- Fix type safety vulnerability in enhanced-config-validator.ts
- Added proper type checking before string operations
- Return early when nodeType is invalid instead of using empty string
- Improve error handling robustness in MCP server
- Wrapped validation in try-catch to handle unexpected errors
- Properly re-throw ValidationError instances
- Add user-friendly error messages for internal errors
- Write comprehensive CHANGELOG entry for v2.10.3
- Document fixes for issues #58, #68, #70, #73
- Detail new validation system features
- List all enhancements and test coverage
Addressed HIGH priority issues from code review:
- Type safety holes in config validator
- Missing error handling for validation system failures
- Consistent error types across validation tools
- Updated version in package.json and package.runtime.json
- Updated version badge in README.md
- Added comprehensive changelog entry for v2.8.3
- Fixed TypeScript lint errors in test files by making env vars optional
- Fixed edge-cases test to include required NODE_ENV
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Major improvements based on comprehensive test suite review:
Test Fixes:
- Fix all 78 failing tests across logger, MSW, and validator tests
- Fix console spy management in logger tests with proper DEBUG env handling
- Fix MSW test environment restoration in session-management.test.ts
- Fix workflow validator tests by adding proper node connections
- Fix mock setup issues in edge case tests
Test Organization:
- Split large config-validator.test.ts (1,075 lines) into 4 focused files
- Rename 63+ tests to follow "should X when Y" naming convention
- Add comprehensive edge case test files for all major validators
- Create tests/README.md with testing guidelines and best practices
New Features:
- Add ConfigValidator.validateBatch() method for bulk validation
- Add edge case coverage for null/undefined, boundaries, invalid data
- Add CI-aware performance test timeouts
- Add JSDoc comments to test utilities and factories
- Add workflow duplicate node name validation tests
Results:
- All tests passing: 1,356 passed, 19 skipped
- Test coverage: 85.34% statements, 85.3% branches
- From 78 failures to 0 failures
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update testing-architecture.md with accurate test counts (1,182 tests)
- Document 933 unit tests and 249 integration tests
- Add real code examples and directory structure
- Include lessons learned and common issues/solutions
- Update README.md testing section with comprehensive test overview
- Include test distribution by component
- Add CI test results from run #41
- Update CLAUDE.md with latest development guidance
- Fix N8nRateLimitError constructor call (takes only retryAfter parameter)
- Fix optional chaining for result.details access
- Mock NodeRepository correctly instead of trying to instantiate it
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed health check to use correct /healthz endpoint instead of /health
- Added MCP version (mcpVersion) and supported n8n version (supportedN8nVersion) to health check response
- Added versionNote field with instructions for AI agents about manual version verification
- n8n API limitation: instance version cannot be determined automatically
- Updated axios usage for healthz endpoint access with proper error handling
- Added specific error reasons for auth failures: no_auth_header, invalid_auth_format, invalid_token
- Fixed AUTH_TOKEN_FILE support in Docker production stacks (issue #16)
- Added AUTH_TOKEN_FILE support to single-session HTTP server for consistency
- Enhanced security by removing token lengths from logs
- Added token trimming and empty token validation
- Updated Docker entrypoint to properly support AUTH_TOKEN_FILE
- Bumped version to 2.7.10
This improves debugging for mcp-remote authentication issues and enables
proper Docker secrets usage in production environments.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add bin configuration to package.json for npx execution
- Implement smart database path resolution for npx/global/local installs
- Create dedicated npm publish script using runtime-only dependencies
- Add .npmignore to control published package contents
- Update README with npx as primary installation method
- Add n8n version badge to README
- Sync version between package.json and package.runtime.json
- Update CHANGELOG for v2.7.8 release
This allows users to run 'npx n8n-mcp' without installing the package,
reducing friction and making it easier to get started with n8n-MCP.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add TRUST_PROXY environment variable to enable proxy header trust
- Configure Express trust proxy in both HTTP server implementations
- Fix issue #19: Docker internal IPs logged instead of real client IPs
- Update documentation with reverse proxy configuration guide
- Add examples for nginx proxy header forwarding
- Maintain backward compatibility (disabled by default)
When TRUST_PROXY=1 is set, the server will correctly log client IPs
