zuplo 6.70.69 → 6.70.70

package/docs/guides/canary-routing-for-employees.mdx

@@ -32,6 +32,10 @@ If any condition is met, the request routes to canary backends.
 
 ## Creating a Canary Routing Policy
 
+The policy doesn't set the backend URL directly. Instead, it stores the chosen
+backend on `context.custom`, and the route's handler reads that value to forward
+the request (see "Adding the Policy to Routes" below).
+
 Create a new policy file in your project:
 
 ```typescript
@@ -62,9 +66,9 @@ export const canaryRoutingPolicy: InboundPolicyHandler = async (
   const isCanary =
     stageParam === "canary" || stageHeader === "canary" || canaryUser;
 
-  // Route based on stage
+  // Store the backend URL for the route's handler to use
   if (isCanary) {
-    context.route.url = environment.API_URL_CANARY;
+    context.custom.backendUrl = environment.API_URL_CANARY;
 
     // Log canary routing for debugging
     context.log.info("Routing to canary backend", {
@@ -73,13 +77,19 @@ export const canaryRoutingPolicy: InboundPolicyHandler = async (
       stage: stageParam || stageHeader || "canary",
     });
   } else {
-    context.route.url = environment.API_URL_PRODUCTION;
+    context.custom.backendUrl = environment.API_URL_PRODUCTION;
   }
 
   // Remove stage query parameter to avoid passing it to backend
   if (stageParam) {
     url.searchParams.delete("stage");
-    return new ZuploRequest(url.toString(), request);
+    return new ZuploRequest(url.toString(), {
+      method: request.method,
+      headers: request.headers,
+      body: request.body,
+      user: request.user,
+      params: request.params,
+    });
   }
 
   return request;
@@ -139,24 +149,30 @@ export const multiServiceCanaryRoutingPolicy: InboundPolicyHandler = async (
   // Clean up query parameter
   if (stageParam) {
     url.searchParams.delete("stage");
-    return new ZuploRequest(url.toString(), request);
+    return new ZuploRequest(url.toString(), {
+      method: request.method,
+      headers: request.headers,
+      body: request.body,
+      user: request.user,
+      params: request.params,
+    });
   }
 
   return request;
 };
 ```
 
+Each service's route then reads the matching value in its handler options. For
+example, the user API route would use a URL Forward handler with
+`"baseUrl": "${context.custom.userApiUrl}"`.
+
 ## Percentage-Based Canary Routing
 
 Roll out canary deployments gradually with percentage-based routing:
 
 ```typescript
 // policies/percentage-canary-routing.ts
-import {
-  InboundPolicyHandler,
-  ZuploRequest,
-  environment,
-} from "@zuplo/runtime";
+import { InboundPolicyHandler, environment } from "@zuplo/runtime";
 
 export const percentageCanaryRoutingPolicy: InboundPolicyHandler = async (
   request,
@@ -168,7 +184,7 @@ export const percentageCanaryRoutingPolicy: InboundPolicyHandler = async (
     : [];
 
   if (request.user?.sub && CANARY_USERS.includes(request.user.sub)) {
-    context.route.url = environment.API_URL_CANARY;
+    context.custom.backendUrl = environment.API_URL_CANARY;
     return request;
   }
 
@@ -176,8 +192,12 @@ export const percentageCanaryRoutingPolicy: InboundPolicyHandler = async (
   const CANARY_PERCENTAGE = parseInt(environment.CANARY_PERCENTAGE || "0", 10);
 
   if (CANARY_PERCENTAGE > 0) {
-    // Use a consistent hash for sticky sessions
-    const sessionId = request.headers.get("x-session-id") || request.ip;
+    // Use a consistent hash for sticky sessions. The client IP is
+    // available on the true-client-ip header.
+    const sessionId =
+      request.headers.get("x-session-id") ??
+      request.headers.get("true-client-ip") ??
+      "unknown";
     const hash = await crypto.subtle.digest(
       "SHA-256",
       new TextEncoder().encode(sessionId),
@@ -186,13 +206,13 @@ export const percentageCanaryRoutingPolicy: InboundPolicyHandler = async (
     const hashValue = hashArray[0] / 255; // Value between 0 and 1
 
     if (hashValue * 100 < CANARY_PERCENTAGE) {
-      context.route.url = environment.API_URL_CANARY;
+      context.custom.backendUrl = environment.API_URL_CANARY;
       request.headers.set("X-Canary-Route", "percentage");
     } else {
-      context.route.url = environment.API_URL_PRODUCTION;
+      context.custom.backendUrl = environment.API_URL_PRODUCTION;
     }
   } else {
-    context.route.url = environment.API_URL_PRODUCTION;
+    context.custom.backendUrl = environment.API_URL_PRODUCTION;
   }
 
   return request;
@@ -221,7 +241,9 @@ CANARY_PERCENTAGE=10  # Route 10% of traffic to canary
 
 ### Adding the Policy to Routes
 
-Add the policy to your route configuration:
+Add the policy to your route configuration. Use the built-in
+[URL Forward handler](../handlers/url-forward.mdx) and reference the value the
+policy stored on `context.custom` in the `baseUrl` option:
 
