15 Jun 04:55

bdcd3b2

v0.24.0 - SECURITY-REVIEW worked example + zh hero v16 Latest

Latest

v0.24.0 — SECURITY-REVIEW worked example + zh hero v16

The final piece of the four-piece security set: methodology + skill + negative example + positive example. The Code2n8n audit promise now has a concrete worked reference you can clone.

Layer	Where
Why audit at all (the manifesto)	`CODE2N8N.md` "Demo ≠ Production"
How to audit (the methodology)	`code-to-workflow` Step 1.5 + hard rules §3/§8/§9
What to audit with (the skill)	`n8n-security-governance` (141 lines)
Disclose-when-you-don't-fix (negative example)	`SECURITY-CAVEATS.md`
What a completed audit looks like (positive example) — NEW	`SECURITY-REVIEW.md`

🆕 New: `examples/line-ai-customer-service-onprem/SECURITY-REVIEW.md`

The full structured n8n-security-governance review applied to the bundled on-prem case, formal BLOCKED decision included.

10 numbered sections matching the skill's required outputs (metadata, scope, mandatory checks, findings, chain analysis, decision, traceability, rollback, cross-refs, re-review triggers).
13-entry trust-boundary matrix — every entry point with declared auth vs actual auth state.
10 structured SEC-### findings, each with Severity, Status, Evidence at file:line, Impact, Reproduction, Required fix, Validation, Owner, Target version.
Chain analysis — how the single attack path (no-auth → SQL identifier injection → no audit log) collapses to "unauthenticated arbitrary SQL execution with no forensics".
Compounding score: 8 FAIL / 2 PARTIAL / 1 PASS across 11 mandatory check dimensions, BLOCKED before any single Critical finding is considered.
Formal BLOCKED decision with a 10-step deployment requirement list to qualify for re-review.
Release traceability + Rollback section honestly marked "n/a — this case is BLOCKED from production".
Cross-references the short-form caveats, the skill, and the policy rationale in CREDITS.md.
Re-review trigger conditions so the document doesn't go stale.

Anyone forking the on-prem case to harden it can replace this file with their own review. Anyone writing a SECURITY-REVIEW for their own Code2n8n port has a clone-and-modify template.

📝 Wiring

SECURITY-CAVEATS.md gets a one-line link to the long-form review at the top so readers find the underlying audit.
On-prem README pointer changed from "complete list via CAVEATS" to "short version → CAVEATS, full review → REVIEW".

🎨 Chinese hero now matches the English master

docs/images/code2n8n-hero-zh.png upgraded to v16 user-master-remaster-native. Resolves the v15 font/logo overlap that forced the temporary v11 revert in v0.22.x. English and Chinese READMEs now both ship the v16 master remaster.

🤖 Generated with Claude Code

Assets 2

15 Jun 04:34

MorrisLu-Taipei

v0.23.0

d5682fa

v0.23.0 — n8n-security-governance ships + hero-vs-product audit closures

This release promotes the security skill to a real shipped product and uses a hero-vs-product audit (image claims vs actual skill content) to close three concrete gaps. The Code2n8n hero diagram is now fully backed by code.

🆕 New skill: `skills/tigerai/n8n-security-governance/` (141 lines)

A dedicated production-readiness gate, not a caption.

12 mandatory check areas: Authentication, Authorization, Injection, Webhooks, Secrets, Input/files, Browser/API, AI/agents (prompt-injection boundary + tool allowlists), Data, Operations, n8n-specific (production webhook auth, credential references, Code-node sandbox), Dependencies
Structured SEC-### finding format: Severity, Status, Evidence, Impact, Reproduction, Required fix, Validation, Owner, Target version
PASS / CONDITIONAL / BLOCKED decision matrix
Version control + CI/CD gate (7 required checks) + Rollback (5 required facts per release)
NEW Observability section: 8 runtime signals (success/error counts, latency p50/p95/p99, webhook 4xx/5xx, credential usage frequency, queue depth, disk usage, exception classes), 3 alert routes, mandatory dashboard link, plus an honesty rule — "no monitoring = SECURITY-CAVEATS finding"

Registered in plugin.json with role: security. Skills count 14 → 15.

