v0.26.1: 三層審查防守強化 — hero 白底正式註解 + is/is-not 表 + proof bar 精準化

v0.26.0 把矩陣 🟡 結清。0.26.1 不加功能，把整套敘事的「容易被工程師挑、容易被酸民打」的點全部硬化。

🎨 Hero PNG：白底正式註解，不再像 caption

之前的深色底白字像字幕浮層。改成：

• 白底 + 頂部 hairline 分隔線 + 深色文字 的正式圖內註解
• Copy 升級為完整一句、不再點到為止：

  Platform capabilities such as SSO / IAM, Audit Log, HA, Metrics, and Source Control are provided by n8n editions and enterprise IT deployment. This Pack provides the migration, review, validation, and governance method.

• 中文同款翻譯
• scripts/stamp-hero.ps1 UTF-8 BOM saved，PS 5.1 安全
• 底圖從 d5682fa 取回乾淨原檔再燒（避免在已 stamp 圖上疊燒）

🪪 README 新增「What this Pack is — and what it is not」

緊接 hero 的硬表，五個常見誤讀路徑一次擋下：

✅ This Pack is	⛔ This Pack is not
移植方法論	n8n Enterprise 替代品
Security Review 關卡	萬用 SAST / DAST / fuzzer
驗證 SOP + CI gate	完整 workflow deployment pipeline
三案例 + 16 個可審 workflow JSON	萬用「程式碼 → workflow」compiler
2,061 設計查找語料	已驗證 production 模板

表後直接附上 receipts（responsibility-matrix + evidence report）。

🧪 Proof bar 精準化

import 7/7 容易被讀成「能跑」。改為三段式：

Static lint 0 err / 0 warn · n8n REST import 7/7 · live execution requires your Google Workspace credentials

每格都標 靜態 lint / import / live credentials 三層。On-prem 案改為直接寫 BLOCKED — DO NOT DEPLOY AS-IS 結論並指向 SECURITY-REVIEW。

🧾 2,061 corpus inline 標註

The whole-pack-in-one-picture 那行裡，"2,061 reference workflows" 直接 inline 標 "as a design-lookup corpus, not validated templates" — 不靠讀者翻矩陣才知道是語料。

---

v0.26.0 結清能力 backlog；v0.26.1 結清敘事 backlog。

v0.26.0: close remaining 4 backlog — scanner / templates / roundtrip / multi-platform CI

v0.25.0 把 installer / hero / CI gate 收尾。v0.26.0 把責任矩陣裡最後 4 個 🟡 一次清完，矩陣現在 0 個 🟡。

🆕 scripts/security-scan.mjs — 確定性 workflow 安全掃描器

regex / 結構性規則，不是 AI 判斷：密鑰文字（OpenAI/AWS/GitHub/Slack/Google/PEM/JWT/basic-auth-URL）、敏感 key 明文值、cleartext HTTP URL、webhook-without-auth、empty / unparsable JSON。--glob + --format text|markdown|json。本地跑 16 個 workflow：0 errors, 9 warnings（全部是 case study 故意保留的 webhook-no-auth，已在 SECURITY-CAVEATS 揭露）。

🆕 scripts/live-roundtrip.mjs — n8n REST round-trip

POST → GET（node count 比對）→ DELETE，不留垃圾。沒設 `N8N_API_URL` / `N8N_API_KEY` 就 exit 0 skip，CI optional job 用。

🆕 examples/templates/ — 3 個 drop-in importable workflow

檔案	模式
`retry-with-backoff.workflow.json`	指數退避 retry + dead-letter
`human-approval-gate.workflow.json`	人工核可關卡（Wait + resume webhook）
`handover-trace.workflow.json`	跨系統交接 + correlation ID

每檔 sticky note 列：模式 / 實作節點 / 上線前要改什麼 / 滿足 SECGOV 哪幾條。三檔 scanner 都 0/0。

🛡️ CI gate 擴充（多平台）

`.github/workflows/security-gate.yml` 新增 4 個 job：

• `workflow-security-scan` — 跑 scanner
• `dependency-cve` — matrix npm-audit（LINE CS cloud + on-prem）
• `container-scan` — Trivy fs scan on-prem
• `live-roundtrip` — secret-gated

`.gitlab-ci.yml` 鏡像同邏輯給 GitLab。

📋 周邊串接

• `docs/responsibility-matrix.md`：4 🟡 → ✅，狀態 as of v0.26.0
• `tigerai-enterprise-patterns` SKILL.md 引用 templates 為 drop-in scaffold

