zuplo 6.70.71 → 6.71.0

package/docs/articles/securing-your-backend.mdx

@@ -29,8 +29,12 @@ Open the **Settings** section of your project and select **Environment
 Variables**. Create a new variable and name it `BACKEND_SECRET`. Set the value
 to a secure, random value. Ensure that the value is marked as a secret.
 
+<ModalScreenshot>
+
 ![Set Environment Variable](../../public/media/securing-backend-shared-secret/image.png)
 
+</ModalScreenshot>
+
 ### Step 2: Create a set header policy
 
 Create a policy that sets the `BACKEND_SECRET` as a header on the request to
@@ -40,8 +44,12 @@ is sent to your backend.
 Navigate to the route you want to secure and add a new policy. Select the **Add
 or Set Request Headers** policy type and configure it as follows:
 
+<ModalScreenshot>
+
 ![Set Header Policy](../../public/media/securing-backend-shared-secret/image-1.png)
 
+</ModalScreenshot>
+
 The configuration uses the environment variable via the `$env(BACKEND_SECRET)`
 selector as shown below.
 
@@ -98,10 +106,10 @@ interested in using this option please contact us at `support@zuplo.com`.
 Utilize the IAM controls provided by your Cloud host to secure inbound requests
 and allow only authorized service principals access to your service.
 
-- For Azure users, you can user our
+- For Azure users, you can use the
   [Upstream Azure AD Service Auth](../policies/upstream-azure-ad-service-auth-inbound.mdx)
-  policy. This uses Azure AD App registrations to create a token that Zuplo will
-  send to requests to Azure.
+  policy. This uses Microsoft Entra ID (formerly Azure AD) App registrations to
+  create a token that Zuplo sends with requests to Azure.
 
 - For GCP users, you can use our
   [Upstream GCP Service AUth](../policies/upstream-gcp-service-auth-inbound.mdx)

package/docs/articles/source-control-setup-github.mdx

@@ -130,8 +130,12 @@ If you have an existing GitHub repository that contains a Zuplo project, you can
 connect to that repository when you create a new project. Select **Import
 existing project** then select your GitHub organization and repository.
 
+<ModalScreenshot>
+
 ![Import existing project to Zuplo](../../public/media/source-control/image-1.png)
 
+</ModalScreenshot>
+
 ## What's Included
 
 With GitHub connected, you get:

package/docs/articles/troubleshooting-slow-responses.mdx

@@ -226,8 +226,8 @@ period of inactivity is slow. Subsequent requests are fast.
 
 ### Analytics Dashboard
 
-Zuplo's analytics dashboard provides at-a-glance visibility into your API's
-performance. Use it to:
+Zuplo's analytics dashboard, in the **Observability** tab of your project,
+provides at-a-glance visibility into your API's performance. Use it to:
 
 - Identify slow endpoints by reviewing request latency data
 - Filter by route, API key, or time period to isolate patterns

package/docs/articles/troubleshooting.md

@@ -177,9 +177,9 @@ const response = await fetch("https://api.example.com/data", {
 ### Portal live logs
 
 The Zuplo Portal provides real-time log viewing for deployed environments. Open
-the [**Environments**](https://portal.zuplo.com/+/account/project/environments)
-tab in your project, select the deployed environment, and open the logs tab to
-see live request logs and any messages logged with `context.log`.
+the **Observability** tab in your project — the **Logs** view opens by default —
+then use the **Environment** filter to select the deployed environment and see
+live request logs and any messages logged with `context.log`.
 