🔗 marquee `code-to-workflow` upgraded

Two new hard rules wire the security skill into the migration methodology:

Rule 8 — "Security review is a real gate, not a caption." Step 1.5 must invoke n8n-security-governance and record evidence + severity + decision.
Rule 9 — "Every release must be traceable and reversible." The reviewed JSON, SDD, security artifacts, tests, Git commit SHA, workflow internal version, n8n release tag, and rollback target must describe the same release.

🆕 Pillar 4.2 in `tigerai-enterprise-patterns` — Human-in-the-Loop

Closes the hero diagram's Step-4 "Approval" claim with a concrete pattern, not a footnote.

5 approval node types (Email, Slack, Form, Telegram, native sendAndWait) with use-case mapping
Mandatory timeout policy: money 4h, support 2h, default 24h
3 escalation modes after timeout: auto-reject / escalate / accept-with-followup
Mandatory audit trail fields: request_id, requester, approver, decision, timestamp, reason, channel
Reject path must include a compensating action — not just "flow ends"
Handover design rules for human takeover, cross-shift handoff, AI→engineer escalation
5 anti-patterns explicitly rejected at generation time

🆕 New doc: `docs/enterprise-setup.md`

Settles the ambiguity in the hero's third block: SSO / IAM / HA / DR is n8n self-hosted enterprise + your IT — not this Pack. The Pack's job is making sure Code2n8n-produced workflows land cleanly on top.

Pack vs n8n vs your IT responsibility table
SSO chapter — SAML / OIDC / LDAP / RBAC / Project belong to n8n self-hosted enterprise; the Pack adds IAM-friendly workflow rules (don't hardcode user identity, credential references only, project ownership, no manualTrigger in production)
HA chapter — n8n queue mode + multi-worker; the Pack adds queue-safe workflow rules (no local-file passing between nodes, Wait instead of sleep, idempotency keys, mandatory timeouts) + deployment-layer checklist
DR chapter — 4 backup targets (Postgres, encryption key, workflow JSON exports, IaC), quarterly DR drill procedure
Adoption order: enterprise n8n + SSO/RBAC first → install Pack → run Code2n8n port → Step 1.5 review → CI gate → production

📝 Surrounding updates

CODE2N8N.md adds a Pack / n8n / IT responsibility callout after the "demo isn't production" section
Both READMEs add a responsibility-boundary callout right after the proof bar, linking to enterprise-setup.md
English README hero swapped to v16 (user master remaster native)
Chinese README hero still on v11 pending a v15-equivalent layout fix

✅ Hero-claim-by-claim audit

Hero element	Backed by
Path A intent → workflow	`sticky-note-to-workflow`
Path B existing system → migration	`code-to-workflow`
Step 1 Inventory	`code-to-workflow` Step 1
Step 2 Partition	`code-to-workflow` Step 2
Step 3 Security Audit	✅✅ `n8n-security-governance` (141 lines) + `code-to-workflow` Step 1.5 + hard rules §8/§9
Step 4 Retry / Approval / Handover	Retry across 5 skills; Approval newly covered by Pillar 4.2; Handover central to `code-to-workflow`
Step 5 Production Validation	`code-to-workflow` Step 6 (3-layer funnel) + working `_audit.mjs` / `_n8n_import_test.mjs` in examples
Unfixed findings → `SECURITY-CAVEATS.md`	required output #2 in `n8n-security-governance` + real file in on-prem example
Block-3 SSO / IAM / HA / DR	`docs/enterprise-setup.md` settles the boundary and gives Pack-side rules
Block-3 Observability	new Observability section in `n8n-security-governance`

The hero is no longer a marketing claim. Every block is backed by a file in the repo.

🤖 Generated with Claude Code

Assets 2

10 Jun 15:18

MorrisLu-Taipei

v0.22.2

2d5b787

v0.22.2 — On-prem example security disclosure (NOT patched)

After a user-raised review surfaced severe authentication and SQL injection gaps in the on-prem LINE CS example, the pack ran a code audit and chose to disclose, not silently patch. Silent patching would misrepresent both the case study and the CREDITS.md attribution chain.