 ```json
 {
@@ -231,14 +253,14 @@ Add the policy to your route configuration:
         "x-zuplo-route": {
           "corsPolicy": "anything-goes",
           "handler": {
-            "export": "urlRewriteHandler",
+            "export": "urlForwardHandler",
             "module": "$import(@zuplo/runtime)",
             "options": {
-              "rewritePattern": "https://api.company.com$1"
+              "baseUrl": "${context.custom.backendUrl}"
             }
           },
           "policies": {
-            "inbound": ["canary-routing", "auth-policy"]
+            "inbound": ["auth-policy", "canary-routing"]
           }
         }
       }
@@ -247,6 +269,9 @@ Add the policy to your route configuration:
 }
 ```
 
+The authentication policy runs first so that `request.user` is populated when
+the canary routing policy checks the allow list.
+
 ## Testing Your Policy
 
 ### 1. Using Query Parameters
@@ -289,7 +314,9 @@ curl https://your-api.zuplo.app/api/v1/users \
 
 ## Monitoring and Observability
 
-Add comprehensive logging to track canary routing:
+Add comprehensive logging to track canary routing. Inbound policies run before a
+response exists, so set debug response headers from a
+[response sending hook](../programmable-api/hooks.mdx):
 
 ```typescript
 export const canaryRoutingPolicy: InboundPolicyHandler = async (
@@ -298,20 +325,26 @@ export const canaryRoutingPolicy: InboundPolicyHandler = async (
 ) => {
   const startTime = Date.now();
 
+  const CANARY_USERS = environment.CANARY_USERS
+    ? environment.CANARY_USERS.split(",").map((user) => user.trim())
+    : [];
+
   // Check stage conditions
   const url = new URL(request.url);
   const stageParam = url.searchParams.get("stage");
   const stageHeader = request.headers.get("x-stage");
-  const canaryUser = /* ... check if user is in canary list ... */;
+  const canaryUser =
+    request.user?.sub && CANARY_USERS.includes(request.user.sub);
 
   const isCanary =
-    stageParam === "canary" ||
-    stageHeader === "canary" ||
-    canaryUser;
+    stageParam === "canary" || stageHeader === "canary" || canaryUser;
 
-  if (isCanary) {
-    context.route.url = environment.API_URL_CANARY;
+  const backendType = isCanary ? "canary" : "release";
+  context.custom.backendUrl = isCanary
+    ? environment.API_URL_CANARY
+    : environment.API_URL_PRODUCTION;
 
