Skip to main content
We follow SemVer on the /v1/* surface. Breaking changes are versioned and announced 90 days in advance. Subscribe to the RSS feed for automated notifications.

2026-05-12 — SDK 0.3.4 + MCP 0.3.4 + Galleries + plan-quota fix

Added — Galleries (the big one) A new top-level resource for named, ordered image collections. Carousels, lookbooks, product galleries, before/afters — anywhere you want a variable-length list of images instead of a single data-image-key slot.
  • REST: GET/POST /v1/galleries, GET/PATCH/DELETE /v1/galleries/{slug}. Slugs auto-derive from name with -2/-3/… on collision. items is a full-replace array of {url, alt?}, capped at 200.
  • SDK: nd.galleries.{list, get, create, update, delete} + types Gallery, GalleryItem, GalleryCreateInput, GalleryUpdateInput.
  • MCP: list_galleries, get_gallery, create_gallery, update_gallery, delete_gallery.
  • Beta Admin: top-level Galleries page with drag-to-reorder, MediaLibrary image picker, paste-URL fallback. Admins never see or type slugs.
  • New scopes: galleries:read / galleries:write (wildcards * and galleries:* already cover them).
Added — Destructive deletes on the rest of the catalogue The catalogue had one delete tool (delete_image); it now has four. All mirror existing REST endpoints; no API changes.
  • MCP: delete_content, delete_page (with force: true for hard delete), delete_component. SDK already had matching delete() methods.
Fixed — Hobby / Build / Scale plans hitting legacy quotas Tenants on the new credits-based plans (hobby, build, scale) were being checked against plan_posts_limit / plan_socials_limit — fields that only make sense for the legacy starter / creator plans. The new plans are gated only by credit balance; there is no monthly per-resource cap. A new Tenant::hasFlexibleQuota() helper short-circuits every limit check, promoted above the is_free_user branch so a tenant who upgraded from free trial → hobby with a stale is_free_user=true flag isn’t stuck on the trial path. config/subscriptions.php also gained explicit hobby / build / scale entries with flexible limits and commerce / booking enabled. Fixed — /admin/cms-images “Replace file” 422 The Beta Admin’s image-replace flow PUT-uploaded a multipart body, but PHP only populates $_FILES on POST, so the controller’s hasFile('file') check returned false and 422’d with missing_replacement_mode. The Vue page now sends POST with _method=PUT, which keeps the same backend handler while letting PHP parse the multipart body. Fixed — RFC 7807 error URLs type URLs in 4xx/5xx responses pointed at the old neural-draft.com domain. Now consistently https://neuraldraft.io/errors/{code}. Added — php artisan credits:topup command Replaces the tinker one-liner for admin credit adjustments. Supports additive (credits:topup 92 5000) and absolute (credits:topup 92 5000 --set). Both go through CreditService::adjust so a credit_transactions audit row with operation_type='admin_adjustment' is written.

2026-05-09 — SDK 0.3.0 + MCP 0.3.0 + central login workspace picker

Added (SDK @neuraldraft/sdk@0.3.0)
  • New NeuralDraftClient — single, well-typed entry point with resource namespaces (brand, content, components, blogPosts, pages, images, products, booking, jobs, projects).
  • nd.content.set(key, value, lang, { scope? }) replaces the older content.upsert shape. Charges 1 credit (content_update).
  • nd.content.get(key, { lang }) returns one value plus the all_locales map.
  • nd.pages.list({ page_size, type, is_active }), nd.pages.create({ ... meta_title, meta_description, og_image }) with top-level SEO meta fields (no nested metadata).
  • nd.blogPosts.create({ ... }) and nd.blogPosts.generateAi({ ... }) — flat shapes; the SDK adds the type: "manual" / type: "ai" discriminator for you. No more { ai: { ... } } wrapping.
  • nd.blogPosts.translate(id, [langs]) — async batch translate, returns a JobReference.
  • nd.images.upload(key, file, { filename? }) for direct multipart upload (Web File/Blob or Node Buffer). Charges 1 credit (image_register).
  • nd.booking.getWidget(tenantId, serviceId) — now takes two args. Read tenantId once from nd.projects.me().
  • nd.projects.usage() returns the current credit balance + per-operation breakdown for the period.
  • NeuralDraftClient.tenantsForEmail(email, { centralUrl? }) — STATIC helper for the central-login workspace picker. No API key required; always 200.
Added (MCP @neuraldraft/mcp@0.3.0)
  • New tools: get_brand, update_brand, get_content, list_content, get_usage, list_blog_posts, find_workspaces. See tools-and-resources for examples.
  • Env vars now use canonical NEURALDRAFT_* names (NEURALDRAFT_API_KEY, NEURALDRAFT_API_URL, NEURALDRAFT_PROJECT_ID, NEURALDRAFT_DISPLAY_NAME). The legacy NEURAL_DRAFT_* names still resolve as aliases for backwards compatibility.
Added (central login)
  • GET /central/api/tenants-for-email?email=… — returns every workspace a given email is registered against. Constant-time response; safe against enumeration. Powers a “Pick your workspace” dropdown on the central login form.
  • POST /central/api/login now accepts an optional tenant_id to disambiguate when an email is registered to multiple workspaces. Without it, the server iterates candidates and uses the first whose password verifies. Documented in authentication.
Fixed (docs)
  • Page meta field names corrected throughout the docs and OpenAPI: meta_title, meta_description, og_title, og_description, og_image, canonical_url. (seo_title / seo_description were never accepted by the API; any guides referencing them are now in sync with the real PageController validation rules.)
  • Removed the hallucinated “register a remote URL” mode from POST /v1/images. The real endpoint accepts either AI generation ({ prompt } JSON) or a multipart file upload. URL swaps go through PUT /v1/images/{key} with { url }.
  • Webhook event whitelist trimmed to the actual server-side allow-list (blog_post.published, blog_post.translated, social_post.published, social_post.failed, order.*, booking.*, content.changed, image.generated, connect.account_updated). newsletter.subscribed and contact_form.submitted are NOT in the whitelist today — poll the admin list endpoints (or the MCP tools) to inspect submissions.
  • Credit costs aligned with config/subscriptions.php: blog_post is 60 (not 400), translate_language is 7 per language (not 70), social_post is 5 + image/video media surcharge (not 25/platform), budget video is 40 and premium video_premium is 300 (not flat 100). image_register, content_update, and page_update are 1 credit each.