Backlog 結餘

責任矩陣現在 0 個 🟡 — 剩 ⛔ 都是「不在 Pack scope 內」（SSO / IAM / Audit Log / multi-main HA / /metrics 觀測 stack / ERP/CRM/DB/LLM 整合）。🟡 不再代表「答應但還沒做」。

v0.25.0: installer flags, uninstaller, hero PNG subtext baked in

v0.24.2 把文件落差掃乾淨，但責任矩陣裡還留 4 個 🟡（hero PNG 沒燒字、installer 沒旗標、沒 dry-run、沒官方 uninstall）。v0.25.0 一次結清。

🆕 installer / uninstaller 改版

四支腳本（install.sh / install.ps1 / uninstall.sh / uninstall.ps1）同步加上：

旗標	行為
--target claude|antigravity|all	指定單一目標或全部
--dry-run	印出所有 fs 動作但不寫入
--help / -h	用法

• install.* 完成自動驗證 14/14 skill 目錄到位，缺一個就 exit 非零
• uninstall.* 內嵌 14 個 skill + _tigerai-pack-shared 的明確 manifest，不存在的會靜默跳過
• PowerShell 兩支都用 UTF-8 BOM 儲存

🎨 Hero PNG 燒字

scripts/stamp-hero.ps1 用 PowerShell System.Drawing 把平台能力歸屬說明燒進英文版 + 中文版 hero 底部灰條。圖被單獨轉傳時，責任邊界跟著走，不再仰賴 README caption。

🛡️ CI gate 跟進

.github/workflows/security-gate.yml 的 installer-parse job 擴充：

• bash -n 跑 install/uninstall 兩支 shell 腳本
• BOM 檢查（EF BB BF）跑兩支 .ps1
• [Parser]::ParseFile 跑兩支 .ps1
• 四支腳本都跑 --dry-run --target claude smoke

🩹 周邊清理

• plugin.json 加 uninstall_scripts 條目
• docs/responsibility-matrix.md：hero PNG row + installer ergonomics row 🟡 → ✅
• 兩種語言 README hero caption 拿掉平台歸屬聲明（已燒進圖裡）

Backlog 結餘

誠實揭露 v0.26+ 還沒做：

• live n8n + credentials 上端對端 round-trip 自動化
• Security 自動掃描器（目前 SOP + checklist）
• 完整 CI/CD（GitLab、dep CVE、container scan）
• Retry / Approval / Handover 的 drop-in importable workflow 模板

v0.24.2: scrub stale docs (15->14, version pin, mcp contradictions, edition split)

v0.24.1 收齊了實作層的修正；v0.24.2 把使用者再做一輪 audit 挖出的「文件還停在舊版」的中度落差一次刷掉。本版只動文件，不動程式碼。

🩹 README 還留著已修好的舊警告

• 樹狀圖「14 disk / manifest 15」→「14 skills (manifest matches disk)」
• 警告 footnote 替換成 zh 版同款的「/install-n8n-pack 是 Antigravity workflow 不是 skill」
• README 雙語的歷史驗收章節原本硬編 v0.22.2 → 改連 VERSION + v0.24.1 evidence

🩹 安裝文件自相矛盾

• 英文版同時說「No n8n-mcp required」又要求「Enable n8n-mcp」— 改為一致的 "No MCP server required" + smoke-test curl
• 中文版原本把 n8n-mcp 列為前提、宣稱會載入 Pack 沒有的 n8n-mcp-tools-expert skill — 全部移除
• 安裝腳本「驗證 skill description triggers 已載入」這句虛假承諾刪除，改為使用者自驗
• 解除安裝段補齊 code-to-workflow / _tigerai-pack-shared / Antigravity path，並註記官方 uninstall.sh 是 v0.25 backlog

🩹 責任矩陣對 n8n edition 過度簡化

拆成 5 層：

Tier	提供什麼
Pack	方法論 / SOP
n8n Community（self-hosted）	runtime + queue mode + /metrics
n8n Business	加 Source Control / Environments
n8n Enterprise	加 SSO / RBAC / Audit Log / External Secrets / multi-main HA
Enterprise IT	Postgres / Redis / LB / 觀測 stack

