ros/n8n-mcp
1
0
Fork 0
mirror of https://github.com/czlonkowski/n8n-mcp.git synced 2026-03-19 17:03:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add anonymous telemetry system with Supabase integration

Browse Source 
- Implement telemetry manager for tracking tool usage and workflows
- Add workflow sanitizer to remove sensitive data before storage
- Create config manager with opt-in/opt-out mechanism
- Integrate telemetry tracking into MCP server and workflow handlers
- Add CLI commands for telemetry control (enable/disable/status)
- Show first-run notice with clear privacy information
- Add comprehensive unit tests for sanitization and config
- Track tool usage metrics, workflow patterns, and errors
- Ensure complete anonymity with deterministic user IDs
- Never collect URLs, API keys, or sensitive information
This commit is contained in:
czlonkowski
2025-09-25 13:33:16 +02:00
parent 78abda601a
commit 5960d2826e
12 changed files with 1569 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

207
src/telemetry/config-manager.ts Normal file
View File

@@ -0,0 +1,207 @@
/**
* Telemetry Configuration Manager
* Handles telemetry settings, opt-in/opt-out, and first-run detection
*/
import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
import { join } from 'path';
import { homedir } from 'os';
import { createHash } from 'crypto';
import { hostname, platform, arch } from 'os';
export interface TelemetryConfig {
enabled: boolean;
userId: string;
firstRun?: string;
lastModified?: string;
version?: string;
}
export class TelemetryConfigManager {
private static instance: TelemetryConfigManager;
private readonly configDir: string;
private readonly configPath: string;
private config: TelemetryConfig | null = null;
private constructor() {
this.configDir = join(homedir(), '.n8n-mcp');
this.configPath = join(this.configDir, 'telemetry.json');
}
static getInstance(): TelemetryConfigManager {
if (!TelemetryConfigManager.instance) {
TelemetryConfigManager.instance = new TelemetryConfigManager();
}
return TelemetryConfigManager.instance;
}
/**
* Generate a deterministic anonymous user ID based on machine characteristics
*/
private generateUserId(): string {
const machineId = `${hostname()}-${platform()}-${arch()}-${homedir()}`;
return createHash('sha256').update(machineId).digest('hex').substring(0, 16);
}
/**
* Load configuration from disk or create default
*/
loadConfig(): TelemetryConfig {
if (this.config) {
return this.config;
}
if (!existsSync(this.configPath)) {
// First run - create default config
this.config = {
enabled: true,
userId: this.generateUserId(),
firstRun: new Date().toISOString(),
version: require('../../package.json').version
};
this.saveConfig();
this.showFirstRunNotice();
return this.config;
}
try {
const rawConfig = readFileSync(this.configPath, 'utf-8');
this.config = JSON.parse(rawConfig);
// Ensure userId exists (for upgrades from older versions)
if (!this.config!.userId) {
this.config!.userId = this.generateUserId();
this.saveConfig();
}
return this.config!;
} catch (error) {
console.error('Failed to load telemetry config, using defaults:', error);
this.config = {
enabled: false,
userId: this.generateUserId()
};
return this.config;
}
}
/**
* Save configuration to disk
*/
private saveConfig(): void {
if (!this.config) return;
try {
if (!existsSync(this.configDir)) {
mkdirSync(this.configDir, { recursive: true });
}
this.config.lastModified = new Date().toISOString();
writeFileSync(this.configPath, JSON.stringify(this.config, null, 2));
} catch (error) {
console.error('Failed to save telemetry config:', error);
}