+  if (isCanary) {
     // Log canary routing metrics
     context.log.info("Canary route selected", {
       userId: request.user?.sub,
@@ -320,14 +353,14 @@ export const canaryRoutingPolicy: InboundPolicyHandler = async (
       stage: "canary",
       duration: Date.now() - startTime,
     });
-
-    // Add response header for debugging
-    context.response.headers.set("X-Backend-Type", "canary");
-  } else {
-    context.route.url = environment.API_URL_PRODUCTION;
-    context.response.headers.set("X-Backend-Type", "release");
   }
 
+  // Add a response header for debugging
+  context.addResponseSendingHook((response) => {
+    response.headers.set("X-Backend-Type", backendType);
+    return response;
+  });
+
   return request;
 };
 ```
@@ -359,14 +392,45 @@ if (isCanaryUser) {
 
 ### 3. Fallback Handling
 
-Implement fallback logic for canary backend failures:
+To fall back to production when the canary backend fails, replace the URL
+Forward handler with a [custom handler](../handlers/custom-handler.mdx) that
+retries against production on server errors:
 
 ```typescript
-// In your error handling policy
-if (context.response.status >= 500 && context.custom.isCanary) {
-  // Retry with production backend
-  context.route.url = environment.API_URL_PRODUCTION;
-  return context.retry();
+// modules/canary-fallback-handler.ts
+import { ZuploContext, ZuploRequest, environment } from "@zuplo/runtime";
+
+export default async function handler(
+  request: ZuploRequest,
+  context: ZuploContext,
+) {
+  const url = new URL(request.url);
+  const backendUrl = context.custom.backendUrl;
+  const target = `${backendUrl}${url.pathname}${url.search}`;
+
+  // Buffer the body so the request can be retried
+  const body = request.body ? await request.arrayBuffer() : undefined;
+
+  const response = await fetch(target, {
+    method: request.method,
+    headers: request.headers,
+    body,
+  });
+
+  // Retry against production if the canary backend returns a server error
+  if (backendUrl === environment.API_URL_CANARY && response.status >= 500) {
+    context.log.warn("Canary backend failed, falling back to production", {
+      status: response.status,
+    });
+    const fallbackBase = environment.API_URL_PRODUCTION;
+    return fetch(`${fallbackBase}${url.pathname}${url.search}`, {
+      method: request.method,
+      headers: request.headers,
+      body,
+    });
+  }
+
+  return response;
 }
 ```
 

package/docs/guides/modify-openapi-paths.mdx

@@ -106,8 +106,8 @@ You can generate multiple versions as part of your build process:
 ```json title="package.json"
 {
   "scripts": {
-    "build:api:v1": "npx tsx add-path-prefix.ts /v1 openapi.json dist/openapi-v1.json",
-    "build:api:v2": "npx tsx add-path-prefix.ts /v2 openapi.json dist/openapi-v2.json",
+    "build:api:v1": "node add-path-prefix.mjs /v1 openapi.json dist/openapi-v1.json",
+    "build:api:v2": "node add-path-prefix.mjs /v2 openapi.json dist/openapi-v2.json",
     "build:api:all": "npm run build:api:v1 && npm run build:api:v2"
   }
 }
@@ -128,7 +128,7 @@ mkdir -p $OUTPUT_DIR
 for prefix in "${PREFIXES[@]}"; do
   echo "Building with prefix: /$prefix"
 
-  npx tsx add-path-prefix.ts \
+  node add-path-prefix.mjs \
     "/$prefix" \
     "$BASE_FILE" \
     "$OUTPUT_DIR/openapi-$prefix.json"

package/docs/handlers/legacy-dev-portal-handler.mdx

@@ -35,7 +35,7 @@ as it provides better performance and usability.
     "title": "Dev Portal Redirect"
   },
   "paths": {
-    "/docs{(.*)}": {
+    "/docs(.*)": {
       "x-zuplo-path": {
         "pathMode": "url-pattern"
       },

package/docs/handlers/mcp-server.mdx

@@ -35,14 +35,15 @@ Open the **Route Designer** by navigating to the **Code** tab, then click
 **routes.oas.json**. For any route definition, select **MCP Server** from the
 **Request Handlers** drop-down. Set the method to **POST**.
 