 ### Using context.log
 

package/docs/dedicated/akamai/architecture.mdx

@@ -229,7 +229,7 @@ Zuplo and your backend services. For complete documentation, see
 | **Shared Secret / API Key** | Add a secret header to requests that only the gateway knows. Simple to implement and widely used by companies like Stripe and Supabase.            |
 | **Zuplo JWT Service**       | Issue signed JWTs that your backend validates using Zuplo's JWKS endpoint. Provides cryptographic proof that requests originate from your gateway. |
 | **mTLS (Mutual TLS)**       | Certificate-based authentication where both gateway and backend present certificates. Provides zero-trust security for enterprise requirements.    |
-| **Cloud Provider IAM**      | Use AWS IAM, GCP Identity-Aware Proxy, or Azure AD to authorize requests. No credentials to manage - uses federated identity.                      |
+| **Cloud Provider IAM**      | Use AWS IAM, GCP Identity-Aware Proxy, or Microsoft Entra ID to authorize requests. No credentials to manage - uses federated identity.            |
 | **Secure Tunnel (VPN)**     | WireGuard-based tunnel for backends that can't be exposed to the internet. Useful for on-premise or bare-metal deployments.                        |
 | **Private Network**         | VPC peering, PrivateLink, or Transit Gateway for private connectivity without traversing the public internet.                                      |
 
@@ -238,14 +238,14 @@ Zuplo and your backend services. For complete documentation, see
 While most authentication methods work anywhere, some approaches are better
 suited for specific scenarios:
 
-| Backend Location             | Recommended Methods                               | Notes                                                                       |
-| ---------------------------- | ------------------------------------------------- | --------------------------------------------------------------------------- |
-| **Akamai Connected Cloud**   | Shared secret, Zuplo JWT, mTLS                    | All methods work well; choose based on your security requirements           |
-| **AWS**                      | AWS IAM (federated identity), mTLS, shared secret | IAM provides credential-free auth; works with Lambda, API Gateway, ECS, EKS |
-| **GCP**                      | GCP Identity-Aware Proxy, GCP Service Auth, mTLS  | IAP provides zero-trust access to Cloud Run, GKE, and Compute Engine        |
-| **Azure**                    | Azure AD Service Auth, mTLS, shared secret        | Azure AD integrates with App Service, Functions, and AKS                    |
-| **On-Premise / Data Center** | Secure tunnel, mTLS, shared secret                | Tunnel allows private connectivity; mTLS provides strong authentication     |
-| **Third-Party APIs**         | Shared secret, API keys, mTLS                     | Use whatever the third-party API supports                                   |
+| Backend Location             | Recommended Methods                                  | Notes                                                                       |
+| ---------------------------- | ---------------------------------------------------- | --------------------------------------------------------------------------- |
+| **Akamai Connected Cloud**   | Shared secret, Zuplo JWT, mTLS                       | All methods work well; choose based on your security requirements           |
+| **AWS**                      | AWS IAM (federated identity), mTLS, shared secret    | IAM provides credential-free auth; works with Lambda, API Gateway, ECS, EKS |
+| **GCP**                      | GCP Identity-Aware Proxy, GCP Service Auth, mTLS     | IAP provides zero-trust access to Cloud Run, GKE, and Compute Engine        |
+| **Azure**                    | Microsoft Entra ID Service Auth, mTLS, shared secret | Microsoft Entra ID integrates with App Service, Functions, and AKS          |
+| **On-Premise / Data Center** | Secure tunnel, mTLS, shared secret                   | Tunnel allows private connectivity; mTLS provides strong authentication     |
+| **Third-Party APIs**         | Shared secret, API keys, mTLS                        | Use whatever the third-party API supports                                   |
 
