n8n-nodes-trusera 0.2.0 → 0.2.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Trusera
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/credentials/TruseraApi.credentials.ts

@@ -0,0 +1,40 @@
+import type {
+  IAuthenticateGeneric,
+  ICredentialType,
+  INodeProperties,
+} from 'n8n-workflow';
+
+export class TruseraApi implements ICredentialType {
+  name = 'truseraApi';
+  displayName = 'n8n API';
+  documentationUrl = 'https://docs.n8n.io/api/';
+
+  properties: INodeProperties[] = [
+    {
+      displayName: 'API Key',
+      name: 'apiKey',
+      type: 'string',
+      typeOptions: { password: true },
+      default: '',
+      required: true,
+      description: 'n8n API key from Settings > n8n API',
+    },
+    {
+      displayName: 'n8n Base URL',
+      name: 'baseUrl',
+      type: 'string',
+      default: 'http://localhost:5678',
+      required: false,
+      description: 'URL of your n8n instance',
+    },
+  ];
+
+  authenticate: IAuthenticateGeneric = {
+    type: 'generic',
+    properties: {
+      headers: {
+        'X-N8N-API-KEY': '={{$credentials.apiKey}}',
+      },
+    },
+  };
+}

package/nodes/TruseraDashboard/TruseraDashboard.node.ts

@@ -0,0 +1,79 @@
+import type {
+  IExecuteFunctions,
+  INodeExecutionData,
+  INodeType,
+  INodeTypeDescription,
+} from 'n8n-workflow';
+
+import { scanWorkflows } from '../../lib/scanner';
+import { generateDashboardHtml } from '../../lib/dashboardHtml';
+
+export class TruseraDashboard implements INodeType {
+  description: INodeTypeDescription = {
+    displayName: 'Trusera Dashboard',
+    name: 'truseraDashboard',
+    icon: 'file:trusera.png',
+    group: ['output'],
+    version: 1,
+    subtitle: 'AI Security Dashboard',
+    description:
+      'Fetch all n8n workflows, scan them for AI security risks, and return an interactive HTML dashboard',
+    defaults: {
+      name: 'Trusera Dashboard',
+    },
+    inputs: ['main'],
+    outputs: ['main'],
+    credentials: [
+      {
+        name: 'truseraApi',
+        required: true,
+      },
+    ],
+    properties: [
+      {
+        displayName: 'Dashboard Password',
+        name: 'password',
+        type: 'string',
+        typeOptions: { password: true },
+        default: '',
+        description:
+          'Optional. If set, the dashboard is AES-256-GCM encrypted and visitors must enter this password to view it.',
+      },
+    ],
+  };
+
+  async execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]> {
+    const creds = await this.getCredentials('truseraApi');
+    const baseUrl = (creds.baseUrl as string).replace(/\/$/, '');
+    const password = this.getNodeParameter('password', 0, '') as string;
+
+    // Fetch all workflows via n8n REST API (paginated)
+    const allWorkflows: Array<Record<string, unknown>> = [];
+    let cursor: string | null = null;
+    do {
+      const url =
+        `${baseUrl}/api/v1/workflows?limit=100` +
+        (cursor ? `&cursor=${cursor}` : '');
+      const resp = await this.helpers.httpRequestWithAuthentication.call(
+        this,
+        'truseraApi',
+        { method: 'GET', url, json: true },
+      );
+      const data = resp as { data: Array<Record<string, unknown>>; nextCursor?: string };
+      allWorkflows.push(...data.data);
+      cursor = data.nextCursor ?? null;
+    } while (cursor);
+
+    // Scan all workflows
+    const workflows = allWorkflows.map((wf) => ({
+      data: wf,
+      filePath: (wf.name as string) || (wf.id as string) || 'unknown',
+    }));
+    const scanResult = scanWorkflows(workflows);
+
+    // Generate HTML dashboard
+    const html = generateDashboardHtml(scanResult, password || undefined);
+
+    return [[{ json: { html } }]];
+  }
+}

package/nodes/TruseraDashboard/trusera.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" fill="none">
+  <path d="M32 4L56 18V46L32 60L8 46V18L32 4Z" fill="#0F172A" stroke="#3B82F6" stroke-width="2"/>
+  <text x="32" y="40" text-anchor="middle" font-family="Arial, sans-serif" font-size="28" font-weight="bold" fill="#3B82F6">T</text>
+</svg>