from X-Forwarded-For headers instead of proxy/container IPs.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add AUTH_TOKEN_FILE environment variable support for reading auth tokens from files
- Support Docker secrets pattern for production deployments
- Add Known Issues section documenting Claude Desktop container duplication bug
- Update documentation with authentication options and best practices
- Fix issue #16: AUTH_TOKEN_FILE was documented but not implemented
- Add comprehensive tests for AUTH_TOKEN_FILE functionality
BREAKING CHANGE: None - AUTH_TOKEN continues to work as before
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Renamed start_here_workflow_guide to tools_documentation for clarity
- Added depth parameter to control documentation detail (essentials/full)
- Converted output from JSON to LLM-friendly plain text format
- Added per-tool documentation capability
- Created two-tier documentation system:
- Essentials: brief info with key parameters and tips
- Full: comprehensive docs with examples and best practices
- Documented 8 commonly used MCP tools
- Removed 380+ lines of unused getWorkflowGuide method
- Fixed duplicate tool definitions
- Updated all documentation references
- Added test script for tools documentation
BREAKING CHANGE: start_here_workflow_guide renamed to tools_documentation
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Removed ~965MB of temporary directories (temp/, extracted-nodes/, etc)
- Deleted outdated database files and backups (.bak files)
- Removed legacy shell scripts (mcp-server-v20.sh, rebuild-v20.sh)
- Cleaned up orphan test files and debugging scripts
- Removed duplicate schema file (src/db/schema.sql)
- Deleted old Dockerfile.old and empty database files
- Updated documentation structure in README.md
- Added n8n_diagnostic tool to documentation
- Condensed version history in CLAUDE.md
- Created release notes for v2.7.0
Total impact: Removed 34 files, saving ~965MB+ of disk space
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
BREAKING CHANGES:
- Renamed n8n_update_workflow to n8n_update_full_workflow for clarity
NEW FEATURES:
- Added n8n_update_partial_workflow tool for diff-based workflow editing
- Implemented WorkflowDiffEngine with 13 operation types
- Added transactional updates with two-pass processing
- Maximum 5 operations per request for reliability
- Operations can be in any order - engine handles dependencies
- Added validateOnly mode for testing changes before applying
- 80-90% token savings by only sending changes
IMPROVEMENTS:
- Enhanced tool description with comprehensive parameter documentation
- Added clear examples for simple and complex use cases
- Improved error messages and validation
- Added extensive test coverage for all operations
DOCUMENTATION:
- Added workflow-diff-examples.md with usage patterns
- Added transactional-updates-example.md showing before/after
- Updated README.md with v2.7.0 features
- Updated CLAUDE.md with latest changes
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- NEW: n8n_validate_workflow tool to validate workflows from n8n instance by ID
- Fetches workflow via API and runs comprehensive validation
- Uses existing WorkflowValidator for consistency
- Supports all validation profiles and options
- Updated start_here tool with new workflow lifecycle info
- Updated README with new tool documentation
- Updated Claude Project Setup instructions
This completes the workflow lifecycle management:
discover → build → validate → deploy → execute → monitor
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add node type existence validation that catches invalid types
- Fix critical issue: now catches 'nodes-base.webhook' BEFORE database lookup
- Add smart suggestions for common mistakes (webhook → n8n-nodes-base.webhook)
- Add minimum viable workflow validation (prevents single-node workflows)
- Add empty connection detection for multi-node workflows
- Add helper functions for workflow structure examples and fix suggestions
- Prevent AI agents from creating workflows with question mark nodes
This fixes the exact issue where workflows created with 'nodes-base.webhook'
would show as broken (question marks) in the n8n UI.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Enhanced workflow validator to enforce typeVersion on versioned nodes
- Returns errors for missing typeVersion with suggested version to add
- Warns about outdated typeVersion values
- Prevents invalid typeVersion (zero, negative, or exceeding maximum)
- Added comprehensive test script for typeVersion validation
- Helps AI agents avoid common workflow creation mistakes
This ensures workflows always use compatible node versions before deployment.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update n8n version from v1.97.1 to v1.99.1 in README
- Fix 7 broken documentation links to point to existing files
- Standardize Docker image size to ~280MB across all docs (was inconsistent: 150MB/200MB/283MB)
- Add missing npm scripts for test commands (test:essentials, test:enhanced-validation, etc.)