 ### Choosing an authentication method
 

package/docs/dev-portal/zudoku/components/browser-window.mdx

@@ -0,0 +1,94 @@
+---
+title: Browser Window
+sidebar_icon: app-window
+---
+
+import { BrowserWindow } from "zudoku/components";
+import { Button } from "zudoku/ui/Button";
+
+A mock browser window for presenting UI previews, screenshots-as-code, or full page layouts in your
+documentation. It renders its children inside a browser-style frame with a URL bar and an optional
+zoom control — the current scale is displayed like in a real browser and readers can zoom in and out
+themselves.
+
+## Import
+
+```tsx
+import { BrowserWindow } from "zudoku/components";
+```
+
+## Usage
+
+<BrowserWindow>
+  <div className="flex flex-col items-center gap-3 p-10 text-center">
+    <span className="text-2xl font-bold">Hello, world!</span>
+    <p className="text-muted-foreground">Any content renders inside the browser frame.</p>
+    <Button>Get started</Button>
+  </div>
+</BrowserWindow>
+
+```tsx
+<BrowserWindow>
+  <div className="flex flex-col items-center gap-3 p-10 text-center">
+    <span className="text-2xl font-bold">Hello, world!</span>
+    <p className="text-muted-foreground">Any content renders inside the browser frame.</p>
+    <Button>Get started</Button>
+  </div>
+</BrowserWindow>
+```
+
+## Scale
+
+Use the `scale` prop to set the initial zoom of the content. This is useful for presenting
+full-width layouts, like a landing page, at a reduced size. Passing a `scale` enables the zoom
+control in the toolbar showing the current scale — readers can change it with the `+`/`-` buttons or
+click the percentage to reset it, just like in a real browser. Without a `scale`, the zoom control
+is hidden and the content renders at full size (pass `scale={1}` to start at 100% with the control
+enabled).
+
+<BrowserWindow scale={0.5}>
+  <div className="flex flex-col items-center gap-3 p-10 text-center">
+    <span className="text-4xl font-bold">Scaled to 50%</span>
+    <p className="text-muted-foreground">
+      The content is laid out at full width and scaled down to fit.
+    </p>
+  </div>
+</BrowserWindow>
+
+```tsx
+<BrowserWindow scale={0.5}>
+  <div className="flex flex-col items-center gap-3 p-10 text-center">
+    <span className="text-4xl font-bold">Scaled to 50%</span>
+    <p className="text-muted-foreground">
+      The content is laid out at full width and scaled down to fit.
+    </p>
+  </div>
+</BrowserWindow>
+```
+
+Scaling affects layout, not just size: at `scale={0.5}` the content is laid out at twice the
+container width and scaled down, so responsive layouts behave as if viewed on a larger screen.
+
+## URL
+
+Set the `url` prop to change the address shown in the URL bar (defaults to `localhost:3000`):
+
+<BrowserWindow url="https://developers.example.com">
+  <p className="p-10 text-center text-muted-foreground">Your developer portal</p>
+</BrowserWindow>
+
+```tsx
+<BrowserWindow url="https://developers.example.com">
+  <p className="p-10 text-center text-muted-foreground">Your developer portal</p>
+</BrowserWindow>
+```
+
+## Props
+
+| Prop               | Type        | Description                                                                                                                                      |
+| ------------------ | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `url`              | `string`    | Address displayed in the URL bar. Defaults to `localhost:3000`.                                                                                  |
+| `scale`            | `number`    | Initial zoom of the content (e.g. `0.75` for 75%). Enables the zoom control; if omitted, the control is hidden and content renders at full size. |
+| `className`        | `string`    | Additional classes for the outer frame.                                                                                                          |
+| `contentClassName` | `string`    | Additional classes for the content viewport.                                                                                                     |
+| `children`         | `ReactNode` | The content rendered inside the browser window.                                                                                                  |

