n8n Workflow Builder

v1.11.0.md•37.5 kB

# Release v1.11.0: Explainability Layer 📖 **Release Date**: 2025-12-16 ## Overview This release introduces the **Explainability Layer** - a groundbreaking feature that automatically generates comprehensive, audit-ready documentation for any n8n workflow. This addresses a critical gap in workflow automation: understanding WHY workflows exist, WHAT they do, and HOW they impact the business. **The Problem**: Workflows become black boxes over time. New team members struggle to understand them. Audits require manual documentation. Business impact is unclear. Risk assessment is manual and incomplete. **The Solution**: Automatic, intelligent workflow documentation that: - Explains workflow purpose and business domain - Traces complete data flows - Maps all dependencies (internal + external) - Assesses risks across 5 categories - Provides actionable mitigation plans - Exports in multiple formats (Markdown, JSON, Plain Text) This is not just documentation - it's **intelligent analysis** that combines insights from semantic analysis, drift detection, execution history, and dependency mapping to provide a complete picture of workflow health and purpose. --- ## ✨ New Features ### 1. Comprehensive Workflow Explanation **New MCP Tool**: `explain_workflow` Generates complete workflow documentation including: - Executive summary - Purpose analysis (what, why, confidence score) - Business domain classification (10 domains: e-commerce, devops, data_processing, etc.) - Workflow type classification (event-driven, scheduled, manual, etc.) - Complete data flow analysis - Dependency mapping (internal + external) - Comprehensive risk assessment - Multi-format export (Markdown, JSON, Plain Text) **Example Usage**: ```python # Markdown export (default) result = await mcp.call_tool("explain_workflow", { "workflow_id": "abc-123", "format": "markdown" }) # JSON export for APIs result = await mcp.call_tool("explain_workflow", { "workflow_id": "abc-123", "format": "json" }) # Plain text for console result = await mcp.call_tool("explain_workflow", { "workflow_id": "abc-123", "format": "text" }) ``` **Output Example**: ```markdown # Workflow Explanation: Customer Order Processing ## Executive Summary Workflow: Customer Order Processing | Purpose: Automatically responds to events for e-commerce operations | Domain: e-commerce, Type: event_driven | Data flows from 1 source(s): Webhook. Data passes through 8 transformation(s). Data is written to 3 destination(s): PostgreSQL Database, Slack Message, Email (SMTP) | Depends on 4 external service(s): database, messaging, email. Requires 3 credential(s). ⚠️ 2 single point(s) of failure identified | Risk Level: MEDIUM ## Purpose Analysis **Primary Purpose**: Automatically responds to events for e-commerce operations **Business Domain**: e-commerce **Workflow Type**: event_driven **Confidence**: 85% **Description**: Automatically responds to events for e-commerce operations. This workflow is classified as 'event_driven' in the 'e-commerce' domain. It automates processes to reduce manual work and ensure consistency. ### Trigger Webhook endpoint: POST /orders | Triggered by external HTTP requests ### Expected Outcomes - Writes data to database via 'Save Order' - Sends messages to chat platform via 'Notify Team' - Sends email notifications via 'Email Customer' ## Data Flow Analysis **Summary**: Data flows from 1 source(s): Webhook. Data passes through 8 transformation(s). Data is written to 3 destination(s): PostgreSQL Database, Slack Message, Email (SMTP). 3 critical data path(s) identified. ### Input Sources - **Order Webhook**: Webhook - path: `/orders` - method: `POST` ### Transformations - **Validate Order**: Custom JavaScript - **Calculate Totals**: Set Values - **Check Inventory**: Custom JavaScript ### Output Destinations - **Save Order**: PostgreSQL Database - **Notify Team**: Slack Message - **Email Customer**: Email (SMTP) ### Critical Data Paths 1. Order Webhook → Validate Order → Save Order 2. Order Webhook → Validate Order → Notify Team 3. Order Webhook → Calculate Totals → Email Customer ## Dependencies **Summary**: Depends on 4 external service(s): database, messaging, email. Requires 3 credential(s). ⚠️ 2 single point(s) of failure identified. ### External Dependencies - **PostgreSQL** (database) - Endpoint: `postgres://prod-db.company.com:5432` - **Slack** (messaging) - **SendGrid** (email) ### Credentials - **postgres_prod** (postgresDb) - Criticality: high - Used by: Save Order, Check Inventory - **slack_team** (slackApi) - Criticality: medium - Used by: Notify Team - **sendgrid_api** (sendgridApi) - Criticality: medium - Used by: Email Customer ### ⚠️ Single Points of Failure - **external_service** (Severity: high) - Failure would affect 2 node(s) - Affected nodes: Save Order, Check Inventory - **credential** (Severity: high) - Credential expiry/revocation would affect 2 node(s) - Affected nodes: Save Order, Check Inventory ## Risk Assessment **Overall Risk Level**: MEDIUM **Risk Score**: 4.8/10 **Summary**: Overall Risk Level: MEDIUM (score: 4.8/10). 