「升 Enterprise 自動拿到 HA」不精確 — IT 仍要部署底層。

新增 installer ergonomics row 標 v0.25 backlog（--dry-run / --target / post-install verify / official uninstall.sh）。

v0.24.1: fix installer + CI gate + fresh evidence

v0.24.0 後使用者實際拿去裝，挖到一批會打臉「四件套俱全」的實作落差：Windows 安裝器無法解析、manifest 比磁碟多算一個 skill、n8n-security-governance 講的 CI/CD gate 在這個 repo 本身完全沒跑、驗收報告還停在 2026-05-05。v0.24.1 把這四件一起補上。

🩹 修：Windows 安裝器無法解析

• install.ps1 重新以 UTF-8 with BOM (EF BB BF) 儲存。原本沒有 BOM，PowerShell 5.1 用 Windows-1252 解中文，第 71 行雙引號被誤認沒收尾，整個檔案 parse fail，使用者裝不了。
• install.ps1 與 install.sh 的 vendor skill 計數從硬寫的「7 個」改回「6 個」。

🩹 修：manifest 對齊磁碟

• plugin.json 移掉孤兒 install-tigerai-n8n-pack entry，skills 15 → 14。
• 對應的 /install-n8n-pack slash command 本來就是 Antigravity workflow，放在 .agent/workflows/install-pack.md，不是 skill。
• README / README.zh.md 全部跟著更新。

🛡️ 新檔：.github/workflows/security-gate.yml

n8n-security-governance skill 講了 CI/CD gate，但這個 repo 之前一條 workflow 都沒有。這版補上實際會跑的 gate：

Job	卡什麼
manifest-consistency	plugin.json ↔ skills/ 雙向比對
json-audit	兩個案例的 _audit.mjs + on-prem brain JSON 檢查
secret-scan	OpenAI / AWS / GitHub / Slack / PEM 私鑰 regex 掃描
installer-parse	bash -n install.sh + BOM 檢查 + PowerShell Parser::ParseFile

📋 新檔：tests/REPORT-v0.24.1-evidence.md

獨立、有日期戳的驗收紀錄：installer parse 結果、manifest 雙向比對、三個案例 audit 輸出、CI gate 敘述、「這份報告沒有證明什麼」的誠實落差清單。原本的 REPORT-3.md 維持 2026-05-05 / v0.9.0 baseline，不被改寫。

v0.24.0 - SECURITY-REVIEW worked example + zh hero v16

v0.24.0 — SECURITY-REVIEW worked example + zh hero v16

The final piece of the four-piece security set: methodology + skill + negative example + positive example. The Code2n8n audit promise now has a concrete worked reference you can clone.

Layer	Where
Why audit at all (the manifesto)	CODE2N8N.md "Demo ≠ Production"
How to audit (the methodology)	code-to-workflow Step 1.5 + hard rules §3/§8/§9
What to audit with (the skill)	n8n-security-governance (141 lines)
Disclose-when-you-don't-fix (negative example)	SECURITY-CAVEATS.md
What a completed audit looks like (positive example) — NEW	SECURITY-REVIEW.md

🆕 New: examples/line-ai-customer-service-onprem/SECURITY-REVIEW.md

The full structured n8n-security-governance review applied to the bundled on-prem case, formal BLOCKED decision included.

• 10 numbered sections matching the skill's required outputs (metadata, scope, mandatory checks, findings, chain analysis, decision, traceability, rollback, cross-refs, re-review triggers).
• 13-entry trust-boundary matrix — every entry point with declared auth vs actual auth state.
• 10 structured SEC-### findings, each with Severity, Status, Evidence at file:line, Impact, Reproduction, Required fix, Validation, Owner, Target version.
• Chain analysis — how the single attack path (no-auth → SQL identifier injection → no audit log) collapses to "unauthenticated arbitrary SQL execution with no forensics".
• Compounding score: 8 FAIL / 2 PARTIAL / 1 PASS across 11 mandatory check dimensions, BLOCKED before any single Critical finding is considered.
• Formal BLOCKED decision with a 10-step deployment requirement list to qualify for re-review.
• Release traceability + Rollback section honestly marked "n/a — this case is BLOCKED from production".
• Cross-references the short-form caveats, the skill, and the policy rationale in CREDITS.md.
• Re-review trigger conditions so the document doesn't go stale.

Anyone forking the on-prem case to harden it can replace this file with their own review. Anyone writing a SECURITY-REVIEW for their own Code2n8n port has a clone-and-modify template.

📝 Wiring

• SECURITY-CAVEATS.md gets a one-line link to the long-form review at the top so readers find the underlying audit.
• On-prem README pointer changed from "complete list via CAVEATS" to "short version → CAVEATS, full review → REVIEW".

