@path58/p58-n8n 0.2.17 → 0.2.20-demo.2

package/docs/GET-STARTED-IN-5-MIN.md

@@ -0,0 +1,185 @@
+# Get Started in 5 Minutes — p58-n8n Demo
+
+> From a `P58_ACCESS_TOKEN` in hand to your first agent-built n8n workflow executing — in under 10 minutes, entirely through Claude Desktop.
+
+This is the AX-Native path: you install one MCP server, paste your token, and **talk to Claude Desktop**. The agent builds and tests real workflows on your n8n instance via the p58-n8n MCP tools. There is no web app, no dashboard, no UI to learn beyond Claude Desktop itself.
+
+---
+
+## 1. Prerequisites
+
+| You need | How to get it |
+|---|---|
+| **Claude Desktop** | Free at [claude.ai/download](https://claude.ai/download) |
+| **Node.js 18+** | `node --version` to check; [nodejs.org](https://nodejs.org) to install |
+| **A `P58_ACCESS_TOKEN`** | Issued to you directly by Tsvika (this is a **premium** demo token — pre-issued, not self-serve) |
+| **An n8n instance** | Your own n8n (cloud or self-hosted) with an **API key** (`Settings → API → Create API Key`) and the **base URL** |
+| **Credentials in n8n** | For each demo prompt you try, the relevant service credential added in your n8n (e.g. a Slack bot token for the Slack prompts, an OpenAI key for the AI prompts) |
+
+> **Tier note:** this demo runs on **premium** access (your pre-issued `P58_ACCESS_TOKEN`). It is not the free-tier `npm install` path and not the dev/direct-DB path. The token unlocks the full enriched catalog via the Path58 REST proxy; if the proxy is ever unreachable, p58-n8n falls back to the bundled free catalog so you keep working.
+
+---
+
+## 2. Install (for the demo)
+
+Install the **demo** build explicitly — do **not** use a bare `npm install @path58/p58-n8n` (that pulls an older `latest` tag):
+
+```bash
+npm install @path58/p58-n8n@demo
+```
+
+This installs the v5 demo bundle (`0.2.20-demo.2` at time of writing). You can also let Claude Desktop run it on demand via `npx -y @path58/p58-n8n@demo` (see the config block below).
+
+---
+
+## 3. Claude Desktop config block
+
+Add this to your `claude_desktop_config.json`
+(macOS: `~/Library/Application Support/Claude/claude_desktop_config.json` · Windows: `%APPDATA%\Claude\claude_desktop_config.json`),
+then **fully quit and reopen** Claude Desktop:
+
+```json
+{
+  "mcpServers": {
+    "p58-n8n": {
+      "command": "npx",
+      "args": ["-y", "@path58/p58-n8n@demo"],
+      "env": {
+        "N8N_API_URL": "https://YOUR-n8n-host/api/v1",
+        "N8N_API_KEY": "YOUR_N8N_API_KEY",
+        "P58_ACCESS_TOKEN": "YOUR_P58_ACCESS_TOKEN"
+      }
+    }
+  }
+}
+```
+
+Replace the three `YOUR_…` placeholders with your n8n base URL, your n8n API key, and the `P58_ACCESS_TOKEN` Tsvika sent you. After restarting, ask Claude:
+
+> "Run `setup_check`."
+
+A healthy response shows your n8n connected, the credential count it can see, and premium catalog access active.
+
+---
+
+## 4. Your first automation — start here (the aha-moment)
+
+Don't start with a throwaway "hello world." Let the agent **look at what you already have** and build the best real automation it can — pull live data and deliver a friendly, personalized result to a channel you'll actually see. Paste this:
+
+> Check which credentials I have, then build me the most impressive **zero-setup** automation you can: pull some live data and deliver a friendly result to a channel I can actually see. **Prefer email** (just use my address) since it needs no IDs; use Slack only if you can resolve a channel; **skip Telegram**. Make it a **webhook-triggered** workflow, set every value explicitly, address the message to me **by name**, and add a short warm welcome. Then run it so I see the result.
