplo API:
+
+```bash
+curl -X GET \
+  "https://dev.zuplo.com/accounts/{accountName}/audit-logs" \
+  -H "Authorization: Bearer YOUR_API_KEY" \
+  -H "Content-Type: application/json"
+```
+
+### Query Parameters
+
+- `limit`: Number of results per page (default: 20, max: 100)
+- `offset`: Pagination offset (default: 0)
+- `startDate`: Filter logs after this date (ISO 8601 format)
+- `endDate`: Filter logs before this date (ISO 8601 format)
+- `action`: Filter by specific action (for example, 'account.create')
+- `actor`: Filter by actor's email address or subject identifier
+- `success`: Filter by success status (true/false)
+
+:::note
+
+Date Range Limitation The date range between `startDate` and `endDate` can't
+exceed 30 days. The start date must be before the end date.
+
+:::
+
+### Response Format
+
+```json
+{
+  "data": [
+    {
+      "action": "project.update",
+      "metadata": {
+        /* action-specific metadata */
+      },
+      "actor": {
+        "sub": "auth0|123456",
+        "email": "user@example.com",
+        "type": "user",
+        "connection": "auth0",
+        "actingAs": null,
+        "metadata": {
+          /* additional actor metadata */
+        }
+      },
+      "resources": [
+        {
+          "type": "project",
+          "id": "proj_123",
+          "metadata": {
+            /* resource-specific metadata */
+          }
+        }
+      ],
+      "context": {
+        "ipAddress": "192.168.1.1",
+        "userAgent": "Mozilla/5.0...",
+        "country": "US",
+        "region": "CA",
+        "city": "San Francisco",
+        "postalCode": "94102",
+        "metroCode": "807",
+        "asOrg": "Example ISP"
+      },
+      "route": {
+        "source": "api",
+        "url": "/accounts/my-company/projects/proj_123",
+        "method": "PATCH"
+      },
+      "timestamp": "2024-01-15T10:30:45.123Z",
+      "requestId": "req_abc123",
+      "success": true,
+      "error": null
+    }
+  ],
+  "pagination": {
+    "limit": 20,
+    "offset": 0,
+    "total": 1234,
+    "hasMore": true
+  }
+}
+```
+
+### Retention and Archival
+
+- Understand your compliance requirements for log retention
+- Plan for long-term storage if needed beyond 90 days
+- Consider exporting logs for archival purposes
+- Maintain backup copies of critical audit trails
+
+## Limitations
+
+- Audit logs are retained for 90 days by default
+- Maximum of 100 results per API request
+- Date range queries can't exceed 30 days
+- Some automated system actions may not generate audit logs
+- Logs are immutable and can't be modified or deleted
+
+:::tip
+
+Account audit logs track administrative activities. To log API request and
+response data flowing through the gateway, see the
+[Audit Log Plugin](../../programmable-api/audit-log.mdx).
+
+:::

package/docs/articles/accounts/billing.mdx

@@ -0,0 +1,25 @@
+---
+title: Zuplo Billing
+sidebar_label: Billing
+---
+
+The **Billing** page in the Zuplo dashboard allows you to subscribe to a Zuplo
+plan, update your payment method, and view your billing history.
+
+Zuplo uses Stripe to process payments. When you subscribe to a Zuplo plan, you
+will be redirected to the Stripe checkout page to enter your payment
+information. Once your payment is processed, you will be redirected back to the
+Zuplo dashboard.
+
+## Update Payment Method
+
+When you navigate to the **Billing** page, you will see a link to manage your
+existing subscription. Clicking this link will take you to the Stripe checkout
+page where you can update your payment method.
+
+:::note{title="Enterprise Plans"}
+
+Enterprise plans are setup with custom billing and can't be managed through the
+portal. Contact your account representative for questions or assistance.
+
+:::

package/docs/articles/accounts/default-api-key.mdx

@@ -0,0 +1,30 @@
+---
+title: Default API Key
+---
+
+When you create a new Zuplo account, a default API key is automatically
+generated for you. This key provides full access to your Zuplo account and is
+intended to help you get started quickly. However, as you build your API and
+deploy to production, you likely want to delete this key and create a new one
+with more restricted permissions (if your plan supports fine-grained
+permissions).
+
+## Deleting the Default API Key
+
+:::caution{title="Legacy Developer Portal"}
+
+When using the legacy developer portal, the default API Key is used by the
+developer portal backend to authenticate to your Zuplo services. If you delete
+the default API key, your legacy developer portal will IMMEDIATELY stop working.
+
+:::
+
+To delete the default API key, follow these steps:
+
+<Stepper>
+  1. Navigate to your Zuplo account settings. 2. Click on the **API Keys**
+  section. 3. Locate the default API key in the list. It will be labeled
+  "Default consumer for account-name" and have a "default" tag. 4. Click the
+  **Delete** button next to the default API key. 5. Confirm the deletion when
+  prompted.
+</Stepper>

