List n8n workflows with optional filters. Returns id, name, active state, tags, updatedAt. Use n8n_get_workflow to pull the full definition.

Fetch a single n8n workflow by id. Returns metadata and optionally the full node graph. Resolves against the live workflow, not the workflow_entity row directly.

List recent n8n executions with optional filters. Returns id, workflowId, workflowName, status, mode, startedAt, stoppedAt. Use n8n_get_execution for the full run log.

Fetch a single n8n execution by id. Returns status, mode, timing, and per-node run data. Large run logs are truncated with a tail hint. Error executions include the raw error verbatim.

Text-search recent n8n executions without paging through them one by one. Fetches each candidate with includeData=true, then greps the error payload (scope='error', default) or the full per-node run log (scope='all'). Returns matched executions with workflow context and a snippet around each hit. Snippets are raw run data with the API key redacted — with scope='all' they may still contain credentials or payload data from node outputs, so treat as sensitive.

Surface webhook and form-trigger paths from n8n workflows so agents can call n8n_trigger with mode='webhook' without opening the n8n UI. Returns workflowId, workflowName, nodeName, method, path, and a fully-formed triggerUrl.

Static checks on a workflow: deprecated node types (function → code), old Code-node API usage ($node[], items global, require()), orphan nodes, disabled nodes, and missing trigger. Returns a list of issues with severity.

Scan every workflow for nodes that invoke the browser-bridge CLI (Execute Command, Code/Function, or SSH nodes). Returns one finding per (workflowId, nodeName, platform, action) so you can answer 'where am I calling Linktree sync from?' without grepping the n8n DB. Read-only. Heuristic: matches browser-bridge[.js|.cjs] <platform> <action> in command/jsCode strings, including spawn-array form.

Generate a ready-to-paste n8n node JSON that calls the browser-bridge CLI for a given (platform, action, input). Mirrors the patterns in browser-bridge's docs/n8n-usage.md so n8n workflows don't need to rediscover the spawn/heredoc shape every time. Pure local generator — no n8n API call. Default mode 'code-node' uses spawnSync with stdin JSON; 'execute-command' uses an Execute Command node with a quoted heredoc.

Surface every schedule trigger across workflows so you can answer 'what's running at 3am?' without clicking through the n8n UI. Walks scheduleTrigger and legacy cron nodes, decodes their interval rules into human-readable strings (e.g. 'every 2 hours', 'daily at 03:00', 'cron: 0 */6 * * *'), and returns workflow context + the raw rule for further inspection. Read-only.

List workflow tags via GET /tags. Returns { data: [{id, name, createdAt, updatedAt}], nextCursor }. Read-only; pairs with n8n_set_workflow_tags + n8n_get_workflow_tags for cross-cutting workflow metadata.

Read the tags currently attached to a workflow via GET /workflows/{id}/tags. Returns the array of {id, name} tag objects (also includes createdAt/updatedAt). Read-only. Pairs with n8n_set_workflow_tags for diffs and reattach flows.

Generate n8n's built-in security audit via POST /audit. Returns one risk report per requested category: credentials (unused/abandoned), database (SQL injection-prone expressions), nodes (community/unofficial nodes), filesystem (host fs access), instance (insecure server settings). Each report has risk, sections (with title/description/recommendation/location). Read-only — n8n only inspects, never mutates. Requires the API user to be an instance admin or owner.

Scan workflows and surface every node matching a given type (e.g. 'n8n-nodes-base.slack'). Returns one finding per matching node + a per-workflow summary so agents can answer 'where am I calling Slack?' or 'which workflows still use the legacy HTTP Request node?' without grepping the n8n DB. Read-only. Bounded-concurrency fan-out; per-workflow fetch errors land in fetchErrors instead of failing the whole scan.

Aggregate execution stats over a recent window. Computes per-workflow counts (total/success/error/canceled/running/waiting), failure rate, avg + p95 runtime, last failure + last success timestamps. Composed read-only — paginates /executions and stops on the window boundary or maxExecutions. Useful for 'which workflows are flaky?' and 'what's running long?'. Pagination is best-effort: if truncated: true, increase maxExecutions or narrow sinceHours.

List credentials via GET /credentials. Returns metadata only — n8n's API explicitly excludes the data field (the encrypted secrets). Each row: {id, name, type (e.g. 'githubApi'), createdAt, updatedAt, shared[]}. Read-only. Requires the API user to be an instance owner or admin — non-admin keys get 401 with a clear hint. The tool defensively strips any data field that might appear in a future regression.

Fetch the JSON schema for a credential type via GET /credentials/schema/{credentialTypeName}. Returns the raw JSON Schema document describing the required data shape (e.g. freshdeskApi requires { apiKey, domain }). Use this BEFORE calling n8n_create_credential so you know what fields to populate. 404 on unknown type returns { ok: false, reason: 'not_found' }. 401 surfaces the admin/owner role requirement.

Scan workflows and surface every node that references a given credential. Pass either credentialId (exact, preferred) or credentialName (case-insensitive substring fallback). Returns one finding per (workflowId, nodeName, credentialType) plus a per-workflow summary count. Read-only. Bounded-concurrency fan-out; per-workflow fetch errors land in fetchErrors instead of failing the whole scan. Pairs with n8n_run_audit and is the answer to 'I'm rotating creds, where do I need to update?' before calling n8n_delete_credential.

Scan workflows and surface every node with disabled: true. One finding per (workflowId, nodeName, nodeType) plus a per-workflow count. Read-only. Disabled nodes are common drift signals — frozen mid-debug, forgotten cleanup — and the n8n UI doesn't surface them in any list view. Bounded-concurrency fan-out; per-workflow fetch errors land in fetchErrors instead of failing the scan.

Compare a workflow's current state against a snapshot (file path or inline object). Returns a structured semantic diff: nodes added/removed/modified (with per-node field paths), plus name/connections/settings change flags. Snapshot accepts both n8n_save_workflow backup shape (flat) and n8n_get_workflow(includeDefinition=true) shape (nested). Read-only.