n8n Workflow Builder

v1.2.0.md•8.88 kB

# Release v1.2.0: Workflow Validation System **Release Date**: 2025-12-16 **Type**: Feature Release --- ## 🎯 Overview Version 1.2.0 introduces a comprehensive 3-layer validation system that catches errors before deployment, enforces n8n best practices, and detects security vulnerabilities in workflows. --- ## ✨ New Features ### WorkflowValidator Class Comprehensive pre-deployment validation middleware with three validation layers. ### 3-Layer Validation Architecture #### 1. Schema Validation (20+ checks) Validates workflow structure, required fields, and data types. **Checks:** - Required workflow fields: `name`, `nodes`, `connections` - Node structure validation (required fields, types, positions) - Connection structure validation (source, target, indexes) - Data type validation (arrays, objects, strings) #### 2. Semantic Validation (10+ checks) Validates workflow logic, connections, and best practices. **Checks:** - At least one trigger node required - No duplicate node names - No orphaned nodes (disconnected from workflow) - Hardcoded credentials detection - Workflow complexity check (>30 nodes warning) - Missing error handling warning - Default node name detection (e.g., "Webhook1") #### 3. Parameter Validation (Node-Specific) Node-type-specific parameter validation. **Supported Nodes:** - **Webhook**: `path` required, authentication recommended - **HTTP Request**: `url` required, timeout recommended - **Schedule Trigger**: schedule/cron required - **IF**: conditions should be defined - **Postgres**: avoid `SELECT *`, use parameterized queries - **Set**: values should be configured - **Code**: code required, should return items array --- ## 🛠️ New MCP Tools (2 tools) ### 1. `validate_workflow` Validate existing workflow by ID before deployment. **Parameters:** - `workflow_id` (required): Workflow ID to validate **Returns:** - Validation status: VALID / HAS_WARNINGS / INVALID - List of errors (blocking issues) - List of warnings (best practice violations) - Summary statistics **Example:** ```json { "is_valid": false, "errors": [ "No trigger node found. Workflow needs at least one trigger.", "Webhook node 'API Endpoint' missing required parameter: path" ], "warnings": [ "Webhook 'API Endpoint' should have authentication enabled", "Node 'Webhook1' uses default name" ], "summary": { "total_errors": 2, "total_warnings": 2, "status": "INVALID" } } ``` --- ### 2. `validate_workflow_json` Validate workflow JSON structure before creation. **Parameters:** - `workflow_json` (required): Workflow JSON structure to validate **Use Case:** Validate AI-generated or manually written workflow JSON before creating it in n8n. **Returns:** Same format as `validate_workflow` --- ## 🔒 Security Features ### Credential Detection Scans for hardcoded credentials using keyword detection. **Detected Keywords:** - `password` - `apikey` / `api_key` - `secret` - `token` - `authorization` **Example:** ```json { "errors": [ "Hardcoded credential detected in HTTP Request node 'API Call': apiKey" ] } ``` ### Authentication Check Warns about unauthenticated webhooks that accept public requests. **Example:** ```json { "warnings": [ "Webhook 'Public Endpoint' should have authentication enabled" ] } ``` ### SQL Injection Prevention Warns about non-parameterized SQL queries. **Example:** ```json { "warnings": [ "Postgres node 'Database Query' should use parameterized queries (avoid SELECT *)" ] } ``` --- ## 📚 Validation Rules Reference ### Schema Rules (20+ checks) | Rule | Severity | Description | |------|----------|-------------| | Workflow name required | ERROR | Workflow must have a name | | Nodes array required | ERROR | Workflow must have nodes array | | Connections object required | ERROR | Workflow must have connections | | Node name required | ERROR | Every node must have a name | | Node type required | ERROR | Every node must have a type | | Node parameters required | ERROR | Every node must have parameters object | | Node position required | ERROR | Every node must have position [x, y] | ### Semantic Rules (10+ checks) | Rule | Severity | Description | |------|----------|-------------| | Trigger node required | ERROR | At least one trigger node | | No duplicate names | ERROR | Node names must be unique | | No orphaned nodes | WARNING | All nodes should be connected | | No hardcoded