}
/**
* Check if telemetry is enabled
*/
isEnabled(): boolean {
const config = this.loadConfig();
return config.enabled;
}
/**
* Get the anonymous user ID
*/
getUserId(): string {
const config = this.loadConfig();
return config.userId;
}
/**
* Check if this is the first run
*/
isFirstRun(): boolean {
return !existsSync(this.configPath);
}
/**
* Enable telemetry
*/
enable(): void {
const config = this.loadConfig();
config.enabled = true;
this.config = config;
this.saveConfig();
console.log('✓ Anonymous telemetry enabled');
}
/**
* Disable telemetry
*/
disable(): void {
const config = this.loadConfig();
config.enabled = false;
this.config = config;
this.saveConfig();
console.log('✓ Anonymous telemetry disabled');
}
/**
* Get current status
*/
getStatus(): string {
const config = this.loadConfig();
return `
Telemetry Status: ${config.enabled ? 'ENABLED' : 'DISABLED'}
Anonymous ID: ${config.userId}
First Run: ${config.firstRun || 'Unknown'}
Config Path: ${this.configPath}
To opt-out: npx n8n-mcp telemetry disable
To opt-in: npx n8n-mcp telemetry enable
`;
}
/**
* Show first-run notice to user
*/
private showFirstRunNotice(): void {
console.log(`
╔════════════════════════════════════════════════════════════╗
║ Anonymous Usage Statistics ║
╠════════════════════════════════════════════════════════════╣
║ ║
║ n8n-mcp collects anonymous usage data to improve the ║
║ tool and understand how it's being used. ║
║ ║
║ We track: ║
║ • Which MCP tools are used (no parameters) ║
║ • Workflow structures (sanitized, no sensitive data) ║
║ • Error patterns (hashed, no details) ║
║ • Performance metrics (timing, success rates) ║
║ ║
║ We NEVER collect: ║
║ • URLs, API keys, or credentials ║
║ • Workflow content or actual data ║
║ • Personal or identifiable information ║
║ • n8n instance details or locations ║
║ ║
║ Your anonymous ID: ${this.config?.userId || 'generating...'}
║ ║
║ This helps me understand usage patterns and improve ║
║ n8n-mcp for everyone. Thank you for your support! ║
║ ║
║ To opt-out at any time: ║
║ npx n8n-mcp telemetry disable ║
║ ║
║ Learn more: ║
║ https://github.com/czlonkowski/n8n-mcp/privacy ║
║ ║
╚════════════════════════════════════════════════════════════╝
`);
}
}

9
src/telemetry/index.ts Normal file
View File

@@ -0,0 +1,9 @@
/**
* Telemetry Module
* Exports for anonymous usage statistics
*/
export { TelemetryManager, telemetry } from './telemetry-manager';
export { TelemetryConfigManager } from './config-manager';
export { WorkflowSanitizer } from './workflow-sanitizer';
export type { TelemetryConfig } from './config-manager';

387
src/telemetry/telemetry-manager.ts Normal file
View File

@@ -0,0 +1,387 @@
/**
* Telemetry Manager
* Main telemetry class for anonymous usage statistics
*/
import { createClient, SupabaseClient } from '@supabase/supabase-js';
import { TelemetryConfigManager } from './config-manager';
import { WorkflowSanitizer } from './workflow-sanitizer';
import { logger } from '../utils/logger';
interface TelemetryEvent {
user_id: string;
event: string;
properties: Record<string, any>;
created_at?: string;
}
interface WorkflowTelemetry {
user_id: string;
workflow_hash: string;
node_count: number;
node_types: string[];
has_trigger: boolean;
has_webhook: boolean;
complexity: 'simple' | 'medium' | 'complex';
sanitized_workflow: any;
created_at?: string;
}
export class TelemetryManager {
private static instance: TelemetryManager;
private supabase: SupabaseClient | null = null;
private configManager: TelemetryConfigManager;
private eventQueue: TelemetryEvent[] = [];
private workflowQueue: WorkflowTelemetry[] = [];