- Update CHANGELOG.md with missing versions 2.4.0 through 2.5.1
- Update README_CLAUDE_SETUP.md to list all 21+ MCP tools (was only showing 6)
- Document 5 additional npm scripts in CLAUDE.md
- Update AI-capable nodes count to 263 (was 35 in old docs)
All documentation now accurately reflects the current codebase state.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update tool descriptions to clarify ANY node can be used as AI tool
- Add get_node_as_tool_info to available tools in README
- Enhance workflow validation tool descriptions for AI connections
- Update README with v2.5.1 release notes
- Remove redundant _General__Scrape_with_HTTP_tool.json file
- Bump version to 2.5.1 in package.json
The key insight: ANY n8n node can be connected to an AI Agent's tool
port, not just those marked with usableAsTool=true. This update makes
that clear throughout the documentation and tool descriptions.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Phase 2 Professional Validation Features:
1. Validation Profiles:
- minimal: Only required fields
- runtime: Critical errors + security warnings
- ai-friendly: Balanced (default)
- strict: All checks + best practices
2. New Node Validators:
- Webhook: Path validation, response modes, auth warnings
- PostgreSQL: SQL injection detection, query safety
- MySQL: Similar to Postgres with MySQL-specific checks
3. New Tools:
- validate_node_minimal: Lightning-fast required field checking
- Updated validate_node_operation with profile support
4. SQL Safety Features:
- Detects template expressions vulnerable to injection
- Warns about DELETE/UPDATE without WHERE
- Catches dangerous operations (DROP, TRUNCATE)
- Suggests parameterized queries
5. Enhanced Coverage:
- Now supports 7+ major nodes with specific validators
- Flexible validation based on use case
- Professional-grade safety checks
This completes the major validation system overhaul from the original plan.
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Add validate_node_operation tool with 80%+ fewer false positives
- Remove deprecated validate_node_config tool
- Add EnhancedConfigValidator with operation context filtering
- Add node-specific validators for Slack, Google Sheets, OpenAI, MongoDB
- Integrate working examples in validation responses
- Add actionable next steps and auto-fix suggestions
- Test shows Slack validation reduced from 45 errors to 1 error\!
BREAKING CHANGE: validate_node_config removed in favor of validate_node_operation
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Add 4 new MCP tools for workflow templates
- Integrate with n8n.io API to fetch community templates
- Filter templates to last 6 months only
- Store templates in SQLite with full workflow JSON
- Manual fetch system (not part of regular rebuild)
- Support search by nodes, keywords, and task categories
- Add fetch:templates and test:templates npm scripts
- Update to v2.4.1
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
Major optimization that reduces Docker image size by 87% and build time by 10x:
- Remove ALL n8n dependencies from runtime Docker image
- Add package.runtime.json with only 5 essential runtime deps
- Optimize Dockerfile to build TypeScript without n8n packages
- Add BuildKit optimizations with cache mounts
- Update documentation to highlight the improvements
Results:
- Image size: ~1.5GB → ~200MB (87% reduction)
- Build time: ~12 minutes → ~1-2 minutes
- No n8n version conflicts at runtime
- Better security with minimal attack surface
The key insight is that since we always rebuild the database locally
before deployment, the Docker runtime never needs n8n packages.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Changed from Sustainable Use License to MIT License
- Added attribution to Romuald Czlonkowski @ www.aiadvisors.pl/en
- Created ATTRIBUTION.md with easy attribution examples
- Updated package.json, README.md, and CLAUDE.md
- Added GitHub stars badge to encourage community support
- Bumped version to 2.4.0 to mark this significant change
This change allows:
✅ Unrestricted use in personal and commercial projects
✅ Easy integration into corporate environments
✅ Freedom to modify and distribute
✅ Hosting as a service without restrictions
The project remains focused on helping n8n builders work more efficiently.
