zuplo 6.67.32 → 6.68.0

package/docs/articles/zuplo-waf.mdx

@@ -0,0 +1,156 @@
+---
+title: Zuplo Managed WAF
+---
+
+Zuplo's Managed WAF provides enterprise customers using our **managed edge
+deployment** with comprehensive security protection purpose-built for API
+Gateways. This service offers multiple layers of protection against common
+threats, attacks, and malicious traffic without requiring you to manage complex
+security configurations.
+
+<EnterpriseFeature name="Zuplo Managed WAF" />
+
+:::note
+
+Zuplo Managed WAF is only available for customers using Zuplo's managed edge
+deployment model. Customers using managed dedicated deployments should refer to
+the [Managed Dedicated WAF Options](#managed-dedicated-waf-options) section
+below.
+
+:::
+
+## Available Protection Rules
+
+### OWASP Core Ruleset
+
+Zuplo's Managed WAF includes protection based on the
+[OWASP Core Ruleset](https://owasp.org/www-project-top-ten/), which defends
+against the most critical web application security risks. This includes
+protection against:
+
+- **SQL Injection** - Prevents attackers from inserting malicious SQL code
+- **Cross-Site Scripting (XSS)** - Blocks malicious scripts from being injected
+  into your API responses
+- **Remote Code Execution** - Prevents attackers from executing arbitrary code
+- **Local File Inclusion** - Blocks attempts to access local server files
+- **Remote File Inclusion** - Prevents loading of remote malicious files
+- **PHP Code Injection** - Blocks malicious PHP code execution attempts
+- **HTTP Protocol Violations** - Detects and blocks malformed HTTP requests
+- **Session Fixation** - Prevents session hijacking attempts
+- **Scanner Detection** - Identifies and blocks automated vulnerability scanners
+- **Metadata/Error Leakages** - Prevents exposure of sensitive system
+  information
+
+### OFAC Sanctioned Country Blocking
+
+Zuplo's Managed WAF includes automatic blocking of traffic from countries on the
+[OFAC Sanctions Programs list](https://ofac.treasury.gov/sanctions-programs-and-country-information).
+This helps ensure compliance with U.S. Treasury regulations by preventing API
+access from sanctioned regions.
+
+The blocked country list is automatically updated as OFAC sanctions change,
+ensuring your API remains compliant without manual intervention.
+
+### DDoS Protection
+
+All Zuplo API Gateways include automatic DDoS protection that defends against:
+
+- **Layer 3/4 Attacks** - Network and transport layer flood attacks
+- **Layer 7 Attacks** - Application layer attacks targeting your API endpoints
+- **Amplification Attacks** - DNS, NTP, and other amplification-based attacks
+- **SYN Floods** - TCP connection exhaustion attempts
+- **HTTP Floods** - High-volume HTTP request attacks
+
+DDoS protection is always-on and automatically scales to handle attacks of any
+size without impacting legitimate traffic.
+
+### Zero-Day Vulnerability Protection
+
+Zuplo's Managed WAF includes rapid response protection against emerging threats
+and zero-day vulnerabilities. When critical vulnerabilities are discovered,
+protection rules are automatically deployed across all protected gateways
+without requiring any action from your team.
+
+## Custom WAF Rules
+
+Enterprise customers can work with Zuplo to create and enable custom WAF rules
+tailored to their specific security requirements. Custom rules can be configured
+to:
+
+- Block or allow traffic based on specific patterns
+- Create IP allowlists or blocklists
+- Implement rate limiting for specific endpoints
+- Add custom request validation
+- Create geography-based access controls beyond OFAC requirements
+- Implement custom bot detection and mitigation
+
+To discuss custom WAF rule requirements, contact your Zuplo account team.
+
+## Enabling Zuplo Managed WAF
+
+Zuplo's Managed WAF is available to enterprise customers. The service can be
+enabled with different protection levels based on your security requirements:
+
+- **Standard Protection** - OWASP Core Rules and DDoS protection
+- **Enhanced Protection** - Includes OFAC blocking and zero-day protection
+- **Custom Protection** - All features plus custom rules tailored to your needs
+
+To enable Zuplo's Managed WAF on your API Gateway, contact our
+[sales team](mailto:sales@zuplo.com).
+
+## Benefits
+
+- **Edge-deployed protection** - Security rules run at the same edge locations
+  as your API, ensuring no additional latency
+- **Automatic updates** - Protection rules are continuously updated without
+  requiring deployments
+- **No configuration complexity** - Pre-configured rulesets based on security
+  best practices
+- **Compliance support** - Automatic OFAC sanctions compliance
+- **24/7 protection** - Always-on security monitoring and threat mitigation
+
+## Complementary Zuplo Policies
+
+In addition to Zuplo Managed WAF, you can implement many security features
+directly using Zuplo's built-in policies:
+
+- **IP Restriction** - Block or allow specific IP addresses with the
+  [IP Restriction policy](../policies/ip-restriction-inbound)
+- **Geolocation Controls** - Route or block requests based on geographic
+  location using [custom policies](../guides/geolocation-backend-routing)
+- **Rate Limiting** - Implement granular rate limits with
+  [rate limiting policies](../policies/rate-limit-inbound)
+- **Custom Security Rules** - Create any custom security logic with
+  [custom code policies](../policies/custom-code-inbound)
+
+These policies can be used alongside Zuplo Managed WAF for defense-in-depth
+security or independently for specific security requirements.
+
+## Managed Dedicated WAF Options
+
+For customers using Zuplo's managed dedicated deployment model, WAF and DDoS
+protection options depend on your chosen cloud provider. Unlike the standardized
+Zuplo Managed WAF available for edge deployments, managed dedicated customers
+can leverage the full range of security services offered by their cloud
+platform.
+
+For managed dedicated deployments, our team will:
+
+1. Assess your security requirements during the deployment planning phase
+2. Configure the appropriate WAF and DDoS services based on your cloud provider
+3. Implement custom rules and policies specific to your use case
+4. Provide ongoing support for security configuration updates
+
+Contact our [sales team](mailto:sales@zuplo.com) to discuss security options for
+your managed dedicated deployment.
+
+## Next Steps
+
+If you're interested in Zuplo's Managed WAF services for edge deployments or
+need custom security configurations for managed dedicated deployments, contact
+our [sales team](mailto:sales@zuplo.com) to discuss your requirements.
+
+For customers requiring full control over WAF configurations, see our guides for
+integrating with [Cloudflare WAF](./waf-ddos.mdx#cloudflare-waf--ddos),
+[Fastly Next-Gen WAF](./waf-ddos-fastly.mdx), or
+[AWS WAF + Shield](./waf-ddos-aws-waf-shield.mdx).