package/docs/articles/accounts/delete-account.mdx

@@ -0,0 +1,36 @@
+---
+title: Deleting your Account
+sidebar_label: Delete Account
+---
+
+Deleting your account is a permanent action that can't be undone. If you are
+sure you want to delete your account, follow these steps:
+
+<Stepper>
+
+1. Remove any custom domains from your projects. You can do this by going to the
+   **Custom Domains** section in your project settings and removing any custom
+   domains.
+1. Delete all your projects. You can do this by going to the **General** tab in
+   your each project settings and clicking the **Delete Project** button.
+1. Remove any additional team members from your account. You can do this by
+   going to the **Members** tab in your account settings and removing any
+   additional team members.
+1. You must also unsubscribe from any paid plans. You can do this by going to
+   the **Billing** tab in your account settings. You will need to wait until the
+   end of your billing cycle to delete your account.
+1. Once you have completed the above steps, go to the **General** tab in your
+   account settings and click the **Delete Account** button.
+1. Confirm that you want to delete your account by entering your the text shown
+   in the confirmation box.
+1. Click the **Delete Account** button to permanently delete your account.
+1. If this is the only account you are a member of, you will be logged out of
+   the Zuplo Portal. If you are a member of other accounts, you will be
+   redirected back to the Zuplo Portal's home page.
+
+</Stepper>
+
+Once you have completed these steps, your account will be permanently deleted
+and can't be recovered. If you have any questions or concerns about deleting
+your account, please contact our support team at
+[support@zuplo.com](mailto:support@zuplo.com).

package/docs/articles/accounts/enterprise-sso.mdx

@@ -0,0 +1,116 @@
+---
+title: Zuplo Single Sign On
+sidebar_label: Single Sign On
+---
+
+Zuplo Single Sign On (SSO) is a feature that allows you to authenticate users
+using a third-party identity provider.
+
+<EnterpriseFeature name="Single Sign On" />
+
+Zuplo uses Auth0 to manage enterprise SSO, so we can support essentially any
+Identity Provider. Common options are Azure AD, Okta, Google Workspace, etc.
+
+## Configuring your Identity Provider
+
+### Setup
+
+If you have purchased the optional Enterprise SSO add-on, you can configured SSO
+with your identity provider through the [Zuplo portal](https://portal.zuplo.com)
+by following the steps below.
+
+<Stepper>
+
+1. Navigate to the Account Settings section in the Zuplo portal.
+1. Open the "Security" tab.
+1. In the section labeled "Single Sign On (SSO)", click the "Setup Single
+   Sign-On" button.
+1. This will open a new window hosted by Auth0 that allows you to configure SSO
+   for your organization.
+1. Follow the instructions in the Auth0 window to configure SSO with your
+   identity provider and domain (for example yourcompany.com).
+1. Be sure to click "Enable Connection" in the Auth0 window to activate SSO for
+   your organization.
+1. Once SSO is enabled, users can log in to Zuplo using your identity provider.
+
+</Stepper>
+
+### Edit Single Sign On
+
+If you need to edit your SSO configuration after the initial setup, you can do
+so by clicking the "Edit Connection" button in the "Single Sign On (SSO)"
+section of the Security tab in Account Settings.
+
+This will open the Auth0 configuration window where you can make changes to your
+connection settings. This is useful if you need to rotate certificates or client
+secrets or if you need to add or remove domains.
+
+### Disable Single Sign On
+
+If you need to disable SSO completely, contact Zuplo support for assistance.
+
+## Single Sign On Settings
+
+If you have configured Single Sign On for your organization, you can customize
+how users login to your account.
+
+### Require Enterprise SSO
+
+:::tip
+
+It's highly recommended to enable this setting to ensure all users are
+authenticating through your enterprise identity provider.
+
+:::
+
+Require all account members authenticate with the configured enterprise identity
+provider. When enabled, users will be prevented from logging in with Google,
+GitHub, or passwords.
+
+### Automatically add SSO-enabled users
+
+When enabled, any user who authenticates with the configured enterprise identity
+provider will automatically be added to this account. Use this setting if you
+want to control access to Zuplo through your identity provider.
+
+When disabled, users will need to be invited to the account by an existing user.
+
+If you have role-based access control enabled, new users will be added to the
+account as a Member. You can change their role after they have been added. If
+role-based access control isn't enabled, new users will be added as an Admin.
+
+## Frequently Asked Questions
+
+### What SSO Providers does Zuplo Support?
+
+Zuplo uses Auth0 to manage enterprise SSO, so we can support essentially any SSO
+provider required. Common options are Azure AD, Okta, Google Workspace, etc.
+
+### What happens when SSO is enabled for my organization?
+
+When SSO is enabled, you'll use your organization's identity provider (like Okta
+or Azure AD) to log into Zuplo. This provides enhanced security and streamlines
+access management for your team.
+
+If you previously had a Zuplo account with the same email address, your SSO
+login will be treated as the primary method going forward.
+
+### Will I have access to my existing projects after SSO is enabled?
+
+Yes! When you log in with SSO using the same email address as your previous
+account, you'll automatically have access to all the projects and roles from
+your existing Zuplo accounts. The system will seamlessly connect your SSO
+identity with your previous access permissions.
+
+### How should I log into Zuplo once SSO is enabled?
+
+Always use the standard Zuplo login page at https://portal.zuplo.com - the
+system will automatically redirect you to your organization's SSO provider. This
+ensures you're using the secure, organization-approved authentication method.
+
+:::note{title="Legacy Account Access"}
+
+If you need to access a previous account for administrative purposes during the
+transition period, contact Zuplo support for assistance.
+
+:::