What was disclosed

In examples/line-ai-customer-service-onprem/SECURITY-CAVEATS.md, every issue is documented with file/line and repro:

/api/auth/me always returns {authenticated: true} — zero session/JWT.
Login uses plaintext password SQL comparison.
All /api/* data routes have no auth middleware: settings GET/POST (reads/writes all API keys), user_states GET/POST, reset-handover, logs add/search, upload, n8n.credentials_entity listing, qdrant collections.
SQL identifier injection in updateSettings: request-body keys are concatenated directly into INSERT/UPDATE SQL.
No CSRF, no rate limit, no audit log, no helmet, no CORS lockdown.

Why disclose-don't-patch

Silent patching misrepresents the upstream POC.
The vulnerabilities themselves are the lesson: AI-coded software that runs ≠ enterprise-deployable software.
The CREDITS.md chain records who did what; we did not do hardening, so we don't claim to have.

To deploy: fork and apply the 10-step hardening checklist at the end of SECURITY-CAVEATS.md (middleware → session → bcrypt → SQL whitelist → CSRF → rate limit → audit log → endpoint trimming → upload hardening → secret encryption).

Marquee skill upgrade

The code-to-workflow skill now mandates a Step 1.5: Security audit (10-item checklist) between source inventory and partition decision, plus a new hard rule §3 requiring publication of a SECURITY-CAVEATS.md if vulnerabilities are found and not fixed. Future Code2n8n ports cannot quietly inherit the same blind spot.

Surrounding doc downgrades

On-prem README: prominent DO-NOT-DEPLOY banner; "enterprise-grade real-world variant" wording → "real-world POC port".
CODE2N8N.md: case-study entry annotated with ⚠️ + SECURITY-CAVEATS link.
CREDITS.md: new "Security audit performed, NOT patched" section.

No code or workflow logic changed.

🤖 Generated with Claude Code

Assets 2

10 Jun 14:41

MorrisLu-Taipei

v0.22.1

bd721e7

v0.22.1 — Relicense whole pack as MIT

Switches the repository license from TigerAI Proprietary to MIT, making the entire pack a single, consistent open-source distribution.

What changed

New root LICENSE — MIT (Copyright (c) 2026 Morris Lu / TigerAI), with an appendix pointing to the existing per-subdirectory LICENSE / CREDITS chains for bundled third-party material.
plugin.json license field: Proprietary → MIT.
README.md / README.zh.md license section: now states the whole pack is MIT and lists each derived subdirectory.
THIRD_PARTY_NOTICES.md trailing section: changed from Proprietary to MIT; the bundled third-party material's own copyright notices remain in place.

What did NOT change

Vendor skills (skills/_vendor/): MIT, as before.
Reference workflows (reference-workflows/): MIT, as before.
Derived examples (examples/google-workspace-admin-workflow/, both line-ai-customer-service*): retain their upstream attribution chains.
No code or workflow logic changed.

GitHub will auto-detect the LICENSE file and show the MIT badge on the repo.

🤖 Generated with Claude Code

Assets 2

10 Jun 11:56

MorrisLu-Taipei

v0.22.0

53f4025

v0.22.0 — Marquee code-to-workflow skill + on-prem LINE CS case (MIT)

v0.22.0 — Marquee skill `code-to-workflow` + on-prem LINE CS case (MIT)

Fulfils the CODE2N8N.md promise: the Skill Pack now actually contains the marquee Code2n8n skill the manifesto advertises.

🎯 New marquee skill: `skills/tigerai/code-to-workflow/`

The methodology for turning any existing program / system (Apps Script, Netlify Functions, Express, Docker stack, …) into a governable n8n workflow, distilled from the three real case studies in this pack.