-Configure the handler with the following required options:
+Configure the handler with the following options:
 
-- **Server Name** - The name of the MCP server. AI MCP clients will read this
-  name when they initialize with the server.
-- **Server Version** - The version of your MCP server. AI MCP clients read this
-  version when they initialize with the server and may make autonomous decisions
-  based on the versioning of your MCP server and the instructions they've been
-  given.
+- **Server Name** (optional) - The name of the MCP server. AI MCP clients will
+  read this name when they initialize with the server. If not set, the server
+  advertises the default name `Zuplo MCP Server`.
+- **Server Version** (optional) - The version of your MCP server. AI MCP clients
+  read this version when they initialize with the server and may make autonomous
+  decisions based on the versioning of your MCP server and the instructions
+  they've been given. If not set, the version defaults to `0.0.0`.
 
 Next, configure your routes to be transformed into MCP tools or prompts (see
 Configuration section below).
@@ -65,7 +66,7 @@ with the following route configuration:
         "handler": {
 
           // The MCP Server Handler handler
-          // and required options
+          // and example options
 
           "export": "mcpServerHandler",
           "module": "$import(@zuplo/runtime)",
@@ -86,10 +87,11 @@ with the following route configuration:
 
 ## Configuration
 
-The MCP Server handler requires the following configurations:
+The MCP Server handler supports the following configuration options:
 
-- `name` (optional) - The name identifier of the MCP server.
-- `version` (optional) - The version of the MCP server.
+- `name` (optional, default `Zuplo MCP Server`) - The name identifier of the MCP
+  server.
+- `version` (optional, default `0.0.0`) - The version of the MCP server.
 - `debugMode` (optional, default `false`) - Verbose logs on server startup,
   initialization, tool listing, and tool calls. NOT recommended for production
   environments.

package/docs/handlers/url-forward.mdx

@@ -53,6 +53,8 @@ The following objects are available for substitution:
   `params.productId` would be the value of `:productId` in a route.
 - `query: Record<string, string>` - The query parameters of the route. For
   example, `query.filterBy` would be the value of `?filterBy=VALUE`.
+- `method: string` - The HTTP method of the incoming request. For example, `GET`
+  or `POST`.
 - `headers: Headers` - the incoming request's
   [headers object](https://developer.mozilla.org/en-US/docs/Web/API/Headers)
 - `url: string` - The full incoming request as a string
@@ -62,6 +64,9 @@ The following objects are available for substitution:
 - `hostname: string` - The
   [`hostname`](https://developer.mozilla.org/en-US/docs/Web/API/URL/hostname)
   portion of the incoming URL
+- `origin: string` - The
+  [`origin`](https://developer.mozilla.org/en-US/docs/Web/API/URL/origin)
+  portion of the incoming URL
 - `pathname: string` - The
   [`pathname`](https://developer.mozilla.org/en-US/docs/Web/API/URL/pathname)
   portion of the incoming URL
@@ -93,7 +98,6 @@ A few examples of the values of various substitutions.
 - `${params.productId}` - `":productId"`
 - `${pathname}` - `"/v1/products/:productId"`
 - `${port}` - `"8080"`
-- `${protocol}` - `"https:"`
 - `${query.category}` - `"cars"`
 - `${search}` - `"?category=cars"`
 - `${url}` - `"https://example.com:8080/v1/products/:productId?category=cars"`

