Added comprehensive TypeScript type definitions for n8n node parsing while
maintaining zero compilation errors. Uses pragmatic "70% benefit with 0%
breakage" approach with strategic `any` assertions.
## Type Definitions (src/types/node-types.ts)
- NodeClass union type replaces `any` in method signatures
- Type guards: isVersionedNodeInstance(), isVersionedNodeClass()
- Utility functions for safe node handling
## Parser Updates
- node-parser.ts: All methods use NodeClass (15+ methods)
- simple-parser.ts: Strongly typed method signatures
- property-extractor.ts: Typed extraction methods
- 30+ method signatures improved
## Strategic Pattern
- Strong types in public method signatures (caller type safety)
- Strategic `as any` assertions for internal union type access
- Pattern: const desc = description as any; // Access union properties
## Benefits
- Better IDE support and auto-complete
- Compile-time safety at call sites
- Type-based documentation
- Zero compilation errors
- Bug prevention (would have caught v2.17.4 baseDescription issue)
## Test Updates
- All test files updated with `as any` for mock objects
- Zero compilation errors maintained
## Known Limitations
- ~70% type coverage (signatures typed, internal logic uses assertions)
- Union types (INodeTypeBaseDescription vs INodeTypeDescription) not fully resolved
- Future work: Conditional types or overloads for 100% type safety
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit fixes two critical bugs affecting AI Agent and other langchain nodes:
1. Version Extraction Bug (node-parser.ts)
- AI Agent was returning version "3" instead of "2.2" (the defaultVersion)
- Root cause: extractVersion() checked non-existent instance.baseDescription.defaultVersion
- Fix: Updated priority to check currentVersion first, then description.defaultVersion
- Impact: All VersionedNodeType nodes now return correct version
2. typeVersion Validation Bypass (workflow-validator.ts)
- Langchain nodes with invalid typeVersion passed validation (even typeVersion: 99999)
- Root cause: langchain skip happened before typeVersion validation
- Fix: Moved typeVersion validation before langchain parameter skip
- Impact: Invalid typeVersion values now properly caught for all nodes
Also includes:
- Database rebuilt with corrected version data (536 nodes)
- Version bump: 2.17.3 → 2.17.4
- Comprehensive CHANGELOG entry
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This fixes a critical validation gap where AI agents could create invalid
configurations for nodes using resourceLocator properties (primarily AI model
nodes like OpenAI Chat Model v1.2+, Anthropic, Cohere, etc.).
Before this fix, AI agents could incorrectly pass a string value like:
model: "gpt-4o-mini"
Instead of the required object format:
model: { mode: "list", value: "gpt-4o-mini" }
These invalid configs would pass validation but fail at runtime in n8n.
Changes:
- Added resourceLocator type validation in config-validator.ts (lines 237-274)
- Validates value is an object with required 'mode' and 'value' properties
- Provides helpful error messages with exact fix suggestions
- Added 10 comprehensive test cases (100% passing)
- Updated version to 2.17.3
- Added CHANGELOG entry
Affected nodes: OpenAI Chat Model (v1.2+), Anthropic, Cohere, DeepSeek,
Groq, Mistral, OpenRouter, xAI Grok Chat Models, and embeddings nodes.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updates:
- Updated n8n from 1.113.3 to 1.114.3
- Updated n8n-core from 1.112.1 to 1.113.1
- Updated n8n-workflow from 1.110.0 to 1.111.0
- Updated @n8n/n8n-nodes-langchain from 1.112.2 to 1.113.1
- Rebuilt node database with 536 nodes
- Updated template database (2647 → 2653, +6 new templates)
- Sanitized 24 templates to remove API tokens
Performance Improvements:
- Optimized template update to fetch only last 2 weeks
- Reduced update time from 10+ minutes to ~60 seconds
- Added getMostRecentTemplateDate() to TemplateRepository
- Modified TemplateFetcher to support date-based filtering
- Update mode now fetches templates since (most_recent - 14 days)
All tests passing (933 unit, 249 integration)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes critical issue where Docker and cloud deployments generated new
anonymous user IDs on every container recreation, causing 100-200x
inflation in unique user counts.