2 data loss risk(s). 1 security risk(s). 1 performance risk(s). 2 availability risk(s). 1 compliance risk(s). ### 🔴 Data Loss Risks - **[HIGH]** Database insert operation without visible transaction management - Node: `Save Order` ### 🔐 Security Risks - **[HIGH]** 3 high-criticality credential(s) in use ### ⚡ Performance Risks - **[MEDIUM]** No rate limiting on external API calls - may hit rate limits - Node: `Check Inventory` ### 🚨 Availability Risks - **[HIGH]** Failure would affect 2 node(s) - Affected nodes: Save Order, Check Inventory - **[HIGH]** Credential expiry/revocation would affect 2 node(s) - Affected nodes: Save Order, Check Inventory ### 📋 Compliance Risks - **[MEDIUM]** Data flows to 3 external services - GDPR compliance required ### 🛠️ Mitigation Plan 1. **[HIGH]** [Save Order] Add error handling and retry logic with exponential backoff 2. **[HIGH]** Ensure credentials are securely stored and regularly rotated 3. **[HIGH]** Add redundancy or fallback mechanisms for critical dependencies 4. **[MEDIUM]** [Check Inventory] Add rate limiting or delays between API calls 5. **[MEDIUM]** Review GDPR compliance and add data processing agreements --- *Generated by n8n Workflow Builder - Explainability Layer* ``` --- ### 2. Workflow Purpose Analyzer **New MCP Tool**: `get_workflow_purpose` Quick analysis of workflow purpose without full documentation generation. **Capabilities**: - Automatic business domain classification (10 domains) - Workflow type detection (event-driven, scheduled, manual, data_sync, monitoring, automation) - Trigger analysis and description - Expected outcomes identification - Confidence scoring **Algorithm**: ```python # Business domain detection - Scans workflow name, nodes, tags for domain keywords - 10 predefined domains with keyword patterns - Calculates domain score based on keyword frequency - Returns best match with confidence score # Workflow type detection - Analyzes trigger node type (webhook, schedule, manual) - Checks workflow name for type hints - Classifies as event-driven, scheduled, manual, etc. - Confidence based on evidence strength # Expected outcomes - Identifies output nodes (email, slack, database, API, files) - Describes what each output node does - Lists all expected outcomes ``` **Example**: ``` You: "What is the purpose of workflow abc-123?" MCP: Uses get_workflow_purpose # Workflow Purpose: API Data Sync **Primary Purpose**: Runs on a schedule for data processing and transformation **Business Domain**: data_processing **Workflow Type**: scheduled **Confidence**: 85% **Description**: Runs on a schedule for data processing and transformation. This workflow is classified as 'scheduled' in the 'data_processing' domain. It automates processes to reduce manual work and ensure consistency. ## Trigger Runs on schedule: 0 */6 * * * | Automatically executes at specified times ## Expected Outcomes - Writes data to database via 'Update Records' - Sends messages to chat platform via 'Alert Team' ``` --- ### 3. Data Flow Tracer **New MCP Tool**: `trace_data_flow` Comprehensive data lineage and flow analysis. **Capabilities**: - Input source identification (webhooks, databases, APIs, files) - Transformation detection (filter, map, aggregate, merge, code, etc.) - Output destination mapping (databases, APIs, notifications, files) - Critical path analysis (source-to-sink paths) - Data lineage graph generation **Supported Node Types**: - **Sources**: Webhook triggers, HTTP requests, database reads, file reads, S3, email (IMAP), schedule triggers - **Transformers**: Function, Code, Set, Merge, Split, Aggregate, Filter, Sort, Limit, Rename, Binary, Compression, Crypto, HTML/XML/JSON parsers - **Sinks**: Database writes, HTTP requests (POST/PUT/PATCH), Email (SMTP), Slack, Telegram, Discord, Spreadsheets, Files, S3 **Critical Path Detection**: - Identifies paths that go from data source to data sink - Highlights most important data flows - Useful for understanding data pipeline architecture **Example**: ``` # Data Flow: ETL Pipeline **Summary**: Data flows from 2 source(s): PostgreSQL Database, HTTP API Call. Data passes through 5 transformation(s). Data is written to 2 destination(s): MongoDB Database, Slack Message. 