Skip to main content

Trading Card API Changelog

Stay up-to-date with the latest changes, improvements, and new features in the Trading Card API itself.

API vs Documentation Changes

This page shows changes to the Trading Card API service. For changes to this documentation site, see the Documentation Changelog.

Latest Releases

All notable changes to the Trading Card API are documented here. The API follows Semantic Versioning and maintains a Keep a Changelog format.

🚀 Recent Updates

📦 [0.7.46] - January 2, 2026

Latest Release

This is the current production version of the Trading Card API.

Fixed

  • fix: Correctly parse filter[status] query parameter

🔗 Release Information

📦 [0.7.45] - January 2, 2026

Added

  • feat: Add filter[status] query parameter to sets endpoint (#1220)

🔗 Release Information

📦 [0.7.44] - December 30, 2025

Changed

  • Updated laravel/framework from 12.40.2 to 12.44.0
  • Updated laravel/passport from 13.4.1 to 13.4.2
  • Updated @usebruno/cli from 2.14.3 to 2.15.1
  • Updated markdownlint-cli from 0.46.0 to 0.47.0
  • Updated actions/upload-artifact from v5 to v6 in GitHub workflows
  • Updated actions/download-artifact from v6 to v7 in GitHub workflows
  • Updated actions/cache from v4 to v5 in GitHub workflows

Security

  • Resolved high-severity vulnerability in jws (HMAC signature verification)
  • Resolved high-severity vulnerability in lodash.set (Prototype Pollution)
  • Resolved high-severity vulnerability in lodash.template (Command Injection)

🔗 Release Information

📦 [0.7.43] - December 30, 2025

Fixed

  • PlayerTeam url() method now correctly includes v1 route prefix (#1216)

🔗 Release Information

📦 [0.7.42] - December 29, 2025

Added

  • Set names now include serial number suffix for numbered parallels (#1213)
  • Uses standard hobby convention: /X for numbered sets (e.g., "Black Foil /10")
  • Shows 1/1 for superfractors (serial = 1)
  • Skips append if name already ends with a serial suffix to prevent duplicates
  • Run php artisan api:update-names --sets after deployment to update existing sets

🔗 Release Information

📦 [0.7.41] - December 26, 2025

Fixed

  • Card deletion now removes ALL oncard relationships instead of only the first one (#1202)
  • Previously, deleting a card with multiple oncard entries (players, teams, playerteams) only removed the first entry
  • This caused orphaned OnCard records to remain in the database
  • Fixed by using bulk delete instead of firstOrFail()->delete()
  • Same fix applied to card attributes deletion

Added

  • MCP tool get_card_oncard to list all oncard relationships in a simple, structured format (#1202)
  • Returns players, teams, and playerteams grouped by type with names
  • Designed for data correction workflows where you need to see what's attached to a card
  • MCP tool clear_card_oncard to remove all oncard relationships from a card (#1202)
  • Clears all players, teams, and playerteams at once to start fresh
  • Follows two-step confirmation pattern for safety

🔗 Release Information

📦 [0.7.40] - December 26, 2025

Fixed

  • Parallel set sync now preserves on-card relationship order, ensuring multi-player card names match between parent and parallel sets (#1208)
  • Added sort_order column to api_on_card table with migration to backfill existing records
  • Updated OnCard::sync() to preserve array order as sort_order
  • Updated Card::onCard() relationship to order by sort_order
  • Updated CreateCardForParallelSet and UpdateCardForParallelSet jobs to preserve sort_order
  • Added sort_order to API response via OnCardTransformer

🔗 Release Information

📦 [0.7.39] - December 26, 2025

Added

  • API endpoint test coverage for parallel set card_count inheritance (#1205)
  • Verifies card_count is inherited from parent when creating parallel sets via API
  • Confirms explicit card_count values are preserved when provided
  • Tests taxonomy inheritance (genre, manufacturer, year, brand)
  • Covers insert set behavior (should NOT inherit card_count)
  • Edge case tests for boundary conditions:
  • Inheritance of zero card_count from parent
  • Explicit zero card_count preservation
  • Parallel set without parent_id (no inheritance)
  • Taxonomy inheritance with explicit card_count
  • Very large card_count values (9999+)
  • Sets with both is_parallel and is_insert flags
  • Inheritance of null card_count from parent

🔗 Release Information

📦 [0.7.38] - December 26, 2025

Fixed

  • CardController::update() now returns 404 instead of 500 when card doesn't exist (#1180)

🔗 Release Information

📦 [0.7.37] - December 26, 2025

Fixed

  • Fix validation rule typo in AttributeRequest causing 500 error (#1203)

🔗 Release Information

📦 [0.7.36] - December 25, 2025

Added

  • New POST /v1/sets/{id}/sync-parallel endpoint for syncing parallel sets (#1171)
  • Adds missing cards from parent set to parallel set
  • Copies on-card relationships (players, teams, playerteams) from parent cards
  • Copies card attributes with pivot values from parent cards
  • Returns count of created/skipped/updated cards
  • Supports async processing via ?queue=true parameter
  • Addresses limitation where ParallelizeSet only runs on initial parallel set creation

🔗 Release Information

📦 [0.7.35] - December 25, 2025

Added

  • Explicit tests for current_card_count field accuracy after card changes (#1157)
  • Verifies cache invalidation correctly updates current_card_count in checklist responses
  • Tests card creation, deletion, and restoration scenarios for both V1 and V2 endpoints
  • Provides regression protection for the cache invalidation added in #1156

Changed

  • Optimized cache invalidation performance (#1157)
  • Pre-computed include combinations as constant to eliminate runtime bit manipulation
  • Removed duplicate cache clearing logic from tests (now delegates to SetCacheHelper)
  • Reduced CPU overhead during cache invalidation operations

🔗 Release Information

📦 [0.7.34] - December 24, 2025

Fixed

  • Checklist import now correctly parses serial numbers from end of line (#1154)
  • Input like Player - Team /10 now extracts serial as 10 instead of including /10 in team name
  • Supports both /10 and #/10 formats at end of line
  • Maintains backward compatibility with existing #/ 10 space-separated format

