n8n-nodes-safeagent 0.1.0

package/README.md

@@ -0,0 +1,229 @@
+# n8n-nodes-safeagent
+
+## Requirements
+
+- Python 3.10+
+- `pip install safeagent-exec-guard`
+- `python3` must be available on PATH in the environment where n8n is running
+
+> **Note:** If you're running n8n via Docker, you'll need a custom image with Python installed, or use the Postgres backend via an external SafeAgent API endpoint.
+
+---
+
+An [n8n](https://n8n.io) community node that wraps the
+[`safeagent-exec-guard`](https://pypi.org/project/safeagent-exec-guard/) Python library to bring
+the **claim-before-execute** idempotency pattern to your n8n workflows.
+
+---
+
+## The Claim-Before-Execute Pattern
+
+AI agents and event-driven workflows face a hard problem: the same logical request can arrive more
+than once (webhook retries, queue redeliveries, user double-clicks). Without a guard, every
+duplicate triggers the side effect again — double charges, duplicate emails, duplicate DB rows.
+
+**Claim-before-execute** solves this with a single atomic database write:
+
+```
+1. Before doing anything irreversible, claim the (requestId, actionName) pair.
+2. If the claim succeeds  → you are the first runner.  Proceed with the action.
+3. If the claim is denied → someone else already ran it.  Return the cached receipt and stop.
+```
+
+The claim is implemented as a SQL `INSERT … ON CONFLICT DO NOTHING` (or equivalent), making it
+naturally atomic and race-condition-safe even under concurrent workers.
+
+```
+Incoming event
+     │
+     ▼
+┌────────────────────┐
+│  SafeAgent Guard   │  ← this n8n node
+│  insert_if_not_    │
+│  exists(rid, act)  │
+└────────┬───────────┘
+         │
+   ┌─────┴──────┐
+   │            │
+inserted=true  inserted=false
+   │            │
+   ▼            ▼
+Proceed     Return cached
+with        receipt → skip
+action      downstream nodes
+```
+
+---
+
+## Installation
+
+### Prerequisites
+
+- n8n ≥ 0.190.0
+- Python 3.9+ in `PATH`
+- The `safeagent-exec-guard` Python package:
+
+```bash
+pip install safeagent-exec-guard
+# or, for Postgres support:
+pip install "safeagent-exec-guard[postgres]"
+```
+
+### Add to n8n
+
+```bash
+# In your n8n data directory
+npm install n8n-nodes-safeagent
+```
+
+Or use the n8n **Settings → Community Nodes → Install** UI and enter `n8n-nodes-safeagent`.
+
+---
+
+## Node Fields
+
+| Field | Type | Description |
+|---|---|---|
+| **Request ID** | String | Unique identifier for the logical request (e.g. webhook event ID, message UUID). Supports n8n expressions like `{{ $json["id"] }}`. |
+| **Action Name** | String | Name of the side-effectful action being guarded (e.g. `send_invoice`, `charge_card`). Together with Request ID it forms the idempotency key. |
+| **Backend** | Dropdown | `SQLite (local file)` — zero-config, good for dev / single-instance. `PostgreSQL` — distributed-safe, recommended for production / multi-worker. |
+| **SQLite Database Path** | String *(SQLite only)* | Path to the `.db` file. Defaults to `safeagent.db` in the n8n working directory. |
+| **Postgres Credentials** | Credential *(Postgres only)* | Host, port, database, user, password, SSL toggle. |
+
+---
+
+## Output Fields
+
+The node adds the following fields to the item's JSON:
+
+| Field | Type | Meaning |
+|---|---|---|
+| `requestId` | string | Echo of the input Request ID |
+| `actionName` | string | Echo of the input Action Name |
+| `backend` | string | `"sqlite"` or `"postgres"` |
+| `isDuplicate` | boolean | `true` if this (requestId, actionName) was already claimed |
+| `shouldProceed` | boolean | `true` if this is a new claim and the action should run |
+| `inserted` | boolean | Raw value from the guard library |
+| `receipt` | object | The stored execution record (timestamps, metadata, etc.) |