package/docs/dev-portal/zudoku/components/landing-page.mdx

@@ -0,0 +1,283 @@
+---
+title: Landing Page
+sidebar_icon: layout-template
+---
+
+import { BrowserWindow, LandingPage } from "zudoku/components";
+import { BookOpenIcon, CodeIcon, KeyIcon, RocketIcon, WebhookIcon, ZapIcon } from "zudoku/icons";
+
+A ready-made, customizable landing page for your developer portal. It comes in three variants
+covering the most common layouts: a centered hero, a two-column split hero, and a compact
+documentation hub.
+
+Use it as the `element` of a [custom page](/dev-portal/zudoku/custom-pages) — typically your home page:
+
+```tsx title=zudoku.config.tsx
+import { LandingPage } from "zudoku/components";
+
+const config = {
+  navigation: [
+    {
+      type: "custom-page",
+      path: "/",
+      element: (
+        <LandingPage
+          title="Build with our API"
+          description="Everything you need to integrate in minutes."
+          actions={[
+            { label: "Get started", href: "/getting-started" },
+            { label: "API Reference", href: "/api" },
+          ]}
+        />
+      ),
+    },
+    // ...
+  ],
+};
+```
+
+## Import
+
+```tsx
+import { LandingPage } from "zudoku/components";
+```
+
+## Variants
+
+### Hero (default)
+
+A centered hero with call-to-action buttons and an optional feature grid below. The classic landing
+page for product-focused portals. The previews on this page are presented in a
+[Browser Window](./browser-window) component.
+
+<BrowserWindow url="https://developers.example.com" scale={0.75} contentClassName="px-8">
+  <LandingPage
+    eyebrow="Developer Platform"
+    title="Build with our API"
+    description="Everything you need to integrate payments, webhooks, and more — in minutes, not days."
+    actions={[
+      { label: "Get started", href: "/docs/getting-started" },
+      { label: "API Reference", href: "/docs", variant: "outline" },
+    ]}
+    features={[
+      {
+        icon: <ZapIcon />,
+        title: "Fast integration",
+        description: "Go from zero to your first API call in under five minutes.",
+      },
+      {
+        icon: <KeyIcon />,
+        title: "API keys built in",
+        description: "Issue, rotate, and revoke keys right from the portal.",
+      },
+      {
+        icon: <WebhookIcon />,
+        title: "Webhooks",
+        description: "Subscribe to events and react to changes in real time.",
+      },
+    ]}
+  />
+</BrowserWindow>
+
+```tsx
+<LandingPage
+  eyebrow="Developer Platform"
+  title="Build with our API"
+  description="Everything you need to integrate payments, webhooks, and more — in minutes, not days."
+  actions={[
+    { label: "Get started", href: "/getting-started" },
+    { label: "API Reference", href: "/api", variant: "outline" },
+  ]}
+  features={[
+    {
+      icon: <ZapIcon />,
+      title: "Fast integration",
+      description: "Go from zero to your first API call in under five minutes.",
+    },
+    {
+      icon: <KeyIcon />,
+      title: "API keys built in",
+      description: "Issue, rotate, and revoke keys right from the portal.",
+    },
+    {
+      icon: <WebhookIcon />,
+      title: "Webhooks",
+      description: "Subscribe to events and react to changes in real time.",
+    },
+  ]}
+/>
+```
+
+### Split
+
+A two-column hero with your own content on the side — an illustration, screenshot, or code sample
+passed via the `aside` prop. A great fit for developer-oriented portals that want to show code up
+front.
+
+<BrowserWindow url="https://shipping.example.com" scale={0.75} contentClassName="px-8">
+  <LandingPage
+    variant="split"
+    eyebrow="Shipping API"
+    title="Ship anywhere in the whole universe"
+    description="Create and manage shipments, track packages in real-time, and integrate with multiple carriers through a single interface."
+    actions={[
+      { label: "Get started", href: "/docs/getting-started" },
+      { label: "View on GitHub", href: "https://github.com/zuplo/zudoku", variant: "outline" },
+    ]}
+    aside={
+      <div className="rounded-xl border bg-card p-4 font-mono text-sm">
+        <pre>{`curl https://api.example.com/v1/shipments \\
+  -H "Authorization: Bearer $API_KEY" \\
+  -d destination="alpha-centauri"`}</pre>
+      </div>
+    }
+  />
+</BrowserWindow>
+
+```tsx
+<LandingPage
+  variant="split"
+  eyebrow="Shipping API"
+  title="Ship anywhere in the whole universe"
+  description="Create and manage shipments, track packages in real-time, and integrate with multiple carriers through a single interface."
+  actions={[
+    { label: "Get started", href: "/getting-started" },
+    {
+      label: "View on GitHub",
+      href: "https://github.com/zuplo/zudoku",
+      variant: "outline",
+    },
+  ]}
+  aside={
+    <div className="rounded-xl border bg-card p-4 font-mono text-sm">
+      <pre>{`curl https://api.example.com/v1/shipments \\
+  -H "Authorization: Bearer $API_KEY" \\
+  -d destination="alpha-centauri"`}</pre>
+    </div>
+  }
+/>
+```
+