Changes:
- Use host's boot_id for stable identification across container updates
- Auto-detect Docker (IS_DOCKER=true) and 8 cloud platforms
- Defensive fallback chain: boot_id → combined signals → generic ID
- Zero configuration required
Impact:
- Resolves ~1000x/month inflation in stdio mode
- Resolves ~180x/month inflation in HTTP mode (6 releases/day)
- Improves telemetry accuracy: 3,996 apparent users → ~2,400-2,800 actual
Testing:
- 18 new unit tests for boot_id functionality
- 16 new integration tests for Docker/cloud detection
- All 60 telemetry tests passing (100%)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit implements HIGH-02 (Rate Limiting) and HIGH-03 (SSRF Protection)
from the security audit, protecting against brute force attacks and
Server-Side Request Forgery.
Security Enhancements:
- Rate limiting: 20 attempts per 15 minutes per IP (configurable)
- SSRF protection: Three security modes (strict/moderate/permissive)
- DNS rebinding prevention
- Cloud metadata blocking in all modes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Per Semantic Versioning, security fixes are backwards-compatible bug fixes
and should increment the PATCH version (2.16.1 → 2.16.2), not MINOR.
This resolves the version mismatch identified by code review.
Production-ready improvements based on comprehensive code review:
Critical Fixes:
- Robust container detection: Checks multiple env vars (IS_DOCKER, IS_CONTAINER)
with flexible formats (true/1/yes) and filesystem markers (/.dockerenv,
/run/.containerenv) for Docker, Kubernetes, Podman, containerd support
- Fixed redundant exit calls: Removed immediate exit, use 1000ms timeout for
graceful shutdown allowing cleanup to complete
- Added error handling for stdin registration with try-catch
- Added shutdown trigger logging (SIGTERM/SIGINT/SIGHUP/STDIN_END/STDIN_CLOSE)
Improvements:
- Increased timeout from 500ms to 1000ms for slower systems
- Added null safety for stdin operations
- Enhanced documentation explaining behavior in different environments
- More descriptive variable names (isDocker → isContainer)
Testing:
- Supports Docker, Kubernetes, Podman, and other container runtimes
- Graceful fallback if container detection fails
- Works in Claude Desktop, containers, and manual execution
Code Review: Approved by code-reviewer agent
All critical and warning issues addressed
Reported by: @Eddy-Chahed
Issue: #277🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Version bump due to functionality changes in Phase 5:
Changes:
- handleDeleteWorkflow now returns deleted workflow data
- handleListWorkflows tags parameter fixed (array → CSV string)
- N8nApiClient.deleteWorkflow return type fixed (void → Workflow)
- WorkflowListParams.tags type corrected (string[] → string)
These are bug fixes and enhancements, not just tests.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Complete implementation of Phase 1 foundation for n8n API integration tests.
Establishes core utilities, fixtures, and infrastructure for testing all 17 n8n API handlers against real n8n instance.
Changes:
- Add integration test environment configuration to .env.example
- Create comprehensive test utilities infrastructure:
* credentials.ts: Environment-aware credential management (local .env vs CI secrets)
* n8n-client.ts: Singleton API client wrapper with health checks
* test-context.ts: Resource tracking and automatic cleanup
* cleanup-helpers.ts: Multi-level cleanup strategies (orphaned, age-based, tag-based)
* fixtures.ts: 6 pre-built workflow templates (webhook, HTTP, multi-node, error handling, AI, expressions)
* factories.ts: Dynamic node/workflow builders with 15+ factory functions
* webhook-workflows.ts: Webhook workflow configs and setup instructions
- Add npm scripts:
* test:integration:n8n: Run n8n API integration tests
* test:cleanup:orphans: Clean up orphaned test resources
- Create cleanup script for CI/manual use
Documentation:
- Add comprehensive integration testing plan (550 lines)
- Add Phase 1 completion summary with lessons learned
Key Features:
- Automatic credential detection (CI vs local)
- Multi-level cleanup (test, suite, CI, orphan)
- 6 workflow fixtures covering common scenarios
- 15+ factory functions for dynamic test data
- Support for 4 HTTP methods (GET, POST, PUT, DELETE) via pre-activated webhook workflows
- TypeScript-first with full type safety
- Comprehensive error handling with helpful messages
Total: ~1,520 lines of production-ready code + 650 lines of documentation
Ready for Phase 2: Workflow creation tests
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements comprehensive execution data filtering system to enable AI agents
to inspect large workflow executions without exceeding token limits.