+
+---
+
+## Usage in a Workflow
+
+### Pattern A — IF branch
+
+```
+Webhook → SafeAgent Guard → IF (shouldProceed == true)
+                                   ├─ true  → Charge Card → Mark Complete
+                                   └─ false → Return Cached Receipt
+```
+
+### Pattern B — Stop-and-error on duplicate
+
+Add an **IF** node after the guard:
+
+- **Condition**: `{{ $json.isDuplicate }}` equals `true`
+- **True branch**: Stop And Error (or Respond to Webhook with the cached receipt)
+- **False branch**: continue with the real work
+
+### Minimal inline example
+
+```json
+{
+  "nodes": [
+    {
+      "type": "n8n-nodes-safeagent.safeAgent",
+      "parameters": {
+        "requestId": "={{ $json[\"webhookEventId\"] }}",
+        "actionName": "send_welcome_email",
+        "backend": "sqlite",
+        "sqlitePath": "/data/safeagent.db"
+      }
+    }
+  ]
+}
+```
+
+---
+
+## Postgres Setup
+
+1. Create a dedicated database and user:
+
+```sql
+CREATE DATABASE safeagent;
+CREATE USER safeagent_user WITH PASSWORD 'secret';
+GRANT ALL PRIVILEGES ON DATABASE safeagent TO safeagent_user;
+```
+
+2. The guard library creates the `execution_claims` table automatically on first run (`init_db()`).
+
+3. In n8n, add a **SafeAgent Postgres Credentials** credential and select it in the node.
+
+For high-throughput use-cases add an index:
+
+```sql
+CREATE UNIQUE INDEX IF NOT EXISTS ux_execution_claims
+  ON execution_claims (request_id, action_name);
+```
+
+---
+
+## How the Subprocess Works
+
+The node calls the guard library via `python3 -c "..."` so that:
+
+- No additional n8n-side dependencies are needed beyond Node.js.
+- The Python environment (virtualenv, system packages, etc.) is fully under your control.
+- The library can be upgraded independently of the n8n node.
+
+The script follows this pattern:
+
+```python
+import json
+from safeagent_exec_guard.sqlite_store import SQLiteExecutionStore
+
+store = SQLiteExecutionStore('safeagent.db')
+store.init_db()
+result = store.insert_if_not_exists('<requestId>', '<actionName>')
+print(json.dumps(result))
+```
+
+The JSON printed to stdout is parsed and merged into the n8n item.
+
+---
+
+## Security Considerations
+
+- Request ID and Action Name values are single-quote–escaped before being embedded in the Python
+  string literal to prevent injection.
+- Postgres credentials are never written to disk; they are passed via an in-memory DSN string
+  constructed at runtime.
+- The subprocess timeout is 15 seconds. Long-running `init_db()` migrations (first run on a large
+  Postgres cluster) may need the timeout raised in the source.
+
+---
+
+## Development
+
+```bash
+git clone https://github.com/your-org/n8n-nodes-safeagent
+cd n8n-nodes-safeagent
+npm install
+npm run build      # compiles TypeScript → dist/
+npm run dev        # watch mode
+npm run lint
+```
+
+To test locally against a running n8n instance:
+
+```bash
+export N8N_CUSTOM_EXTENSIONS="/path/to/n8n-nodes-safeagent"
+n8n start
+```
+
+---
+
+## License
+
+MIT © Your Name

package/dist/credentials/PostgresApiCredentials.credentials.d.ts

@@ -0,0 +1,7 @@
+import { ICredentialType, INodeProperties } from 'n8n-workflow';
+export declare class PostgresApiCredentials implements ICredentialType {
+    name: string;
+    displayName: string;
+    documentationUrl: string;
+    properties: INodeProperties[];
+}

package/dist/credentials/PostgresApiCredentials.credentials.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PostgresApiCredentials = void 0;
+class PostgresApiCredentials {
+    constructor() {
+        this.name = 'postgresApiCredentials';
+        this.displayName = 'SafeAgent Postgres Credentials';