Triggers: "把這個 repo 移到 n8n" / "Code2n8n 一下" / "port to n8n" / "幫我把這個 Lambda 改成 workflow" / "我的 Python 腳本想丟給營運維護"

7-step methodology:

Source inventory — entry points, side effects, external calls, data stores, UI/backend split
Partition rubric — what stays as code-as-service / what becomes a node / what becomes a connection
Core + entry architecture — for multi-channel systems, one core, N entries
Frontend portability decision tree — A keep original / B point original at n8n / C n8n-hosted spartan UI
Native-first workflow design — declarative nodes everywhere except annotated HTTP fallbacks
3-layer validation funnel — static lint + n8n REST import + Layer 3 live execution
Documentation outputs recipe — SDD / FRONTEND-SDD / PROVENANCE / FIELD-MAPPING / CREDITS / TODO

Real-world gotchas catalogue covering ~15 patterns across deployment (port collision, shared DB credentials, global Redis), Node/build (Express v5 wildcards, ESM tsx, sandbox crypto), LINE/messaging (raw-body signature, reply-token TTL, multi-event webhooks), Google Workspace (Docs paragraph style, Sheets dropdown, frozen header), and AI/RAG (GPT-5 Responses API, no native Gemini, Ollama Docker network names, Switch-on-active_ai RAG paths).

Hard rules: never strip upstream license, scrub secrets before commit, don't claim n8n can replace a UI, preserve fidelity with PROVENANCE.md pinned to a commit SHA, never declare done until Layer 1+2 both pass, tag every local n8n import with [Claude YYYY-MM-DD].

Registered as tigerai / role: marquee. Skills count 13 → 14.

🆕 New case study: `examples/line-ai-customer-service-onprem/`

An MIT-licensed practice case that walks the full Code2n8n pipeline end-to-end. Took scorpioliu0953/ai_customer_service (upstream cloud version, MIT) and evolved it into a full on-prem Docker stack:

Infrastructure: Postgres + Redis + Qdrant + Ollama containers, replacing Supabase entirely
Knowledge: Qdrant vector RAG instead of plain reference file
Auth: real-user accounts in a Postgres users table, replacing the shared-token shim
Brain: 37-node n8n workflow with Switch on active_ai → three RAG paths (OpenAI / Gemini / Ollama local LLM)
Validation: a 5-phase V&V plan (Infra / API / UI / HMR / E2E) with real PASS records
Lessons learned: 5 real port-time issues, captured in docs/LESSON_LEARNED.md (port collision, Express v5 wildcard, ESM tsx, shared DB credentials, global Redis)

Ships docs, SDD, DEV_LOG, LESSON_LEARNED, WALKTHROUGH_N8N, supabase_schema.sql, docker-compose + Dockerfiles, the full React + Express src/ tree, and the 37-node n8n_workflow_export.json.

License + attribution: upstream MIT preserved verbatim; CREDITS.md records the full chain (upstream → Morris Lu's on-prem evolution → this pack). Before committing, one hard-coded OPENWEBUI_API_KEY was scrubbed and n8n-backup/creds_backup.json was deliberately excluded.

Sits side-by-side with the existing examples/line-ai-customer-service/ (the cloud version we built in v0.19.0). Readers see the same upstream system on two different Code2n8n paths — cloud-minimum vs on-prem-enterprise — and can choose which fits their environment.

📝 Surrounding updates

CODE2N8N.md — surfaces the marquee skill and reorganises the skill / case-study layering
Cloud LINE CS README — adds a banner pointing to the on-prem variant
plugin.json description — adds marquee + the three case study names
VERSION → 0.22.0

The thesis (one line)

AI Coding solves "how is the function built"; code-to-workflow (this release's marquee skill) solves "how is the capability modularised"; n8n solves "how the modules cooperate across the whole enterprise."

Read the full manifesto.

🤖 Generated with Claude Code

Assets 2

09 Jun 19:17

MorrisLu-Taipei

v0.21.0

17c3c26

v0.21.0 — Rebrand to TigerAI Code2n8n Skill Pack

The Skill Pack's positioning is upgraded from "n8n tools" to the bridge between AI Coding and enterprise-grade n8n workflows — governance, audit, version control, handover, cross-system orchestration.