private flushTimer?: NodeJS.Timeout;
private isInitialized: boolean = false;
private constructor() {
this.configManager = TelemetryConfigManager.getInstance();
this.initialize();
}
static getInstance(): TelemetryManager {
if (!TelemetryManager.instance) {
TelemetryManager.instance = new TelemetryManager();
}
return TelemetryManager.instance;
}
/**
* Initialize telemetry if enabled
*/
private initialize(): void {
if (!this.configManager.isEnabled()) {
logger.debug('Telemetry disabled by user preference');
return;
}
const supabaseUrl = process.env.SUPABASE_URL;
const supabaseAnonKey = process.env.SUPABASE_ANON_KEY;
if (!supabaseUrl || !supabaseAnonKey) {
logger.debug('Telemetry not configured: missing SUPABASE_URL or SUPABASE_ANON_KEY');
return;
}
try {
this.supabase = createClient(supabaseUrl, supabaseAnonKey, {
auth: {
persistSession: false,
autoRefreshToken: false,
},
realtime: {
params: {
eventsPerSecond: 1,
},
},
});
this.isInitialized = true;
this.startBatchProcessor();
// Flush on exit
process.on('beforeExit', () => this.flush());
process.on('SIGINT', () => {
this.flush();
process.exit(0);
});
process.on('SIGTERM', () => {
this.flush();
process.exit(0);
});
logger.debug('Telemetry initialized successfully');
} catch (error) {
logger.debug('Failed to initialize telemetry:', error);
this.isInitialized = false;
}
}
/**
* Track a tool usage event
*/
trackToolUsage(toolName: string, success: boolean, duration?: number): void {
if (!this.isEnabled()) return;
// Sanitize tool name (remove any potential sensitive data)
const sanitizedToolName = toolName.replace(/[^a-zA-Z0-9_-]/g, '_');
this.trackEvent('tool_used', {
tool: sanitizedToolName,
success,
duration: duration || 0,
});
}
/**
* Track workflow creation
*/
async trackWorkflowCreation(workflow: any, validationPassed: boolean): Promise<void> {
if (!this.isEnabled()) return;
// Only store workflows that pass validation
if (!validationPassed) {
this.trackEvent('workflow_validation_failed', {
nodeCount: workflow.nodes?.length || 0,
});
return;
}
try {
const sanitized = WorkflowSanitizer.sanitizeWorkflow(workflow);
const telemetryData: WorkflowTelemetry = {
user_id: this.configManager.getUserId(),
workflow_hash: sanitized.workflowHash,
node_count: sanitized.nodeCount,
node_types: sanitized.nodeTypes,
has_trigger: sanitized.hasTrigger,
has_webhook: sanitized.hasWebhook,
complexity: sanitized.complexity,
sanitized_workflow: {
nodes: sanitized.nodes,
connections: sanitized.connections,
},
};
this.workflowQueue.push(telemetryData);
// Also track as event
this.trackEvent('workflow_created', {
nodeCount: sanitized.nodeCount,
nodeTypes: sanitized.nodeTypes.length,
complexity: sanitized.complexity,
hasTrigger: sanitized.hasTrigger,
hasWebhook: sanitized.hasWebhook,
});
// Flush if queue is getting large
if (this.workflowQueue.length >= 5) {
await this.flush();
}
} catch (error) {
logger.debug('Failed to track workflow creation:', error);
}
}
/**
* Track an error event
*/
trackError(errorType: string, context: string, toolName?: string): void {
if (!this.isEnabled()) return;
this.trackEvent('error_occurred', {
errorType: this.sanitizeErrorType(errorType),
context: this.sanitizeContext(context),
tool: toolName ? toolName.replace(/[^a-zA-Z0-9_-]/g, '_') : undefined,
});
}
/**
* Track a generic event
*/
trackEvent(eventName: string, properties: Record<string, any>): void {
if (!this.isEnabled()) return;
const event: TelemetryEvent = {
user_id: this.configManager.getUserId(),
event: eventName,
properties: this.sanitizeProperties(properties),
};
this.eventQueue.push(event);
// Flush if queue is getting large