+        this.documentationUrl = 'https://github.com/your-org/n8n-nodes-safeagent#postgres-setup';
+        this.properties = [
+            {
+                displayName: 'Host',
+                name: 'host',
+                type: 'string',
+                default: 'localhost',
+                placeholder: 'localhost',
+                description: 'PostgreSQL server hostname',
+            },
+            {
+                displayName: 'Port',
+                name: 'port',
+                type: 'number',
+                default: 5432,
+                description: 'PostgreSQL server port',
+            },
+            {
+                displayName: 'Database',
+                name: 'database',
+                type: 'string',
+                default: 'safeagent',
+                description: 'Name of the database that holds the execution-guard table',
+            },
+            {
+                displayName: 'User',
+                name: 'user',
+                type: 'string',
+                default: '',
+                description: 'Database user',
+            },
+            {
+                displayName: 'Password',
+                name: 'password',
+                type: 'string',
+                typeOptions: { password: true },
+                default: '',
+                description: 'Database password',
+            },
+            {
+                displayName: 'SSL',
+                name: 'ssl',
+                type: 'boolean',
+                default: false,
+                description: 'Whether to connect using SSL/TLS',
+            },
+        ];
+    }
+}
+exports.PostgresApiCredentials = PostgresApiCredentials;
+//# sourceMappingURL=PostgresApiCredentials.credentials.js.map

package/dist/credentials/PostgresApiCredentials.credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PostgresApiCredentials.credentials.js","sourceRoot":"","sources":["../../credentials/PostgresApiCredentials.credentials.ts"],"names":[],"mappings":";;;AAKA,MAAa,sBAAsB;IAAnC;QACE,SAAI,GAAG,wBAAwB,CAAC;QAChC,gBAAW,GAAG,gCAAgC,CAAC;QAC/C,qBAAgB,GAAG,gEAAgE,CAAC;QAEpF,eAAU,GAAsB;YAC9B;gBACE,WAAW,EAAE,MAAM;gBACnB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,WAAW;gBACpB,WAAW,EAAE,WAAW;gBACxB,WAAW,EAAE,4BAA4B;aAC1C;YACD;gBACE,WAAW,EAAE,MAAM;gBACnB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,IAAI;gBACb,WAAW,EAAE,wBAAwB;aACtC;YACD;gBACE,WAAW,EAAE,UAAU;gBACvB,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,WAAW;gBACpB,WAAW,EAAE,2DAA2D;aACzE;YACD;gBACE,WAAW,EAAE,MAAM;gBACnB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,EAAE;gBACX,WAAW,EAAE,eAAe;aAC7B;YACD;gBACE,WAAW,EAAE,UAAU;gBACvB,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;gBAC/B,OAAO,EAAE,EAAE;gBACX,WAAW,EAAE,mBAAmB;aACjC;YACD;gBACE,WAAW,EAAE,KAAK;gBAClB,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,KAAK;gBACd,WAAW,EAAE,kCAAkC;aAChD;SACF,CAAC;IACJ,CAAC;CAAA;AAnDD,wDAmDC"}

package/dist/nodes/SafeAgent/SafeAgent.node.d.ts

@@ -0,0 +1,5 @@
+import { IExecuteFunctions, INodeExecutionData, INodeType, INodeTypeDescription } from 'n8n-workflow';
+export declare class SafeAgent implements INodeType {
+    description: INodeTypeDescription;
+    execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]>;
+}

package/dist/nodes/SafeAgent/SafeAgent.node.js

@@ -0,0 +1,215 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SafeAgent = void 0;
+const n8n_workflow_1 = require("n8n-workflow");
+const child_process_1 = require("child_process");
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/** Escape single-quotes so the value is safe to embed in a Python string literal. */
+function pyStr(value) {
+    return value.replace(/\\/g, '\\\\').replace(/'/g, "\\'");
+}
+/**
+ * Build the inline Python snippet for the SQLite backend.