What changed

Repo renamed: TigerAI-Code2n8n-Skill-Pack. GitHub serves a 301 from the old URL; stars / forks / issues / commit history are preserved.
New manifesto: CODE2N8N.md — why enterprises need n8n more in the AI-coding era, not less. Covers the new division of labour between AI Coding (Claude Code / Codex / Antigravity) and Code2n8n + n8n, and the heterogeneous-systems integration thesis.
READMEs (EN + ZH): retitled TigerAI Code2n8n Skill Pack, intro now leads with the Code2n8n positioning, dir-tree updated.
plugin.json: name → tigerai-code2n8n-skill-pack, description rewritten. Skills count unchanged (13).
Install scripts (install.ps1 / install.sh): installer banner updated.
Research docs: delivery path uses the new name.

What didn't change

No features removed. Same 13 skills, same 2,061 reference workflows, same 4 example projects.
Same code, correct story.

The thesis (one line)

AI Coding solves "how is the function built"; Code2n8n solves "how is the capability modularised"; n8n solves "how the modules cooperate across the whole enterprise."

Read the full manifesto: CODE2N8N.md

🤖 Generated with Claude Code

Assets 2

30 May 10:31

MorrisLu-Taipei

v0.20.0

9e79d0f

v0.20.0 — n8n-code-to-native skill + LINE CS admin backend TODO

v0.20.0 — n8n Code → Native node skill + LINE CS admin backend TODO

🆕 New skill: `skills/tigerai/n8n-code-to-native/`

Refactor n8n workflows by converting Code (JS) nodes into native declarative nodes (Set / Filter / Merge / Crypto / Aggregate / Convert to File), so they are readable by n8n experts who don''t write JavaScript. Triggered by phrases like "原生化", "改成 n8n 原生 node", "reduce Code nodes".

Includes

6 hard rules (sticky-note changelog mandatory, never break in-place semantics, connections key by node name, expressions support .map/.reduce/.filter/?./??/..., no IIFE in expressions, keep what genuinely belongs in code)
5-step process: inventory → classify → in-place swap with Set v3.4 → sticky changelog → verify
Classification table covering 8 patterns (which Code nodes become Set / Filter / Merge / ConvertToFile, which stay as Code: LLM parsers, crypto polyfills, dynamic nested filter assembly, per-item shape branching)
Expression cheat sheet + common pitfalls (includeOtherFields at parameter level, Math.max(...[]) returning -Infinity, UTF-8 encoding, node-rename caveats)

Registered in plugin.json under tigerai group, role: refactor.

📋 LINE CS example — admin backend TODO

New examples/line-ai-customer-service/TODO.md honestly documents what the approach-C admin shim does not cover:

Real authentication (currently just shared LINECS_ADMIN_TOKEN; upstream had Supabase Auth + RLS)
Conversation history view (no messages table yet)
In-console live agent reply
KB file management (list / delete / preview)
Direction decision: stay approach C vs switch to approach B (keep React UI, point at n8n APIs)

Plus non-backend items: Layer-3 live end-to-end test, error-handler workflow, multi-channel entries.

Also captured in persistent project memory.

🧹 Housekeeping

Removed the served CHANGELOG-v0.19.0.md scratch file.

🤖 Generated with Claude Code

Assets 2

26 May 08:01

MorrisLu-Taipei

v0.19.0

85beb66

v0.19.0 — LINE AI customer-service n8n port + GW line-level provenance

v0.19.0 — LINE AI customer-service n8n port + Google Workspace line-level provenance

🆕 New example: `examples/line-ai-customer-service/`

Port of the backend of scorpioliu0953/ai_customer_service (Netlify + React + Supabase + GPT/Gemini) to n8n, with the admin frontend implemented as approach C (n8n-hosted UI).