🎨 Chinese hero now matches the English master

docs/images/code2n8n-hero-zh.png upgraded to v16 user-master-remaster-native. Resolves the v15 font/logo overlap that forced the temporary v11 revert in v0.22.x. English and Chinese READMEs now both ship the v16 master remaster.

---

🤖 Generated with Claude Code

v0.23.0 — n8n-security-governance ships + hero-vs-product audit closures

v0.23.0 — n8n-security-governance ships + hero-vs-product audit closures

This release promotes the security skill to a real shipped product and uses a hero-vs-product audit (image claims vs actual skill content) to close three concrete gaps. The Code2n8n hero diagram is now fully backed by code.

🆕 New skill: skills/tigerai/n8n-security-governance/ (141 lines)

A dedicated production-readiness gate, not a caption.

• 12 mandatory check areas: Authentication, Authorization, Injection, Webhooks, Secrets, Input/files, Browser/API, AI/agents (prompt-injection boundary + tool allowlists), Data, Operations, n8n-specific (production webhook auth, credential references, Code-node sandbox), Dependencies
• Structured SEC-### finding format: Severity, Status, Evidence, Impact, Reproduction, Required fix, Validation, Owner, Target version
• PASS / CONDITIONAL / BLOCKED decision matrix
• Version control + CI/CD gate (7 required checks) + Rollback (5 required facts per release)
• NEW Observability section: 8 runtime signals (success/error counts, latency p50/p95/p99, webhook 4xx/5xx, credential usage frequency, queue depth, disk usage, exception classes), 3 alert routes, mandatory dashboard link, plus an honesty rule — "no monitoring = SECURITY-CAVEATS finding"

Registered in plugin.json with role: security. Skills count 14 → 15.

🔗 marquee code-to-workflow upgraded

Two new hard rules wire the security skill into the migration methodology:

• Rule 8 — "Security review is a real gate, not a caption." Step 1.5 must invoke n8n-security-governance and record evidence + severity + decision.
• Rule 9 — "Every release must be traceable and reversible." The reviewed JSON, SDD, security artifacts, tests, Git commit SHA, workflow internal version, n8n release tag, and rollback target must describe the same release.

🆕 Pillar 4.2 in tigerai-enterprise-patterns — Human-in-the-Loop

Closes the hero diagram's Step-4 "Approval" claim with a concrete pattern, not a footnote.

• 5 approval node types (Email, Slack, Form, Telegram, native sendAndWait) with use-case mapping
• Mandatory timeout policy: money 4h, support 2h, default 24h
• 3 escalation modes after timeout: auto-reject / escalate / accept-with-followup
• Mandatory audit trail fields: request_id, requester, approver, decision, timestamp, reason, channel
• Reject path must include a compensating action — not just "flow ends"
• Handover design rules for human takeover, cross-shift handoff, AI→engineer escalation
• 5 anti-patterns explicitly rejected at generation time

🆕 New doc: docs/enterprise-setup.md

Settles the ambiguity in the hero's third block: SSO / IAM / HA / DR is n8n self-hosted enterprise + your IT — not this Pack. The Pack's job is making sure Code2n8n-produced workflows land cleanly on top.

• Pack vs n8n vs your IT responsibility table
• SSO chapter — SAML / OIDC / LDAP / RBAC / Project belong to n8n self-hosted enterprise; the Pack adds IAM-friendly workflow rules (don't hardcode user identity, credential references only, project ownership, no manualTrigger in production)
• HA chapter — n8n queue mode + multi-worker; the Pack adds queue-safe workflow rules (no local-file passing between nodes, Wait instead of sleep, idempotency keys, mandatory timeouts) + deployment-layer checklist
• DR chapter — 4 backup targets (Postgres, encryption key, workflow JSON exports, IaC), quarterly DR drill procedure
• Adoption order: enterprise n8n + SSO/RBAC first → install Pack → run Code2n8n port → Step 1.5 review → CI gate → production

📝 Surrounding updates

• CODE2N8N.md adds a Pack / n8n / IT responsibility callout after the "demo isn't production" section
• Both READMEs add a responsibility-boundary callout right after the proof bar, linking to enterprise-setup.md
• English README hero swapped to v16 (user master remaster native)
• Chinese README hero still on v11 pending a v15-equivalent layout fix