+ *
+ * Uses safeagent_exec_guard.sqlite_store.SQLiteExecutionStore which exposes:
+ *   insert_if_not_exists(request_id, action_name) -> dict
+ *
+ * The dict has at minimum:
+ *   { "inserted": bool, "receipt": { ... } }
+ */
+function buildSQLiteScript(requestId, actionName, dbPath) {
+    const rid = pyStr(requestId);
+    const act = pyStr(actionName);
+    const db = pyStr(dbPath);
+    return ('import json; ' +
+        'from safeagent_exec_guard.sqlite_store import SQLiteExecutionStore; ' +
+        `store = SQLiteExecutionStore('${db}'); ` +
+        'store.init_db(); ' +
+        `result = store.insert_if_not_exists('${rid}', '${act}'); ` +
+        'print(json.dumps(result))');
+}
+/**
+ * Build the inline Python snippet for the Postgres backend.
+ *
+ * Uses safeagent_exec_guard.pg_store.PostgresExecutionStore which accepts a
+ * libpq DSN string.
+ */
+function buildPostgresScript(requestId, actionName, dsn) {
+    const rid = pyStr(requestId);
+    const act = pyStr(actionName);
+    const d = pyStr(dsn);
+    return ('import json; ' +
+        'from safeagent_exec_guard.pg_store import PostgresExecutionStore; ' +
+        `store = PostgresExecutionStore('${d}'); ` +
+        'store.init_db(); ' +
+        `result = store.insert_if_not_exists('${rid}', '${act}'); ` +
+        'print(json.dumps(result))');
+}
+// ---------------------------------------------------------------------------
+// Node definition
+// ---------------------------------------------------------------------------
+class SafeAgent {
+    constructor() {
+        this.description = {
+            displayName: 'SafeAgent Execution Guard',
+            name: 'safeAgent',
+            // Built-in placeholder icon; replace with a custom SVG in nodes/SafeAgent/safeagent.svg
+            icon: 'fa:shield-alt',
+            group: ['transform'],
+            version: 1,
+            subtitle: '={{$parameter["actionName"]}}',
+            description: 'Claim-before-execute idempotency guard powered by the safeagent-exec-guard Python library. ' +
+                'Returns a cached receipt when the (requestId, actionName) pair was already processed, ' +
+                'or a "proceed" signal when it is new.',
+            defaults: {
+                name: 'SafeAgent Guard',
+            },
+            inputs: ['main'],
+            outputs: ['main'],
+            credentials: [
+                {
+                    name: 'postgresApiCredentials',
+                    required: false,
+                    displayOptions: {
+                        show: {
+                            backend: ['postgres'],
+                        },
+                    },
+                },
+            ],
+            properties: [
+                // ── Request ID ────────────────────────────────────────────────────────
+                {
+                    displayName: 'Request ID',
+                    name: 'requestId',
+                    type: 'string',
+                    default: '',
+                    required: true,
+                    placeholder: '={{ $json["requestId"] }}',
+                    description: 'Unique identifier for this logical request (e.g. webhook event ID, message UUID). ' +
+                        'Used together with Action Name to form the idempotency key.',
+                },
+                // ── Action Name ───────────────────────────────────────────────────────
+                {
+                    displayName: 'Action Name',
+                    name: 'actionName',
+                    type: 'string',
+                    default: '',
+                    required: true,
+                    placeholder: 'send_invoice',
+                    description: 'Name of the side-effectful action being guarded (e.g. "send_invoice", "charge_card"). ' +
+                        'Combined with Request ID to create a unique execution claim.',
+                },
+                // ── Backend ───────────────────────────────────────────────────────────
+                {
+                    displayName: 'Backend',
+                    name: 'backend',
+                    type: 'options',
+                    options: [
+                        {
+                            name: 'SQLite (local file)',