package/docs/articles/accounts/managing-account-members.mdx

@@ -0,0 +1,45 @@
+---
+title: Managing Account Members
+sidebar_label: Account Members
+---
+
+Accounts can be shared with many users. This document explains how to add and
+manage users in your account.
+
+## Add Account Member
+
+To start, navigate to the account settings page by clicking your user icon in
+the top right corner of the screen and selecting **Settings** from the dropdown
+menu.
+
+The view will display the users that are currently members of the account and
+their roles.
+
+![Members](../../../public/media/managing-account-members/image.png)
+
+On the top of the page, you can enter an email address of the user you want to
+invite. For accounts with the enterprise role feature, users are added to the
+account with the role of **Member**, for all other accounts users are added with
+the role of **Admin**.
+
+![Invite User](../../../public/media/managing-account-members/image-1.png)
+
+After inviting a user, you will see the invited user in the list with the
+members.
+
+![Invited User](../../../public/media/managing-account-members/image-2.png)
+
+## Change Member Role
+
+<EnterpriseFeature name="Role Based Access Control" />
+
+Once a user has accepted the invitation, you can change their role by selecting
+the role from the drop down.
+
+![Change Role](../../../public/media/managing-account-members/image-3.png)
+
+## Removing a Member
+
+To remove a user from the account, click the remove icon next to the user.
+
+![Remove Member](../../../public/media/managing-account-members/image-4.png)

package/docs/articles/accounts/managing-project-members.mdx

@@ -0,0 +1,37 @@
+---
+title: Managing Project Members
+sidebar_label: Project Members
+---
+
+Projects can have multiple members with different roles. Some account level
+roles allow access to project resources as well. Users can also be assigned
+project level roles in order to grant them access to specific project resources.
+
+## Add Project Member
+
+To manage project members, navigate to the project settings page and click the
+**Members & Access** section, which shows a list of all members in the project
+and their roles.
+
+![Project Members](../../../public/media/managing-project-members/image-1.png)
+
+This list will display all account members - even those who have no access to
+the project.
+
+## Change Member Role
+
+<EnterpriseFeature name="Role Based Access Control" />
+
+Account admins will always have access to all projects. If you try to change the
+role of an account admin, you will see a warning message that this user is an
+account admin and can't be changed.
+
+For users who aren't account admins, you can change their role by selecting the
+desired role from the dropdown.
+
+![Member Role](../../../public/media/managing-project-members/image-2.png)
+
+## Remove Project Member
+
+Removing a project member can be done by selecting "No Access" from the role
+drop down.

package/docs/articles/accounts/members-and-roles.mdx

@@ -0,0 +1,21 @@
+---
+title: Members & Roles
+sidebar_label: Overview
+---
+
+Accounts in Zuplo can have multiple members with different roles. The role of
+each member defines the permissions they have in the account.
+
+Projects in Zuplo can also have multiple members with different roles. Some
+account level roles allow access to project resources as well. Users can also be
+assigned project level roles in order to grant them access to specific project
+resources.
+
+**Additional Resources**
+
+- [Role Permissions](./roles-and-permissions.mdx) - Details on the roles
+  available at the account and project levels.
+- [Managing Account Members](./managing-account-members.mdx) - How to add,
+  remove, and set roles for account members.
+- [Managing Project Members](./managing-project-members.mdx) - How to add,
+  remove, and set roles for project members.