+
+**What the agent does — the opportunistic recipe:**
+1. `setup_check` + `list_credentials` → discovers your credentials.
+2. **Tells you the plan first (in the chat).** Before building, the agent says what it found and what it's about to build, and sets the expectation that this is a **best-effort first automation** — e.g.: *"You've got Slack, OpenWeatherMap and Gmail connected. I'll build you a webhook → live weather → Slack welcome. This is a best-effort first run; if n8n flags anything I'll fix it and re-run so you see the result. One moment…"* That way nothing is a surprise, and a quick self-heal iteration reads as part of the show, not a stumble.
+3. Picks **datasource → (optional AI) → channel**, choosing the **lowest-friction channel you have** (email → Slack → *never* Telegram, whose chat-id can't be discovered cold).
+4. Builds a **webhook-triggered** workflow with **explicit** values, credentials wired **by ID**.
+5. `test_workflow` → if a field is missing, it reads the **exact** gap and `partial_update`s the fix, then re-tests (the self-heal loop).
+6. **Reports honestly.** On success: "✅ it ran — check your channel." If it delivered but the verification pass couldn't confirm cleanly (the optional-login case below): "it ran and the message should have arrived — I just couldn't run my extra verification pass without your n8n login."
+
+**A real example of what lands** (built *and executed live* during our own QA — a personalized Path58 welcome with live weather):
+
+> 👋 **Hello World — and welcome to Path58, Tsvi!** 🎉
+> This little message is your very first automation, built and run straight from your chat — no clicks, no canvas, no copy-paste.
+> 🌦️ **Live right now in Tel Aviv:** 25.09°C, clear sky · humidity 63% · wind 5.14 m/s
+> Real data → real automation → this message. You describe what you want; your agent ships it. 🚀
+> _Welcome aboard — with ❤️ from the Path58 team_
+
+> **Reliability tip:** the most bulletproof first demo leans on **version-stable nodes** (Webhook, OpenWeatherMap, Slack, Gmail, Code, HTTP) and an **email or Slack** channel. AI/LangChain nodes are higher-reward but version-sensitive — perfect as a *follow-up* once the first one lands.
+
+> **Zero-friction tip (roadmap):** the agent will soon **reuse proven runtime values from your existing workflows** — the Slack channel you already post to, an email you already send to, even a Telegram chat-id that already works — so it never has to ask. That lands your welcome where you already operate. *(In progress — until then the agent asks once for the one value it can't discover.)*
+
+### Optional — let the agent run-and-verify for you
+
+Building, deploying, and **running** your workflow needs only your **n8n URL + API key**. On some n8n versions the agent's *confirmation* step (a verification pass that proves the workflow executed) additionally needs your n8n **login email + password** — exposed as the **optional** `N8N_USER_EMAIL` / `N8N_USER_PASSWORD` config fields. Your workflow runs and delivers **without** them; they only let the agent show a clean "✅ verified it ran." If the agent ever reports a workflow "failed" but the result still arrives on your channel, that's this verification gap (tracked internally).
+
+---
+
+## 5. More sample prompts to try
+
+Type or speak any of these to Claude Desktop. Each builds **and tests** a real workflow on your n8n. Replace `<channel-id>` with your own Slack channel ID. (These three are a subset of the 8 curated demo prompts — full set in the demo pack's `CURATED-DEMO-PROMPTS.md`.)
+
+**Sample 1 — Weather → Slack** *(simplest; source VT cell S003)*
+```
+Get the current weather for Tel Aviv and post it as a message to my Slack
+channel <channel-id>, including the temperature and description.
+```
+
+**Sample 2 — Weather leaderboard with a Code node → Slack** *(source VT cell S010)*
+```
+Get the current weather for Tel Aviv, London, New York, Tokyo, and Sydney.
+Use a Code node to rank them hottest-to-coldest, then post the leaderboard
+to my Slack channel <channel-id>.
