Skip to main content

Highlights

ProductBrain has an MCP server

Connect ProductBrain to Claude Desktop, Claude Code, or Cursor over MCP — your agent gets tools for search, read, mutate, the planning workflow, and the live view, with no glue code. It’s a thin transport over the same versioned v1 REST API, so the contract you depend on stays the frozen API, not the protocol — you can drop to raw HTTP or bring your own LLM any time.
// Claude Desktop — claude_desktop_config.json
{ "mcpServers": { "productbrain": {
  "command": "npx", "args": ["-y", "@productbrain-com/mcp"],
  "env": { "PRODUCTBRAIN_API_KEY": "pb_your_key", "PRODUCTBRAIN_PROJECT_ID": "your-project-id" }
}}}
Full setup for each client: MCP server.

Safer mutations: idempotent retries and node restore

Two changes make the mutation API safe to hand to an autonomous agent:
  • Idempotency keys. Send an Idempotency-Key header on any /mutate call, and a retry after a timeout returns the original result (Idempotent-Replayed: true) instead of creating a duplicate. An agent that retries never double-creates.
  • Node restore. Deleted a node by mistake? {"action":"restore","nodeId":"…"} brings it back from the changelog with its original id and data. Your agent can undo its own mistakes — and you keep a recovery path even though deletes stay permanent in the table.
Details: Mutations.

Webhooks now deliver at least once

Outbound webhooks are durable now. Every event is persisted before we attempt it, so a receiver that’s briefly down no longer misses anything. If your endpoint doesn’t answer (a non-2xx status, or no response within 5 seconds), we retry with exponential backoff — up to 6 attempts over roughly 30 minutes — then mark the delivery failed so you can reconcile. Two things to know if you consume webhooks:
  • Make your receiver idempotent. At-least-once means the same event can arrive more than once. Dedup on the X-ProductBrain-Delivery header, which is now stable across every retry of an event — previously it changed per attempt.
  • Secret rotation is safe mid-flight. Each attempt is re-signed with your webhook’s current secret, so rotating it never breaks an in-flight retry.
Full details: Webhooks.

Other improvements

  • Rate limits, documented honestly. The API’s per-IP rate limit (~100 requests/minute, 429 when exceeded) is now written down — including the honest caveat that it’s per-IP rather than per-key for now. See API Overview.