package/docs/ask.mdx

@@ -0,0 +1,3 @@
+# Ask AI Chatbot
+
+<EmbeddedChat />

package/docs/cli/authentication.mdx

@@ -0,0 +1,56 @@
+---
+title: Authentication
+---
+
+There are two ways to authenticate with the Zuplo Command Line Interface (CLI):
+using an API Key or via OAuth.
+
+## Using OAuth
+
+The Zuplo CLI supports OAuth authentication. To authenticate using OAuth, run
+the following command:
+
+```bash
+zuplo login
+```
+
+Your browser will open and prompt you to log in to your Zuplo account. After
+logging in, you will be redirected to a page that confirms your authentication.
+You can then return to your terminal, which will now be authenticated.
+
+## Using an API key
+
+API key authentication is useful for CI/CD pipelines or other automated
+workflows where interactive login isn't feasible. See the following instructions
+to obtain and use an API key with the Zuplo CLI.
+
+:::tip
+
+The API key is scoped to your account. So you can use the same one for all
+projects under the same account. If you are a member of multiple accounts, be
+sure to select the right one.
+
+:::
+
+The Zuplo CLI uses API Keys to authenticate. You can find your API Key by
+following these steps:
+
+1. Navigate to [portal.zuplo.com](https://portal.zuplo.com) and log in.
+2. Select the account that you want to work on.
+3. Click the **Settings** tab and navigate to the "API Keys" section. Select an
+   existing API Key or create a new one to use with the CLI.
+
+Most commands take an `--api-key` argument. For example, to list your available
+Zuplo API Gateways, run:
+
+```bash
+zuplo list --api-key zpka_d67b7e241bb948758f415b79aa8exxxx_2efbxxxx
+```
+
+If you don't want to pass your API Key to every command, you can set it as an
+environment variable:
+
+```bash
+export ZUPLO_API_KEY=zpka_d67b7e241bb948758f415b79aa8exxxx_2efbxxxx
+zuplo list
+```