+                            value: 'sqlite',
+                            description: 'Lightweight; good for single-instance or development use',
+                        },
+                        {
+                            name: 'PostgreSQL',
+                            value: 'postgres',
+                            description: 'Distributed-safe; recommended for multi-worker / production deployments',
+                        },
+                    ],
+                    default: 'sqlite',
+                    description: 'Storage backend used by the execution-guard library',
+                },
+                // ── SQLite path (only shown when backend = sqlite) ────────────────────
+                {
+                    displayName: 'SQLite Database Path',
+                    name: 'sqlitePath',
+                    type: 'string',
+                    default: 'safeagent.db',
+                    displayOptions: {
+                        show: {
+                            backend: ['sqlite'],
+                        },
+                    },
+                    description: 'Filesystem path to the SQLite database file. ' +
+                        'Relative paths are resolved from the n8n working directory.',
+                },
+            ],
+        };
+    }
+    // ── Execute ──────────────────────────────────────────────────────────────
+    async execute() {
+        const items = this.getInputData();
+        const returnData = [];
+        for (let i = 0; i < items.length; i++) {
+            const requestId = this.getNodeParameter('requestId', i);
+            const actionName = this.getNodeParameter('actionName', i);
+            const backend = this.getNodeParameter('backend', i);
+            if (!requestId.trim()) {
+                throw new n8n_workflow_1.NodeOperationError(this.getNode(), 'Request ID must not be empty.', {
+                    itemIndex: i,
+                });
+            }
+            if (!actionName.trim()) {
+                throw new n8n_workflow_1.NodeOperationError(this.getNode(), 'Action Name must not be empty.', {
+                    itemIndex: i,
+                });
+            }
+            let script;
+            if (backend === 'sqlite') {
+                const dbPath = this.getNodeParameter('sqlitePath', i);
+                script = buildSQLiteScript(requestId, actionName, dbPath || 'safeagent.db');
+            }
+            else {
+                // Build a libpq DSN from the stored credentials
+                const creds = await this.getCredentials('postgresApiCredentials');
+                const host = creds.host;
+                const port = creds.port;
+                const database = creds.database;
+                const user = creds.user;
+                const password = creds.password;
+                const ssl = creds.ssl;
+                const sslMode = ssl ? 'require' : 'disable';
+                const dsn = `postgresql://${encodeURIComponent(user)}:${encodeURIComponent(password)}@${host}:${port}/${database}?sslmode=${sslMode}`;
+                script = buildPostgresScript(requestId, actionName, dsn);
+            }
+            let rawOutput;
+            try {
+                rawOutput = (0, child_process_1.execSync)(`python3 -c "${script.replace(/"/g, '\\"')}"`, {
+                    encoding: 'utf8',
+                    timeout: 15000,
+                }).trim();
+            }
+            catch (err) {
+                const message = err instanceof Error ? err.message : String(err);
+                throw new n8n_workflow_1.NodeOperationError(this.getNode(), `safeagent-exec-guard subprocess failed: ${message}`, { itemIndex: i });
+            }
+            let guardResult;
+            try {
+                guardResult = JSON.parse(rawOutput);
+            }
+            catch {
+                throw new n8n_workflow_1.NodeOperationError(this.getNode(), `Unexpected output from safeagent-exec-guard (expected JSON): ${rawOutput}`, { itemIndex: i });
+            }
+            // `inserted: true`  → new claim; caller should proceed with the action.
+            // `inserted: false` → already executed; caller should skip and use receipt.