✅ Hero-claim-by-claim audit

Hero element	Backed by
Path A intent → workflow	sticky-note-to-workflow
Path B existing system → migration	code-to-workflow
Step 1 Inventory	code-to-workflow Step 1
Step 2 Partition	code-to-workflow Step 2
Step 3 Security Audit	✅✅ n8n-security-governance (141 lines) + code-to-workflow Step 1.5 + hard rules §8/§9
Step 4 Retry / Approval / Handover	Retry across 5 skills; Approval newly covered by Pillar 4.2; Handover central to code-to-workflow
Step 5 Production Validation	code-to-workflow Step 6 (3-layer funnel) + working _audit.mjs / _n8n_import_test.mjs in examples
Unfixed findings → SECURITY-CAVEATS.md	required output #2 in n8n-security-governance + real file in on-prem example
Block-3 SSO / IAM / HA / DR	docs/enterprise-setup.md settles the boundary and gives Pack-side rules
Block-3 Observability	new Observability section in n8n-security-governance

The hero is no longer a marketing claim. Every block is backed by a file in the repo.

---

🤖 Generated with Claude Code

v0.22.2 — On-prem example security disclosure (NOT patched)

v0.22.2 — On-prem example security disclosure (NOT patched)

After a user-raised review surfaced severe authentication and SQL injection gaps in the on-prem LINE CS example, the pack ran a code audit and chose to disclose, not silently patch. Silent patching would misrepresent both the case study and the CREDITS.md attribution chain.

What was disclosed

In examples/line-ai-customer-service-onprem/SECURITY-CAVEATS.md, every issue is documented with file/line and repro:

• /api/auth/me always returns {authenticated: true} — zero session/JWT.
• Login uses plaintext password SQL comparison.
• All /api/* data routes have no auth middleware: settings GET/POST (reads/writes all API keys), user_states GET/POST, reset-handover, logs add/search, upload, n8n.credentials_entity listing, qdrant collections.
• SQL identifier injection in updateSettings: request-body keys are concatenated directly into INSERT/UPDATE SQL.
• No CSRF, no rate limit, no audit log, no helmet, no CORS lockdown.

Why disclose-don't-patch

1. Silent patching misrepresents the upstream POC.
2. The vulnerabilities themselves are the lesson: AI-coded software that runs ≠ enterprise-deployable software.
3. The CREDITS.md chain records who did what; we did not do hardening, so we don't claim to have.

To deploy: fork and apply the 10-step hardening checklist at the end of SECURITY-CAVEATS.md (middleware → session → bcrypt → SQL whitelist → CSRF → rate limit → audit log → endpoint trimming → upload hardening → secret encryption).

Marquee skill upgrade

The code-to-workflow skill now mandates a Step 1.5: Security audit (10-item checklist) between source inventory and partition decision, plus a new hard rule §3 requiring publication of a SECURITY-CAVEATS.md if vulnerabilities are found and not fixed. Future Code2n8n ports cannot quietly inherit the same blind spot.

Surrounding doc downgrades

• On-prem README: prominent DO-NOT-DEPLOY banner; "enterprise-grade real-world variant" wording → "real-world POC port".
• CODE2N8N.md: case-study entry annotated with ⚠️ + SECURITY-CAVEATS link.
• CREDITS.md: new "Security audit performed, NOT patched" section.

No code or workflow logic changed.

---

🤖 Generated with Claude Code

v0.22.1 — Relicense whole pack as MIT

Switches the repository license from TigerAI Proprietary to MIT, making the entire pack a single, consistent open-source distribution.

What changed

• New root LICENSE — MIT (Copyright (c) 2026 Morris Lu / TigerAI), with an appendix pointing to the existing per-subdirectory LICENSE / CREDITS chains for bundled third-party material.
• plugin.json license field: Proprietary → MIT.
• README.md / README.zh.md license section: now states the whole pack is MIT and lists each derived subdirectory.
• THIRD_PARTY_NOTICES.md trailing section: changed from Proprietary to MIT; the bundled third-party material's own copyright notices remain in place.

What did NOT change

• Vendor skills (skills/_vendor/): MIT, as before.
• Reference workflows (reference-workflows/): MIT, as before.
• Derived examples (examples/google-workspace-admin-workflow/, both line-ai-customer-service*): retain their upstream attribution chains.
• No code or workflow logic changed.

GitHub will auto-detect the LICENSE file and show the MIT badge on the repo.