+The `aside` accepts any React node — use an `<img />` for an illustration instead of code:
+
+```tsx
+<LandingPage
+  variant="split"
+  title="Ship anywhere"
+  aside={<img src="/hero.webp" alt="Hero" className="rounded-3xl" />}
+/>
+```
+
+### Grid
+
+A compact header followed by prominent, clickable feature cards. Ideal as a documentation hub that
+routes visitors to the right section quickly.
+
+<BrowserWindow url="https://developers.example.com/docs" scale={0.75} contentClassName="px-8">
+  <LandingPage
+    variant="grid"
+    title="Documentation"
+    description="Explore guides, API references, and examples to get the most out of the platform."
+    features={[
+      {
+        icon: <RocketIcon />,
+        title: "Getting Started",
+        description: "Set up your account and make your first request.",
+        href: "/docs/getting-started",
+      },
+      {
+        icon: <BookOpenIcon />,
+        title: "Guides",
+        description: "Step-by-step tutorials for common use cases.",
+        href: "/docs",
+      },
+      {
+        icon: <CodeIcon />,
+        title: "API Reference",
+        description: "Complete reference for every endpoint and type.",
+        href: "/docs",
+      },
+      {
+        icon: <WebhookIcon />,
+        title: "Webhooks",
+        description: "Listen to events and build real-time integrations.",
+        href: "/docs",
+      },
+    ]}
+  />
+</BrowserWindow>
+
+```tsx
+<LandingPage
+  variant="grid"
+  title="Documentation"
+  description="Explore guides, API references, and examples to get the most out of the platform."
+  features={[
+    {
+      icon: <RocketIcon />,
+      title: "Getting Started",
+      description: "Set up your account and make your first request.",
+      href: "/getting-started",
+    },
+    {
+      icon: <BookOpenIcon />,
+      title: "Guides",
+      description: "Step-by-step tutorials for common use cases.",
+      href: "/guides",
+    },
+    {
+      icon: <CodeIcon />,
+      title: "API Reference",
+      description: "Complete reference for every endpoint and type.",
+      href: "/api",
+    },
+    {
+      icon: <WebhookIcon />,
+      title: "Webhooks",
+      description: "Listen to events and build real-time integrations.",
+      href: "/webhooks",
+    },
+  ]}
+/>
+```
+
+## Props
+
+| Prop          | Type                          | Description                                                                                      |
+| ------------- | ----------------------------- | ------------------------------------------------------------------------------------------------ |
+| `variant`     | `"hero" \| "split" \| "grid"` | Layout variant. Defaults to `"hero"`.                                                            |
+| `title`       | `ReactNode`                   | Main headline. Required.                                                                         |
+| `eyebrow`     | `ReactNode`                   | Short label displayed above the title.                                                           |
+| `description` | `ReactNode`                   | Supporting text below the title.                                                                 |
+| `actions`     | `LandingPageAction[]`         | Call-to-action buttons. Each action has `label`, `href`, and an optional Button `variant`.       |
+| `features`    | `LandingPageFeature[]`        | Feature cards with optional `icon`, `title`, `description`, and `href` (making the card a link). |
+| `aside`       | `ReactNode`                   | Side content for the `split` variant (image, code sample, …).                                    |
+| `children`    | `ReactNode`                   | Additional content rendered below the built-in sections.                                         |
+| `className`   | `string`                      | Additional classes for the outer `<section>`.                                                    |
+
+### Links
+
+`href` values in `actions` and `features` are rendered as client-side router links for internal
+paths (e.g. `/getting-started`) and as regular links opening in a new tab for external URLs (e.g.
+`https://github.com/...`).
+
+## Customization
+
+- **Buttons**: The first action defaults to the primary button style, all following actions to
+  `outline`. Override per action with `variant` (any [Button](/dev-portal/zudoku/components/button) variant).
+- **Rich titles**: `title`, `description`, and `eyebrow` accept any React node, so you can use
+  custom markup like highlighted words:
+  `title={<>Ship <span className="text-primary">faster</span></>}`.
+- **Extra sections**: Pass `children` to append your own sections (testimonials, pricing, …) below
+  the built-in layout.
+- **Page metadata**: Combine with the [Head](/dev-portal/zudoku/components/head) component to set the page title:
+
+```tsx
+import { Head, LandingPage } from "zudoku/components";
+
+<LandingPage title="Build with our API">
+  <Head>
+    <title>Home</title>
+  </Head>
+</LandingPage>;
+```