+```
+
+**Sample 3 — Webhook → AI classify → Switch → Slack** *(source VT cell S012)*
+```
+Create a webhook workflow that receives text in a "message" field. Use OpenAI
+to classify sentiment, topic, and urgency, then use a Switch node to route to
+my Slack channel <channel-id> with an [URGENT]/[NORMAL]/[LOW] prefix based on
+the urgency.
+```
+
+Under the hood, for each prompt the agent runs the same MCP tool chain:
+**`setup_check` → `list_credentials` → `build_workflow` → `test_workflow`** — plan, assemble valid JSON, validate against the real catalog, auto-fix, wire your existing credentials, deploy, and execute.
+
+---
+
+## 6. Expected output
+
+**Sample 1 (Weather → Slack):**
+- Claude reports it built a 3-node workflow (Manual Trigger → OpenWeatherMap → Slack), deployed it, and ran `test_workflow` green.
+- **Verify it yourself:** a message appears in your Slack channel with Tel Aviv's temperature and description.
+
+**Sample 2 (Leaderboard):**
+- Claude built Manual Trigger → OpenWeatherMap → Code → Slack, ran it green.
+- **Verify:** a single Slack message ranks all five cities hottest-to-coldest.
+
+**Sample 3 (Webhook + AI + Switch):**
+- Claude built Webhook → OpenAI classifier → Switch → Slack, activated the webhook, and POSTed a test payload during `test_workflow`.
+- **Verify:** a Slack message arrives with an `[URGENT]` / `[NORMAL]` / `[LOW]` prefix matching the test message's urgency. The execution result Claude shows you includes the per-node classification output.
+
+In each case Claude shows a per-call metrics footer (tokens / cost / time). On the v5 measured suite, prompts at this complexity frequently complete **one-shot** — one `build_workflow`, first `test_workflow` green (see § Honest performance below).
+
+---
+
+## 7. Troubleshooting
+
+| Symptom | Cause | Fix |
+|---|---|---|
+| **Claude doesn't see the p58-n8n tools** | Config not loaded | Fully quit Claude Desktop (not just close the window) and reopen. Confirm the JSON is valid (no trailing commas) and in the right config path for your OS. |
+| **`setup_check` says token invalid / premium not active** | Wrong or expired `P58_ACCESS_TOKEN` | Re-paste the exact token Tsvika sent (no surrounding quotes/spaces). If it still fails, message Tsvika to re-issue. You can keep using the free bundled catalog meanwhile. |
+| **`setup_check` says n8n not connected** | Wrong `N8N_API_URL` / `N8N_API_KEY` | URL must end in `/api/v1`. Regenerate the API key in n8n (`Settings → API`). Confirm the host is reachable from your machine. |
+| **`install failed` / `npx` errors** | Node too old or network | `node --version` must be ≥ 18. Retry `npm install @path58/p58-n8n@demo`; behind a proxy, set `HTTPS_PROXY`. |
+| **Workflow builds but `test_workflow` fails on a credential** | That service's credential isn't in your n8n | Add the credential in n8n first (e.g. Slack bot token), then ask Claude to re-test. Ask: "list my credentials" — the agent runs `list_credentials` so you can see what's wired. |
+| **Webhook prompt: nothing happens** | Webhook not active | The agent activates the webhook during `test_workflow`; if you re-run manually, make sure the workflow is **active** before POSTing. |
+| **`setup_check` shows `n8n_version: null`** | Version not resolved from your n8n API | Normal — if a build needs it, just tell Claude your n8n version. (Tracked: `REQ-2026-06-01-setup-check-n8n-version-resolution`.) |
+| **`setup_check` shows `allowlist_status: not_configured`** | Looks alarming, isn't | Normal when `user_authorized: true` — your token **is** the authorization; no action needed. (Tracked: `REQ-2026-06-01-setup-check-allowlist-status-ux`.) |
+
+---
+
+## Honest performance — what "first try" actually means
+
+p58-n8n's North-Star metric is **1-shot-1-kill (STRONG ⭐)**: the agent gets it right on the **first** attempt — one `build_workflow`, the **first** `test_workflow` runs green, no patches, no rebuilds — **and** the harness directly observed the workflow execute (audit-grade proof). This is deliberately stricter than "pass rate."
