n8n MCP Server

Instructions

Implementation Reference

• src/tools/audit-utils.ts:12-66 (handler)

  Implementation of the n8n_generate_audit tool, which registers the tool and defines its execution logic (a POST request to /audit).

    server.registerTool(
      'n8n_generate_audit',
      {
        title: 'Generate Security Audit',
        description: `Generate a security audit report for the n8n instance.
  
  Args:
    - categories (array, optional): Categories to audit:
      - credentials: Check credential security
      - database: Check database configuration
      - filesystem: Check file system access
      - instance: Check instance configuration
      - nodes: Check node security
    - daysAbandonedWorkflow (number, optional): Days to consider workflow abandoned
  
  Returns:
    Audit report with risk levels and issues by category.`,
        inputSchema: GenerateAuditSchema,
        annotations: {
          readOnlyHint: true,
          destructiveHint: false,
          idempotentHint: true,
          openWorldHint: false
        }
      },
      async (params: z.infer<typeof GenerateAuditSchema>) => {
        const result = await post<N8nAuditResult>('/audit', params);
        
        const riskEmoji = {
          high: '🔴',
          medium: '🟡',
          low: '🟢'
        };
        
        const sections = result.sections.map(section => {
          const issues = section.issues.length > 0
            ? section.issues.map(i => `    - ${i}`).join('\n')
            : '    No issues found';
          
          return `${riskEmoji[section.risk]} **${section.name}** (${section.risk} risk)\n${issues}`;
        }).join('\n\n');
        
        const text = [
          `**Security Audit Report**`,
          `Overall Risk: ${riskEmoji[result.risk]} ${result.risk.toUpperCase()}`,
          '',
          sections
        ].join('\n');
        
        return {
          content: [{ type: 'text', text }],
          structuredContent: result
        };
      }
    );