This fixes the fundamental issue causing persistent test failures.
Root Cause:
- The entrypoint script's user switching was broken
- Used 'exec $*' which fails when no arguments provided
- Used 'printf %q' which doesn't exist in Alpine Linux
- User switching wasn't actually working properly
Fixes:
1. Added su-exec package to Dockerfile
- Proper tool for switching users in containers
- Handles signal propagation correctly
- No intermediate shell process
2. Rewrote user switching logic
- Uses su-exec with fallback to su
- Fixed command injection vulnerability in su fallback
- Properly handles case when no arguments provided
- Exports environment variables before switching
3. Added security improvements
- Restricted permissions on AUTH_TOKEN_FILE
- Added comments explaining su-exec benefits
This explains why tests kept failing - we were testing around a broken implementation rather than fixing the actual broken code.
Security Fixes:
- Add command injection prevention in n8n-mcp wrapper with whitelist validation
- Fix race condition in database initialization with proper lock directory creation
- Add flock availability check with fallback behavior
- Implement comprehensive input sanitization in parse-config.js
Improvements:
- Add debug logging support to parse-config.js (DEBUG_CONFIG=true)
- Improve test cleanup error handling with proper error tracking
- Increase integration test timeouts for CI compatibility
- Update test assertions to check environment variables instead of processes
All critical security vulnerabilities identified by code review have been addressed.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit adds comprehensive support for JSON configuration files in Docker containers,
addressing the issue where the Docker image fails to start in server mode and ignores
configuration files.
## Changes
### Docker Configuration Support
- Added parse-config.js to safely parse JSON configs and export as shell variables
- Implemented secure shell quoting to prevent command injection
- Added dangerous environment variable blocking for security
- Support for all JSON data types with proper edge case handling
### Docker Server Mode Fix
- Added support for "n8n-mcp serve" command in entrypoint
- Properly transforms serve command to HTTP mode
- Fixed missing n8n-mcp binary issue in Docker image
### Security Enhancements
- POSIX-compliant shell quoting without eval
- Blocked dangerous variables (PATH, LD_PRELOAD, etc.)
- Sanitized configuration keys to prevent invalid shell variables
- Protection against shell metacharacters in values
### Testing
- Added 53 comprehensive tests for Docker configuration
- Unit tests for parsing, security, and edge cases
- Integration tests for Docker entrypoint behavior
- Security-focused tests for injection prevention
### Documentation
- Updated Docker README with config file mounting examples
- Enhanced troubleshooting guide with config file issues
- Added version bump to 2.8.2
### Additional Files
- Included deployment-engineer and technical-researcher agent files
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated Dockerfile to copy all tsconfig*.json files (includes tsconfig.build.json)
- Updated Dockerfile.railway with same fix
- Changed standard Dockerfile to use 'tsc -p tsconfig.build.json' for consistency
- This fixes the missing file errors preventing Docker builds in CI
The issue was that tsconfig.build.json was added for the testing infrastructure
but the Docker COPY commands were not updated to include it.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated all Dockerfiles from node:20-alpine to node:22-alpine
- Addresses known vulnerabilities in older Alpine images
- Provides better long-term support with Node.js 22 LTS (until April 2027)
- Updated documentation to reflect new base image version
- Tested and verified compatibility with all dependencies
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added proper SIGTERM/SIGINT signal handlers to stdio-wrapper.ts
- Removed problematic trap commands from docker-entrypoint.sh
- Added STOPSIGNAL directive to Dockerfile for explicit signal handling
- Implemented graceful shutdown in MCP server with database cleanup
- Added stdin close detection for proper cleanup when Claude Desktop closes the pipe
- Containers now properly exit with the --rm flag, preventing accumulation
- Added --init flag to all Docker configuration examples
- Updated documentation with container lifecycle management best practices
- Bumped version to 2.7.20
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added cache-busting comment to invalidate Docker's build cache
- Previous builds were using cached COPY layer with old database from 13:18
- This ensures Docker copies the new database (15:38) with is_trigger=true fixes
- Affects: webhook, cron, interval, emailReadImap nodes
The Docker build cache was serving an old database without the trigger detection fix,
causing these nodes to incorrectly show isTrigger: false in the MCP tool.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
The Docker build was failing because TypeScript compilation requires n8n-workflow
and uuid packages that weren't being installed. Also removed the deletion of src/n8n
directory as it contains TypeScript files needed during compilation.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- TypeScript needs axios to compile template-fetcher.ts
- Runtime doesn't need axios since templates are in pre-built database
- Maintains minimal runtime dependencies
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
The build was failing because TypeScript couldn't find module imports.
Fixed by:
1. Installing minimal dependencies needed for compilation (MCP SDK, dotenv, express)
2. Excluding n8n node implementation files that aren't needed for MCP server
- Removed src/n8n directory (n8n node implementation)
- Removed src/utils/bridge.ts and src/utils/mcp-client.ts (n8n-specific utils)
These files are only used for n8n integration, not for the MCP server runtime.
Results:
- Build succeeds with only 102 packages (vs 2294 before)
- TypeScript compiles without errors
- Faster builds and smaller image
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
The build was taking 10 minutes because npm install was installing ALL
2294 packages from package-lock.json instead of just TypeScript.