+
+On the v5 release (golden07 substrate, canonical `verification_subclass` reclassifier — see the **Methodology footnote** at the end)<sup>†</sup>:
+
+| Model | 1-shot-1-kill STRONG ⭐ | Pass rate (eventual) |
+|---|---|---|
+| **P58 + Opus** | **42%** (21/50) | 100% |
+| **P58 + Sonnet** | **38%** (19/50) | 100% |
+| **P58 + Haiku** | **4%** (2/50) | 94% |
+| **Every competitor MCP (9 architectures)** | **0%** † | varies |
+
+*P58 rows: canonical **250-cell g07 shootout** (3 arms × N=2). †Competitor row: the **12-arm cross-architecture canonical shootout** (320 cells), same reclassifier — all 9 competitor architectures reach **0% strong-proof (verified-green)**, which caps their 1-shot-1-kill STRONG ⭐ at 0% too.*
+
+**Read the two columns as different things.** Pass rate = "eventually got there." STRONG ⭐ = "got it right on the first try, with verified proof it ran." We report them separately on purpose — conflating them would be a Goodhart trap.
+
+**Why competitors sit at 0% STRONG — it's architectural, not tuning.** Every competitor n8n MCP today talks to n8n over REST CRUD (create/update/delete). The strongest proof they can offer is "HTTP 200 — workflow saved," then *polling* the executions list afterward to guess which run was theirs (a weak proof tier). The signal that proves a workflow actually ran the way you asked lives in n8n's execution-result payload — and **only p58-n8n's `test_workflow` returns that synchronously**. So competitors can *claim* success but cannot *prove* execution: under fair, identical scoring they top out at the "ran, weak proof" tier and reach **zero** strong-proof cells. The most extreme case — **N8NMCP-V253** — uses `n8n_update_partial_workflow` as its primary editing tool, so every workflow is built through multiple patches by design, which also rules out the one-shot trace shape entirely. (Full detail in the [README performance section](https://github.com/tsvika58/p58-n8n#readme).)
+
+**Want to check our claims?** Every cell is scored by a canonical reclassifier against a published per-cell shape contract (`per-cell-outcome-1.1.0` schema), and the tier rule (`verified_green` vs `verified_yellow`) is the same for every arm — competitor MCPs are not penalized; they simply don't emit strong-proof signal. The same harness can be pointed at any MCP server.
+
+> **Methodology footnote.** All v5 numbers were measured per the RAG-4.97.8 v5 release on the canonical **golden07** substrate, per the formal `is_1s1k_strong(cell)` definition in STRATEGIC_ANCHORS v1.2.0, and were **substrate-clean** per the INC-2026-05-29 memory-quarantine fix (pre-2026-05-29 baselines on this hardware are non-canonical and are not cited). Tier colors were cross-validated by the canonical reclassifier (`per-cell-outcome-1.1.0` schema). This is the first canonical-clean performance release for the project.
+
+---
+
+**Built by [Path58](https://path58.com)** · Questions during the demo? → tvagman@gmail.com

package/docs/mcp-install-cloudflare-access-runbook.md

@@ -0,0 +1,124 @@
+# Runbook — Installing p58-n8n against an n8n behind Cloudflare Access
+
+> **⚠️ This is an OPTIONAL edge case.** Most users do **not** need it. You only need this runbook if your n8n is sitting **behind Cloudflare Access** (a Zero-Trust login wall) — the symptom is that a valid n8n API key returns a `302` redirect to a `*.cloudflareaccess.com` login page instead of reaching n8n. If your n8n is on `localhost`, n8n Cloud, or a normally-reachable host, ignore this file and use [`AGENT_INSTALL.md`](../AGENT_INSTALL.md).
