- Add 5-minute TTL to version cache (prevents stale data after upgrades)
- Add type validation for version string from settings response
- Support 'v' prefix in version strings (e.g., v1.2.3)
- Fix race condition in getVersion() using promise-based locking
- Fix empty settings regression (Issue #431) - use minimal defaults
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit adds automatic detection of n8n server version and filters
workflow settings properties based on what the target version supports.
Changes:
- Add n8n-version.ts service for version detection via /rest/settings
- Fix nested response structure handling (data.data.versionCli)
- Add N8nVersionInfo and N8nSettingsData types
- Update N8nApiClient with getVersion() and version-aware filtering
- Clean workflow settings before API update based on detected version
Version compatibility:
- n8n < 1.37.0: 7 core properties only
- n8n 1.37.0+: adds executionOrder
- n8n 1.119.0+: adds callerPolicy, callerIds, timeSavedPerExecution, availableInMCP
Fixes#466
Implements workflow activation and deactivation as diff operations in
n8n_update_partial_workflow tool, following the pattern of other
configuration operations.
Changes:
- Add activateWorkflow/deactivateWorkflow API methods
- Add operation types to diff engine
- Update tool documentation
- Remove activation limitation
Resolves#399
Credits: ArtemisAI, cmj-hub for investigation and initial implementation
Conceived by Romuald Członkowski - www.aiadvisors.pl/en
Addresses "Cannot read properties of undefined (reading 'map')" error
by adding validation and fallback handling for n8n API responses.
Changes:
- Add response structure validation in listWorkflows, listExecutions,
listCredentials, and listTags methods
- Handle edge case where API returns array directly instead of
{data: [], nextCursor} wrapper object
- Provide clear error messages when response format is unexpected
- Add logging when using fallback format handling
This fix ensures compatibility with different n8n API versions and
prevents runtime errors when the response structure varies from expected.
Fixes#349
Conceived by Romuald Członkowski - www.aiadvisors.pl/en
This commit implements HIGH-02 (Rate Limiting) and HIGH-03 (SSRF Protection)
from the security audit, protecting against brute force attacks and
Server-Side Request Forgery.
Security Enhancements:
- Rate limiting: 20 attempts per 15 minutes per IP (configurable)
- SSRF protection: Three security modes (strict/moderate/permissive)
- DNS rebinding prevention
- Cloud metadata blocking in all modes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed health check to use correct /healthz endpoint instead of /health
- Added MCP version (mcpVersion) and supported n8n version (supportedN8nVersion) to health check response
- Added versionNote field with instructions for AI agents about manual version verification
- n8n API limitation: instance version cannot be determined automatically
- Updated axios usage for healthz endpoint access with proper error handling