package/docs/handlers/system-handlers.mdx

@@ -5,7 +5,8 @@ sidebar_label: Internal Route Handlers
 
 The Zuplo Runtime automatically registers certain routes on your gateway to
 provide enhanced functionality. Requests to these routes may appear in your
-Analytics page. Below is a list of reserved routes:
+project's analytics under the **Observability** tab. Below is a list of reserved
+routes:
 
 | Name                    | Method  | Path                              | Description                                                 |
 | ----------------------- | ------- | --------------------------------- | ----------------------------------------------------------- |

package/docs/mcp-gateway/how-to/connect-upstream-api-key.mdx

@@ -48,7 +48,7 @@ Virtual Server**, with these choices:
 
 <ModalScreenshot size="md">
 
-![Outbound auth set to None with Remove auth token selected](../../public/media/mcp-gateway-upstream-api-key/01-outbound-auth-none.png)
+![Outbound auth set to None with Remove auth token selected](../../../public/media/mcp-gateway-upstream-api-key/01-outbound-auth-none.png)
 
 </ModalScreenshot>
 
@@ -85,7 +85,7 @@ set.
 
 <ModalScreenshot size="md">
 
-![The set-headers-inbound policy added to the end of the request policy stack](../../public/media/mcp-gateway-upstream-api-key/02-policy-stack.png)
+![The set-headers-inbound policy added to the end of the request policy stack](../../../public/media/mcp-gateway-upstream-api-key/02-policy-stack.png)
 
 </ModalScreenshot>
 

package/docs/mcp-gateway/observability/analytics.mdx

@@ -7,10 +7,11 @@ description:
 ---
 
 Every authenticated MCP request the Zuplo MCP Gateway handles produces a set of
-structured analytics events. The events power the MCP tab on the Zuplo Portal's
-**Analytics** page and feed the same data into Zuplo's standard log and metrics
-pipelines. This page explains why each event exists, the dimensions that scope
-the data, and the operational questions the dashboard exists to answer.
+structured analytics events. The events power the MCP section of the Zuplo
+Portal's **Observability → Analytics** view and feed the same data into Zuplo's
+standard log and metrics pipelines. This page explains why each event exists,
+the dimensions that scope the data, and the operational questions the dashboard
+exists to answer.
 
 ## What the analytics are for
 
@@ -125,15 +126,18 @@ A few panels carry detail worth calling out:
 
 ## Where to find it
 
-The MCP analytics dashboard is a tab on the Zuplo Portal's **Analytics** page.
-At the account scope,
-[Analytics → MCP](https://portal.zuplo.com/+/account/analytics) aggregates
-across every project on the account that has MCP routes. At the project scope,
-[Analytics → MCP](https://portal.zuplo.com/+/account/project/analytics) shows
-that project's events only.
-
-The MCP tab appears automatically once any MCP request has been recorded for the
-project. New projects show the empty state until the first MCP request lands.
+The MCP analytics dashboard is a section of the Analytics view inside the Zuplo
+Portal's **Observability** tab. At the account scope,
+[**Observability → Analytics → MCP**](https://portal.zuplo.com/+/account/observability/analytics/mcp)
+aggregates across every project on the account that has MCP routes. At the
+project scope, open your project, click **Observability**, then select
+**Analytics → MCP** to see
+[that project's events](https://portal.zuplo.com/+/account/project/analytics)
+only.
+
+The MCP section appears automatically once any MCP request has been recorded for
+the project. New projects show the empty state until the first MCP request
+lands.
 