🔗 Release Information

📦 [0.7.33] - December 23, 2025

Fixed

  • parent_id filter now works correctly in GET /v1/sets endpoint (#1146)
  • Previously the parameter was ignored and returned unrelated parent sets
  • Now correctly returns child sets (parallels/inserts) of the specified parent
  • Returns empty array when parent has no child sets

🔗 Release Information

📦 [0.7.32] - December 23, 2025

Added

  • Year filtering capability to /v1/sets endpoint via year query parameter (#1191)
  • Filter sets by year ID (UUID) for targeting specific release years
  • Enables /prepare-publication workflow to focus on recent releases

🔗 Release Information

📦 [0.7.31] - December 23, 2025

Added

  • subset_count field to Set API responses (#1192)
  • Returns the count of child subsets for each set
  • Enables UI to show expand indicators for sets with subsets
  • Uses eager loading via withCount to prevent N+1 queries

Fixed

  • Optimized current_card_count field in SetTransformer to use eager loading (#1192)
  • Also uses withCount('cards') to prevent N+1 queries
  • Both subset_count and current_card_count now use efficient eager loading

🔗 Release Information

📦 [0.7.30] - December 22, 2025

Fixed

  • SetSource API endpoint now properly accepts set_id during creation (#1188)

🔗 Release Information

📦 [0.7.29] - December 22, 2025

Added

  • Queue parameter for POST /v1/sets/{id}/checklist endpoint (#1186)
  • queue=true dispatches import to background job for async processing
  • Prevents timeout for large checklists (50+ cards)
  • Default behavior unchanged (synchronous processing)

🔗 Release Information

📦 [0.7.28] - December 21, 2025

Added

  • Override mechanism for parallel cards (#1163)
  • Fields can be explicitly marked as overridden to prevent sync from parent card
  • New field_overrides JSON column on cards tracks which fields should not be inherited
  • Valid overridable fields: title, number, description, is_rookie, serial, section
  • API support for viewing and managing field overrides on parallel cards
  • Auto-override: When a parallel card's propagatable field is directly updated, it's automatically marked as overridden
  • Two-layer approach: Explicit overrides take precedence over implicit detection

🔗 Release Information

📦 [0.7.27] - December 21, 2025

Added

  • Cascade delete/restore for parallel cards (#1162)
  • When a base card is deleted, all parallel card children are automatically soft-deleted
  • When a base card is restored, all trashed parallel card children are automatically restored
  • Cache invalidation for affected parallel sets

🔗 Release Information

📦 [0.7.26] - December 21, 2025

Fixed

  • CreateCardForParallelSet job now copies card attributes when creating parallel cards (#1178)

🔗 Release Information

📦 [0.7.25] - December 20, 2025

Added

  • Update propagation for parallel cards (#1161)
  • When a base card is updated, changes automatically propagate to all parallel card children
  • Override detection: Fields that differ from the parent's original value are preserved
  • Propagates: title, number, description, is_rookie, serial, section
  • Also syncs onCard relationships and attributes
  • Uses queued jobs for performance (non-blocking API response)

🔗 Release Information

📦 [0.7.24] - December 20, 2025

Fixed

  • SetController::update now properly triggers Eloquent observers (#1175)
  • Fixes is_parallel toggle not dispatching ParallelizeSet job via API
  • Enables MCP parallelize_set tool to work correctly

🔗 Release Information

📦 [0.7.23] - December 20, 2025

Added

  • Queue workers now restart automatically after code updates in local development (#1173)
  • Prevents stale code issues when queue job logic changes

🔗 Release Information

📦 [0.7.22] - December 20, 2025

Fixed

  • Team name parsing now correctly handles multi-word locations (St. Louis, New York, Los Angeles, etc.) (#1168)
  • Previously "St. Louis Cardinals" was incorrectly split as location="St.", mascot="Louis Cardinals"
  • Now correctly parses as location="St. Louis", mascot="Cardinals"
  • Supports 45+ known multi-word city/region names including Salt Lake City, Tampa Bay, Kansas City

Added

  • New cleanup:fix-team-location-splits command to correct existing incorrectly-split team names
  • --analyze: Identify teams with potential incorrect splits
  • --dry-run: Preview proposed changes without applying
  • --genre=: Filter by specific sport/genre

🔗 Release Information

📦 [0.7.21] - December 19, 2025

Added

  • Parallel set card creation now copies onCard relationships (players, teams, playerteams) from parent cards (#1169)
  • Cards in parallel sets now display full names with player info instead of just numbers
  • Card name auto-generation works correctly for parallel cards

🔗 Release Information

📦 [0.7.20] - December 19, 2025

Added

  • Comma-delimited player/team format support in checklist import (#1166)
  • Converts Player Name, Team Name to Player Name - Team Name format automatically
  • Handles edge cases like name suffixes (Jr., Sr., II, III, etc.) correctly
  • Both comma and dash formats now work for checklist import

🔗 Release Information

📦 [0.7.19] - December 19, 2025

Added

  • Ability to mark existing sets as parallel and have cards copied from parent (#1135)
  • SetObserver now dispatches ParallelizeSet job when is_parallel changes to true
  • Prevents duplicate card copying by checking if parallel set already has cards
  • Comprehensive test coverage for parallel card inheritance feature (#1135)
  • SetObserverTest: Tests for taxonomy inheritance, card_count inheritance, job dispatching
  • CardObserverParallelTest: Tests for parallel subset card creation
  • ParallelSetIntegrationTest: End-to-end workflow tests

Fixed

  • CardObserver now correctly iterates all subsets when creating parallel cards (#1135)
  • Changed break to continue to process all parallel subsets instead of stopping at first non-parallel

Changed

  • Improved robustness of parallel card job handlers (#1135)
  • ParallelizeSet job now validates set and parent exist before processing
  • CreateCardForParallelSet job validates set and card exist before replication
  • Added idempotency check to prevent duplicate card creation on job retries
  • Performance optimizations to reduce memory usage in observer queries
  • Added comprehensive test coverage for edge cases and race conditions

🔗 Release Information

📦 [0.7.18] - December 17, 2025

Added

  • is_variation boolean column to sets table for variation sets (#1145)
  • Supports sets that share card numbering with parent but have different visual treatment (e.g., "Tin Type Variations", "Chrome Variations")
  • Added to Set model, SetTransformer, and OpenAPI schema