Backend runtime (1:1 with upstream line-webhook.ts, 175 lines)

core/core-message-router — dedup / handover-keyword → human / human-mode timeout / GPT (chat · o-series · gpt-5 Responses) or Gemini / reply
entry-line — webhook + raw-body HMAC-SHA256 signature verify + event fan-out

Frontend admin (approach C — runs entirely in n8n, no external host)

admin/admin-ui — Respond-to-Webhook serves a single-file HTML dashboard
admin/api-settings · api-users · api-kb — CRUD over the same Supabase tables
dashboard HTML generated by admin/_build_admin.mjs (avoids hand JSON-escaping)
X-Admin-Token auth via n8n env LINECS_ADMIN_TOKEN

Design

Only one n8n credential (Supabase). LINE / OpenAI / Gemini keys are read from the settings row — same as upstream, so the dashboard can edit them.
Docs: SDD.md (portability verdict — backend portable, React dashboard not), FRONTEND-SDD.md (approach C), docs/{install,supabase-setup,line-setup,admin-setup,field-mapping}.
Gotchas documented: LINE signature needs raw body, self-hosted needs NODE_FUNCTION_ALLOW_BUILTIN=crypto, reply-token ~1 min TTL, no native LINE/Gemini nodes.

📎 Google Workspace example — line-level provenance

New examples/google-workspace-admin-workflow/PROVENANCE.md — maps every preserved data item to the exact upstream src/Code.gs line, pinned to commit fce2513 (11 subfolders / 9 Doc headings / T001–T010 / 10 checklist rows / 5 reminder offsets / 14 date types / sheet headers).
Inline <- Code.gs:Lxxx markers in the Prepare nodes + a source pointer in each core overview sticky note.

✅ Validation

Both examples pass _audit.mjs static lint (0 errors / 0 warnings) and local n8n REST import (Google Workspace 7/7, LINE 6/6 accepted by n8n).

🤖 Generated with Claude Code

Assets 2

20 May 16:24

MorrisLu-Taipei

v0.18.0

e98f34a

v0.18.0 — Google Workspace admin project workflow (n8n port)

What's new

A full 1:1 n8n port of mihozip/google-workspace-admin-project-workflow, originally written in Google Apps Script. Lives at examples/google-workspace-admin-workflow/.

Workflows (7)

core/core-setup.workflow.json — one-time bootstrap (root subfolders + master control sheet)
core/core-project-starter.workflow.json — shared logic for new project creation: 11 subfolders + 9-section Doc + 待辦追蹤表 + 成果檢核表 + Calendar reminders + control row + email
core/core-milestone.workflow.json — shared logic for adding milestone dates to existing projects
entry-n8n-form/* — n8n Form Trigger adapters (2 files)
entry-google-forms/* — Webhook adapters + Apps Script bridge .gs (3 files)

Node strategy

Native Google nodes (Drive / Sheets / Docs / Calendar / Gmail) wherever possible. Only 3 HTTP Request nodes survive — each annotated with a yellow Sticky Note explaining why:

Docs heading / TITLE paragraph style (no native operation)
Sheets dropdown validation setDataValidation (no native operation)
Sheets header bold + bg colour + frozen row repeatCell/updateSheetProperties (no native operation)

Verbatim fidelity from upstream

11 subfolders / 20-column control sheet / 17-column milestone log / 12-column task tracker / 6-column checklist / 10 default tasks / 10 checklist items / 14 milestone date types / 5 reminder offsets / 9 Doc heading sections — all line-for-line.

Docs

README.md / README.en.md — overview
SCENARIO.md — persona-driven walkthrough mapping n8n workflow names to real use cases
SDD.md — planning / development / migration / test / validation (5 sections)
docs/install.md / docs/google-credentials.md / docs/field-mapping.md
CREDITS.md — upstream attribution

Validation

_audit.mjs — static lint encoding n8n-validation-expert + n8n-expression-syntax rules. 0 errors / 0 warnings
_n8n_import_test.mjs — round-trip POST against local n8n /api/v1/workflows. 7/7 accepted, then cleaned up
Layer 3 (live execution against real Google APIs) still pending — requires user-authorized OAuth credentials.

What this release does not change

skills/, reference-workflows/, cookbook/ remain at 0.17.0 behaviour. Pure additive release.

Diff: cfb655d...v0.18.0

Assets 2

Releases: MorrisLu-Taipei/TigerAI-Code2n8n-Skill-Pack