package/nodes/TruseraPolicy/TruseraPolicy.node.json

@@ -0,0 +1,17 @@
+{
+  "node": "n8n-nodes-trusera.truseraPolicy",
+  "nodeVersion": "1.0",
+  "codexVersion": "1.0",
+  "categories": ["AI", "Miscellaneous"],
+  "resources": {
+    "primaryDocumentation": [
+      {
+        "url": "https://trusera.dev/docs/n8n"
+      }
+    ]
+  },
+  "alias": ["policy", "security", "compliance", "trusera", "ai-bom"],
+  "subcategories": {
+    "AI": ["Security"]
+  }
+}

package/nodes/TruseraPolicy/TruseraPolicy.node.ts

@@ -0,0 +1,128 @@
+import type {
+  IExecuteFunctions,
+  INodeExecutionData,
+  INodeType,
+  INodeTypeDescription,
+} from 'n8n-workflow';
+
+import { evaluatePolicy, Policy } from '../../lib/policyEngine';
+import type { ScanResult } from '../../lib/models';
+
+export class TruseraPolicy implements INodeType {
+  description: INodeTypeDescription = {
+    displayName: 'Trusera Policy',
+    name: 'truseraPolicy',
+    icon: 'file:trusera.svg',
+    group: ['transform'],
+    version: 1,
+    subtitle: 'Enforce AI security policy',
+    description: 'Evaluate AI-BOM scan results against a security policy',
+    defaults: {
+      name: 'Trusera Policy',
+    },
+    inputs: ['main'],
+    outputs: ['main'],
+    properties: [
+      {
+        displayName: 'Scan Result Field',
+        name: 'scanResultField',
+        type: 'string',
+        default: '',
+        description:
+          'Field containing the scan result. If empty, the entire input JSON is used.',
+      },
+      {
+        displayName: 'Max Critical',
+        name: 'maxCritical',
+        type: 'number',
+        default: 0,
+        description: 'Maximum number of critical-severity components allowed',
+      },
+      {
+        displayName: 'Max High',
+        name: 'maxHigh',
+        type: 'number',
+        default: -1,
+        description:
+          'Maximum number of high-severity components allowed (-1 = unlimited)',
+      },
+      {
+        displayName: 'Max Risk Score',
+        name: 'maxRiskScore',
+        type: 'number',
+        default: -1,
+        description:
+          'Maximum risk score allowed for any component (-1 = unlimited)',
+      },
+      {
+        displayName: 'Block Providers',
+        name: 'blockProviders',
+        type: 'string',
+        default: '',
+        description:
+          'Comma-separated list of AI providers to block (e.g. "OpenAI,Anthropic")',
+      },
+      {
+        displayName: 'Block Flags',
+        name: 'blockFlags',
+        type: 'string',
+        default: '',
+        description:
+          'Comma-separated list of risk flags to block (e.g. "hardcoded_api_key,no_auth")',
+      },
+    ],
+  };
+
+  async execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]> {
+    const items = this.getInputData();
+    const returnData: INodeExecutionData[] = [];
+
+    for (let i = 0; i < items.length; i++) {
+      const scanResultField = this.getNodeParameter('scanResultField', i, '') as string;
+      const maxCritical = this.getNodeParameter('maxCritical', i, 0) as number;
+      const maxHigh = this.getNodeParameter('maxHigh', i, -1) as number;
+      const maxRiskScore = this.getNodeParameter('maxRiskScore', i, -1) as number;
+      const blockProvidersStr = this.getNodeParameter('blockProviders', i, '') as string;
+      const blockFlagsStr = this.getNodeParameter('blockFlags', i, '') as string;
+
+      const scanResult: ScanResult = scanResultField
+        ? (items[i].json[scanResultField] as unknown as ScanResult)
+        : (items[i].json as unknown as ScanResult);
+
+      if (!scanResult || !Array.isArray(scanResult.components)) {
+        returnData.push({
+          json: {
+            passed: false,
+            violations: ['Invalid scan result: missing components array'],
+          },
+        });
+        continue;
+      }
+
+      const policy: Policy = {
+        maxCritical,
+        blockProviders: blockProvidersStr
+          ? blockProvidersStr.split(',').map((s) => s.trim())
+          : [],
+        blockFlags: blockFlagsStr
+          ? blockFlagsStr.split(',').map((s) => s.trim())
+          : [],
+      };
+
+      if (maxHigh >= 0) policy.maxHigh = maxHigh;
+      if (maxRiskScore >= 0) policy.maxRiskScore = maxRiskScore;
+
+      const result = evaluatePolicy(scanResult, policy);
+
+      returnData.push({
+        json: {
+          ...result,
+          policyApplied: policy,
+          totalComponents: scanResult.components.length,
+        },
+      });
+    }
+
+    return [returnData];
+  }
+}