if (this.eventQueue.length >= 20) {
this.flush();
}
}
/**
* Track session start
*/
trackSessionStart(): void {
if (!this.isEnabled()) return;
this.trackEvent('session_start', {
version: require('../../package.json').version,
platform: process.platform,
arch: process.arch,
nodeVersion: process.version,
});
}
/**
* Flush queued events to Supabase
*/
async flush(): Promise<void> {
if (!this.isEnabled() || !this.supabase) return;
// Flush events
if (this.eventQueue.length > 0) {
const events = [...this.eventQueue];
this.eventQueue = [];
try {
const { error } = await this.supabase
.from('telemetry_events')
.insert(events);
if (error) {
logger.debug('Failed to flush telemetry events:', error.message);
}
} catch (error) {
logger.debug('Error flushing telemetry events:', error);
}
}
// Flush workflows
if (this.workflowQueue.length > 0) {
const workflows = [...this.workflowQueue];
this.workflowQueue = [];
try {
// Use upsert to avoid duplicates based on workflow_hash
const { error } = await this.supabase
.from('telemetry_workflows')
.upsert(workflows, {
onConflict: 'workflow_hash',
ignoreDuplicates: true,
});
if (error) {
logger.debug('Failed to flush telemetry workflows:', error.message);
}
} catch (error) {
logger.debug('Error flushing telemetry workflows:', error);
}
}
}
/**
* Start batch processor for periodic flushing
*/
private startBatchProcessor(): void {
// Flush every 30 seconds
this.flushTimer = setInterval(() => {
this.flush();
}, 30000);
// Prevent timer from keeping process alive
this.flushTimer.unref();
}
/**
* Check if telemetry is enabled
*/
private isEnabled(): boolean {
return this.isInitialized && this.configManager.isEnabled();
}
/**
* Sanitize properties to remove sensitive data
*/
private sanitizeProperties(properties: Record<string, any>): Record<string, any> {
const sanitized: Record<string, any> = {};
for (const [key, value] of Object.entries(properties)) {
// Skip sensitive keys
if (this.isSensitiveKey(key)) {
continue;
}
// Sanitize values
if (typeof value === 'string') {
sanitized[key] = this.sanitizeString(value);
} else if (typeof value === 'object' && value !== null) {
sanitized[key] = this.sanitizeProperties(value);
} else {
sanitized[key] = value;
}
}
return sanitized;
}
/**
* Check if a key is sensitive
*/
private isSensitiveKey(key: string): boolean {
const sensitiveKeys = [
'password', 'token', 'key', 'secret', 'credential',
'auth', 'url', 'endpoint', 'host', 'database',
];
const lowerKey = key.toLowerCase();
return sensitiveKeys.some(sensitive => lowerKey.includes(sensitive));
}
/**
* Sanitize string values
*/
private sanitizeString(value: string): string {
// Remove URLs
let sanitized = value.replace(/https?:\/\/[^\s]+/gi, '[URL]');
// Remove potential API keys (long alphanumeric strings)
sanitized = sanitized.replace(/[a-zA-Z0-9_-]{32,}/g, '[KEY]');
// Remove email addresses
sanitized = sanitized.replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g, '[EMAIL]');
return sanitized;
}
/**
* Sanitize error type
*/
private sanitizeErrorType(errorType: string): string {
// Remove any potential sensitive data from error type
return errorType
.replace(/[^a-zA-Z0-9_-]/g, '_')
.substring(0, 50);
}
/**
* Sanitize context
*/
private sanitizeContext(context: string): string {
// Remove any potential sensitive data from context
return context
.replace(/https?:\/\/[^\s]+/gi, '[URL]')
.replace(/[a-zA-Z0-9_-]{32,}/g, '[KEY]')
.substring(0, 100);
}
/**
* Disable telemetry
*/
disable(): void {
this.configManager.disable();
if (this.flushTimer) {
clearInterval(this.flushTimer);
}
this.isInitialized = false;