+
+---
+
+## When this applies
+
+| Your `setup_check` / curl shows | This runbook applies? |
+|---|---|
+| `200` on the API pair-test | ❌ No — you're done, normal install |
+| `401 invalid signature` / `401 unauthorized` | ❌ No — key/instance mismatch; see AGENT_INSTALL Step 4 |
+| **`302` → `*.cloudflareaccess.com`** | ✅ **Yes** — your n8n is behind Cloudflare Access |
+
+p58-n8n supports two env vars for this case — `CF_ACCESS_CLIENT_ID` and `CF_ACCESS_CLIENT_SECRET` — which it sends as `CF-Access-Client-Id` / `CF-Access-Client-Secret` headers on every n8n request.<sup>[[1]](#sources)</sup>
+
+---
+
+## Step 1 — Search for an existing CF Access service token
+
+A CF Access **service token** (a client-id / client-secret pair) is what lets a non-interactive client pass the wall. Search before asking:<sup>[[2]](#sources)</sup>
+
+```bash
+# 1Password (common storage for service tokens)
+op item list 2>/dev/null | grep -i "cloudflare\|cf-access\|access-service"
+# .env files in the project
+grep -rlE "CF_ACCESS_CLIENT_(ID|SECRET)" . --include=".env*" 2>/dev/null
+# macOS Keychain
+security find-generic-password -s cloudflare-access 2>/dev/null
+```
+
+If none exist, the user (or their Cloudflare admin) creates one: **Cloudflare Zero Trust → Access → Service Auth → Create Service Token**, then adds an Access policy allowing that token to reach the n8n application.
+
+---
+
+## Step 2 — Pair-test through Cloudflare Access
+
+Validate **before** writing any config:<sup>[[2]](#sources)</sup>
+
+```bash
+curl -s -o /dev/null -w "%{http_code}" "$N8N_API_URL/workflows?limit=1" \
+  -H "X-N8N-API-KEY: $N8N_API_KEY" \
+  -H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \
+  -H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET"
+```
+
+| Result | Meaning | Action |
+|---|---|---|
+| `200` | Token passes CF **and** the n8n key is valid | ✅ Write config (Step 3) |
+| `302` → cloudflareaccess.com | Service token missing/invalid, or no Access policy for it | Recheck the token + its Access policy |
+| `403` | Token reached CF but is not allowed for this app | Add/fix the Access policy for the service token |
+| `401 invalid signature` | CF passed, but the n8n key is for a **different** instance | Re-pair the n8n key/URL (see AGENT_INSTALL Step 4) |
+
+> **Premium token vs n8n engine (don't conflate):** `P58_ACCESS_TOKEN` (premium catalog) is unrelated to Cloudflare Access. CF service tokens gate access to *your n8n engine*; the premium token gates the *enriched catalog*. You may need both, neither, or either.<sup>[[3]](#sources)</sup>
+
+---
+
+## Step 3 — Write the config
+
+Add the CF service-token vars alongside your normal n8n env (see [`AGENT_INSTALL.md`](../AGENT_INSTALL.md) Step 5 for per-client formats):
+
+```json
+{
+  "mcpServers": {
+    "p58-n8n": {
+      "command": "npx",
+      "args": ["-y", "@path58/p58-n8n@demo"],
+      "env": {
+        "N8N_API_URL": "https://your-n8n.example.com/api/v1",
+        "N8N_API_KEY": "<n8n-api-key>",
+        "CF_ACCESS_CLIENT_ID": "<cf-service-token-id>",
+        "CF_ACCESS_CLIENT_SECRET": "<cf-service-token-secret>",
+        "P58_ACCESS_TOKEN": "<premium-token-if-you-have-one>"
+      }
+    }
+  }
+}
+```
+
+To keep the secrets out of plaintext config, wrap them with `op read` (see AGENT_INSTALL Step 5). Then **restart the client** (env loads only at startup) and run `setup_check` to confirm `workflow_engine_connected: true`.