package/docs/handlers/url-rewrite.mdx

@@ -43,6 +43,8 @@ The following objects are available for substitution:
   `params.productId` would be the value of `:productId` in a route.
 - `query: Record<string, string>` - The query parameters of the route. For
   example, `query.filterBy` would be the value of `?filterBy=VALUE`.
+- `method: string` - The HTTP method of the incoming request. For example, `GET`
+  or `POST`.
 - `headers: Headers` - the incoming request's
   [headers object](https://developer.mozilla.org/en-US/docs/Web/API/Headers)
 - `url: string` - The full incoming request as a string
@@ -52,6 +54,9 @@ The following objects are available for substitution:
 - `hostname: string` - The
   [`hostname`](https://developer.mozilla.org/en-US/docs/Web/API/URL/hostname)
   portion of the incoming URL
+- `origin: string` - The
+  [`origin`](https://developer.mozilla.org/en-US/docs/Web/API/URL/origin)
+  portion of the incoming URL
 - `pathname: string` - The
   [`pathname`](https://developer.mozilla.org/en-US/docs/Web/API/URL/pathname)
   portion of the incoming URL
@@ -83,7 +88,6 @@ A few examples of the values of various substitutions.
 - `${params.productId}` - `":productId"`
 - `${pathname}` - `"/v1/products/:productId"`
 - `${port}` - `"8080"`
-- `${protocol}` - `"https:"`
 - `${query.category}` - `"cars"`
 - `${search}` - `"?category=cars"`
 - `${url}` - `"https://example.com:8080/v1/products/:productId?category=cars"`
@@ -132,7 +136,8 @@ use-cases.
   - Type: `string`
   - Supports JavaScript template interpolation with request context
   - Available variables: `env`, `request`, `context`, `params`, `query`,
-    `headers`, `url`, `host`, `hostname`, `pathname`, `port`, `search`
+    `method`, `headers`, `url`, `host`, `hostname`, `origin`, `pathname`,
+    `port`, `search`
   - Example: `"https://api-${params.version}.example.com/users/${params.id}"`
 
 - **`forwardSearch`** (optional): Controls whether query parameters are

package/docs/handlers/websocket-handler.mdx

@@ -84,6 +84,8 @@ The following objects are available for substitution:
   `params.productId` would be the value of `:productId` in a route.
 - `query: Record<string, string>` - The query parameters of the route. For
   example, `query.filterBy` would be the value of `?filterBy=VALUE`.
+- `method: string` - The HTTP method of the incoming request. For example, `GET`
+  or `POST`.
 - `headers: Headers` - the incoming request's
   [headers object](https://developer.mozilla.org/en-US/docs/Web/API/Headers)
 - `url: string` - The full incoming request as a string
@@ -93,6 +95,9 @@ The following objects are available for substitution:
 - `hostname: string` - The
   [`hostname`](https://developer.mozilla.org/en-US/docs/Web/API/URL/hostname)
   portion of the incoming URL
+- `origin: string` - The
+  [`origin`](https://developer.mozilla.org/en-US/docs/Web/API/URL/origin)
+  portion of the incoming URL
 - `pathname: string` - The
   [`pathname`](https://developer.mozilla.org/en-US/docs/Web/API/URL/pathname)
   portion of the incoming URL
@@ -124,7 +129,6 @@ A few examples of the values of various substitutions.
 - `${params.productId}` - `":productId"`
 - `${pathname}` - `"/v1/products/:productId"`
 - `${port}` - `"8080"`
-- `${protocol}` - `"https:"`
 - `${query.category}` - `"cars"`
 - `${search}` - `"?category=cars"`
 - `${url}` - `"https://example.com:8080/v1/products/:productId?category=cars"`