package/docs/articles/accounts/roles-and-permissions.mdx

@@ -0,0 +1,115 @@
+---
+title: Role Permissions
+---
+
+<EnterpriseFeature name="Role Based Access Control" />
+
+:::info{title="Beta"}
+
+The specific permissions of each role are currently in beta and may change
+without notice.
+
+:::
+
+Accounts in Zuplo can have multiple members with different roles. Each account
+member can be a role that defines the permissions they have in the account.
+
+The following roles are available at the account level:
+
+- **Admin**: Admins have full access to the account and can manage all aspects
+  of the account, including billing, members, and roles. Admins can also access
+  all projects and environments in the Account.
+- **Developer**: Developers can create and manage projects and environments in
+  the account. They also have wide access to resources such as tunnels, custom
+  domains, API key buckets, etc. Developers can edit preview and development
+  resources, but not production resources.
+- **Member**: Members of an account don't have any account level or project
+  level permissions. Members can be granted project level permissions by an
+  admin.
+
+Projects can have multiple members with different roles. Some account level
+roles also grant access to project resources. Users can also be assigned project
+level roles to grant them access to specific project resources.
+
+The following roles are available at the project level:
+
+- **Admin**: Admins have full access to the project and can manage all aspects
+  of the project, including environment variables, secrets, and members.
+- **Developer**: Developers have access to all preview and development resources
+  in a project. They can't modify production resources.
+- **Member**: Members of a project can view resources in the project but can't
+  modify them.
+
+## Account Role Permissions
+
+The following table outlines the permissions available to each account role.
+
+| Resource       | Action          | Admin | Developer | Member |
+| -------------- | --------------- | ----- | --------- | ------ |
+| Account        | Edit            | ✅    | ❌        | ❌     |
+|                | View            | ✅    | ✅        | ✅     |
+| Projects       | Edit            | ✅    | ❌        | ❌     |
+|                | View            | ✅    | ✅        | ❌     |
+| Custom Domains | Edit            | ✅    | ❌        | ❌     |
+|                | View            | ✅    | ✅        | ❌     |
+| Tunnels        | Edit            | ✅    | ❌        | ❌     |
+|                | View            | ✅    | ✅        | ❌     |
+| Zuplo API Keys | Edit (All Keys) | ✅    | ❌        | ❌     |
+|                | View (All Keys) | ✅    | ❌        | ❌     |
+| Zuplo API Keys | Edit (Own Keys) | ✅    | ✅        | ❌     |
+|                | View (Own Keys) | ✅    | ✅        | ❌     |
+| Billing        | Manage          | ✅    | ❌        | ❌     |
+| Usage          | View            | ✅    | ✅        | ❌     |
+| Members        | Edit            | ✅    | ❌        | ❌     |
+|                | View            | ✅    | ✅        | ❌     |
+
+## Project Role Permissions
+
+The following table outlines the permissions available to each project role.
+
+| Resource              | Environment | Action | Admin | Developer | Member |
+| --------------------- | ----------- | ------ | ----- | --------- | ------ |
+| Project               |             | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+| Environment           | Production  | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+|                       |             | Deploy | ✅    | ❌        | ❌     |
+|                       | Preview     | Edit   | ✅    | ✅        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+|                       |             | Deploy | ✅    | ✅        | ❌     |
+|                       | Development | Edit   | ✅    | ✅        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+|                       |             | Deploy | ✅    | ✅        | ❌     |
+| Environment Variables | Production  | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+|                       | Preview     | Edit   | ✅    | ✅        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+|                       | Development | Edit   | ✅    | ✅        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+| Source Control        | N/A         | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+| Members               | N/A         | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+| Custom Domains        | N/A         | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+| Logs                  | Production  | View   | ✅    | ✅        | ❌     |
+|                       | Preview     | View   | ✅    | ✅        | ✅     |
+|                       | Development | View   | ✅    | ✅        | ✅     |
+| Builds                | Production  | View   | ✅    | ✅        | ✅     |
+|                       | Preview     | View   | ✅    | ✅        | ✅     |
+|                       | Development | View   | ✅    | ✅        | ✅     |
+| Analytics             | Production  | View   | ✅    | ✅        | ✅     |
+|                       | Preview     | View   | ✅    | ✅        | ✅     |
+|                       | Development | View   | ✅    | ✅        | ✅     |
+| API Key Buckets       | Production  | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+|                       | Preview     | Edit   | ✅    | ✅        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+|                       | Development | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+| Monetization Buckets  | Production  | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+|                       | Preview     | Edit   | ✅    | ✅        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |
+|                       | Development | Edit   | ✅    | ❌        | ❌     |
+|                       |             | View   | ✅    | ✅        | ✅     |