Features:
- Preview mode: Shows structure, counts, and size estimates (~500 tokens)
- Summary mode: Returns 2 sample items per node (~2-5K tokens)
- Filtered mode: Granular control with itemsLimit and nodeNames
- Full mode: Complete data retrieval (explicit opt-in)
- Smart recommendations based on data size analysis
- Structure-only mode (itemsLimit: 0) for schema inspection
- 100% backward compatibility with legacy includeData parameter
Technical improvements:
- New ExecutionProcessor service with intelligent filtering logic
- Type-safe implementation with Record<string, unknown> over any
- Comprehensive validation and error handling
- 33 unit tests with 78% coverage
- Constants-based thresholds for easy tuning
Bug fixes:
- Fixed preview mode API data fetching to enable structure analysis
- Validates and caps itemsLimit to prevent abuse
Impact:
- Reduces token usage by 80-95% for large datasets (50+ items)
- Prevents token overflow when inspecting workflow executions
- Enables recommended workflow: preview → recommendation → targeted fetch
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements 4 new features for n8n_update_partial_workflow:
New Operations:
- cleanStaleConnections: Auto-remove broken workflow connections
- replaceConnections: Replace entire connections object in one operation
Enhanced Features:
- removeConnection ignoreErrors flag: Graceful cleanup without failures
- continueOnError mode: Best-effort batch operations with detailed tracking
Impact:
- Reduces broken workflow fix time from 10-15 minutes to 30 seconds
- Token efficiency: 1 cleanStaleConnections vs 10+ manual operations
- 15 new tests added, all passing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Template Updates:
- Add npm script for incremental template fetch (fetch:templates:update)
- Create MEMORY_TEMPLATE_UPDATE.md with comprehensive documentation
- Update 48 new templates (2598 → 2646 total)
- Latest template now from September 24, 2025
Metadata Generation Fixes:
- Update model from gpt-4o-mini to gpt-5-mini-2025-08-07
- Remove temperature parameter (not supported in batch API)
- Increase max_completion_tokens from 1000 to 3000
- Add comprehensive error file handling to batch-processor
- Process failed requests and assign default metadata
- Save error files for debugging (temp/batch/)
Test Updates:
- Update all test files to use gpt-5-mini-2025-08-07 model
- 3 test assertions updated in metadata-generator.test.ts
- 1 test option updated in batch-processor.test.ts
Documentation:
- Add troubleshooting section for metadata generation
- Include error handling examples
- Document incremental vs full rebuild modes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated n8n from 1.112.3 to 1.113.3
- Updated n8n-core from 1.111.0 to 1.112.1
- Updated n8n-workflow from 1.109.0 to 1.110.0
- Updated @n8n/n8n-nodes-langchain from 1.111.1 to 1.112.2
- Rebuilt node database with 536 nodes
- Bumped version to 2.14.3
- Updated n8n version badge in README
- All validation tests passing
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Major improvements to telemetry system addressing code review findings:
Architecture & Modularization:
- Split 636-line TelemetryManager into 7 focused modules
- Separated concerns: event tracking, batch processing, validation, rate limiting
- Lazy initialization pattern to avoid early singleton creation
- Clean separation of responsibilities
Security & Privacy:
- Added comprehensive input validation with Zod schemas
- Sanitization of sensitive data (URLs, API keys, emails)
- Expanded sensitive key detection patterns (25+ patterns)
- Row Level Security on Supabase backend
- Added data deletion contact info (romuald@n8n-mcp.com)
Performance & Reliability:
- Sliding window rate limiter (100 events/minute)
- Circuit breaker pattern for network failures
- Dead letter queue for failed events
- Exponential backoff with jitter for retries
- Performance monitoring with overhead tracking (<5%)
- Memory-safe array limits in rate limiter
Testing:
- Comprehensive test coverage (87%+ for core modules)
- Unit tests for all new modules
- Integration tests for MCP telemetry