+
+---
+
+## Decision flow
+
+```mermaid
+flowchart TD
+    A["Discover n8n URL"] --> B["Pair-test: GET /api/v1/workflows<br/>with X-N8N-API-KEY"]
+    B -->|"200"| OK["✅ Normal install — no CF needed"]
+    B -->|"401 invalid signature / unauthorized"| RP["Re-pair key/URL or mint key<br/>(AGENT_INSTALL Step 4)"]
+    B -->|"302 → cloudflareaccess.com"| CF["n8n is behind Cloudflare Access"]
+    CF --> S["Search for CF service token<br/>1Password / .env / Keychain"]
+    S --> T["Re-test with CF-Access-Client-Id/Secret headers"]
+    T -->|"200"| W["Write config + CF vars → restart → setup_check"]
+    T -->|"403 / 302"| POL["Fix CF Access policy for the service token"]
+    POL --> T
+    RP --> B
+
+    classDef d fill:#16213e,stroke:#6366f1,color:#e0e0e0;
+    classDef ok fill:#0f3460,stroke:#10b981,color:#e0e0e0;
+    classDef warn fill:#3a2a16,stroke:#f59e0b,color:#e0e0e0;
+    class A,B,S,T d;
+    class OK,W ok;
+    class CF,RP,POL warn;
+```
+
+---
+
+## Cross-references
+
+- [`AGENT_INSTALL.md`](../AGENT_INSTALL.md) — Step 4 validation loop (the `302` branch points here); Step 5 config formats.
+- [`README.md`](../README.md) — Authentication Layers table (Cloudflare Access row).
+
+---
+
+## Sources
+
+1. **CF Access header support** — `src/shared/n8n-api-adapter.ts` reads `CF_ACCESS_CLIENT_ID` / `CF_ACCESS_CLIENT_SECRET` and sends them as `CF-Access-Client-Id` / `CF-Access-Client-Secret` headers; `src/mcp/startup-summary.ts` probes their presence.
+2. **Search-first + pair-test matrix** — field report `MCP_INSTALL_FIELD_REPORT_2026-06-01` §6–§7; curl results (`200` / `302`→cloudflareaccess / `401 invalid signature`) observed in a live install session against an n8n behind a Cloudflare tunnel + Access.
+3. **Premium-vs-engine boundary** — `src/mcp/runtime/access-mode.ts`: `P58_ACCESS_TOKEN` unlocks the enriched catalog (premium), independent of the n8n engine connection.
+
+---
+
+**Package:** `@path58/p58-n8n` · **Version:** 0.2.20-demo.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@path58/p58-n8n",
-  "version": "0.2.17",
+  "version": "0.2.20-demo.2",
   "description": "The smartest and fastest n8n MCP server — validate, fix, and discover workflows inside your LLM",
   "keywords": [
     "mcp",
@@ -30,14 +30,16 @@
     "README.md",
     "AGENT_INSTALL.md",
     "CHANGELOG.md",
-    "LICENSE"
+    "LICENSE",
+    "docs/GET-STARTED-IN-5-MIN.md",
+    "docs/mcp-install-cloudflare-access-runbook.md"
   ],
   "type": "module",
   "main": "dist/index.js",
   "scripts": {
     "build": "tsc -p tsconfig.build.json",
     "deploy:vps": "bash scripts/deploy-vps.sh",
-    "postbuild": "node scripts/fix-esm-imports.mjs dist && (head -1 dist/mcp/server.js | grep -q '^#!/usr/bin/env node' || (printf '#!/usr/bin/env node\\n' | cat - dist/mcp/server.js > dist/mcp/server.tmp && mv dist/mcp/server.tmp dist/mcp/server.js)) && chmod +x dist/mcp/server.js && node scripts/bundle-mcp.mjs",