this.supabase = null;
}
/**
* Enable telemetry
*/
enable(): void {
this.configManager.enable();
this.initialize();
}
/**
* Get telemetry status
*/
getStatus(): string {
return this.configManager.getStatus();
}
}
// Export singleton instance
export const telemetry = TelemetryManager.getInstance();

299
src/telemetry/workflow-sanitizer.ts Normal file
View File

@@ -0,0 +1,299 @@
/**
* Workflow Sanitizer
* Removes sensitive data from workflows before telemetry storage
*/
import { createHash } from 'crypto';
interface WorkflowNode {
id: string;
name: string;
type: string;
position: [number, number];
parameters: any;
credentials?: any;
disabled?: boolean;
typeVersion?: number;
}
interface SanitizedWorkflow {
nodes: WorkflowNode[];
connections: any;
nodeCount: number;
nodeTypes: string[];
hasTrigger: boolean;
hasWebhook: boolean;
complexity: 'simple' | 'medium' | 'complex';
workflowHash: string;
}
export class WorkflowSanitizer {
private static readonly SENSITIVE_PATTERNS = [
// Webhook URLs (replace with placeholder but keep structure) - MUST BE FIRST
/https?:\/\/[^\s/]+\/webhook\/[^\s]+/g,
/https?:\/\/[^\s/]+\/hook\/[^\s]+/g,
// API keys and tokens
/sk-[a-zA-Z0-9]{16,}/g, // OpenAI keys
/Bearer\s+[^\s]+/gi, // Bearer tokens
/[a-zA-Z0-9_-]{20,}/g, // Long alphanumeric strings (API keys) - reduced threshold
/token['":\s]+[^,}]+/gi, // Token fields
/apikey['":\s]+[^,}]+/gi, // API key fields
/api_key['":\s]+[^,}]+/gi,
/secret['":\s]+[^,}]+/gi,
/password['":\s]+[^,}]+/gi,
/credential['":\s]+[^,}]+/gi,
// URLs with authentication
/https?:\/\/[^:]+:[^@]+@[^\s/]+/g, // URLs with auth
/wss?:\/\/[^:]+:[^@]+@[^\s/]+/g,
// Email addresses (optional - uncomment if needed)
// /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,
];
private static readonly SENSITIVE_FIELDS = [
'apiKey',
'api_key',
'token',
'secret',
'password',
'credential',
'auth',
'authorization',
'webhook',
'webhookUrl',
'url',
'endpoint',
'host',
'server',
'database',
'connectionString',
'privateKey',
'publicKey',
'certificate',
];
/**
* Sanitize a complete workflow
*/
static sanitizeWorkflow(workflow: any): SanitizedWorkflow {
// Create a deep copy to avoid modifying original
const sanitized = JSON.parse(JSON.stringify(workflow));
// Sanitize nodes
if (sanitized.nodes && Array.isArray(sanitized.nodes)) {
sanitized.nodes = sanitized.nodes.map((node: WorkflowNode) =>
this.sanitizeNode(node)
);
}
// Sanitize connections (keep structure only)
if (sanitized.connections) {
sanitized.connections = this.sanitizeConnections(sanitized.connections);
}
// Remove other potentially sensitive data
delete sanitized.settings?.errorWorkflow;
delete sanitized.staticData;
delete sanitized.pinData;
delete sanitized.credentials;
delete sanitized.sharedWorkflows;
delete sanitized.ownedBy;
delete sanitized.createdBy;
delete sanitized.updatedBy;
// Calculate metrics
const nodeTypes = sanitized.nodes?.map((n: WorkflowNode) => n.type) || [];
const uniqueNodeTypes = [...new Set(nodeTypes)] as string[];
const hasTrigger = nodeTypes.some((type: string) =>
type.includes('trigger') || type.includes('webhook')
);
const hasWebhook = nodeTypes.some((type: string) =>
type.includes('webhook')
);
// Calculate complexity
const nodeCount = sanitized.nodes?.length || 0;
let complexity: 'simple' | 'medium' | 'complex' = 'simple';
if (nodeCount > 20) {
complexity = 'complex';
} else if (nodeCount > 10) {
complexity = 'medium';
}
// Generate workflow hash (for deduplication)
const workflowStructure = JSON.stringify({
nodeTypes: uniqueNodeTypes.sort(),
connections: sanitized.connections
});
const workflowHash = createHash('sha256')
