n8n-mcp

ros/n8n-mcp

Fork 0

mirror of https://github.com/czlonkowski/n8n-mcp.git synced 2026-03-21 01:43:08 +00:00

Commit Graph

Author	SHA1	Message	Date
czlonkowski	7ac748e73f	feat: enhance workflow mutation telemetry for better AI responses Improve workflow mutation tracking to capture comprehensive data that helps provide better responses when users update workflows. This enhancement collects workflow state, user intent, and operation details to enable more context-aware assistance. Key improvements: - Reduce auto-flush threshold from 5 to 2 for more reliable mutation tracking - Add comprehensive workflow and credential sanitization to mutation tracker - Document intent parameter in workflow update tools for better UX - Fix mutation queue handling in telemetry manager (flush now handles 3 queues) - Add extensive unit tests for mutation tracking and validation (35 new tests) Technical changes: - mutation-tracker.ts: Multi-layer sanitization (workflow, node, parameter levels) - batch-processor.ts: Support mutation data flushing to Supabase - telemetry-manager.ts: Auto-flush mutations at threshold 2, track mutations queue - handlers-workflow-diff.ts: Track workflow mutations with sanitized data - Tests: 13 tests for mutation-tracker, 22 tests for mutation-validator The intent parameter messaging emphasizes user benefit ("helps to return better response") rather than technical implementation details. Conceived by Romuald Członkowski - https://www.aiadvisors.pl/en 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-13 13:42:15 +01:00
czlonkowski	c3b691cedf	feat(telemetry): capture error messages with security hardening ## Summary Enhanced telemetry system to capture actual error messages for debugging while implementing comprehensive security hardening to protect sensitive data. ## Changes - Added optional errorMessage parameter to trackError() method - Implemented sanitizeErrorMessage() with 7-layer security protection - Updated all production and test call sites (atomic change) - Added 18 new security-focused tests ## Security Fixes - ReDoS Prevention: Early truncation + simplified regex patterns - Full URL Redaction: Changed [URL]/path → [URL] to prevent leakage - Credential Detection: AWS keys, GitHub tokens, JWT, Bearer tokens - Correct Sanitization Order: URLs → credentials → emails → generic - Error Handling: Try-catch wrapper with [SANITIZATION_FAILED] fallback ## Impact - Resolves 272+ weekly errors with no error messages - Protects against ReDoS attacks - Prevents API structure and credential leakage - 90.75% test coverage, 269 tests passing 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-03 15:53:13 +02:00
czlonkowski	e14c647b7d	fix: refactor telemetry system with critical improvements (v2.14.1) Major improvements to telemetry system addressing code review findings: Architecture & Modularization: - Split 636-line TelemetryManager into 7 focused modules - Separated concerns: event tracking, batch processing, validation, rate limiting - Lazy initialization pattern to avoid early singleton creation - Clean separation of responsibilities Security & Privacy: - Added comprehensive input validation with Zod schemas - Sanitization of sensitive data (URLs, API keys, emails) - Expanded sensitive key detection patterns (25+ patterns) - Row Level Security on Supabase backend - Added data deletion contact info (romuald@n8n-mcp.com) Performance & Reliability: - Sliding window rate limiter (100 events/minute) - Circuit breaker pattern for network failures - Dead letter queue for failed events - Exponential backoff with jitter for retries - Performance monitoring with overhead tracking (<5%) - Memory-safe array limits in rate limiter Testing: - Comprehensive test coverage (87%+ for core modules) - Unit tests for all new modules - Integration tests for MCP telemetry - Fixed test isolation issues Data Management: - Clear user consent in welcome message - Batch processing with deduplication - Automatic workflow flushing BREAKING CHANGE: TelemetryManager constructor is now private, use getInstance() 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-26 16:10:54 +02:00

Author

SHA1

Message

Date

czlonkowski

7ac748e73f

feat: enhance workflow mutation telemetry for better AI responses

Improve workflow mutation tracking to capture comprehensive data that helps provide better responses when users update workflows. This enhancement collects workflow state, user intent, and operation details to enable more context-aware assistance.

Key improvements:
- Reduce auto-flush threshold from 5 to 2 for more reliable mutation tracking
- Add comprehensive workflow and credential sanitization to mutation tracker
- Document intent parameter in workflow update tools for better UX
- Fix mutation queue handling in telemetry manager (flush now handles 3 queues)
- Add extensive unit tests for mutation tracking and validation (35 new tests)

Technical changes:
- mutation-tracker.ts: Multi-layer sanitization (workflow, node, parameter levels)
- batch-processor.ts: Support mutation data flushing to Supabase
- telemetry-manager.ts: Auto-flush mutations at threshold 2, track mutations queue
- handlers-workflow-diff.ts: Track workflow mutations with sanitized data
- Tests: 13 tests for mutation-tracker, 22 tests for mutation-validator

The intent parameter messaging emphasizes user benefit ("helps to return better response") rather than technical implementation details.

Conceived by Romuald Członkowski - https://www.aiadvisors.pl/en

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-13 13:42:15 +01:00

czlonkowski

c3b691cedf

feat(telemetry): capture error messages with security hardening

## Summary
Enhanced telemetry system to capture actual error messages for debugging
while implementing comprehensive security hardening to protect sensitive data.

## Changes
- Added optional errorMessage parameter to trackError() method
- Implemented sanitizeErrorMessage() with 7-layer security protection
- Updated all production and test call sites (atomic change)
- Added 18 new security-focused tests

## Security Fixes
- ReDoS Prevention: Early truncation + simplified regex patterns
- Full URL Redaction: Changed [URL]/path → [URL] to prevent leakage
- Credential Detection: AWS keys, GitHub tokens, JWT, Bearer tokens
- Correct Sanitization Order: URLs → credentials → emails → generic
- Error Handling: Try-catch wrapper with [SANITIZATION_FAILED] fallback

## Impact
- Resolves 272+ weekly errors with no error messages
- Protects against ReDoS attacks
- Prevents API structure and credential leakage
- 90.75% test coverage, 269 tests passing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-03 15:53:13 +02:00

czlonkowski

e14c647b7d

fix: refactor telemetry system with critical improvements (v2.14.1)

Major improvements to telemetry system addressing code review findings:

Architecture & Modularization:
- Split 636-line TelemetryManager into 7 focused modules
- Separated concerns: event tracking, batch processing, validation, rate limiting
- Lazy initialization pattern to avoid early singleton creation
- Clean separation of responsibilities

Security & Privacy:
- Added comprehensive input validation with Zod schemas
- Sanitization of sensitive data (URLs, API keys, emails)
- Expanded sensitive key detection patterns (25+ patterns)
- Row Level Security on Supabase backend
- Added data deletion contact info (romuald@n8n-mcp.com)

Performance & Reliability:
- Sliding window rate limiter (100 events/minute)
- Circuit breaker pattern for network failures
- Dead letter queue for failed events
- Exponential backoff with jitter for retries
- Performance monitoring with overhead tracking (<5%)
- Memory-safe array limits in rate limiter

Testing:
- Comprehensive test coverage (87%+ for core modules)
- Unit tests for all new modules
- Integration tests for MCP telemetry
- Fixed test isolation issues

Data Management:
- Clear user consent in welcome message
- Batch processing with deduplication
- Automatic workflow flushing

BREAKING CHANGE: TelemetryManager constructor is now private, use getInstance()

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-09-26 16:10:54 +02:00

3 Commits