 ## Reference: event types
 

package/docs/mcp-gateway/quickstart.mdx

@@ -251,9 +251,10 @@ result on your machine.
    tool, then returns results proxied through the gateway.
 
    Open the project's
-   [Analytics dashboard](https://portal.zuplo.com/+/account/project/analytics)
-   and switch to the **MCP** tab to see the call appear in the events timeline,
-   the success rate, the top capabilities table, and the user breakdown.
+   [**Observability → Analytics**](https://portal.zuplo.com/+/account/project/analytics)
+   view and select the **MCP** section to see the call appear in the events
+   timeline, the success rate, the top capabilities table, and the user
+   breakdown.
 
 </Stepper>
 

package/docs/mcp-gateway/troubleshooting.mdx

@@ -216,10 +216,10 @@ window where a stolen cookie is useful.
 
 ## Where to look when none of the above match
 
-- Open the project's **Logs** in the Portal and filter on the request's
-  `zuplo-request-id`. Gateway log entries include the relevant `operationId` and
-  `subjectId`.
-- Open the **Analytics** dashboard and switch to the **MCP** tab. The "Top
+- Open the project's **Observability → Logs** view in the Portal and filter on
+  the request's `zuplo-request-id`. Gateway log entries include the relevant
+  `operationId` and `subjectId`.
+- Open **Observability → Analytics** and select the **MCP** section. The "Top
   Reason Codes" and "Failure Origins" panels surface the highest-cardinality
   failure modes for the current time window.
 - For OAuth-specific issues, the

package/docs/policies/_index.md

@@ -43,6 +43,7 @@
 | formdata-to-json-inbound | Form Data to JSON | Converts form data in the incoming request to JSON. | api-gateway |
 | galileo-tracing-inbound | Galileo Tracing | Galileo Tracing Inbound Policy | ai-gateway |
 | geo-filter-inbound | Geo-location filtering | Block requests based on geo-location parameters: country, region code, and ASN | api-gateway |
+| graphql-analytics-outbound | GraphQL Analytics | Reports GraphQL errors returned in response bodies to Zuplo's GraphQL analytics. GraphQL servers following the standard Apollo / graphql-yoga pattern return `200 OK` with an `errors[]` array in the body when an operation fails, which HTTP-level analytics alone report as a success — add this policy to a GraphQL route and failed operations show up as failures on the GraphQL dashboard, classified by error type.  Each error in `errors[]` is classified from its `extensions.code` following the Apollo Server conventions (`GRAPHQL_PARSE_FAILED` → `syntax`, `GRAPHQL_VALIDATION_FAILED` → `validation`, `UNAUTHENTICATED` / `FORBIDDEN` → `auth`, timeout codes → `timeout`); custom codes can be mapped with `errorCodeClassification`, and anything unrecognized falls back to `defaultErrorClass` (`resolver`). Optionally set `logErrors` to also write a structured warning per errored response. Bodies larger than `maxResponseBytes` (default 5 MiB) are not inspected.  The response always passes through unchanged — the body is read from a clone, and any internal failure is swallowed so reporting can never break the request. The route must be marked `x-graphql: true` in `routes.oas.json` (which enables GraphQL analytics for the route); without the marker the policy logs a warning and does nothing. | api-gateway |
 | graphql-complexity-limit-inbound | GraphQL Complexity Limit | Policy that limits the complexity and depth of GraphQL queries to prevent abuse. Protects your GraphQL API from expensive queries that could cause performance issues or denial of service attacks. | api-gateway |
 | graphql-disable-introspection-inbound | GraphQL Disable Introspection | Policy that disables GraphQL introspection queries in production. Introspection allows clients to discover the schema, which can be a security risk as it exposes your entire API structure. | api-gateway |
 | graphql-introspection-filter-outbound | GraphQL Introspection Filter | Filters GraphQL introspection responses to exclude specific types and fields.  This policy intercepts GraphQL introspection query responses and removes configured types and fields from the schema. Useful for hiding internal types or sensitive fields from the public schema. | api-gateway |