package/docs/mcp-gateway/observability/logging.mdx

@@ -141,33 +141,40 @@ structured entries described above with their `event` field preserved.
 Registering both plugins is a small addition to `modules/zuplo.runtime.ts`:
 
 ```ts title="modules/zuplo.runtime.ts"
-import { RuntimeExtensions } from "@zuplo/runtime";
+import { OpenTelemetryPlugin } from "@zuplo/otel";
+import { environment, RuntimeExtensions } from "@zuplo/runtime";
 import { McpGatewayPlugin } from "@zuplo/runtime/mcp-gateway";
-import { OpenTelemetryPlugin } from "@zuplo/runtime";
 
 export function runtimeInit(runtime: RuntimeExtensions) {
   runtime.addPlugin(new McpGatewayPlugin());
   runtime.addPlugin(
     new OpenTelemetryPlugin({
-      url: process.env.OTLP_TRACES_ENDPOINT,
-      logUrl: process.env.OTLP_LOGS_ENDPOINT,
-      authorization: process.env.OTLP_AUTHORIZATION,
+      traceUrl: environment.OTLP_TRACES_ENDPOINT,
+      logUrl: environment.OTLP_LOGS_ENDPOINT,
+      headers: {
+        Authorization: environment.OTLP_AUTHORIZATION,
+      },
+      service: {
+        name: "mcp-gateway",
+      },
     }),
   );
 }
 ```
 
-Grafana Cloud is one common destination — define the endpoint and credentials in
-`.env`:
+Logs are only exported when `logUrl` is set alongside `traceUrl` — configuring
+only `exporter.url` exports traces alone. Grafana Cloud is one common
+destination — define the endpoints and credentials as
+[environment variables](../../articles/environment-variables.mdx):
 
 ```bash
-GRAFANA_OTLP_ENDPOINT=https://otlp-gateway-prod-<region>.grafana.net/otlp
-GRAFANA_OTLP_INSTANCE_ID=<instance-id>
-GRAFANA_OTLP_API_TOKEN=glc_<token>
+OTLP_TRACES_ENDPOINT=https://otlp-gateway-prod-<region>.grafana.net/otlp/v1/traces
+OTLP_LOGS_ENDPOINT=https://otlp-gateway-prod-<region>.grafana.net/otlp/v1/logs
+OTLP_AUTHORIZATION=Basic <base64 of instance-id:api-token>
 ```
 
-Use the base OTLP endpoint that ends in `/otlp` — the runtime appends
-`/v1/traces` and `/v1/logs` itself. Other OTLP-compatible destinations
+The plugin sends OTLP data to the configured URLs exactly as given, so include
+the full `/v1/traces` and `/v1/logs` paths. Other OTLP-compatible destinations
 (Honeycomb, Dynatrace, New Relic, Tempo, self-hosted Jaeger) work the same way;
 substitute the endpoint and credential headers.
 

package/docs/mcp-server/resources.mdx

@@ -191,27 +191,36 @@ Response:
   "result": {
     "resources": [
       {
-        "name": "html",
-        "uri": "mcp://resources/html",
-        "title": "html",
-        "description": "Returns the AI applet's HTML",
-        "mimeType": "text/plain"
+        "name": "html_doc",
+        "uri": "ui://html",
+        "title": "html_doc",
+        "description": "The HTML document for the AI applet",
+        "mimeType": "text/html"
       },
       {
-        "name": "css_doc",
-        "uri": "ui://css",
-        "title": "css_doc",
-        "description": "The CSS resource",
-        "mimeType": "text/css"
+        "name": "css",
+        "uri": "mcp://resources/css",
+        "title": "css",
+        "description": "Returns the AI applet's CSS",
+        "mimeType": "text/plain"
       }
     ]
   }
 }
 ```
 
+The `html_doc` resource uses the custom `name`, `uri`, `description`, and
+`mimeType` from the route configuration shown earlier. The `css` resource sets
+only `"mcp": { "type": "resource" }`, so the defaults apply: the name comes from
+the `operationId`, the URI defaults to `mcp://resources/{name}`, the description
+falls back to the operation's `description`, and the MIME type defaults to
+`text/plain`.
+
 ### Read a Resource
 
-Use the MCP `resources/read` method to read a resource by its URI:
+Use the MCP `resources/read` method to read a resource by its URI. Resources
+configured without a custom `uri` use the default `mcp://resources/{name}`
+format:
 