🔗 Release Information

📦 [0.7.17] - December 17, 2025

Added

  • Add Laravel scheduler supervisor configuration for Docker containers (#1158)
  • Enables scheduled commands like stats:capture-snapshots to run automatically

🔗 Release Information

📦 [0.7.16] - December 16, 2025

Fixed

  • Card deletion now invalidates set checklist cache to prevent stale data (#1155)
  • Added cache invalidation for V1 and V2 checklist endpoints
  • Cache is cleared on card create, update (number/name), delete, and restore
  • Supports both 'full' and 'compact' format cache keys

🔗 Release Information

📦 [0.7.15] - December 15, 2025

Fixed

  • Fix "Class Oncard not found" error when assigning multiple players to a card (#1152)

🔗 Release Information

📦 [0.7.14] - December 12, 2025

Fixed

  • Missing cache_locks table preventing scheduled jobs from running (#1142)

🔗 Release Information

📦 [0.7.13] - December 2, 2025

Added

  • docs: Add OpenAPI documentation to stats snapshot endpoints

Fixed

  • fix: Update stats endpoints to return SDK-compatible response format

🔗 Release Information

📦 [0.7.12] - November 30, 2025

Added

  • feat: Add daily snapshot scheduled job (#1127)
  • stats:capture-snapshots Artisan command for capturing entity count snapshots
  • Scheduled to run daily at 04:00
  • --date option for backfilling historical data

🔗 Release Information

📦 [0.7.11] - November 29, 2025

Added

  • feat: Add stats API endpoints (#1126)
  • GET /v1/stats/counts - Current entity counts for sets, cards, players, and teams
  • GET /v1/stats/snapshots - Historical snapshots with filtering by entity type and date range
  • GET /v1/stats/growth - Growth metrics by period (7d, 30d, 90d, 1y)

🔗 Release Information

📦 [0.7.10] - November 29, 2025

Added

  • feat: Add entity snapshots table and model (#1125)

🔗 Release Information

📦 [0.7.9] - November 29, 2025

Fixed

  • OAuth refresh token ID column too small causing login failures (#1123)

🔗 Release Information

📦 [0.7.8] - November 27, 2025

Fixed

  • Fix 500 error when including oncard with orphaned records

🔗 Release Information

📦 [0.7.7] - November 27, 2025

Added

  • Implement PlayerTeamController.show() method (#1110)
  • GET /v1/playerteams/{id} endpoint now functional with ?include=player,team support
  • Enables MCP tool get_playerteam to fetch individual playerteam records

Changed

  • Update Docker base image to PHP 8.5-fpm (#1102)
  • Remove opcache from Dockerfile ext-install (built-in to PHP 8.5)
  • Disable xdebug in Dockerfile (not yet compatible with PHP 8.5)
  • Update all PHP dependencies (#1111):
  • laravel/framework 12.38.1 → 12.40.2
  • laravel/helpers 1.8.1 → 1.8.2
  • laravel/passport 13.4.0 → 13.4.1
  • laravel/tinker 2.10.1 → 2.10.2
  • nunomaduro/collision 8.8.2 → 8.8.3
  • phpunit/phpunit 12.4.2 → 12.4.4
  • slevomat/coding-standard 8.24.0 → 8.25.1
  • Update GitHub Actions: actions/checkout v5 → v6, PHP 8.3 → 8.5 in all workflows
  • Update JavaScript dependencies in docs/scripts

Fixed

  • CardController.update() now respects the include query parameter (#1109)
  • PATCH responses now include relationship data when requested (e.g., ?include=oncard)
  • Enables MCP tools to verify relationship changes after card updates
  • Fix JsonApiHeader middleware for Symfony 8.x AcceptHeader behavior change

🔗 Release Information

📦 [0.7.6] - November 24, 2025

Added

  • Bulk image upload endpoint (POST /v1/card-images/bulk) supporting up to 50 images per request (#1050)
  • Batch status tracking endpoint (GET /v1/card-images/bulk/{batch_id}) for polling upload progress
  • Laravel job batching for async image processing with progress tracking
  • Atomic mode option for all-or-nothing batch uploads

🔗 Release Information

📦 [0.7.5] - November 21, 2025

Changed

  • Define OAuth scopes in AuthServiceProvider (Issue #889)

🔗 Release Information

📦 [0.7.4] - November 16, 2025

Changed

  • Updated OpenAPI specification to document missing relationships (#1089)
  • Added images relationship to Card schema
  • Completes documentation for Card Images feature (v0.7.0)
  • Defined as one-to-many array of card_images resources
  • Added sources relationship to Set schema
  • Completes documentation for Set Sources feature (v0.6.0)
  • Defined as one-to-many array of set_sources resources

🔗 Release Information

📦 [0.7.3] - November 14, 2025

Changed

  • github-actions(deps): bump actions/github-script from 7 to 8

🔗 Release Information

📦 [0.7.2] - November 14, 2025

Fixed

  • Fix CHANGELOG.md version numbers after re-tagging 0.7.0 and 0.7.1 releases (#1085)

🔗 Release Information

📦 [0.7.1] - November 14, 2025

Fixed

  • Fix version.sh to recognize 'Release TCAPI X.Y.Z' commit message pattern in addition to 'Release version X.Y.Z' (#1083)

