Skip to content

wranngle/n8n

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

n8n

Sanitized n8n workflow library: lead intake, enrichment, post-call processing, and webhook security middleware. The checked-in workflows are generic n8n. The registry still carries legacy voice-agent workflow metadata (ElevenLabs business process, integration entries), but the live agent runtime lives at wranngle/voice_ai_agent_evals.

What's in here

Demo

Install walkthrough

54-second walkthrough (historical, illustrative only): browse workflows/registry.yaml → generate a synthetic fixture → POST /rest/workflows → invoke via webhook → governance check. The current checkout ships no workflows/live-universalized/ fixtures, so the fixture-generation step shown does not run today (see Test fixtures below). Re-render with node scripts/generate-install-demo.mjs (ffmpeg required).

Fork a workflow

npm run build:site walks workflows/ and emits one fork-landing page per workflow at dist/site/<slug>/index.html. Each page carries a Download .json link, a placeholder workflow screenshot (screenshot.svg), and a one-line problem statement. If a deterministic fixture is present at fixtures/<slug>.json (round-1 #24), the page also links a sample payload so the fork story is end-to-end. Test contract: npm run test:site.

Architecture

See ARCHITECTURE.md for the lead intake → CRM → call → post-call flow and how this repo connects to its satellites:

  • wranngle/voice_ai_agent_evals: eval harness for ElevenLabs voice agents (the production agent runtime, prompt versioning, scenario framework)
  • wranngle/gtm_ops: unified GTM motion runtime (presales pipeline, ops-console, audit log surface)

Webhook authentication

The hardening scripts can add an X-Webhook-Secret header, validated against N8N_WEBHOOK_SECRET, but not every checked-in workflow is currently hardened. See docs/WEBHOOK_AUTH.md for the rotation playbook. ElevenLabs HMAC-signed webhooks (different protocol, HMAC-SHA256 over <timestamp>.<body>) are handled in voice_ai_agent_evals.

Test fixtures

scripts/generate-fixtures.js emits fixtures only for workflows/live-universalized/ entries; the current checkout has none. When entries exist, it writes one deterministic synthetic payload per workflow into fixtures/, keyed by registry slug. The generator inspects each workflow's trigger node (webhook, form, schedule, manual, evaluation, pipedrive) and shapes the payload accordingly so every importable workflow can be smoke-tested without touching tenant data. Re-running the script over a clean checkout produces zero diff: fixture drift is the signal, not the noise.

Workflow governance

  • DEV: all active development. Modifiable.
  • ARCHIVED: deprecated, read-only. Deletion is blocked; archive instead.
  • New workflows auto-tag as DEV.

workflows/governance.yaml is the authoritative phase tracker; scripts/governance-engine.js enforces it. See WORKFLOWS.md for the per-workflow index.

Security audit status

Each workflow in workflows/registry.yaml carries a security.audited ISO date and a security.scanner tag. The table below is regenerated by scripts/generate-readme-table.js; rerun it whenever an audit date is bumped, and node scripts/generate-readme-table.js --check exits non-zero if the table drifts from the registry.

Freshness reference: 2026-05-14. Entries audited within the last 90 days render green.

Workflow Audit status Scanner
lead-enrichment-microservice audited gitleaks+verify
lead-intake-main audited gitleaks+verify
youtube-rag-pipeline audited gitleaks+verify

Running

# Workflow API utilities (require N8N_API_KEY)
node scripts/list_workflows.js
node scripts/activate-workflow.js --workflow <id>

# Governance audit
node scripts/governance-engine.js --check

# Webhook security middleware (idempotent, run after creating new workflows)
node scripts/secure-n8n-webhooks.js --apply
node scripts/secure-internal-callers.js --apply

See .env.example for required environment variables.

One-click install

Import a workflow JSON into a local n8n instance via its REST API:

node scripts/install-workflow.js workflows/lead-intake-main.json \
  --n8n-url http://localhost:5678 --api-key "$N8N_API_KEY"

On success the script prints the new workflow id and exits 0. --n8n-url and --api-key may also be supplied via N8N_URL / N8N_API_KEY env vars.

Uninstall a workflow

Reverse of scripts/install-workflow.js. Looks up workflows on the remote n8n instance and deletes each match. --dry-run prints the exact API calls without mutating anything.

# Preview what would be deleted
node bin/uninstall-workflow.js --name lead-intake-main \
  --n8n-url http://localhost:5678 --api-key "$N8N_API_KEY" --dry-run

# Delete by id
node bin/uninstall-workflow.js --id wf-42 \
  --n8n-url http://localhost:5678 --api-key "$N8N_API_KEY"

--n8n-url and --api-key also accept N8N_URL / N8N_API_KEY env vars. Exits non-zero if no workflows match or any DELETE fails.

Diff two workflows

scripts/n8n-diff.js renders a deterministic markdown diff between two workflow JSON files: nodes added/removed/modified, connection delta, and env-var changes. Pair it with the one-click installer above for a "review before you ship" pre-merge check.

node scripts/n8n-diff.js workflows/a.json workflows/b.json
node scripts/n8n-diff.js workflows/a.json workflows/b.json --out diff.md

Demo against the bundled fixture pair:

node scripts/n8n-diff.js fixtures/diff/a.json fixtures/diff/b.json

Drift detector

Compare workflows deployed on an n8n instance against the JSON files tracked in this repo:

node bin/drift.js --n8n-url http://localhost:5678 --api-key "$N8N_API_KEY" \
  --workflows-dir ./workflows --out drift.md

The report (drift.md) groups results into three sections: Only on instance, Only in repo, and Modified (matched by name, compared via canonical fingerprint that ignores id/updatedAt/active). The script exits non-zero when any drift is detected so it can gate CI.

License

See LICENSE.

About

Sanitized n8n workflows for lead intake, enrichment, post-call flows, webhook auth, and deterministic fixtures.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors