Add comprehensive security auditing combining n8n's built-in POST /audit
API with deep workflow scanning using 50+ regex patterns for hardcoded
secrets, unauthenticated webhook detection, error handling gap analysis,
data retention risk assessment, and PII detection.
The audit returns a compact markdown report grouped by workflow with a
Remediation Playbook showing auto-fixable items (with tool chains), items
requiring review, and items requiring user action.
Also adds n8n_manage_credentials tool (list/get/create/update/delete/getSchema)
enabling AI agents to create credentials and assign them to nodes as part
of security remediation.
Conceived by Romuald Członkowski - https://www.aiadvisors.pl/en
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add transferWorkflow diff operation to move workflows between n8n projects:
- TransferWorkflowOperation type with destinationProjectId field
- WorkflowDiffEngine validates and tracks transfer intent
- Handler calls PUT /workflows/{id}/transfer after update
- N8nApiClient.transferWorkflow() method
- Zod schema validates destinationProjectId is non-empty
- Tool description and documentation updated
- inferIntentFromOperations case for transfer
Also fixes two pre-existing bugs found during review:
- continueOnError path now properly extracts/propagates activation flags
- Debug log in updateConnectionReferences shows correct old name
Based on work by @djakielski in PR #645.
Conceived by Romuald Członkowski - https://www.aiadvisors.pl/en
- Normalize name→nodeName and id→nodeId for node-targeting operations in
the Zod schema transform, so LLMs using natural field names no longer
get "Node not found" errors
- Replace hardcoded ALL_CONNECTION_TYPES with dynamic iteration so AI
sub-nodes (ai_outputParser, ai_document, ai_textSplitter, etc.) are
not flagged as disconnected during save
- Add .catchall() to workflowConnectionSchema and extend connection
reference validation to cover all connection types, not just main
- Fix filterOperationsByFixes ID-vs-name mismatch: typeversion-upgrade
operations now include nodeName alongside nodeId, and the filter checks
both fields
Conceived by Romuald Członkowski - https://www.aiadvisors.pl/en
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