+            const isDuplicate = guardResult.inserted === false;
+            returnData.push({
+                json: {
+                    requestId,
+                    actionName,
+                    backend,
+                    isDuplicate,
+                    shouldProceed: !isDuplicate,
+                    ...guardResult,
+                },
+                pairedItem: { item: i },
+            });
+        }
+        return [returnData];
+    }
+}
+exports.SafeAgent = SafeAgent;
+//# sourceMappingURL=SafeAgent.node.js.map

package/dist/nodes/SafeAgent/SafeAgent.node.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SafeAgent.node.js","sourceRoot":"","sources":["../../../nodes/SafeAgent/SafeAgent.node.ts"],"names":[],"mappings":";;;AAAA,+CAMsB;AACtB,iDAAyC;AAEzC,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,qFAAqF;AACrF,SAAS,KAAK,CAAC,KAAa;IAC1B,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,iBAAiB,CAAC,SAAiB,EAAE,UAAkB,EAAE,MAAc;IAC9E,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7B,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAEzB,OAAO,CACL,eAAe;QACf,sEAAsE;QACtE,iCAAiC,EAAE,MAAM;QACzC,mBAAmB;QACnB,wCAAwC,GAAG,OAAO,GAAG,MAAM;QAC3D,2BAA2B,CAC5B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,mBAAmB,CAC1B,SAAiB,EACjB,UAAkB,EAClB,GAAW;IAEX,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7B,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9B,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;IAErB,OAAO,CACL,eAAe;QACf,oEAAoE;QACpE,mCAAmC,CAAC,MAAM;QAC1C,mBAAmB;QACnB,wCAAwC,GAAG,OAAO,GAAG,MAAM;QAC3D,2BAA2B,CAC5B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,MAAa,SAAS;IAAtB;QACE,gBAAW,GAAyB;YAClC,WAAW,EAAE,2BAA2B;YACxC,IAAI,EAAE,WAAW;YACjB,wFAAwF;YACxF,IAAI,EAAE,eAAe;YACrB,KAAK,EAAE,CAAC,WAAW,CAAC;YACpB,OAAO,EAAE,CAAC;YACV,QAAQ,EAAE,+BAA+B;YACzC,WAAW,EACT,6FAA6F;gBAC7F,wFAAwF;gBACxF,uCAAuC;YACzC,QAAQ,EAAE;gBACR,IAAI,EAAE,iBAAiB;aACxB;YACD,MAAM,EAAE,CAAC,MAAM,CAAC;YAChB,OAAO,EAAE,CAAC,MAAM,CAAC;YACjB,WAAW,EAAE;gBACX;oBACE,IAAI,EAAE,wBAAwB;oBAC9B,QAAQ,EAAE,KAAK;oBACf,cAAc,EAAE;wBACd,IAAI,EAAE;4BACJ,OAAO,EAAE,CAAC,UAAU,CAAC;yBACtB;qBACF;iBACF;aACF;YACD,UAAU,EAAE;gBACV,yEAAyE;gBACzE;oBACE,WAAW,EAAE,YAAY;oBACzB,IAAI,EAAE,WAAW;oBACjB,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,2BAA2B;oBACxC,WAAW,EACT,oFAAoF;wBACpF,6DAA6D;iBAChE;gBACD,yEAAyE;gBACzE;oBACE,WAAW,EAAE,aAAa;oBAC1B,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,cAAc;oBAC3B,WAAW,EACT,wFAAwF;wBACxF,8DAA8D;iBACjE;gBACD,yEAAyE;gBACzE;oBACE,WAAW,EAAE,SAAS;oBACtB,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,qBAAqB;4BAC3B,KAAK,EAAE,QAAQ;4BACf,WAAW,EAAE,0DAA0D;yBACxE;wBACD;4BACE,IAAI,EAAE,YAAY;4BAClB,KAAK,EAAE,UAAU;4BACjB,WAAW,EAAE,yEAAyE;yBACvF;qBACF;oBACD,OAAO,EAAE,QAAQ;oBACjB,WAAW,EAAE,qDAAqD;iBACnE;gBACD,yEAAyE;gBACzE;oBACE,WAAW,EAAE,sBAAsB;oBACnC,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,cAAc;oBACvB,cAAc,EAAE;wBACd,IAAI,EAAE;4BACJ,OAAO,EAAE,CAAC,QAAQ,CAAC;yBACpB;qBACF;oBACD,WAAW,EACT,+CAA+C;wBAC/C,6DAA6D;iBAChE;aACF;SACF,CAAC;IA4FJ,CAAC;IA1FC,4EAA4E;IAE5E,KAAK,CAAC,OAAO;QACX,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,UAAU,GAAyB,EAAE,CAAC;QAE5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,CAAC,CAAW,CAAC;YAClE,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,YAAY,EAAE,CAAC,CAAW,CAAC;YACpE,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,CAA0B,CAAC;YAE7E,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;gBACtB,MAAM,IAAI,iCAAkB,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