package/docs/cli/connectivity.mdx

@@ -0,0 +1,38 @@
+---
+title: Zuplo CLI Network Connectivity
+sidebar_label: Network Connectivity
+---
+
+The Zuplo CLI is used for local development as well as performing various
+lifecycle operations with your Zuplo Project. This document describes the
+various domain names that the CLI uses.
+
+In order to use local development and manage your Zuplo project, you must ensure
+that your network allows access to the following domains:
+
+- `dev.zuplo.com` - This is Zuplo's public API. It's used for various
+  operations, such as creating a new project, deploying a project, etc.
+- `storage.zuploedge.com` - This domain is used when uploading your project
+  assets when deploying your project.
+
+In addition to the above, the following domains are used for local development:
+
+- `*.zuploedge.com` - There are multiple services running on this domain that
+  are used by local development. In order to use features like API Key
+  management, rate limiting, etc. this domain must be accessible. If you must
+  allow specific domains, you can use the following list. Do note, the list
+  isn't exhaustive and may change over time:
+  - `api.zuploedge.com`
+  - `rate-limiter.zuploedge.com`
+  - `redis-proxy.zuploedge.com`
+  - `ellie.zuploedge.com`
+  - `metrics.zuploedge.com`
+  - `apikey.zuploedge.com`
+
+## Analytics
+
+To help improve the CLI, Zuplo collects usage and error analytics from the CLI.
+
+If you don't wish to send analytics to Zuplo, you can set the
+`ZUPLO_DO_NOT_TRACK` environment variable on your machine before invoking the
+Zuplo CLI.

package/docs/cli/create-zuplo-api.mdx

@@ -0,0 +1,80 @@
+---
+title: Create Zuplo API
+---
+
+The `create-zuplo-api` CLI makes it easy to create a new Zuplo API using the
+default template or an
+[example](https://github.com/zuplo/zuplo/tree/main/examples) from a public
+GitHub repository. It's the fastest way to get started with Zuplo.
+
+```bash
+npx create-zuplo-api@latest
+```
+
+## Options
+
+`create-zuplo-api` comes with the following options:
+
+- `-v, --version` - Output the current version of create-zuplo-api
+- `--eslint` - Initialize with ESLint configuration
+- `--prettier` - Initialize with Prettier configuration
+- `--empty` - Initialize an empty project
+- `--use-npm` - Explicitly tell the CLI to bootstrap the application using npm
+- `--use-pnpm` - Explicitly tell the CLI to bootstrap the application using pnpm
+- `--use-yarn` - Explicitly tell the CLI to bootstrap the application using Yarn
+- `--use-bun` - Explicitly tell the CLI to bootstrap the application using Bun
+- `--reset, --reset-preferences` - Reset the preferences saved for
+  create-zuplo-api
+- `--git` - Whether or not to initialize the project as a git repository
+- `--version-check` - Whether or not to check for an outdated version
+- `--install` - Whether or not to install packages
+- `--yes` - Use saved preferences or defaults for unprovided options
+- `-e, --example <example-name|github-url>` - An example to bootstrap the API
+  with. You can use an example name from the official Zuplo repository or a
+  public GitHub URL. The URL can use any branch and/or subdirectory
+- `--example-path <path-to-example>` - In a rare case, your GitHub URL might
+  contain a branch name with a slash (for example, bug/fix-1) and the path to
+  the example (for example, foo/bar). In this case, you must specify the path to
+  the example separately: `--example-path foo/bar`
+- `-h, --help` - Display the help message
+
+### Examples
+
+The following examples show different ways to use `create-zuplo-api`:
+
+#### With Default Template
+
+```bash
+npx create-zuplo-api@latest my-api
+cd my-api
+npm run dev
+```
+
+You will then be asked the following prompts:
+
+```bash
+What's your project named? my-api
+Would you like to use ESLint? No / Yes
+Would you like to use Prettier? No / Yes
+```
+
+#### With an Official Example from GitHub
+
+To create a new Zuplo API using an official example from the Zuplo GitHub
+repository, you specify the example name using the `--example` option.
+
+```bash
+npx create-zuplo-api@latest my-api --example my-example
+```
+
+You can find the list of available examples in the
+[Zuplo examples repository](https://github.com/zuplo/zuplo/tree/main/examples).
+
+#### With any Public GitHub Repository
+
+To create a new Zuplo API using any public GitHub repository, you can specify
+the repository URL using the `--example` option.
+
+```bash
+npx create-zuplo-api@latest my-api --example https://github.com/username/repo
+```