---

🤖 Generated with Claude Code

v0.22.0 — Marquee code-to-workflow skill + on-prem LINE CS case (MIT)

v0.22.0 — Marquee skill code-to-workflow + on-prem LINE CS case (MIT)

Fulfils the CODE2N8N.md promise: the Skill Pack now actually contains the marquee Code2n8n skill the manifesto advertises.

🎯 New marquee skill: skills/tigerai/code-to-workflow/

The methodology for turning any existing program / system (Apps Script, Netlify Functions, Express, Docker stack, …) into a governable n8n workflow, distilled from the three real case studies in this pack.

Triggers: "把這個 repo 移到 n8n" / "Code2n8n 一下" / "port to n8n" / "幫我把這個 Lambda 改成 workflow" / "我的 Python 腳本想丟給營運維護"

7-step methodology:

1. Source inventory — entry points, side effects, external calls, data stores, UI/backend split
2. Partition rubric — what stays as code-as-service / what becomes a node / what becomes a connection
3. Core + entry architecture — for multi-channel systems, one core, N entries
4. Frontend portability decision tree — A keep original / B point original at n8n / C n8n-hosted spartan UI
5. Native-first workflow design — declarative nodes everywhere except annotated HTTP fallbacks
6. 3-layer validation funnel — static lint + n8n REST import + Layer 3 live execution
7. Documentation outputs recipe — SDD / FRONTEND-SDD / PROVENANCE / FIELD-MAPPING / CREDITS / TODO

Real-world gotchas catalogue covering ~15 patterns across deployment (port collision, shared DB credentials, global Redis), Node/build (Express v5 wildcards, ESM tsx, sandbox crypto), LINE/messaging (raw-body signature, reply-token TTL, multi-event webhooks), Google Workspace (Docs paragraph style, Sheets dropdown, frozen header), and AI/RAG (GPT-5 Responses API, no native Gemini, Ollama Docker network names, Switch-on-active_ai RAG paths).

Hard rules: never strip upstream license, scrub secrets before commit, don't claim n8n can replace a UI, preserve fidelity with PROVENANCE.md pinned to a commit SHA, never declare done until Layer 1+2 both pass, tag every local n8n import with [Claude YYYY-MM-DD].

Registered as tigerai / role: marquee. Skills count 13 → 14.

🆕 New case study: examples/line-ai-customer-service-onprem/

An MIT-licensed practice case that walks the full Code2n8n pipeline end-to-end. Took scorpioliu0953/ai_customer_service (upstream cloud version, MIT) and evolved it into a full on-prem Docker stack:

• Infrastructure: Postgres + Redis + Qdrant + Ollama containers, replacing Supabase entirely
• Knowledge: Qdrant vector RAG instead of plain reference file
• Auth: real-user accounts in a Postgres users table, replacing the shared-token shim
• Brain: 37-node n8n workflow with Switch on active_ai → three RAG paths (OpenAI / Gemini / Ollama local LLM)
• Validation: a 5-phase V&V plan (Infra / API / UI / HMR / E2E) with real PASS records
• Lessons learned: 5 real port-time issues, captured in docs/LESSON_LEARNED.md (port collision, Express v5 wildcard, ESM tsx, shared DB credentials, global Redis)

Ships docs, SDD, DEV_LOG, LESSON_LEARNED, WALKTHROUGH_N8N, supabase_schema.sql, docker-compose + Dockerfiles, the full React + Express src/ tree, and the 37-node n8n_workflow_export.json.

License + attribution: upstream MIT preserved verbatim; CREDITS.md records the full chain (upstream → Morris Lu's on-prem evolution → this pack). Before committing, one hard-coded OPENWEBUI_API_KEY was scrubbed and n8n-backup/creds_backup.json was deliberately excluded.

Sits side-by-side with the existing examples/line-ai-customer-service/ (the cloud version we built in v0.19.0). Readers see the same upstream system on two different Code2n8n paths — cloud-minimum vs on-prem-enterprise — and can choose which fits their environment.

📝 Surrounding updates

• CODE2N8N.md — surfaces the marquee skill and reorganises the skill / case-study layering
• Cloud LINE CS README — adds a banner pointing to the on-prem variant
• plugin.json description — adds marquee + the three case study names
• VERSION → 0.22.0

The thesis (one line)

AI Coding solves "how is the function built"; code-to-workflow (this release's marquee skill) solves "how is the capability modularised"; n8n solves "how the modules cooperate across the whole enterprise."

Read the full manifesto.

---

🤖 Generated with Claude Code