Changed approach:
- Don't copy package*.json to builder stage
- Create empty package.json to prevent lock file issues
- Install only the 3 required packages explicitly
Results:
- Builder stage: 2294 packages → 13 packages
- Build time: ~374s → ~10s per platform
- Total build time: 10 minutes → ~2 minutes
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Major optimization that reduces Docker image size by 87% and build time by 10x:
- Remove ALL n8n dependencies from runtime Docker image
- Add package.runtime.json with only 5 essential runtime deps
- Optimize Dockerfile to build TypeScript without n8n packages
- Add BuildKit optimizations with cache mounts
- Update documentation to highlight the improvements
Results:
- Image size: ~1.5GB → ~200MB (87% reduction)
- Build time: ~12 minutes → ~1-2 minutes
- No n8n version conflicts at runtime
- Better security with minimal attack surface
The key insight is that since we always rebuild the database locally
before deployment, the Docker runtime never needs n8n packages.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed the initialization timeout issue with minimal changes:
1. Added stdout flush after server connection to combat Docker buffering
2. Fixed docker-entrypoint.sh to not output to stdout in stdio mode
3. Added process.stdin.resume() to keep server alive
4. Added IS_DOCKER environment variable for future use
5. Updated README to prioritize Docker with correct -i flag configuration
The core issue was Docker's block buffering preventing immediate JSON-RPC
responses. The -i flag maintains stdin connection, and explicit flushing
ensures responses reach Claude Desktop immediately.
Also fixed "Shutting down..." message that was breaking JSON-RPC protocol
by redirecting it to stderr in stdio mode.
Docker is now the recommended installation method as originally intended.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
## Root cause
- Docker buildx memory options were incorrectly formatted
- Database build during Docker image creation was failing on multi-platform builds
- n8n native dependencies caused issues across different architectures
## Solution
- Removed invalid buildx driver-opts configuration
- Eliminated database build stage from Dockerfile
- Now using pre-built nodes.db file (11MB) from repository
- Fixed .dockerignore to include nodes.db in build context
- Added .dockerignore to version control (was incorrectly gitignored)
## Benefits
- Faster builds (no n8n package installation during build)
- More reliable multi-platform builds (amd64 + arm64)
- Simpler Dockerfile (3 stages instead of 4)
Database can still be rebuilt locally using 'npm run rebuild' when needed.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added ca-certificates package for proper SSL certificate validation
- Configured git to handle SSL and initialization properly
- Added --depth 1 for faster cloning and reduced network issues
- Improved error handling to continue build even if docs clone fails
- Fixed su-exec issue by using Alpine's native su command
- Redirected git clone stderr to avoid polluting build logs
These changes address the exit code 128 git errors occurring in GitHub Actions
Docker builds while maintaining backwards compatibility.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Rename Dockerfile.optimized to Dockerfile (now the default)
- Keep old Dockerfile as Dockerfile.old for reference
- Update GitHub Actions to use default Dockerfile
- Remove build-full job - only one image variant now
- Remove docker-compose.optimized.yml and other variants
- Update all documentation to reflect single image approach
The optimized 283MB image is now the only n8n-MCP Docker image.
This simplifies the user experience and provides the best solution
for all use cases.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove all references to workflow execution/management features
- Delete legacy scripts for bidirectional n8n integration
- Update documentation to focus on node documentation serving only
- Remove old docker-compose files for workflow management
- Add simplified docker-compose.yml for documentation server
- Update CHANGELOG.md to reflect v2.0.0 and v2.1.0 changes
- Update Dockerfile to use v2 paths and database
The project is now clearly focused on serving n8n node documentation
to AI assistants, with no workflow execution capabilities.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Major features implemented:
- SQLite storage service with FTS5 for fast node search
- Database rebuild mechanism for bulk node extraction
- MCP tools: search_nodes, extract_all_nodes, get_node_statistics
- Production Docker deployment with persistent storage
- Management scripts for database operations
- Comprehensive test suite for all functionality
Database capabilities:
- Stores node source code and metadata
- Full-text search by node name or content
- No versioning (stores latest only as per requirements)
- Supports complete database rebuilds
- ~4.5MB database with 500+ nodes indexed
Production features:
- Automated deployment script
- Docker Compose production configuration
- Database initialization on first run
- Volume persistence for data
- Management utilities for operations
Documentation:
- Updated README with complete instructions
- Production deployment guide
- Clear troubleshooting section
- API reference for all new tools
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit adds a complete integration between n8n workflow automation and the Model Context Protocol (MCP):
Features:
- MCP server that exposes n8n workflows as tools, resources, and prompts
- Custom n8n node for connecting to MCP servers from workflows
- Bidirectional bridge for data format conversion
- Token-based authentication and credential management
- Comprehensive error handling and logging
- Full test coverage for core components
Infrastructure:
- TypeScript/Node.js project setup with proper build configuration
- Docker support with multi-stage builds
- Development and production docker-compose configurations
- Installation script for n8n custom node deployment
Documentation:
- Detailed README with usage examples and API reference
- Environment configuration templates
- Troubleshooting guide
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