 ```bash
 curl https://my-gateway.zuplo.dev/mcp \
@@ -222,7 +231,7 @@ curl https://my-gateway.zuplo.dev/mcp \
     "id": "0",
     "method": "resources/read",
     "params": {
-      "uri": "mcp://resources/html"
+      "uri": "mcp://resources/css"
     }
   }'
 ```
@@ -236,9 +245,9 @@ Response:
   "result": {
     "contents": [
       {
-        "uri": "mcp://resources/html",
+        "uri": "mcp://resources/css",
         "mimeType": "text/plain",
-        "text": "<div id=\"my-ai-applet\"></div>"
+        "text": "div { color: blue; }"
       }
     ]
   }
@@ -247,6 +256,9 @@ Response:
 
 ### Read a Resource with Custom URI
 
+Resources configured with a custom `uri`, like the `html_doc` resource above,
+are read using that URI:
+
 ```bash
 curl https://my-gateway.zuplo.dev/mcp \
   -X POST \
@@ -256,7 +268,7 @@ curl https://my-gateway.zuplo.dev/mcp \
     "id": "0",
     "method": "resources/read",
     "params": {
-      "uri": "ui://css"
+      "uri": "ui://html"
     }
   }'
 ```

package/docs/mcp-server/testing.mdx

@@ -3,8 +3,6 @@ title: MCP Server Testing
 sidebar_label: Testing
 ---
 
-# Testing Tools
-
 ## Using MCP Inspector
 
 The [MCP Inspector](https://github.com/modelcontextprotocol/inspector) is ideal

package/docs/policies/archive-request-azure-storage-inbound/doc.md

@@ -20,7 +20,7 @@ can generate one of these on the `Shared access tokens` tab.
 Note, you should minimize the permissions - and select only the `Create`
 permission. Choose a sensible start and expiration time for your token. Note, we
 don't recommend restricting IP addresses because Zuplo runs at the edge in over
-200 data-centers world-wide.
+300 data centers worldwide.
 
 ![Permissions](../../public/media/guides/archiving-requests-to-storage/Untitled_1.png)
 

package/docs/policies/archive-response-azure-storage-outbound/doc.md

@@ -20,7 +20,7 @@ can generate one of these on the `Shared access tokens` tab.
 Note, you should minimize the permissions - and select only the `Create`
 permission. Choose a sensible start and expiration time for your token. Note, we
 don't recommend restricting IP addresses because Zuplo runs at the edge in over
-200 data-centers world-wide.
+300 data centers worldwide.
 
 ![Create permission](../../public/media/guides/archiving-requests-to-storage/Untitled_1.png)
 

package/docs/policies/ip-restriction-inbound/policy.ts

@@ -29,7 +29,7 @@ export default async function (
   // If the blocked IP addresses are set, then the incoming IP
   // can't be in that list
   if (options.blockedIpAddresses) {
-    const blocked = ipRangeCheck(ip, options.allowedIpAddresses);
+    const blocked = ipRangeCheck(ip, options.blockedIpAddresses);
     if (blocked) {
       return HttpProblems.unauthorized(request, context);
     }

package/docs/programmable-api/http-problems.mdx

@@ -116,24 +116,6 @@ return HttpProblems.unauthorized(
 );
 ```
 
-## HttpStatusCode Enum
-
-The `HttpStatusCode` enum provides numeric constants for all HTTP status codes:
-
-```typescript
-import { HttpStatusCode } from "@zuplo/runtime";
-
-// Use in responses
-return new Response("Created", {
-  status: HttpStatusCode.Created, // 201
-});
-
-// Use in comparisons
-if (response.status === HttpStatusCode.NotFound) {
-  // Handle 404
-}
-```
-
 ## See Also
 
 - [ProblemResponseFormatter](./problem-response-formatter.mdx)