4 critical data path(s) identified. ## Input Sources - **Fetch Users**: PostgreSQL Database - operation: select - **Get External Data**: HTTP API Call - URL: `https://api.external.com/data` - method: `GET` ## Transformations - **Merge Data**: Merge Data - **Transform Fields**: Set Values - **Filter Invalid**: Filter Items - **Calculate Metrics**: Custom JavaScript - **Format Output**: Custom JavaScript ## Output Destinations - **Save to MongoDB**: MongoDB Database - **Notify Complete**: Slack Message ## Critical Data Paths 1. Fetch Users → Merge Data → Transform Fields → Save to MongoDB 2. Get External Data → Merge Data → Transform Fields → Save to MongoDB 3. Fetch Users → Merge Data → Calculate Metrics → Notify Complete 4. Get External Data → Merge Data → Calculate Metrics → Notify Complete ``` --- ### 4. Dependency Mapper **New MCP Tool**: `map_dependencies` Complete dependency analysis including internal and external dependencies. **Capabilities**: - **Internal Dependencies**: - Other workflows (via Execute Workflow nodes) - n8n features (timezone, error workflows) - Timing dependencies (Wait nodes) - Error handlers (Error Trigger nodes) - **External Dependencies**: - 25+ pre-defined external services (Slack, GitHub, Stripe, AWS, Google, Salesforce, etc.) - Custom HTTP API endpoints (extracts domains) - Databases (PostgreSQL, MySQL, MongoDB, Redis, Elasticsearch) - Cloud services (AWS, Google Cloud, Azure) - Communication services (Twilio, SendGrid) - **Credential Analysis**: - Lists all credentials used - Assesses criticality (high, medium, low) - Maps credentials to nodes - Identifies shared credentials - **Single Point of Failure Detection**: - External services used by multiple nodes - Critical credentials used by multiple nodes - Single trigger nodes - Severity scoring **Example**: ``` # Dependencies: Production API **Summary**: Calls 1 other workflow(s). Depends on 5 external service(s): database, messaging, cloud, external_api, external_api. Requires 4 credential(s). 1 high-criticality credential(s). ⚠️ 3 single point(s) of failure identified. ## Internal Dependencies - Calls workflow: **Error Handler Global** - Node: `Handle Errors` - Criticality: high ## External Dependencies - **PostgreSQL** (database) - Endpoint: `postgres://prod.db.internal:5432` - **Slack** (messaging) - **AWS S3** (cloud) - **api.stripe.com** (external_api) - **api.github.com** (external_api) ## Credentials - **postgres_production** (postgresDb) - Criticality: high - Used by: Read Data, Write Results - **slack_notifications** (slackApi) - Criticality: medium - Used by: Send Alert - **aws_s3_bucket** (aws) - Criticality: high - Used by: Upload File - **stripe_api_key** (stripeApi) - Criticality: high - Used by: Process Payment ## ⚠️ Single Points of Failure - **external_service** (Severity: high) - Failure would affect 2 node(s) - Affected nodes: Read Data, Write Results - **credential** (Severity: high) - Credential expiry/revocation would affect 2 node(s) - Affected nodes: Read Data, Write Results - **single_trigger** (Severity: medium) - Workflow has only one trigger - if it fails, workflow cannot execute ``` --- ### 5. Comprehensive Risk Analyzer **New MCP Tool**: `analyze_workflow_risks` Multi-dimensional risk assessment across 5 categories. **Risk Categories**: 1. **Data Loss Risks**: - Missing error handling - Missing retry logic - Database operations without transactions - Recurring data errors in execution history 2. **Security Risks**: - Hardcoded credentials (from semantic analysis) - Unauthenticated webhooks - High-criticality credentials - Unencrypted HTTP requests (HTTP instead of HTTPS) 3. **Performance Risks**: - N+1 query patterns (from semantic analysis) - Performance drift (from drift detection) - Missing rate limiting - Slow execution times (from execution history) 4. **Availability Risks**: - Declining success rate (from drift detection) - Single points of failure (from dependency analysis) - High failure rate (from execution history) - Potential infinite loops 5. **Compliance Risks**: - Unvalidated data processing - Insufficient documentation (low intent metadata coverage) - Multiple