🔗 Release Information

📦 [0.7.0] - November 14, 2025

Added

  • Card Images System - Complete card image management system (#1045, #1046, #1047, #1048)
  • Full CRUD API at /v1/card-images with multipart file upload support
  • Support for front and back card images with unique constraint per card
  • File validation: JPEG, PNG, WebP (up to 10MB, max 4000x4000px)
  • Automatic JPEG standardization for all uploaded images
  • Soft delete support - images never permanently deleted
  • Factory support for testing with CardImageFactory
  • JSON:API compliant requests and responses
  • OpenAPI documentation for all image endpoints
  • Automatic Thumbnail Generation (#1046)
  • Three thumbnail sizes: small (150w), medium (300w), large (600w)
  • Asynchronous generation using queued jobs (GenerateImageThumbnails)
  • Quality optimization per size: 100% (original), 85%/80%/75% (large/medium/small)
  • Download endpoint supports ?size parameter
  • Graceful failure handling with 3 retry attempts
  • php artisan images:regenerate-thumbnails command for bulk operations
  • Config-driven thumbnail system via config/images.php
  • JPEG Standardization (#1047)
  • All uploaded images converted to JPEG for consistency
  • Smart JPEG handling: existing JPEGs stored as-is (no re-encoding)
  • PNG/WebP conversion at 100% quality
  • Rich variant metadata: width, height, file_size, quality, format
  • Srcset generation for responsive images
  • Sizes attribute recommendations for optimal browser selection
  • CDN Integration (#1048)
  • DigitalOcean Spaces CDN integration for global delivery
  • Versioned URLs with automatic cache invalidation (?v=timestamp)
  • Smart redirect: Download endpoint (302) to CDN instead of proxying
  • Cache headers: 1-year TTL with immutable directive
  • Model methods: cdnEnabled(), getCdnUrl(), getVersionedUrl()
  • Comprehensive CDN setup documentation
  • Fallback support for local disk when CDN not configured
  • Comprehensive Testing (#1063, #1073, #1078)
  • 628 total tests (77 new for Card Images functionality)
  • CardImageRestTest: 29 API endpoint tests
  • CardImageModelTest: 14 model and relationship tests
  • CardImageCdnTest: 13 CDN functionality tests
  • CardImageSchemaValidationTest: 24 JSON:API schema validation tests
  • ImageUploadServiceTest: 21 service layer tests
  • CardImageController tests: 18 authorization and CRUD tests
  • GenerateImageThumbnails tests: 8 job tests
  • 52 Bruno CLI integration tests for Card Images
  • Performance benchmarking deferred to #1079

Changed

  • Image upload service now sets cache headers on upload to Spaces
  • CardImageTransformer returns versioned CDN URLs in all responses
  • Download endpoint redirects to CDN when enabled
  • All image URLs include version parameter for cache busting
  • Card relationship: ?include=images support in Card API responses

Configuration

  • New config/images.php for centralized image configuration
  • .env.example includes comprehensive image/CDN variables
  • IMAGE_STORAGE_DISK env variable (local, s3, or spaces)
  • DigitalOcean Spaces configuration (DO_SPACES_*)
  • CDN endpoint configuration (DO_SPACES_CDN_ENDPOINT)

🔗 Release Information

📦 [0.6.1] - November 8, 2025

Fixed

  • Fix version script to extract version from commit message for squash-merged releases (#1054)
  • Version script now correctly handles squash merges from release branches
  • Extracts version from "Release version X.Y.Z" commit message pattern
  • Prevents creating incorrect versions (e.g., 0.5.1 instead of 0.6.0)

🔗 Release Information

📦 [0.6.0] - November 8, 2025

Added

  • Image UUID field for cards (#1014)
  • New image_uuid field in api_cards table for storing image references
  • Support for UUID-based image naming convention
  • Indexed for efficient lookups
  • Nullable field for backward compatibility
  • Included in Card API responses
  • Factory support with withImage() method for testing
  • Set source tracking table and API (#1013)
  • New api_set_sources table to track data sources for sets
  • Support for tracking checklist, metadata, and images sources
  • Source URL, name, type, and verification timestamp
  • Unique constraint: one source per type per set
  • Cascade delete when parent set is removed
  • Optional sources include in Set transformer
  • Full CRUD API endpoints at /v1/set-sources
  • JSON:API compliant requests and responses
  • Request validation for all operations
  • v2 API endpoints with corrected checklist response structure (#972)
  • New /v2/cards and /v2/sets endpoints
  • Fixed JSON:API compliance issues from v1 endpoints
  • Improved response structure consistency
  • Personal Access Token authentication (#891, #1007, #1009)
  • Simplified authentication for GPT and API clients
  • Documentation for Personal Access Token usage
  • OpenAPI documentation updates
  • Per-client rate limiting for OAuth clients (#1002, #1004)
  • Configurable rate limits per OAuth client
  • Operator documentation for rate limit configuration
  • Enhanced API security and resource management
  • OAuth scope-based authorization (#948, #955, #956, #960, #965)
  • Read scope for data retrieval operations
  • Write scope for create/update operations
  • Delete scope for deletion operations
  • Status filtering based on OAuth scopes
  • OAuth2 Password Grant support (#939)
  • Enable OAuth2 password grant in Passport 13
  • Admin authentication workflows
  • MCP server integration (#949, #1007)
  • Data cleanup workflows via MCP
  • Testing documentation for MCP servers
  • Release discovery slash commands (#986, #987, #991, #992, #993, #994, #995, #996)
  • /discover-new-releases - AI-powered release discovery foundation
  • /add-release - Helper command for single set addition
  • Multi-source web scraping for release discovery
  • Database cross-checking logic
  • Interactive review and confirmation flow
  • Batch set creation with error handling
  • Comprehensive workflow documentation
  • Auto-linking of branches to issues in /issue command
  • Data cleanup slash commands (#916, #930, #932, #975, #976)
  • Interactive set cleanup slash command system
  • /find-missing-oncard (renamed from /find-missing-players)
  • Data-cleanup agent for card and set publication preparation
  • Documentation improvements (#912, #957, #966)
  • Comprehensive database schema documentation
  • Comprehensive OAuth 2.0 documentation
  • Testing and quality improvements
  • Linting workflow for fast code quality checks (#989, #990)
  • Consolidate integration test commands into Makefile (#963)
  • Review and fix skipped tests (#1027, #1029)
  • Protected block system for documentation generation (#826, #1016)
  • Simplify documentation generation workflow
  • CLI flags for selective documentation generation

