n8n-mcp

ros/n8n-mcp

Fork 0

mirror of https://github.com/czlonkowski/n8n-mcp.git synced 2026-01-30 06:22:04 +00:00

Commit Graph

Author	SHA1	Message	Date
czlonkowski	c3b691cedf	feat(telemetry): capture error messages with security hardening ## Summary Enhanced telemetry system to capture actual error messages for debugging while implementing comprehensive security hardening to protect sensitive data. ## Changes - Added optional errorMessage parameter to trackError() method - Implemented sanitizeErrorMessage() with 7-layer security protection - Updated all production and test call sites (atomic change) - Added 18 new security-focused tests ## Security Fixes - ReDoS Prevention: Early truncation + simplified regex patterns - Full URL Redaction: Changed [URL]/path → [URL] to prevent leakage - Credential Detection: AWS keys, GitHub tokens, JWT, Bearer tokens - Correct Sanitization Order: URLs → credentials → emails → generic - Error Handling: Try-catch wrapper with [SANITIZATION_FAILED] fallback ## Impact - Resolves 272+ weekly errors with no error messages - Protects against ReDoS attacks - Prevents API structure and credential leakage - 90.75% test coverage, 269 tests passing 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-03 15:53:13 +02:00
czlonkowski	09e69df5a7	feat: implement anonymous telemetry system with Supabase integration Adds zero-configuration anonymous usage statistics to track: - Number of active users with deterministic user IDs - Which MCP tools AI agents use most - What workflows are built (sanitized to protect privacy) - Common errors and issues Key features: - Zero-configuration design with hardcoded write-only credentials - Privacy-first approach with comprehensive data sanitization - Opt-out support via config file and environment variables - Docker-friendly with environment variable support - Multi-process safe with immediate flush strategy - Row Level Security (RLS) policies for write-only access Technical implementation: - Supabase backend with anon key for INSERT-only operations - Workflow sanitization removes all sensitive data - Environment variables checked for opt-out (TELEMETRY_DISABLED, etc.) - Telemetry enabled by default but respects user preferences - Cleaned up all debug logging for production readiness 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-26 09:06:19 +02:00
czlonkowski	f150802bed	fix: update telemetry to work with Supabase RLS and permissions - Remove .select() from insert operations to avoid permission issues - Add debug logging for successful flushes - Add comprehensive test scripts for telemetry verification - Telemetry now successfully sends anonymous usage data to Supabase	2025-09-26 09:06:19 +02:00

Author

SHA1

Message

Date

czlonkowski

c3b691cedf

feat(telemetry): capture error messages with security hardening

## Summary
Enhanced telemetry system to capture actual error messages for debugging
while implementing comprehensive security hardening to protect sensitive data.

## Changes
- Added optional errorMessage parameter to trackError() method
- Implemented sanitizeErrorMessage() with 7-layer security protection
- Updated all production and test call sites (atomic change)
- Added 18 new security-focused tests

## Security Fixes
- ReDoS Prevention: Early truncation + simplified regex patterns
- Full URL Redaction: Changed [URL]/path → [URL] to prevent leakage
- Credential Detection: AWS keys, GitHub tokens, JWT, Bearer tokens
- Correct Sanitization Order: URLs → credentials → emails → generic
- Error Handling: Try-catch wrapper with [SANITIZATION_FAILED] fallback

## Impact
- Resolves 272+ weekly errors with no error messages
- Protects against ReDoS attacks
- Prevents API structure and credential leakage
- 90.75% test coverage, 269 tests passing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-03 15:53:13 +02:00

czlonkowski

09e69df5a7

feat: implement anonymous telemetry system with Supabase integration

Adds zero-configuration anonymous usage statistics to track:
- Number of active users with deterministic user IDs
- Which MCP tools AI agents use most
- What workflows are built (sanitized to protect privacy)
- Common errors and issues

Key features:
- Zero-configuration design with hardcoded write-only credentials
- Privacy-first approach with comprehensive data sanitization
- Opt-out support via config file and environment variables
- Docker-friendly with environment variable support
- Multi-process safe with immediate flush strategy
- Row Level Security (RLS) policies for write-only access

Technical implementation:
- Supabase backend with anon key for INSERT-only operations
- Workflow sanitization removes all sensitive data
- Environment variables checked for opt-out (TELEMETRY_DISABLED, etc.)
- Telemetry enabled by default but respects user preferences
- Cleaned up all debug logging for production readiness

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-09-26 09:06:19 +02:00

czlonkowski

f150802bed

fix: update telemetry to work with Supabase RLS and permissions

- Remove .select() from insert operations to avoid permission issues
- Add debug logging for successful flushes
- Add comprehensive test scripts for telemetry verification
- Telemetry now successfully sends anonymous usage data to Supabase

2025-09-26 09:06:19 +02:00

3 Commits