,+BAA+B,EAAE;oBAC5E,SAAS,EAAE,CAAC;iBACb,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC;gBACvB,MAAM,IAAI,iCAAkB,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,gCAAgC,EAAE;oBAC7E,SAAS,EAAE,CAAC;iBACb,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAc,CAAC;YAEnB,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,YAAY,EAAE,CAAC,CAAW,CAAC;gBAChE,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,IAAI,cAAc,CAAC,CAAC;YAC9E,CAAC;iBAAM,CAAC;gBACN,gDAAgD;gBAChD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;gBAClE,MAAM,IAAI,GAAG,KAAK,CAAC,IAAc,CAAC;gBAClC,MAAM,IAAI,GAAG,KAAK,CAAC,IAAc,CAAC;gBAClC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAkB,CAAC;gBAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAc,CAAC;gBAClC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAkB,CAAC;gBAC1C,MAAM,GAAG,GAAG,KAAK,CAAC,GAAc,CAAC;gBAEjC,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;gBAC5C,MAAM,GAAG,GAAG,gBAAgB,kBAAkB,CAAC,IAAI,CAAC,IAAI,kBAAkB,CACxE,QAAQ,CACT,IAAI,IAAI,IAAI,IAAI,IAAI,QAAQ,YAAY,OAAO,EAAE,CAAC;gBAEnD,MAAM,GAAG,mBAAmB,CAAC,SAAS,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;YAC3D,CAAC;YAED,IAAI,SAAiB,CAAC;YACtB,IAAI,CAAC;gBACH,SAAS,GAAG,IAAA,wBAAQ,EAAC,eAAe,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,EAAE;oBAClE,QAAQ,EAAE,MAAM;oBAChB,OAAO,EAAE,KAAM;iBAChB,CAAC,CAAC,IAAI,EAAE,CAAC;YACZ,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,MAAM,IAAI,iCAAkB,CAC1B,IAAI,CAAC,OAAO,EAAE,EACd,2CAA2C,OAAO,EAAE,EACpD,EAAE,SAAS,EAAE,CAAC,EAAE,CACjB,CAAC;YACJ,CAAC;YAED,IAAI,WAAoC,CAAC;YACzC,IAAI,CAAC;gBACH,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACtC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,iCAAkB,CAC1B,IAAI,CAAC,OAAO,EAAE,EACd,gEAAgE,SAAS,EAAE,EAC3E,EAAE,SAAS,EAAE,CAAC,EAAE,CACjB,CAAC;YACJ,CAAC;YAED,wEAAwE;YACxE,4EAA4E;YAC5E,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,KAAK,KAAK,CAAC;YAEnD,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE;oBACJ,SAAS;oBACT,UAAU;oBACV,OAAO;oBACP,WAAW;oBACX,aAAa,EAAE,CAAC,WAAW;oBAC3B,GAAG,WAAW;iBACf;gBACD,UAAU,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;aACxB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,UAAU,CAAC,CAAC;IACtB,CAAC;CACF;AAtLD,8BAsLC"}

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "n8n-nodes-safeagent",
+  "version": "0.1.0",
+  "description": "n8n community node — SafeAgent execution guard (claim-before-execute idempotency pattern)",
+  "keywords": [
+    "n8n-community-node-package",
+    "safeagent",
+    "idempotency",
+    "execution-guard"
+  ],
+  "license": "MIT",
+  "homepage": "https://github.com/your-org/n8n-nodes-safeagent",
+  "author": {
+    "name": "Your Name",
+    "email": "you@example.com"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/your-org/n8n-nodes-safeagent.git"
+  },
+  "main": "index.js",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "format": "prettier nodes credentials --write",
+    "lint": "eslint nodes credentials package.json",
+    "lintfix": "eslint nodes credentials package.json --fix",
+    "prepublishOnly": "npm run build"
+  },
+  "files": [
+    "dist"
+  ],
+  "n8n": {
+    "n8nNodesApiVersion": 1,
+    "credentials": [
+      "dist/credentials/PostgresApiCredentials.credentials.js"
+    ],
+    "nodes": [
+      "dist/nodes/SafeAgent/SafeAgent.node.js"
+    ]
+  },
+  "devDependencies": {
+    "@types/node": "^18.16.0",
+    "n8n-workflow": "*",
+    "typescript": "^5.1.0"
+  },
+  "peerDependencies": {
+    "n8n-workflow": "*"
+  }
+}