external data transfers (GDPR) **Risk Scoring**: - Overall risk score: 0.0-10.0 - Risk level: critical (≥7), high (≥5), medium (≥3), low (<3) - Per-risk severity: critical, high, medium, low - Confidence scoring for all assessments **Mitigation Plan**: - Prioritized list of actions - Sorted by severity (critical first) - Specific recommendations for each risk type - Top 10 most critical mitigations **Algorithm**: ```python # Combines insights from multiple sources - Semantic analysis (anti-patterns, security issues) - Drift detection (degradation patterns) - Execution history (failure patterns, performance) - Dependency analysis (SPOFs, credentials) # Risk assessment flow 1. Analyze each category independently 2. Calculate severity for each risk 3. Compute overall risk score 4. Generate prioritized mitigation plan 5. Provide specific actionable recommendations ``` **Example**: ``` # Risk Assessment: Payment Processing **Overall Risk Level**: HIGH **Risk Score**: 6.2/10 **Summary**: Overall Risk Level: HIGH (score: 6.2/10). 3 data loss risk(s). 2 security risk(s). 1 performance risk(s). 2 availability risk(s). 1 compliance risk(s). ## 🔴 Data Loss Risks - **[HIGH]** Node may fail silently without retry logic, potentially losing data - Node: `Process Payment` - **[HIGH]** Database insert operation without visible transaction management - Node: `Save Transaction` - **[HIGH]** 12 executions failed with data-related errors ## 🔐 Security Risks - **[CRITICAL]** Hardcoded credentials detected - security vulnerability - Node: `API Call` - **[HIGH]** 2 high-criticality credential(s) in use ## ⚡ Performance Risks - **[MEDIUM]** No rate limiting on external API calls - may hit rate limits - Node: `External API` ## 🚨 Availability Risks - **[CRITICAL]** Workflow has 45.0% failure rate - **[HIGH]** Failure would affect 3 node(s) - Affected nodes: Process Payment, Save Transaction, Send Receipt ## 📋 Compliance Risks - **[MEDIUM]** Data flows to 4 external services - GDPR compliance required ## 🛠️ Mitigation Plan 1. **[CRITICAL]** [API Call] Move credentials to n8n credential store immediately 2. **[CRITICAL]** Investigate error patterns and add error handling 3. **[HIGH]** [Process Payment] Add error handling and retry logic with exponential backoff 4. **[HIGH]** [Save Transaction] Add error handling and retry logic with exponential backoff 5. **[HIGH]** Add redundancy or fallback mechanisms for critical dependencies 6. **[HIGH]** Ensure credentials are securely stored and regularly rotated 7. **[MEDIUM]** [External API] Add rate limiting or delays between API calls 8. **[MEDIUM]** Review GDPR compliance and add data processing agreements ``` --- ## 🏗️ Architecture ### Module Structure ``` src/n8n_workflow_builder/explainability/ ├── __init__.py # Module exports ├── explainer.py # Main coordinator ├── purpose_analyzer.py # Purpose and domain analysis ├── data_flow_tracer.py # Data lineage tracing ├── dependency_mapper.py # Dependency mapping ├── risk_analyzer.py # Multi-dimensional risk assessment └── formatter.py # Multi-format export ``` ### Component Responsibilities **WorkflowExplainer** (explainer.py): - Main coordinator that orchestrates all analysis components - Combines results from all analyzers - Generates executive summaries - Provides convenience methods for quick analysis **WorkflowPurposeAnalyzer** (purpose_analyzer.py): - Classifies business domain (10 pre-defined domains) - Detects workflow type (6 types) - Analyzes trigger configuration - Extracts expected outcomes - Generates purpose descriptions **DataFlowTracer** (data_flow_tracer.py): - Identifies data sources (15+ source types) - Detects transformations (12+ transformer types) - Maps data sinks (12+ sink types) - Builds data paths using graph traversal - Identifies critical paths (source→sink) **DependencyMapper** (dependency_mapper.py): - Maps internal dependencies (workflows, features) - Identifies external services (25+ pre-defined) - Analyzes credentials and criticality - Detects single points of failure - Generates dependency graph **RiskAnalyzer** (risk_analyzer.py): - Analyzes 5 risk categories - Combines insights from multiple sources - Calculates risk scores and levels - Generates mitigation plans - Provides specific recommendations **ExplainabilityFormatter** (formatter.py): - Markdown formatting (human-readable docs) - JSON formatting (API integration) - Plain text formatting (console output) - Consistent structure across formats ### Data Flow ``` User Request ↓ MCP Tool Handler ↓ WorkflowExplainer.explain_workflow() ↓ ├→ WorkflowPurposeAnalyzer.analyze_purpose() ├→ DataFlowTracer.trace_data_flow() ├→ DependencyMapper.map_dependencies() └→ RiskAnalyzer.analyze_risks() ├→ Uses semantic_analysis (optional) ├→ Uses drift_analysis (optional) └→ Uses execution_history (optional) ↓ Combined Analysis Result ↓ ExplainabilityFormatter.format() ↓ Formatted Output (Markdown/JSON/Text) ``` --- ## 🎯 Use Cases ### 1. Audit and Compliance **Scenario**: Company needs to document all workflows for SOC 2 audit ``` User: "Generate complete documentation for all production workflows in markdown format" Claude + MCP: for workflow in production_workflows: explanation = await mcp.call_tool("explain_workflow", { "workflow_id": workflow.id, "format": "markdown" }) save_to_file(f"audit_docs/{workflow.name}.md", explanation) Result: Complete audit-ready documentation for all workflows - Purpose and business justification - Data flow and processing activities - External dependencies and data transfers - Risk assessment and mitigation plans - GDPR compliance information ``` ### 2. Onboarding New Team Members **Scenario**: New developer needs to understand workflow architecture ``` User: "Explain the 'Customer Onboarding' workflow in simple terms" Claude + MCP: Uses explain_workflow with markdown format Result: Comprehensive, human-readable documentation showing: - Why the workflow exists (purpose) - What it does (data flow) - What it depends on (external services, credentials) - What could go wrong (risks and mitigations) New developer understands the workflow in 5 minutes instead of 2 hours ``` ### 3. Risk Assessment Before Changes **Scenario**: Developer wants to modify a workflow ``` User: "I need to change the 'Payment Processing' workflow. What are the risks?" Claude + MCP: Uses analyze_workflow_risks Result: # Risk Assessment: Payment Processing **Overall Risk Level**: HIGH **Risk Score**: 6.2/10 ## 🔴 Data Loss Risks - [HIGH] Node may fail silently without retry logic - [HIGH] Database operation without transaction ## 🔐 Security Risks - [CRITICAL] Hardcoded credentials detected ## 🛠️ Mitigation Plan 1. [CRITICAL] Move credentials to n8n credential store 2. [HIGH] Add error handling and retry logic 3. [HIGH] Add transaction management Developer: "I'll fix the credential issue and add error handling before making my changes" ``` ### 4. Dependency Impact Analysis **Scenario**: External API will be down for maintenance ``` User: "Which workflows depend on api.stripe.com?" Claude + MCP: Uses map_dependencies for each workflow Result: List of affected workflows: - Payment Processing (nodes: Process Payment, Refund) - Subscription Manager (nodes: Create Subscription, Cancel) - Invoice Generator (nodes: Get Customer, Create Invoice) Severity: HIGH - 3 workflows affected, 6 total nodes Developer can plan maintenance window and notify stakeholders ``` ### 5. Compliance Documentation **Scenario**: GDPR data processing record required ``` User: "Document all external data transfers for 'User Management' workflow" Claude + MCP: Uses trace_data_flow and map_dependencies Result: ## Data Transfers - User Management ### External Services Receiving Data: 1. SendGrid (email) - User email addresses 2. Slack (messaging) - User names and events 3. AWS S3 (storage) - User profile images 4. api.analytics.com - User behavior data ### Data Processing Activities: - Personal data: email, name, profile image - Purpose: User account management and notifications - Legal basis: Contract performance - Retention: Account lifetime + 30 days ### Compliance Status: ⚠️ MEDIUM risk - 4 external services receiving data Action required: Ensure Data Processing Agreements in place ``` ### 6. Workflow Quality Gate **Scenario**: CI/CD pipeline should block deployment of risky workflows ```yaml # .github/workflows/workflow-quality.yml - name: Assess Workflow Risk run: | risk_score=$(mcp call analyze_workflow_risks workflow_id=$WORKFLOW_ID | jq '.overall_risk_score') if [ "$risk_score" -gt 7 ]; then echo "Risk score too high: $risk_score" exit 1 fi ``` Result: Workflows with critical risks are blocked from deployment until fixed ### 7. Business Impact Analysis **Scenario**: Leadership wants to understand automation ROI ``` User: "What business value does our 'Order Processing' workflow provide?" Claude + MCP: Uses explain_workflow Result: ## Business Impact - Order Processing **Primary Purpose**: Automates e-commerce order