- Fixed test isolation issues
Data Management:
- Clear user consent in welcome message
- Batch processing with deduplication
- Automatic workflow flushing
BREAKING CHANGE: TelemetryManager constructor is now private, use getInstance()
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add anonymous telemetry system with Supabase integration
- Fix TypeErrors affecting 50% of tool calls
- Improve test coverage to 91%+
- Add comprehensive CHANGELOG
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Implement telemetry manager for tracking tool usage and workflows
- Add workflow sanitizer to remove sensitive data before storage
- Create config manager with opt-in/opt-out mechanism
- Integrate telemetry tracking into MCP server and workflow handlers
- Add CLI commands for telemetry control (enable/disable/status)
- Show first-run notice with clear privacy information
- Add comprehensive unit tests for sanitization and config
- Track tool usage metrics, workflow patterns, and errors
- Ensure complete anonymity with deterministic user IDs
- Never collect URLs, API keys, or sensitive information
- Added OperationSimilarityService for validating operations with "Did you mean...?" suggestions
- Added ResourceSimilarityService for validating resources with plural/singular detection
- Implements Levenshtein distance algorithm for typo detection
- Pattern matching for common operation/resource mistakes
- 5-minute cache with automatic cleanup to prevent memory leaks
- Confidence scoring (30% minimum threshold) for suggestion quality
- Resource-aware operation filtering for contextual suggestions
- Safe JSON parsing with ValidationServiceError for proper error handling
- Type guards for safe property access
- Performance optimizations with early termination
- Comprehensive test coverage (37 new tests)
- Integration tested with n8n-mcp-tester agent
Example use cases:
- "listFiles" → suggests "search" for Google Drive
- "files" → suggests singular "file"
- "flie" → suggests "file" (typo correction)
- "downlod" → suggests "download"
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove 5-operation limit from n8n_update_partial_workflow
- Update CHANGELOG.md with version 2.13.1 entry
- Bump version in package.json to 2.13.1
- Remove static version badge from README.md (npm badge remains)
The workflow diff engine now supports unlimited operations per request,
enabling complex workflow refactoring in single API calls.
## 🎉 Release Highlights
### ✨ New Features
- **Webhook Path Autofixer**: Automatically generates UUIDs for webhook nodes missing path configuration
- **Enhanced Node Type Suggestions**: Intelligent node type correction with similarity matching
- **n8n_autofix_workflow Tool**: New MCP tool for automatic workflow error correction
### 🔒 Security & Performance
- Eliminated ReDoS vulnerability in NodeSimilarityService
- Optimized Levenshtein distance algorithm from O(m*n) to O(n) space
- Added cache invalidation with version tracking to prevent memory leaks
### 📚 Documentation
- Comprehensive CHANGELOG entry with detailed feature descriptions
- Updated README with new autofixer tool documentation
- Added tool usage examples in validation workflow
All 16 test cases passing with 100% success rate.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated n8n from 1.111.0 to 1.112.3
- Updated n8n-core from 1.110.0 to 1.111.0
- Updated n8n-workflow from 1.108.0 to 1.109.0
- Updated @n8n/n8n-nodes-langchain from 1.110.0 to 1.111.1
- Rebuilt node database with 536 nodes (438 from n8n-nodes-base, 98 from langchain)
- Bumped version to 2.12.2
- Updated README.md badges to reflect new n8n version
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Add validateErrorOutputConfiguration method to detect when multiple nodes are incorrectly placed in main[0]
- Fix checkWorkflowPatterns to check main[1] for error outputs instead of outputs.error
- Cross-validate onError property matches actual connection structure
- Provide clear error messages with JSON examples showing correct configuration
- Use heuristic detection for error handler nodes (names containing error, fail, catch, etc.)
