From a4053de998595b4321576ad6a908e65590816ee0 Mon Sep 17 00:00:00 2001
From: czlonkowski <56956555+czlonkowski@users.noreply.github.com>
Date: Thu, 31 Jul 2025 17:58:52 +0200
Subject: [PATCH] chore: bump version to 2.8.3 and update changelog
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Updated version in package.json and package.runtime.json
- Updated version badge in README.md
- Added comprehensive changelog entry for v2.8.3
- Fixed TypeScript lint errors in test files by making env vars optional
- Fixed edge-cases test to include required NODE_ENV

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 CLAUDE.md                            |  1 +
 README.md                            |  2 +-
 docs/CHANGELOG.md                    | 35 ++++++++++++++++++++++++++++
 package.json                         |  2 +-
 package.runtime.json                 |  2 +-
 tests/unit/docker/edge-cases.test.ts |  2 +-
 types/test-env.d.ts                  |  6 ++---
 7 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/CLAUDE.md b/CLAUDE.md
index abdf52b..6ad3701 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -178,6 +178,7 @@ The MCP server exposes tools in several categories:
 
 ### Agent Interaction Guidelines
 - Sub-agents are not allowed to spawn further sub-agents
+- When you use sub-agents, do not allow them to commit and push. That should be done by you
 
 # important-instruction-reminders
 Do what has been asked; nothing more, nothing less.
diff --git a/README.md b/README.md
index b709336..e1f0e97 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![GitHub stars](https://img.shields.io/github/stars/czlonkowski/n8n-mcp?style=social)](https://github.com/czlonkowski/n8n-mcp)
-[![Version](https://img.shields.io/badge/version-2.8.2-blue.svg)](https://github.com/czlonkowski/n8n-mcp)
+[![Version](https://img.shields.io/badge/version-2.8.3-blue.svg)](https://github.com/czlonkowski/n8n-mcp)
 [![npm version](https://img.shields.io/npm/v/n8n-mcp.svg)](https://www.npmjs.com/package/n8n-mcp)
 [![codecov](https://codecov.io/gh/czlonkowski/n8n-mcp/graph/badge.svg?token=YOUR_TOKEN)](https://codecov.io/gh/czlonkowski/n8n-mcp)
 [![Tests](https://img.shields.io/badge/tests-1356%20passing-brightgreen.svg)](https://github.com/czlonkowski/n8n-mcp/actions)
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 070deac..5edc700 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -5,6 +5,41 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.8.3] - 2025-07-31
+
+### Fixed
+- **Docker User Switching**: Fixed critical issue where user switching was completely broken in Alpine Linux containers
+  - Added `su-exec` package for proper privilege dropping in Alpine containers
+  - Fixed broken shell command in entrypoint that used invalid `exec $*` syntax
+  - Fixed non-existent `printf %q` command in Alpine's BusyBox shell
+  - Rewrote user switching logic to properly exec processes with nodejs user
+  - Fixed race condition in database initialization by ensuring lock directory exists
+- **Docker Integration Tests**: Fixed failing tests due to Alpine Linux ps command behavior
+  - Alpine's BusyBox ps shows numeric UIDs instead of usernames for non-system users
+  - Tests now accept multiple possible values: "nodejs", "1001", or "1" (truncated)
+  - Added proper process user verification instead of relying on docker exec output
+  - Added demonstration test showing docker exec vs main process user context
+
+### Security
+- **Command Injection Prevention**: Added comprehensive input validation in n8n-mcp wrapper
+  - Whitelist-based argument validation to prevent command injection
+  - Only allows safe arguments: --port, --host, --verbose, --quiet, --help, --version
+  - Rejects any arguments containing shell metacharacters or suspicious content
+- **Database Initialization**: Added proper file locking to prevent race conditions
+  - Uses flock for exclusive database initialization
+  - Prevents multiple containers from corrupting database during simultaneous startup
+
+### Testing
+- **Docker Test Reliability**: Comprehensive fixes for CI environment compatibility
+  - Added Docker image build step in test setup
+  - Fixed environment variable visibility tests to check actual process environment
+  - Fixed user switching tests to check real process user instead of docker exec context
+  - All 18 Docker integration tests now pass reliably in CI
+
+### Changed
+- **Docker Base Image**: Updated su-exec installation in Dockerfile for proper user switching
+- **Error Handling**: Improved error messages and logging in Docker entrypoint script
+
 ## [2.8.2] - 2025-07-31
 
 ### Added
diff --git a/package.json b/package.json
index 7237c06..209c846 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "n8n-mcp",
-  "version": "2.8.2",
+  "version": "2.8.3",
   "description": "Integration between n8n workflow automation and Model Context Protocol (MCP)",
   "main": "dist/index.js",
   "bin": {
diff --git a/package.runtime.json b/package.runtime.json
index e1245c1..944870b 100644
--- a/package.runtime.json
+++ b/package.runtime.json
@@ -1,6 +1,6 @@
 {
   "name": "n8n-mcp-runtime",
-  "version": "2.8.1",
+  "version": "2.8.3",
   "description": "n8n MCP Server Runtime Dependencies Only",
   "private": true,
   "dependencies": {
diff --git a/tests/unit/docker/edge-cases.test.ts b/tests/unit/docker/edge-cases.test.ts
index 2779f20..16f2faa 100644
--- a/tests/unit/docker/edge-cases.test.ts
+++ b/tests/unit/docker/edge-cases.test.ts
@@ -422,7 +422,7 @@ describe('Docker Config Edge Cases', () => {
       // We need to preserve PATH so node can be found
       const output = execSync(`node "${parseConfigPath}" "${configPath}"`, { 
         encoding: 'utf8',
-        env: { PATH: process.env.PATH } // Only include PATH
+        env: { PATH: process.env.PATH, NODE_ENV: 'test' } // Only include PATH and NODE_ENV
       });
       
       // Verify all configuration is properly exported with export prefix
diff --git a/types/test-env.d.ts b/types/test-env.d.ts
index 2a869f9..3d99a7f 100644
--- a/types/test-env.d.ts
+++ b/types/test-env.d.ts
@@ -11,14 +11,14 @@ declare global {
       TEST_ENVIRONMENT?: string;
 
       // Database Configuration
-      NODE_DB_PATH: string;
+      NODE_DB_PATH?: string;
       REBUILD_ON_START?: string;
       TEST_SEED_DATABASE?: string;
       TEST_SEED_TEMPLATES?: string;
 
       // API Configuration
-      N8N_API_URL: string;
-      N8N_API_KEY: string;
+      N8N_API_URL?: string;
+      N8N_API_KEY?: string;
       N8N_WEBHOOK_BASE_URL?: string;
       N8N_WEBHOOK_TEST_URL?: string;