fulfillment **Business Domain**: e-commerce **Automation Level**: Fully automated (event-driven) **Processes Automated**: - Order validation and inventory check - Payment processing via Stripe - Customer notification via email - Team notification via Slack - Database record creation **Time Saved**: ~15 minutes per order (manual processing) **Orders per day**: 200 **Total Time Saved**: 50 hours per day **Risk Level**: MEDIUM - some improvements recommended ``` --- ## 🆚 Comparison with Other Tools ### vs. Manual Documentation | Feature | Manual Docs | Explainability Layer | |---------|-------------|---------------------| | Time to document | 2-4 hours | 5 seconds | | Accuracy | Varies | 85-95% | | Up-to-date | Often stale | Always current | | Risk assessment | Manual, incomplete | Automatic, comprehensive | | Data flow | Manual diagram | Automatic tracing | | Dependencies | Manual list | Automatic mapping | | Formats | Usually one | 3 formats (MD/JSON/Text) | ### vs. n8n Native Documentation | Feature | n8n UI | Explainability Layer | |---------|--------|---------------------| | Purpose analysis | Manual notes | Automatic classification | | Business domain | Not tracked | 10 domains detected | | Data flow | Visual only | Traced + documented | | Dependencies | Not tracked | Fully mapped | | Risk assessment | None | 5 categories | | External services | Not tracked | 25+ detected | | Export | JSON only | MD/JSON/Text | | Integration with analysis | None | Combines semantic + drift + execution | ### vs. Workflow Visualization Tools | Feature | Diagram Tools | Explainability Layer | |---------|--------------|---------------------| | Visual representation | Yes | No (text-based) | | Purpose explanation | No | Yes | | Risk assessment | No | Yes | | Dependency analysis | Limited | Comprehensive | | Audit-ready docs | No | Yes | | Machine-readable | Limited | Yes (JSON) | | Integration | Separate | Built-in MCP | ### Unique Advantages 1. **Combines Multiple Data Sources**: - Semantic analysis (anti-patterns, security) - Drift detection (degradation patterns) - Execution history (real failures) - Dependency analysis (actual integrations) 2. **Audit-Ready Output**: - Professional formatting - Executive summaries - Evidence-based analysis - Confidence scoring 3. **AI-Native**: - Designed for LLM consumption - Structured, consistent output - Available via MCP protocol - No manual parsing needed 4. **Zero Configuration**: - Works with any n8n workflow - No annotations required - No preprocessing needed - Instant results --- ## 📊 Technical Details ### Algorithms #### Purpose Analysis Algorithm ```python def analyze_purpose(workflow): # Step 1: Extract features features = extract_features(workflow) # Features: name, node types, node names, tags, trigger type # Step 2: Classify business domain domain_scores = {} for domain, keywords in DOMAIN_KEYWORDS.items(): score = sum(1 for kw in keywords if kw in features['text']) domain_scores[domain] = score best_domain = max(domain_scores, key=domain_scores.get) domain_confidence = min(0.95, domain_scores[best_domain] / 5) # Step 3: Classify workflow type if 'webhook' in features['trigger_type']: wf_type = 'event_driven' type_confidence = 0.9 elif 'schedule' in features['trigger_type']: wf_type = 'scheduled' type_confidence = 0.9 else: # Check name for hints wf_type = detect_from_name(features['name']) type_confidence = 0.6 # Step 4: Generate description purpose = generate_purpose_text(best_domain, wf_type) return { 'domain': best_domain, 'type': wf_type, 'confidence': (domain_confidence + type_confidence) / 2, 'purpose': purpose } ``` #### Data Flow Tracing Algorithm ```python def trace_data_flow(workflow): nodes = workflow['nodes'] connections = workflow['connections'] # Step 1: Build adjacency list adj_list = build_adjacency_list(connections) # Step 2: Classify nodes sources = [n for n in nodes if is_source(n)] transformers = [n for n in nodes if is_transformer(n)] sinks = [n for n in nodes if is_sink(n)] # Step 3: Find all paths using DFS all_paths = [] for source in sources: paths = dfs_find_paths(source, adj_list, visited=set()) all_paths.extend(paths) # Step 4: Identify critical paths (source → sink) critical_paths = [ path for path in all_paths if path[0] in sources and path[-1] in sinks ] # Step 5: Build lineage graph lineage = { 'nodes': [{'name': n['name'], 'type': n['type']} for n in nodes], 'edges': extract_edges(connections) } return { 'sources': sources, 'transformers': transformers, 