Changed

  • Upgraded PHPUnit to 12.4 (#1037)
  • Breaking: PHP 8.3+ now required
  • Migrated PHPUnit test annotations to PHP 8 attributes (#1036)
  • All 491 tests passing
  • Updated all dependencies from Dependabot PRs (#1017, #1032)
  • Laravel, Passport, and other core dependencies updated
  • GitHub Actions dependencies updated
  • All tests passing after updates
  • Consolidated dependency updates (#1052, #1053)
  • Updated lcobucci/clock from 3.3.1 to 3.5.0
  • Updated @usebruno/cli from 2.13.2 to 2.14.0
  • Standardized GitHub Actions to latest versions
  • All tests passing after updates
  • Improved release notes generation (#1023)
  • Include CHANGELOG.md content in release notes
  • Add issue links to release notes
  • Data quality improvements
  • Standardized player names for consistency (#1010)
  • Standardized team names for consistency (#922, #1015)
  • Completed manufacturer data for 14,101 sets (#919, #925)
  • Fixed orphaned cards (#918, #924)
  • Cleanup command for soft-deleted records (#920, #928)
  • UUID primary key optimization (#910)
  • Complete optimization with OPTIMIZE and ANALYZE

Fixed

  • Fix release action to tag correct commit instead of defaulting to master (#1052, #1053)
  • Added commit parameter to ncipollo/release-action in all release workflows
  • Ensures RC and beta tags point to correct branch commits
  • Fixes "already_exists" error when creating releases
  • Fix /v1/sets endpoint pagination to accept per_page parameter (#1024)
  • Fix Bruno collection issues found during manual API testing (#1019, #1030)
  • Fix API welcome page version display (#943, #1005)
  • Fix markdown linting violations in docs/ folder (#962, #964)
  • Resolve PHP 8.x deprecation warnings in card name generation (#945, #974)

Removed

  • Deprecated non-versioned API routes (#1025)
  • Removed all non-versioned endpoints
  • All API access now requires /v1/ or /v2/ prefix
  • Deprecated api_card_player_teams table (#923, #929)
  • Data cleanup phase 3 completion
  • Legacy table structure removed
  • Duplicated slash commands migrated to tools repository (#1022)
  • Cleanup of redundant commands

🔗 Release Information

📦 [0.5.0] - November 1, 2025

🎉 Highlights

  • Modern Testing Framework: Upgraded to PHPUnit 12.4.2 with PHP 8.3+ support
  • Comprehensive Dependency Updates: 47 packages updated including Laravel 12.36.1 and Passport 13.3.0
  • JSON:API Compliance: Strict header validation enforcement for all v1 endpoints
  • Cleaner API Surface: Removed deprecated non-versioned routes
  • Enhanced Testing: 491 PHPUnit tests + 111 Bruno integration tests, all passing
  • Improved Code Quality: PHP_CodeSniffer 4.0, full markdown linting compliance

Added

  • JSON:API Accept and Content-Type header validation (#1026)
  • Strict JSON:API specification compliance for all v1 endpoints
  • Content-Type header required on POST/PUT/PATCH/DELETE requests
  • Returns 415 Unsupported Media Type for invalid Content-Type
  • Returns 406 Not Acceptable for invalid Accept parameters
  • CLI flags for selective documentation generation (#826)
  • Team name standardization command (#922)
  • Player name standardization command (#921)
  • Abstract CleanupCommand base class for data quality tools

Changed

  • Upgraded PHPUnit from 11.5.43 to 12.4.2 (#1034, #1035)
  • Breaking: PHP 8.3+ now required (upgraded from 8.2)
  • Migrated all test annotations to PHP 8 attributes
  • Updated 4 test files with 47 test methods
  • Eliminates all 50 PHPUnit deprecation warnings
  • All 491 tests pass, 111 Bruno integration tests pass
  • Updated all dependencies (#1017, #1032)
  • GitHub Actions (5 updates): upload-artifact v5, download-artifact v6, setup-node v6, git-auto-commit v7, github-script v8
  • PHP/Composer (38 updates): Laravel 12.36.1, Passport 13.3.0, webpatser/laravel-uuid 6.2.0 (major), PHP_CodeSniffer 4.0 (major)
  • Node.js/npm (3 updates): @usebruno/cli 2.13.2, dotenv 17.2.3, axios 1.13.1
  • All 491 PHPUnit tests pass after updates
  • Replace Route::resource() with Route::apiResource() for all v1 endpoints (#1019)
  • Removes unnecessary create and edit routes (for HTML forms, not APIs)
  • Reduces routes from 7 to 5 per resource
  • Improve release notes generation to use CHANGELOG.md content (#830)
  • Simplified documentation generation to API reference only (#826)
  • Removed hardcoded version numbers from auto-generated docs
  • README.md and guide docs are now regular markdown files
  • Reduces documentation churn on version bumps

Removed

  • Deprecated non-versioned API routes (#1021)
  • Breaking: All endpoints now require version prefix (e.g., /v1/cards)
  • Removed 12 legacy controllers
  • Removed DeprecatedRoute middleware
  • Removed 13 deprecated test files
  • Unused newman package and 64 transitive dependencies (#1017)
  • Project now uses Bruno CLI exclusively for API testing
  • Reduces npm package count by 65 packages
  • Reduces npm security vulnerabilities from 7 to 4
  • Migrated data quality slash commands to tradingcardapi-tools repository (#1020)

Fixed

  • /v1/sets endpoint pagination (#997)
  • Accept both per_page (JSON:API standard) and limit (legacy)
  • Add validation to enforce maximum of 100 items per page
  • Resolves MCP server token limit issues
  • Fix 56 duplicate Bruno request files (#1019)
  • Fix broken validation script in 32 Bruno request files (#1019)
  • Fix Attribute and ObjectAttribute url() methods missing API version prefix (#1019)
  • Review and fix all skipped tests - reduced from 4 to 0 (#1027)
  • Fix all markdown linting issues (#826)

Security

  • OAuth2 security improvements via Laravel Passport 13.3.0
  • JWT security improvements via lcobucci/jwt 5.6.0
  • Symfony component security patches (11 packages)

Testing

  • 491 PHPUnit tests - all passing with PHPUnit 12.4.2
  • 111 Bruno integration tests - all passing
  • Zero skipped tests - all problematic tests fixed
  • PHP_CodeSniffer 4.0 - all 320 files pass
  • Full markdown linting - all docs compliant

🔗 Release Information

📦 [0.4.23] - October 18, 2025

Added

  • Interactive set cleanup slash command system for data quality management (#930, #932)
  • Cleanup command for soft-deleted records with configurable retention periods (#920, #928)
  • Data-cleanup agent for card and set publication preparation with automated quality checks (#916)
  • Comprehensive database schema documentation with entity relationships and data quality metrics (#912)

