- Remove hardcoded API key and URL from debug-n8n-auth.ts
- Require environment variables with proper validation
- Add comprehensive SECURITY.md with best practices
- Address security concerns raised in issue #18
The SecureKeyGuard alert was a false positive (mistaking "validate_workflow"
for "VAULT_TOKEN"), but the review uncovered actual hardcoded credentials
that have now been removed.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added complete workflow lifecycle documentation (Discover → Build → Validate → Deploy → Execute)
- Added new 'n8n_management' topic with comprehensive guide for all 14 management tools
- Documented API requirements, limitations, and best practices
- Added examples showing integration between documentation and management tools
- Included debug script for troubleshooting n8n API authentication
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