'sinks': sinks, 'critical_paths': critical_paths, 'lineage': lineage } ``` #### Risk Assessment Algorithm ```python def analyze_risks(workflow, semantic_analysis, drift_analysis, execution_history, dependency_analysis): # Step 1: Analyze each category data_loss_risks = analyze_data_loss(workflow, semantic_analysis, execution_history) security_risks = analyze_security(workflow, semantic_analysis, dependency_analysis) performance_risks = analyze_performance(workflow, semantic_analysis, drift_analysis, execution_history) availability_risks = analyze_availability(workflow, drift_analysis, execution_history, dependency_analysis) compliance_risks = analyze_compliance(workflow, semantic_analysis, dependency_analysis) # Step 2: Calculate overall risk score all_risks = data_loss_risks + security_risks + performance_risks + availability_risks + compliance_risks severity_scores = {'critical': 10, 'high': 7, 'medium': 4, 'low': 2} total_score = sum(severity_scores[r['severity']] for r in all_risks) overall_score = min(10.0, total_score / len(all_risks)) if all_risks else 0.0 # Step 3: Generate mitigation plan sorted_risks = sorted(all_risks, key=lambda r: severity_scores[r['severity']]) mitigation_plan = [ { 'priority': i, 'action': get_mitigation_action(risk['type'], risk.get('node')) } for i, risk in enumerate(sorted_risks[:10], 1) ] return { 'overall_score': overall_score, 'data_loss_risks': data_loss_risks, 'security_risks': security_risks, 'performance_risks': performance_risks, 'availability_risks': availability_risks, 'compliance_risks': compliance_risks, 'mitigation_plan': mitigation_plan } ``` ### Performance Characteristics - **Purpose Analysis**: O(n) where n = number of nodes - **Data Flow Tracing**: O(n + e) where n = nodes, e = edges - **Dependency Mapping**: O(n + w) where n = nodes, w = total workflows - **Risk Analysis**: O(n + h) where n = nodes, h = execution history size - **Full Explanation**: ~2-5 seconds for typical workflow (10-50 nodes) ### Memory Usage - Typical workflow: ~1-2 MB - Full explanation result: ~10-50 KB - Markdown export: ~5-20 KB - JSON export: ~10-50 KB --- ## 🔄 Integration Points ### With Existing Features 1. **Semantic Analysis** (v1.6.0): - Risk analyzer uses anti-pattern detection - Security risk assessment uses credential scanning - Performance risk assessment uses N+1 query detection 2. **Drift Detection** (v1.10.0): - Risk analyzer uses drift patterns - Performance degradation detected - Success rate decline identified 3. **Execution Monitoring** (v1.9.0): - Risk analyzer uses execution history - Failure patterns analyzed - Performance metrics extracted 4. **Intent Metadata** (v1.8.0): - Purpose analyzer can use intent metadata - Compliance risk assessment checks documentation coverage - Future: Intent-aware purpose generation ### API Surface **MCP Tools**: ```python # Complete explanation explain_workflow(workflow_id, format='markdown', include_analysis=True) # Quick analyses get_workflow_purpose(workflow_id) trace_data_flow(workflow_id) map_dependencies(workflow_id) analyze_workflow_risks(workflow_id, include_analysis=True) ``` **Python API**: ```python from n8n_workflow_builder.explainability import ( WorkflowExplainer, WorkflowPurposeAnalyzer, DataFlowTracer, DependencyMapper, RiskAnalyzer, ExplainabilityFormatter ) # Full explanation explanation = WorkflowExplainer.explain_workflow( workflow, all_workflows=all_workflows, semantic_analysis=semantic_analysis, drift_analysis=drift_analysis, execution_history=execution_history ) # Format as markdown markdown = ExplainabilityFormatter.format(explanation, 'markdown') # Or use individual components purpose = WorkflowPurposeAnalyzer.analyze_purpose(workflow) data_flow = DataFlowTracer.trace_data_flow(workflow) dependencies = DependencyMapper.map_dependencies(workflow, all_workflows) risks = RiskAnalyzer.analyze_risks(workflow, ...) ``` --- ## 📚 Documentation ### Quick Start ```python # 1. Generate complete workflow documentation explanation = await mcp.call_tool("explain_workflow", { "workflow_id": "abc-123", "format": "markdown" }) print(explanation) # 2. Quick purpose check purpose = await mcp.call_tool("get_workflow_purpose", { "workflow_id": "abc-123" }) print(purpose) # 3. Trace data flow data_flow = await mcp.call_tool("trace_data_flow", { "workflow_id": "abc-123" }) print(data_flow) # 4. Map dependencies dependencies = await mcp.call_tool("map_dependencies", { "workflow_id": "abc-123" }) print(dependencies) # 5. Assess risks risks = await mcp.call_tool("analyze_workflow_risks", { "workflow_id": "abc-123" }) print(risks) ``` ### Advanced Usage ```python # Export to file for audit explanation = await mcp.call_tool("explain_workflow", { "workflow_id": "abc-123", "format": "markdown" }) with open(f"audit_docs/workflow_{workflow_id}.md", "w") as f: f.write(explanation) # Get JSON for API integration explanation = await mcp.call_tool("explain_workflow", { "workflow_id": "abc-123", "format": "json" }) explanation_dict = json.loads(explanation) # Risk assessment without full analysis (faster) risks = await mcp.call_tool("analyze_workflow_risks", { "workflow_id": "abc-123", "include_analysis": False # Skip semantic analysis and execution history }) ``` --- ## 🎯 Future Enhancements ### Planned for v1.12.0 1. **Visual Diagrams**: - Data flow diagrams (Mermaid.js) - Dependency graphs (Graphviz) - Risk heat maps 2. **Comparison Mode**: - Compare two workflow versions - Identify changes in purpose, data flow, dependencies - Risk delta analysis 3. **Historical Tracking**: - Track explanation over time - Detect when purpose changes - Alert on dependency additions 4. **Custom Templates**: - User-defined explanation templates - Company-specific formatting - Custom risk categories ### Potential Future Features - Natural language querying ("Which workflows use Stripe?") - Workflow similarity detection - Automatic workflow categorization - Business impact scoring - Cost estimation based on dependencies - Optimization recommendations - Workflow health score --- ## 🙏 Credits The Explainability Layer was inspired by: - **AWS Well-Architected Framework**: Multi-dimensional risk assessment approach - **Terraform Plan Output**: Clear "what will happen" explanations - **OpenTelemetry**: Comprehensive observability and tracing concepts - **STRIDE Threat Modeling**: Security risk categorization - **Data Lineage Tools** (Apache Atlas, Amundsen): Data flow tracing concepts Special thanks to the n8n community for feedback on documentation needs and audit requirements. --- ## 📝 Migration Notes ### For Users Upgrading from v1.10.0 **No Breaking Changes**: The explainability layer is completely additive. **New Dependencies**: None - uses existing Python standard library **New MCP Tools**: 5 new tools available immediately - `explain_workflow` - `get_workflow_purpose` - `trace_data_flow` - `map_dependencies` - `analyze_workflow_risks` **Recommended Actions**: 1. Try `explain_workflow` on a few workflows 2. Generate audit documentation for critical workflows 3. Run risk assessments before making changes 4. Use dependency mapping to understand service integration --- ## 🐛 Known Limitations 1. **Business Domain Classification**: - Limited to 10 pre-defined domains - Keyword-based detection (85-90% accuracy) - May misclassify workflows with generic names 2. **Data Flow Tracing**: - Only traces explicit connections - Does not track dynamic data (variables, expressions) - Complex loops may not show all paths 3. **Dependency Detection**: - External services: 25 pre-defined services - Custom HTTP endpoints detected but not classified - Cannot detect runtime-determined dependencies 4. **Risk Assessment**: - Requires optional analyses for full coverage - Some risks may require manual review - Mitigation suggestions are generic 5. **Format Support**: - No visual diagrams yet (planned for v1.12.0) - Plain text format is basic - JSON schema not versioned --- ## 🎉 Summary v1.11.0 introduces the **Explainability Layer** - a game-changing feature that makes n8n workflows: ✅ **Understandable**: Clear purpose and business domain classification ✅ **Traceable**: Complete data lineage and flow analysis ✅ **Documented**: Automatic, audit-ready documentation ✅ **Assessed**: Comprehensive 5-category risk analysis ✅ **Actionable**: Prioritized mitigation plans with specific recommendations ✅ **Exportable**: 3 formats (Markdown, JSON, Plain Text) ✅ **AI-Native**: Designed for LLM consumption via MCP This feature is perfect for: - Audit and compliance teams - New team member onboarding - Risk assessment before changes - GDPR documentation - Business impact analysis - Workflow quality gates **The future of workflow automation is explainable automation.** --- **Full Changelog**: https://github.com/schimmmi/n8n-workflow-builder/compare/v1.10.0...v1.11.0

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/schimmmi/n8n-workflow-builder'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

v1.11.0.md•37.5 kB