Changed

  • Enabled OAuth2 password grant in Passport 13 for admin authentication support (#939)
  • Complete UUID primary key optimization with OPTIMIZE and ANALYZE for improved query performance (#910)
  • Complete manufacturer data for 14,101 sets using automated matching and assignment (#919, #925)

Removed

  • Deprecated api_card_player_teams table as part of Data Cleanup Phase 3 (#923, #929)

Fixed

  • Fix orphaned cards without valid set relationships (#918, #924)

🔗 Release Information

📦 [0.4.22] - October 12, 2025

Fixed

  • Fix checklist card ordering to use natural sort (Issue #904)

🔗 Release Information

📦 [0.4.21] - October 12, 2025

Added

  • Add Bruno test files for format parameter
  • Add compact format parameter to checklist endpoint (Issue #901)

🔗 Release Information

📦 [0.4.20] - October 12, 2025

Removed

  • Remove release_date from OpenAPI spec (Issue #899)

Fixed

  • Fix: Add validation for order_by parameter to prevent 500 errors (Issue #899)

🔗 Release Information

📦 [0.4.19] - October 12, 2025

Fixed

  • Fix: Make Accept header optional for API calls (Issue #897)

🔗 Release Information

📦 [0.4.18] - October 12, 2025

Fixed

  • Fix: Replace Card::all() with paginated query to prevent memory exhaustion
  • Fix: Remove expensive user authentication from rate limiter
  • Fix: Increase PHP memory limit to 512M to resolve Personal Access Token authentication failures

🔗 Release Information

📦 [0.4.17] - October 12, 2025

Added

  • docs: Add Personal Access Token support to Bruno collection

Fixed

  • fix: Make Personal Access Token test skip gracefully when not configured
  • fix: Correct middleware naming to resolve test failures
  • hotfix: Enable Personal Access Token authentication for API endpoints

🔗 Release Information

📦 [0.4.16] - October 11, 2025

Added

  • Add 'read' OAuth scope for ChatGPT GPT integration (Issue #888)

🔗 Release Information

📦 [0.4.15] - October 11, 2025

Fixed

  • Fix version script and code style issues
  • Fix: Use static return type instead of self for withParameters
  • Fix: Add default parameter and return type to withParameters
  • Fix: Implement missing withParameters method in AuthorizationViewResponse
  • Hotfix: Bind Passport AuthorizationViewResponse for OAuth authorization flow (Issue #885)

🔗 Release Information

📦 [0.4.14] - October 3, 2025

Fixed

  • Fix card attribute clearing when using object-attributes relationships format

🔗 Release Information

📦 [0.4.13] - October 3, 2025

Added

  • Implement container separation for API project local development

Changed

  • Finalize API makefile environment variable handling

Fixed

  • Fix upd command to properly handle environment variables

🔗 Release Information

📦 [0.4.12] - October 3, 2025

Fixed

  • Fix test failure in CardRestTest::testExtraAttributesClear
  • Fix markdown linting errors in DATASET-MANAGEMENT.md
  • Fix card attribute assignment bug (Issue #874)

🔗 Release Information

📦 [0.4.11] - October 2, 2025

Changed

  • github-actions(deps): bump actions/github-script from 7 to 8

Fixed

  • hotfix: Fix version automation infinite loop (#872)

🔗 Release Information

📦 [0.4.10] - October 1, 2025

Changed

  • Trigger CI after cleaning up test tags

🔗 Release Information

📦 [0.4.9] - October 1, 2025

Added

  • Add Dataset Management documentation to README
  • Add snapshots directory to dockerignore and clean up orphaned files
  • Add fast backup/restore system with shell scripts
  • Add comprehensive background dataset import system
  • feat: implement lightning-fast database switching for dataset management
  • docs: add comprehensive dataset management documentation
  • feat: implement dataset management system for development/testing

Changed

  • Update DATASET-MANAGEMENT.md to remove obsolete sections
  • Simplify dataset management system by removing database switching
  • Update dataset management documentation with backup/restore system
  • Exclude Docker storage directory from builds and git
  • Simplify dataset management system to single database approach

Removed

  • Remove references to non-existent dataset:reset command
  • Remove cross-project integration and clean up dataset configuration
  • Remove obsolete ImportProductionDatasetJob
  • Remove dataset API endpoint and controller
  • Remove obsolete DatasetImportBackgroundCommand
  • Remove obsolete DatasetForceRestartCommand
  • Remove obsolete DatasetCleanupCommand and scheduled cleanup
  • Remove legacy snapshots directory and references

Fixed

  • fix: exclude dataset snapshots from Docker build context

🔗 Release Information

📦 [0.4.8] - September 19, 2025

Added

  • Add set_id field to Card API response

🔗 Release Information

📦 [0.4.7] - September 18, 2025

Fixed

  • Fix JSON escaping in trigger-docs-update.yaml workflow

🔗 Release Information

📦 [0.4.6] - September 18, 2025

Added

  • Add workflow to trigger documentation updates on releases

Changed

  • Trigger CI after cleaning up test tags

🔗 Release Information

📦 [0.4.5] - September 6, 2025

Added

  • Add token fallback for Dependabot PRs

Changed

  • npm(deps-dev): bump @usebruno/cli from 1.40.0 to 2.9.1

🔗 Release Information

📦 [0.4.4] - September 5, 2025

Added

  • Add commit deduplication to changelog script
  • Add token fallback for Dependabot PRs

Changed

  • github-actions(deps): bump actions/download-artifact from 4 to 5

🔗 Release Information

📦 [0.4.3] - September 5, 2025

Changed

  • Use actual committer's name and email for automation commits
  • Use DEPLOY_APP_TOKEN to trigger status checks on automation commits
  • Replace manual git commands with git-auto-commit-action
  • Improve auto-version-bump exclusion logic
  • Disable auto-version-bump for workflow development branches
  • Restore content to empty 0.4.3 changelog section