+    "postbuild": "node scripts/fix-esm-imports.mjs dist && (head -1 dist/mcp/server.js | grep -q '^#!/usr/bin/env node' || (printf '#!/usr/bin/env node\\n' | cat - dist/mcp/server.js > dist/mcp/server.tmp && mv dist/mcp/server.tmp dist/mcp/server.js)) && chmod +x dist/mcp/server.js && node scripts/generate-autofix-data-snapshot.mjs && node scripts/bundle-mcp.mjs",
     "lint": "eslint \"src/**/*.ts\" --ignore-pattern \"**/archive/**\" --ignore-pattern \"**/*archive*/**\"",
     "typecheck": "tsc --project tsconfig.ci.json --noEmit",
     "test": "vitest run",
@@ -45,9 +47,12 @@
     "test:ci": "vitest run --config vitest.config.ci.ts",
     "catalog:snapshot": "npx tsx src/scripts/production/catalog/generate-catalog-snapshot.ts",
     "backfill:classifications": "tsx src/scripts/production/classification/backfill-classifications.ts",
+    "dev:backfill-operation-id": "tsx src/scripts/production/enrichment/backfill-operation-id.ts",
+    "backfill:loadoptions": "tsx scripts/backfill-loadoptions-annotation.ts",
     "production:fix-rerun": "tsx src/scripts/production/comprehensive-fix-rerun-production.ts",
     "production:fix-rerun-simple": "tsx src/scripts/production/comprehensive-fix-rerun-simple.ts",
     "qa:sample": "npm run lint && npm run check:functions:src && npm test",
+    "audit:aliases": "tsx scripts/audits/audit-aliases.ts",
     "check:functions": "npx ts-node scripts/check-function-length.ts",
     "check:functions:src": "npx ts-node scripts/check-function-length.ts src",
     "dev:db-test": "ts-node src/scripts/production/utilities/testDbConnection.ts",
@@ -226,11 +231,11 @@
     "@anthropic-ai/sdk": "^0.79.0",
     "@faker-js/faker": "^9.9.0",
     "@modelcontextprotocol/sdk": "^1.25.3",
-    "@tsvika58/shared-utilities": "^1.10.0",
     "@types/cheerio": "^0.22.35",
     "@types/node-cache": "^4.1.3",
     "@types/swagger-jsdoc": "^6.0.4",
     "@types/swagger-ui-express": "^4.1.8",
+    "acorn": "^8.15.0",
     "ajv": "^8.17.1",
     "axios": "^1.13.2",
     "bcryptjs": "^2.4.3",
@@ -245,6 +250,7 @@
     "js-tiktoken": "^1.0.21",
     "json-schema-faker": "^0.5.9",
     "lru-cache": "^11.2.5",
+    "minimatch": "^9.0.9",
     "node-cache": "^5.1.2",
     "openai": "^6.9.1",
     "p-limit": "^7.2.0",
@@ -258,11 +264,13 @@
     "swagger-ui-express": "^5.0.1",
     "tsyringe": "^4.10.0",
     "turndown": "^7.1.3",
-    "zod": "^3.25.76"
+    "zod": "^3.25.76",
+    "zod-to-json-schema": "^3.25.1"
   },
   "devDependencies": {
     "@mermaid-js/mermaid-cli": "^11.12.0",
-    "@n8n/n8n-nodes-langchain": "^1.122.5",
+    "@tsvika58/shared-utilities": "^1.10.0",
+    "@n8n/n8n-nodes-langchain": "^2.20.7",
     "@types/bcrypt": "^6.0.0",
     "@types/bcryptjs": "^2.4.6",
     "@types/compression": "^1.8.1",
@@ -282,9 +290,8 @@
     "eslint": "^9.39.1",
     "fakeredis": "^2.0.0",
     "glob": "^13.0.0",
-    "n8n-core": "^2.11.0",
-    "n8n-mcp": "^2.33.5",
-    "n8n-nodes-base": "^1.121.4",
+    "n8n-core": "^2.16.1",
+    "n8n-nodes-base": "^2.15.1",
     "openapi-directory": "^1.3.17",
     "playwright": "^1.58.0",
     "supertest": "^7.1.4",