credentials | ERROR | Use credential references | | Workflow complexity | WARNING | >30 nodes warning | | Error handling | WARNING | Should have error handling | | Default node names | WARNING | Rename "Webhook1" to descriptive names | ### Parameter Rules (Node-Specific) | Node Type | Rule | Severity | |-----------|------|----------| | Webhook | path required | ERROR | | Webhook | authentication recommended | WARNING | | HTTP Request | url required | ERROR | | HTTP Request | timeout recommended | WARNING | | Schedule | schedule/cron required | ERROR | | IF | conditions should be defined | WARNING | | Postgres | avoid SELECT * | WARNING | | Postgres | use parameterized queries | WARNING | | Set | values should be configured | WARNING | | Code | code required | ERROR | | Code | should return items array | WARNING | --- ## 📚 New Documentation ### `docs/VALIDATION.md` Complete validation system guide (350+ lines) covering: - 3-layer validation architecture - All validation rules with examples - Security best practices - Integration patterns - CI/CD usage - Custom validation rules --- ## 🔧 Technical Implementation ### WorkflowValidator Class ```python class WorkflowValidator: @staticmethod def validate_schema(workflow_data: Dict) -> List[str]: """Layer 1: Schema validation""" @staticmethod def validate_semantics(workflow_data: Dict) -> Tuple[List[str], List[str]]: """Layer 2: Semantic validation""" @staticmethod def validate_parameters(workflow_data: Dict) -> List[str]: """Layer 3: Parameter validation""" @staticmethod def validate(workflow_data: Dict) -> Dict: """Run all validation layers""" ``` ### Error Categorization - **Errors**: Blocking issues that prevent deployment - **Warnings**: Best practice violations, non-blocking ### Validation Report Format ```python { "is_valid": bool, "errors": List[str], "warnings": List[str], "summary": { "total_errors": int, "total_warnings": int, "status": "VALID" | "HAS_WARNINGS" | "INVALID" } } ``` --- ## 📊 Benefits ### Catch Errors Early Find issues in development, not production. **Before:** ``` 1. Create workflow 2. Deploy to production 3. Workflow fails 4. Debug in production 😱 ``` **After:** ``` 1. Create workflow 2. Validate workflow 3. Fix errors/warnings 4. Deploy to production ✅ ``` ### Security Prevent credential leaks and authentication issues before deployment. ### Quality Enforce n8n best practices automatically. ### Developer Experience Clear error messages with actionable fixes. ### Deployment Safety Validate before activating workflows. --- ## 🎯 Use Cases ### 1. Pre-Deployment Validation ``` User: "Validate workflow_abc123 before deployment" Claude: Runs validation, reports errors/warnings ``` ### 2. Template Validation ``` User: "Generate API endpoint template and validate it" Claude: Generates template, validates before creation ``` ### 3. Security Audits ``` User: "Check all workflows for hardcoded credentials" Claude: Validates all workflows, reports security issues ``` ### 4. Learning Best Practices ``` User: "Why is my workflow showing warnings?" Claude: Explains validation warnings and how to fix them ``` ### 5. CI/CD Integration ```yaml # GitHub Actions - name: Validate n8n Workflows run: | python -m n8n_workflow_builder validate workflows/*.json ``` --- ## 🔄 Integration with Existing Features ### Works Seamlessly With: - **Template Generation**: Validates generated templates automatically - **Workflow Updates**: Validates before applying changes - **State Management**: Logs validation actions to history - **AI Feedback**: Provides validation context for error analysis --- ## 🚀 Performance - **Schema Validation**: ~5ms per workflow - **Semantic Validation**: ~10ms per workflow - **Parameter Validation**: ~15ms per workflow - **Total Validation**: ~30ms per workflow --- ## 🔮 Future Enhancements Planned for future releases: - Custom validation rules - Validation rule configuration - Validation plugins - Integration with n8n's native validation --- ## 📝 Breaking Changes **None** - This release is fully backward compatible. --- ## 🙏 Credits **Developed by**: AI Agent Assistant + Human Collaboration **Inspiration**: TypeScript compiler, ESLint, n8n's internal validation --- **Happy Validating!** 🎉

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/schimmmi/n8n-workflow-builder'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

v1.2.0.md•8.88 kB