.update(workflowStructure)
.digest('hex')
.substring(0, 16);
return {
nodes: sanitized.nodes || [],
connections: sanitized.connections || {},
nodeCount,
nodeTypes: uniqueNodeTypes,
hasTrigger,
hasWebhook,
complexity,
workflowHash
};
}
/**
* Sanitize a single node
*/
private static sanitizeNode(node: WorkflowNode): WorkflowNode {
const sanitized = { ...node };
// Remove credentials entirely
delete sanitized.credentials;
// Sanitize parameters
if (sanitized.parameters) {
sanitized.parameters = this.sanitizeObject(sanitized.parameters);
}
return sanitized;
}
/**
* Recursively sanitize an object
*/
private static sanitizeObject(obj: any): any {
if (!obj || typeof obj !== 'object') {
return obj;
}
if (Array.isArray(obj)) {
return obj.map(item => this.sanitizeObject(item));
}
const sanitized: any = {};
for (const [key, value] of Object.entries(obj)) {
// Check if key is sensitive
if (this.isSensitiveField(key)) {
sanitized[key] = '[REDACTED]';
continue;
}
// Recursively sanitize nested objects
if (typeof value === 'object' && value !== null) {
sanitized[key] = this.sanitizeObject(value);
}
// Sanitize string values
else if (typeof value === 'string') {
sanitized[key] = this.sanitizeString(value, key);
}
// Keep other types as-is
else {
sanitized[key] = value;
}
}
return sanitized;
}
/**
* Sanitize string values
*/
private static sanitizeString(value: string, fieldName: string): string {
// First check if this is a webhook URL
if (value.includes('/webhook/') || value.includes('/hook/')) {
return 'https://[webhook-url]';
}
let sanitized = value;
// Apply all sensitive patterns
for (const pattern of this.SENSITIVE_PATTERNS) {
// Skip webhook patterns - already handled above
if (pattern.toString().includes('webhook')) {
continue;
}
sanitized = sanitized.replace(pattern, '[REDACTED]');
}
// Additional sanitization for specific field types
if (fieldName.toLowerCase().includes('url') ||
fieldName.toLowerCase().includes('endpoint')) {
// Keep URL structure but remove domain details
if (sanitized.startsWith('http://') || sanitized.startsWith('https://')) {
// If value has been redacted, leave it as is
if (sanitized.includes('[REDACTED]')) {
return '[REDACTED]';
}
const urlParts = sanitized.split('/');
if (urlParts.length > 2) {
urlParts[2] = '[domain]';
sanitized = urlParts.join('/');
}
}
}
return sanitized;
}
/**
* Check if a field name is sensitive
*/
private static isSensitiveField(fieldName: string): boolean {
const lowerFieldName = fieldName.toLowerCase();
return this.SENSITIVE_FIELDS.some(sensitive =>
lowerFieldName.includes(sensitive.toLowerCase())
);
}
/**
* Sanitize connections (keep structure only)
*/
private static sanitizeConnections(connections: any): any {
if (!connections || typeof connections !== 'object') {
return connections;
}
const sanitized: any = {};
for (const [nodeId, nodeConnections] of Object.entries(connections)) {
if (typeof nodeConnections === 'object' && nodeConnections !== null) {
sanitized[nodeId] = {};
for (const [connType, connArray] of Object.entries(nodeConnections as any)) {
if (Array.isArray(connArray)) {
sanitized[nodeId][connType] = connArray.map((conns: any) => {
if (Array.isArray(conns)) {
return conns.map((conn: any) => ({
node: conn.node,
type: conn.type,
index: conn.index
}));
}
return conns;
});
} else {
sanitized[nodeId][connType] = connArray;
}
}
} else {
sanitized[nodeId] = nodeConnections;
}
}
return sanitized;
}
/**
* Generate a hash for workflow deduplication
*/
static generateWorkflowHash(workflow: any): string {
const sanitized = this.sanitizeWorkflow(workflow);
return sanitized.workflowHash;
}
}