Fixed

  • Fix git-auto-commit-action configuration issues

🔗 Release Information

📦 [0.4.2] - September 5, 2025

Added

  • Document new automated PR version management system

Changed

  • Update CLAUDE.md with new automated PR workflow documentation
  • Start fresh: remove entire 0.4.2 section for clean automation test
  • Resolve changelog conflict - accept clean automated version
  • Re-enable automation for all release PRs including workflow development
  • Automate version bump workflow for release PRs

Removed

  • Remove useless automatic version updates comment from workflow
  • Remove manual changelog entry to let automation handle everything
  • Remove outdated manual workflow instructions from PR comments

Fixed

  • Fix PR status checks by forcing CI run on final commit
  • Fix all remaining markdown linting issues in documentation
  • Fix corrupted changelog structure after merge conflict
  • Final fix: disable auto-version-bump for workflow development branches

🔗 Release Information

📦 [0.4.1] - September 5, 2025

Changed

  • Updated GitHub Actions dependencies
  • Bump actions/checkout from v4 to v5 (Dependabot)

🔗 Release Information

📦 [0.4.0] - September 5, 2025

🔒 Major Security & Rate Limiting Features
  • Comprehensive Rate Limiting System with Redis backend and tiered limits (Issues #678, #680, #681)
  • Anonymous rate limits: 100 requests/hour
  • Authenticated rate limits: 2000 requests/hour
  • OAuth client rate limits: 1000 requests/hour
  • OAuth token endpoint: 10 requests/minute
  • Rate limit headers in all responses
  • Comprehensive test suite with performance and edge case testing
📊 API Usage Analytics & Monitoring
  • Comprehensive API usage logging system for rollout analytics (Issue #735)
  • ApiUsageLogging middleware for automatic request tracking
  • LogApiUsage job for asynchronous database logging
  • Database migration for api_usage_logs table with optimized indexes
  • Complete test coverage with 20 test cases (unit and feature tests)
  • Analytics queries for endpoint popularity, response times, and error rates
  • Endpoint normalization for ID and UUID parameters
🔧 Infrastructure & Dependencies
  • Updated all PHP and Node.js dependencies to latest secure versions (Issue #791)
  • Laravel framework 12.21.0 → 12.28.1
  • Laravel Passport 13.0.6 → 13.2.0
  • PHPUnit 11.5.27 → 11.5.36
  • Node.js 22 → 23
  • Security fixes for @usebruno/cli and newman packages
  • Updated GitHub Actions to latest versions

📚 Enhanced Documentation & Testing

  • Comprehensive rate limiting documentation across all relevant files
  • Manual rate limiting testing command (php artisan test:rate-limiting)
  • Bruno CLI integration tests for rate limiting scenarios
  • Troubleshooting procedures and debugging guides
  • Enhanced documentation generation with preserved manual content
  • Fixed documentation template formatting issues

⚠️ Breaking Changes

  • New rate limiting may affect high-volume API consumers:
  • Anonymous users now limited to 100 requests/hour (previously unlimited)
  • OAuth token generation limited to 10 requests/minute
  • New rate limit headers in all responses

🐛 Bug Fixes

  • Resolved API usage logging content removal during version bumps

🔗 Release Information

📦 [0.3.9] - August 13, 2025

Fixed

  • Documentation workflow not triggering when workflow file itself is updated

🔗 Release Information

📦 [0.3.8] - August 12, 2025

Fixed

  • Documentation generation workflow references to non-existent docs/generated/ directory

🔗 Release Information

📦 [0.3.7] - August 12, 2025

Fixed

  • Documentation generation workflow failing due to incorrect npm script name

🔗 Release Information

📦 [0.3.6] - August 12, 2025

Fixed

  • OAuth key file ownership issues causing "Key path does not exist or is not readable" errors (Issue #689)

🔗 Release Information

📦 [0.3.5] - August 12, 2025

Fixed

  • OAuth client authentication failures with "This password does not use the Bcrypt algorithm" error (Issue #675)
  • Laravel Passport 13 client secret validation by updating plain text secrets to bcrypt format
  • Production API authentication issues for OAuth clients with legacy plain text secrets
  • Docker builds failing on Debian Trixie due to nginx.org repository compatibility
  • Integration test failures by adding HTTP support alongside HTTPS in nginx configuration

Added

  • oauth:fix-client-secrets artisan command to safely update OAuth client secrets to bcrypt format
  • Database migration to automatically fix OAuth client secret format during deployment
  • Dry-run mode for OAuth client secret fix command with safety confirmations

🔗 Release Information

📦 [0.3.4] - August 8, 2025

Added

  • Comprehensive PROJECT_OVERVIEW.md markdown description file with strategic business and technical analysis (Issue #648)

🔗 Release Information

📦 [0.3.2] - August 8, 2025

Fixed

  • Version script master branch logic simplified to use reliable git tag-based versioning instead of fragile commit message parsing (Issue #666)

🔗 Release Information

📦 [0.3.1] - August 8, 2025

Added

  • Comprehensive version script test suite in build/tests/ with validation for all branch scenarios
  • Version script validation integrated into lint checks (npm run lint:version)
  • ./build/scripts/test-version unified test runner for version script validation
  • Improved npm test scripts: npm test now runs PHP tests and version script validation (CI-safe)

Changed

  • Update CHANGELOG.md for version script hotfix
  • Auto-update OpenAPI documentation

Fixed

  • Fix version script tests for CI environments
  • Fix version script tag selection to prefer higher version numbers
  • Fix version script conditional logic bug and add comprehensive tests
  • Critical version script bug: Fixed conditional logic in build/version.sh where line 61 was overwriting release branch version extraction (Issue #662)
  • Version synchronization between release branches and actual release versions
  • Release branch version extraction now properly uses branch names (e.g., release/0.3.00.3.0)

🔗 Release Information

📦 [0.3.0] - August 7, 2025

Added

  • Bruno API testing collection with comprehensive endpoint coverage and CI/CD validation
  • OAuth integration tests with automatic token management and authentication flow validation
  • Complete OpenAPI 3.0 documentation with interactive Swagger UI
  • OpenAPI schema definitions for all API resources in /app/OpenApi/Schemas.php
  • L5-Swagger integration for automatic documentation generation
  • GitHub Actions workflow for automated documentation validation and deployment
  • Makefile commands: make docs, make docs-validate, make help
  • Public documentation directory /public/docs/ with usage examples
  • V1 namespaced controllers with complete OpenAPI documentation for versioned endpoints
  • Complete documentation generation system with automated repository documentation from OpenAPI specifications