package/docs/cli/delete.mdx

@@ -0,0 +1,79 @@
+---
+title: "Zuplo CLI: Delete"
+sidebar_label: delete
+---
+
+<CliCommand
+  command="delete"
+  description="Deletes the Zuplo API by URL"
+  options={[
+  {
+    "name": "url",
+    "type": "string",
+    "description": "The URL of the Zuplo API to delete",
+    "required": false,
+    "deprecated": false,
+    "hidden": false
+  },
+  {
+    "name": "branch",
+    "type": "string",
+    "description": "The branch name to delete deployments for",
+    "required": false,
+    "deprecated": false,
+    "hidden": true
+  },
+  {
+    "name": "project",
+    "type": "string",
+    "description": "The project name",
+    "required": false,
+    "deprecated": false,
+    "hidden": false
+  },
+  {
+    "name": "account",
+    "type": "string",
+    "description": "The account name",
+    "required": false,
+    "deprecated": false,
+    "hidden": false
+  },
+  {
+    "name": "self-hosted-endpoint",
+    "type": "string",
+    "description": "The endpoint of your self-hosted service to deploy to",
+    "required": false,
+    "deprecated": false,
+    "hidden": false
+  },
+  {
+    "name": "wait",
+    "type": "boolean",
+    "description": "Should the CLI wait until the Zuplo API is deleted",
+    "required": false,
+    "deprecated": false,
+    "hidden": false
+  }
+]}
+  examples={[
+  [
+    "$0 delete --url https://my-api-dev-123abc.zuplo.app",
+    "Delete a deployed environment by its URL"
+  ],
+  [
+    "$0 delete --url https://my-api-dev-123abc.zuplo.app --wait",
+    "Delete an environment and wait until the deletion is complete"
+  ]
+]}
+  usage="$0 delete --url <url> [options]"
+>
+
+</CliCommand>
+
+## Global options
+
+The following global options are available for all commands:
+
+- [`--help`](./global-options.mdx#help)
+- [`--api-key`](./global-options.mdx#api-key)