- Add comprehensive test coverage with 16+ test cases
- Bump version to 2.12.1
Fixes issues where AI agents would incorrectly configure error outputs by placing multiple nodes in the same array instead of separating them into success (main[0]) and error (main[1]) paths.
🤖 Generated with Claude Code (https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Bump version from 2.11.3 to 2.12.0
- Add comprehensive documentation for flexible instance configuration
- Update CHANGELOG with new features, security enhancements, and performance improvements
- Document architecture, usage examples, and security considerations
- Include migration guide for existing deployments
This release introduces flexible instance configuration, enabling n8n-mcp to serve
multiple users with different n8n instances dynamically, with full backward compatibility.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add InstanceContext interface for runtime configuration
- Implement dual-mode API client (singleton + instance-specific)
- Add secure SHA-256 hashing for cache keys
- Implement LRU cache with TTL (100 instances, 30min expiry)
- Add comprehensive input validation for URLs and API keys
- Sanitize all logging to prevent API key exposure
- Fix session context cleanup and memory management
- Add comprehensive security and integration tests
- Maintain full backward compatibility for single-player usage
Security improvements based on code review:
- Cache keys are now cryptographically hashed
- API credentials never appear in logs
- Memory-bounded cache prevents resource exhaustion
- Input validation rejects invalid/placeholder values
- Proper cleanup of orphaned session contexts
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Bump version from 2.11.2 to 2.11.3
- Update README.md version badge
- Add CHANGELOG.md entry documenting the fix for n8n_update_partial_workflow tool
- Fix resolves GitHub issues #159 and #168
- Added override for pyodide@0.26.4 to resolve version conflict
- @langchain/community requires pyodide <0.27.0 but npm was installing 0.28.0
- This was causing Railway Docker build failures with npm ci
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated n8n from 1.110.1 to 1.111.0
- Updated n8n-core from 1.109.0 to 1.110.0
- Updated n8n-workflow from 1.107.0 to 1.108.0
- Updated @n8n/n8n-nodes-langchain from 1.109.1 to 1.110.0
- Rebuilt node database with 535 nodes
- Templates preserved: 2598 templates with 2534 having metadata
- All critical nodes validated successfully
- Test results: 1911 passed, 5 failed (performance tests), 53 skipped
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Implement OpenAI batch API integration for metadata generation
- Add metadata columns to database schema (metadata_json, metadata_generated_at)
- Create MetadataGenerator service with structured output schemas
- Create BatchProcessor for handling OpenAI batch jobs
- Add --generate-metadata flag to fetch-templates script
- Update template repository with metadata management methods
- Add OpenAI configuration to environment variables
- Include comprehensive tests for metadata generation
- Use gpt-4o-mini model with 50% cost savings via batch API
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added explicit @rollup/rollup-linux-x64-gnu dependency for CI compatibility
- Fixed npm ci failures in GitHub Actions Linux environment
- Regenerated package-lock.json with all platform-specific rollup binaries
- Tests now pass on both macOS ARM64 and Linux x64 platforms
- Updated n8n-nodes-base to 1.106.3
- Updated @n8n/n8n-nodes-langchain to 1.106.3
- Enhanced SQL.js compatibility in database adapter
- Fixed parameter binding and state management in SQLJSStatement
- Rebuilt node database with 535 nodes
- All tests passing with Node.js v22.17.0 LTS