2026-05-08 — SDK and central admin

Added
  • @neuraldraft/sdk@0.1.0 published to npm. Auto-generated from this OpenAPI spec; covers every /v1/* resource with typed inputs, typed responses, retry-aware error classes, and an idempotency-key helper.
  • Central admin host live at app.neuraldraft.io. Sign in once, manage every project on your account from a single domain.
  • API Console added to the dashboard. One sidebar tab now bundles:
    • Keys — mint, name, scope, rotate, revoke.
    • Brand — voice, audience, colors, fonts, target languages.
    • Webhooks — endpoints, signing secrets, delivery log, replay.
    • Logs — request log with status, latency, request id, response body.
    • MCP setup — copy-pastable config for Claude Code, Cursor, Continue.
Changed
  • The dashboard’s “Settings → API” tab is now “API Console” and is reachable at the top of the sidebar instead of buried under settings.

2026-05-07 — MCP server and docs site

Added
  • @neuraldraft/mcp@0.1.0 published to npm. Stdio MCP server exposing resources (brand://current, schema://*, conventions://*), tools (register_component, generate_blog_post, generate_image, connect_social_account, setup_booking_widget and more), and slash- command prompts (/scaffold-marketing-site, /scaffold-blog-page, /connect-existing-site, /add-booking-widget).
  • Documentation site live at docs.neuraldraft.io. Mintlify-powered; the API reference is generated from the OpenAPI spec and stays in sync on every push.
  • llms.txt and llms-full.txt published at the docs root for AI ingestion.

2026-05-04 — v1 API live

The v1 Project API is generally available. Added
  • All five pillars exposed under /v1/*:
    • CMS/content, /components, /brand, /images, /translation-keys.
    • Blog/blog-posts, /categories, /tags, plus translation sub-resources.
    • Social/social-posts, /social-accounts with OAuth flows for Facebook, Instagram, X, TikTok, LinkedIn and YouTube.
    • Booking/services, /bookings, /booking-settings, /calendar-feeds.
    • Commerce/products, /orders, /checkout-sessions, /connect/* for Stripe Connect onboarding.
  • Async work tracked by a unified Job resource (/jobs, /jobs/{id}, /jobs/{id}/stream) supporting blog generation, social generation, image generation, batch translation, content plans, and full-website generation.
  • Outgoing webhook system (/webhook-endpoints) with HMAC-SHA256 signatures, five-tier retry, replayable deliveries, signing-secret rotation.
  • Per-key scopes (content:read, commerce:write, …) with * for full access.
  • Idempotency keys honoured on all mutating endpoints.
  • Embeddable widgets at widgets.neuraldraft.io/v1/* for booking, buy button, cart, product card.
  • /v1/public/* surface for browser-side reads with no auth and per-IP rate limits.
  • Bearer-token middleware, scope middleware, and per-key sliding-window rate limit on every authenticated route.
  • Standard RFC 7807 error envelope with stable code field on every response.

How to subscribe

  • RSS: https://docs.neuraldraft.io/changelog/feed.xml
  • Status page: status.neuraldraft.io for incidents and planned maintenance.