package/docs/cli/deploy.mdx

@@ -0,0 +1,156 @@
+---
+title: "Zuplo CLI: Deploy"
+sidebar_label: deploy
+---
+
+<CliCommand
+  command="deploy"
+  description="Deploys current Git branch of the current directory"
+  options={[
+  {
+    "name": "project",
+    "type": "string",
+    "description": "The project name",
+    "required": false,
+    "deprecated": false,
+    "hidden": true
+  },
+  {
+    "name": "account",
+    "type": "string",
+    "description": "The account name",
+    "required": false,
+    "deprecated": false,
+    "hidden": false
+  },
+  {
+    "name": "dir",
+    "type": "string",
+    "description": "The directory containing your Zuplo API",
+    "default": ".",
+    "required": false,
+    "deprecated": false,
+    "hidden": true,
+    "normalize": true
+  },
+  {
+    "name": "environment",
+    "type": "string",
+    "description": "The value to use for environment name, instead of the current branch name",
+    "required": false,
+    "deprecated": false,
+    "hidden": false
+  },
+  {
+    "name": "self-hosted-endpoint",
+    "type": "string",
+    "description": "The endpoint of your self-hosted service to deploy to",
+    "required": false,
+    "deprecated": false,
+    "hidden": false
+  },
+  {
+    "name": "override-repo-url",
+    "type": "string",
+    "description": "Override the repo url reference",
+    "required": false,
+    "deprecated": false,
+    "hidden": true
+  },
+  {
+    "name": "mtls-certificates-dir",
+    "type": "string",
+    "description": "Directory containing mtls certificates to use for the deployment, in the hierarchy that you want them to appear in the runtime. Ex: <cert-name>/tls.crt and <cert-name>/tls.keyAll certificates must be in pem format. Only for use for self-hosted deployments.",
+    "required": false,
+    "deprecated": false,
+    "hidden": true
+  },
+  {
+    "name": "verify-remote",
+    "type": "boolean",
+    "description": "Verify that this Git repository matches the one configured on Zuplo. Use --no-verify-remote to disable.",
+    "default": false,
+    "required": false,
+    "deprecated": true,
+    "hidden": false
+  },
+  {
+    "name": "fetch-environments",
+    "type": "boolean",
+    "description": "Fetch the environments for your project from Zuplo. If this is false, then the environment will automatically be detected from the git branch.",
+    "default": false,
+    "required": false,
+    "deprecated": false,
+    "hidden": false
+  }
+]}
+  examples={[
+  [
+    "$0 deploy",
+    "Deploy the current Git branch using the branch name as the environment name"
+  ],
+  [
+    "$0 deploy --environment my-env",
+    "Override the environment name instead of using the Git branch name"
+  ],
+  [
+    "$0 deploy --account my-account --project my-project --environment my-env",
+    "Explicitly specify the account, project, and environment"
+  ]
+]}
+  usage="$0 deploy [options]"
+>
+
+## Common use cases
+
+The following examples assume that you are passing in your `--api-key` either as
+an argument or through the `ZUPLO_API_KEY` environment variable.
+
+### Deploying your gateway
+
+```bash
+# The following will use the current Git branch as the name of the environment
+
+git checkout -b my-new-branch
+zuplo deploy --project my-project
+```
+
+```bash
+# If you don't wish to use the current Git branch as the name of the
+# environment, you can specify one using --environment
+
+zuplo deploy --project my-project --environment my-env-name
+```
+
+## Polling timeout
+
+By default, the deploy command will poll the status of the deployment every
+second for 150 seconds. For most deployments this is enough time for the build
+and deploy process to complete. However, if you have a large project, this may
+not be enough time. You can increase the timeout by setting the following
+environment variables.
+
+- `POLL_INTERVAL` - The interval in seconds between each poll. Default is 1
+  second.
+- `MAX_POLL_RETRIES` - The maximum number of retries before the command times
+  out. Default is 150.
+
+```bash
+POLL_INTERVAL=5000 MAX_POLL_RETRIES=300 zuplo deploy
+```
+
+Note, that even if the CLI times out, the deployment will continue. You can
+check the status of the deployment in the Zuplo portal.
+
+</CliCommand>
+
+## Global options
+
+The following global options are available for all commands:
+
+- [`--help`](./global-options.mdx#help)
+- [`--api-key`](./global-options.mdx#api-key)
+
+## Additional resources
+
+- [Custom CI/CD](../articles/custom-ci-cd.mdx)

package/docs/cli/deploy.partial.mdx

@@ -0,0 +1,46 @@
+---
+additional-resources:
+  - name: Custom CI/CD
+    href: ../articles/custom-ci-cd.mdx
+---
+
+## Common use cases
+
+The following examples assume that you are passing in your `--api-key` either as
+an argument or through the `ZUPLO_API_KEY` environment variable.
+
+### Deploying your gateway
+
+```bash
+# The following will use the current Git branch as the name of the environment
+
+git checkout -b my-new-branch
+zuplo deploy --project my-project
+```
+
+```bash
+# If you don't wish to use the current Git branch as the name of the
+# environment, you can specify one using --environment
+
+zuplo deploy --project my-project --environment my-env-name
+```
+
+## Polling timeout
+
+By default, the deploy command will poll the status of the deployment every
+second for 150 seconds. For most deployments this is enough time for the build
+and deploy process to complete. However, if you have a large project, this may
+not be enough time. You can increase the timeout by setting the following
+environment variables.
+
+- `POLL_INTERVAL` - The interval in seconds between each poll. Default is 1
+  second.
+- `MAX_POLL_RETRIES` - The maximum number of retries before the command times
+  out. Default is 150.
+
+```bash
+POLL_INTERVAL=5000 MAX_POLL_RETRIES=300 zuplo deploy
+```
+
+Note, that even if the CLI times out, the deployment will continue. You can
+check the status of the deployment in the Zuplo portal.