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Add get_node_essentials tool for 10-20 essential properties only
- Add search_node_properties for targeted property search
- Add get_node_for_task with 14 pre-configured templates
- Add validate_node_config for comprehensive validation
- Add get_property_dependencies for visibility analysis
- Implement PropertyFilter service with curated essentials
- Implement ExampleGenerator with working examples
- Implement TaskTemplates for common workflows
- Implement ConfigValidator with security checks
- Implement PropertyDependencies for dependency analysis
- Enhance property descriptions to 100% coverage
- Add version information to essentials response
- Update documentation with new tools
Response sizes reduced from 100KB+ to <5KB for better AI agent usability.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated CLAUDE.md with v2.3.3 achievements and metrics
- Updated README.md with new node counts and v2.3.3 features
- Added comprehensive CHANGELOG.md entry for v2.3.3
- Bumped version in package.json to 2.3.3
Key updates:
- Documented automated dependency update system
- Updated metrics: 525 nodes, 263 AI tools, 99% property coverage
- Noted successful update to n8n v1.97.1
- Documented validation script fixes
Root Cause Analysis:
- Express.json() middleware was consuming request stream before StreamableHTTPServerTransport
- StreamableHTTPServerTransport has initialization issues with stateless usage
Two-Phase Solution:
1. Removed all body parsing middleware to preserve raw streams
2. Created http-server-fixed.ts with direct JSON-RPC implementation
Key Changes:
- Remove express.json() from all HTTP server implementations
- Add http-server-fixed.ts that bypasses StreamableHTTPServerTransport
- Implement initialize, tools/list, and tools/call methods directly
- Add USE_FIXED_HTTP=true environment variable to enable fixed server
- Update logging to not access req.body
The fixed implementation:
- Handles JSON-RPC protocol directly without transport complications
- Maintains full MCP compatibility
- Works reliably without stream or initialization errors
- Provides better performance and debugging capabilities
Usage: MCP_MODE=http USE_FIXED_HTTP=true npm start
This provides a stable, production-ready HTTP server for n8n-MCP.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add ConsoleManager to prevent console output interference with StreamableHTTPServerTransport
- Implement SingleSessionHTTPServer with persistent session reuse
- Create N8NMCPEngine for clean service integration
- Add automatic session expiry after 30 minutes of inactivity
- Update logger to be HTTP-aware during active requests
- Maintain backward compatibility with existing deployments
This fixes the "stream is not readable" error by implementing the Hybrid
Single-Session architecture as documented in MCP_ERROR_FIX_PLAN.md
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Rename Dockerfile.optimized to Dockerfile (now the default)
- Keep old Dockerfile as Dockerfile.old for reference
- Update GitHub Actions to use default Dockerfile
- Remove build-full job - only one image variant now
- Remove docker-compose.optimized.yml and other variants
- Update all documentation to reflect single image approach
The optimized 283MB image is now the only n8n-MCP Docker image.
This simplifies the user experience and provides the best solution
for all use cases.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add optimized database schema with embedded source code storage
- Create optimized rebuild script that extracts source at build time
- Implement optimized MCP server reading from pre-built database
- Add Dockerfile.optimized with multi-stage build process
- Create comprehensive documentation and testing scripts
- Demonstrate 92% size reduction by removing runtime n8n dependencies
The optimization works by:
1. Building complete database at Docker build time
2. Extracting all node source code into the database
3. Creating minimal runtime image without n8n packages
4. Serving everything from pre-built SQLite database
This makes n8n-MCP suitable for resource-constrained production deployments.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Document the dual-adapter system (better-sqlite3 and sql.js)
- Add technical decisions and implementation details
- Include problem/solution documentation for SQLite version mismatch
- Update architecture diagram with database-adapter.ts
- Add performance considerations and memory notes
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated CLAUDE.md with complete project state and capabilities
- Enhanced README.md with node extraction features and examples
- Added CHANGELOG.md to track version history
- Documented new MCP tools and resources for node source extraction
- Added special features section highlighting AI Agent capabilities
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