Changed

  • All API endpoints now include comprehensive OpenAPI attributes
  • Updated L5-Swagger configuration for optimal documentation generation
  • Enhanced README with OpenAPI documentation section
  • V1 routes now use dedicated V1 controllers in App\Http\Controllers\V1 namespace
  • OpenAPI documentation includes both legacy and V1 versioned endpoints with separate tags
  • make changelog-update command now also updates OpenAPI documentation to ensure version consistency
  • User-friendly development scripts with comprehensive output and error handling moved to build/scripts/
  • Removed obsolete gulp build system, Postman tooling, and legacy file references for simplified development workflow

🔗 Release Information

📦 [0.2.85] - July 27, 2025

Added

  • New make release-notes-preview command to preview GitHub release notes before merging
  • Enhanced GitHub release notes with clean, organized format and quick navigation
  • Dedicated "Issues Fixed" section in release notes with clickable GitHub issue links
  • Claude API integration for intelligent release summary generation based on commits, file changes, and changelog content

Changed

  • GitHub release notes now use curated changelog content instead of raw commit messages
  • Release notes structure improved with sections for Summary, What's Changed, Links & Resources, and Deployment
  • Docker image links now included directly in release notes for easy access

🔗 Release Information

📦 [0.2.84] - July 26, 2025

Added

  • Added make changelog-update command to automatically organize changelog with next version
  • Added make changelog-preview command to see next version and current unreleased changes
  • Added changelog requirements to pull request template
  • Added --master flag to version script to simulate master branch version

Changed

  • Modified build process to remove automatic changelog commits during merge conflicts
  • Updated changelog maintenance to manual process with make commands for organization
  • Updated documentation (CLAUDE.md and VERSION_MANAGEMENT.md) to explain changelog workflow
  • Removed automatic changelog commits from build workflow entirely

Fixed

  • Resolved merge conflict issues caused by automated changelog updates
  • Fixed recursive changelog generation that included meta-commits

🔗 Release Information

📦 [0.2.83] - July 27, 2025

Fixed

  • fix: modify how changelog gets updated

🔗 Release Information

📦 [0.2.82] - July 27, 2025

Changed

  • chore: cleanup changelog entries

🔗 Release Information

📦 [0.2.81] - July 27, 2025

Added

  • API versioning strategy with URL path versioning (/v1/)
  • Version information endpoint (/version)
  • Dynamic version generation from Git using build/version.sh
  • Synchronized versioning across application, API, and CI/CD
  • Comprehensive changelog documentation

🔗 Release Information

📦 [0.2.80] - July 27, 2025

Fixed

  • fix: fix the release process

🔗 Release Information

📦 [0.2.79] - July 27, 2025

Fixed

  • fix: fix docker image tagging process

🔗 Release Information

📦 [0.2.78] - July 27, 2025

Added

  • feat: add API versioning with v1 endpoints
  • #611 Add tests for new routes
  • #611 Add versioning support to the api

Changed

  • Merge pull request #616 from cardtechie/feature/611-change-versioning
  • #611: Automate document updates
  • Merge branch 'master' into feature/611-change-versioning
  • #611 Dynamically figure out the version

Fixed

  • Fix: Fix process with generation of version number
  • #611 Fix failing tests on github

🔗 Release Information

📦 [0.2.73+] - January 26, 2024

Added

  • Pre-release API with comprehensive trading card management
  • Core endpoints: cards, sets, players, teams, genres, years, manufacturers, brands
  • OAuth2 authentication with Laravel Passport 13
  • JSON:API specification compliance
  • UUID primary keys for all models
  • Polymorphic OnCard relationships (Players, Teams, PlayerTeams)
  • Automatic card name generation with format tokens (%d, %o, %l, %a, %s)
  • Soft delete functionality via Laravel observers
  • Docker containerization with multi-environment support
  • OpenAPI/Swagger documentation
  • Comprehensive test suite (PHPUnit, linting, code standards)
  • GitHub Actions CI/CD pipeline

Technical Details

  • Framework: Laravel 12 with PHP 8.2+
  • Database: MySQL 8.0 with UUID primary keys
  • Authentication: Laravel Passport 13 OAuth2
  • API Standard: JSON:API specification compliance
  • Testing: PHPUnit 11, PHP CodeSniffer, OpenAPI validation
  • Containerization: Docker with development, testing, and production environments

Endpoints

  • GET|POST /cards - Card management
  • GET|POST /sets - Set management with checklist support
  • GET|POST /players - Player management
  • GET|POST /teams - Team management
  • GET|POST /playerteams - Player-team relationship management
  • GET|POST /attributes - Card attribute management
  • GET|POST /object-attributes - Object attribute relationships
  • GET|POST /genres - Genre management with soft delete support
  • GET|POST /years - Year management
  • GET|POST /manufacturers - Manufacturer management
  • GET|POST /brands - Brand management
  • GET /stats/{type} - Statistics endpoint

Security

  • OAuth2 client credentials flow
  • Environment-based configuration
  • SSL/TLS support with Let's Encrypt
  • No sensitive data in repository

🔗 Release Information

📊 Release Statistics

  • Latest Stable: 0.7.46
  • Total Releases: 92+ releases since inception
  • Release Frequency: Weekly updates with patches, monthly for minor versions

🔗 Additional Resources

📖 API Documentation

🐙 GitHub Resources

🛠️ Development Tools

🏷️ Version Information

  • Current API Version: 0.7.46
  • API Base URL: https://api.tradingcardapi.com
  • Release Schedule: Continuous deployment with semantic versioning
  • Support Policy: Latest 3 major versions supported

🔔 Stay Updated

📧 Get Notified

💬 Community & Support

Questions About a Release?

Have questions about a specific API change or need help upgrading? We're here to help! Reach out through GitHub Issues or email support.

Automated Updates

This changelog is regularly updated with the latest API releases. For real-time updates, follow the API repository on GitHub.

Last updated: January 5, 2026 at 05:19 AM UTC