package/nodes/TruseraPolicy/trusera.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" fill="none">
+  <path d="M32 4L56 18V46L32 60L8 46V18L32 4Z" fill="#0F172A" stroke="#3B82F6" stroke-width="2"/>
+  <text x="32" y="40" text-anchor="middle" font-family="Arial, sans-serif" font-size="28" font-weight="bold" fill="#3B82F6">T</text>
+</svg>

package/nodes/TruseraReport/TruseraReport.node.json

@@ -0,0 +1,17 @@
+{
+  "node": "n8n-nodes-trusera.truseraReport",
+  "nodeVersion": "1.0",
+  "codexVersion": "1.0",
+  "categories": ["AI", "Miscellaneous"],
+  "resources": {
+    "primaryDocumentation": [
+      {
+        "url": "https://trusera.dev/docs/n8n"
+      }
+    ]
+  },
+  "alias": ["report", "security", "audit", "trusera", "ai-bom", "markdown"],
+  "subcategories": {
+    "AI": ["Security"]
+  }
+}

package/nodes/TruseraReport/TruseraReport.node.ts

@@ -0,0 +1,229 @@
+import type {
+  IDataObject,
+  IExecuteFunctions,
+  INodeExecutionData,
+  INodeType,
+  INodeTypeDescription,
+} from 'n8n-workflow';
+
+import type { ScanResult, AIComponent } from '../../lib/models';
+import { Severity } from '../../lib/models';
+import { FLAG_DESCRIPTIONS } from '../../lib/riskScorer';
+
+export class TruseraReport implements INodeType {
+  description: INodeTypeDescription = {
+    displayName: 'Trusera Report',
+    name: 'truseraReport',
+    icon: 'file:trusera.svg',
+    group: ['transform'],
+    version: 1,
+    subtitle: '={{$parameter["format"]}}',
+    description: 'Generate a human-readable AI security report from scan results',
+    defaults: {
+      name: 'Trusera Report',
+    },
+    inputs: ['main'],
+    outputs: ['main'],
+    properties: [
+      {
+        displayName: 'Scan Result Field',
+        name: 'scanResultField',
+        type: 'string',
+        default: '',
+        description:
+          'Field containing the scan result. If empty, the entire input JSON is used.',
+      },
+      {
+        displayName: 'Format',
+        name: 'format',
+        type: 'options',
+        noDataExpression: true,
+        options: [
+          {
+            name: 'Markdown',
+            value: 'markdown',
+            description: 'Generate a Markdown report',
+            action: 'Generate Markdown report',
+          },
+          {
+            name: 'JSON Summary',
+            value: 'jsonSummary',
+            description: 'Generate a compact JSON summary',
+            action: 'Generate JSON summary',
+          },
+        ],
+        default: 'markdown',
+      },
+      {
+        displayName: 'Include Low Severity',
+        name: 'includeLow',
+        type: 'boolean',
+        default: false,
+        description: 'Whether to include low-severity findings in the report',
+      },
+    ],
+  };
+
+  async execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]> {
+    const items = this.getInputData();
+    const returnData: INodeExecutionData[] = [];
+
+    for (let i = 0; i < items.length; i++) {
+      const scanResultField = this.getNodeParameter('scanResultField', i, '') as string;
+      const format = this.getNodeParameter('format', i) as string;
+      const includeLow = this.getNodeParameter('includeLow', i, false) as boolean;
+
+      const scanResult: ScanResult = scanResultField
+        ? (items[i].json[scanResultField] as unknown as ScanResult)
+        : (items[i].json as unknown as ScanResult);
+
+      if (!scanResult || !Array.isArray(scanResult.components)) {
+        returnData.push({
+          json: { error: 'Invalid scan result: missing components array' },
+        });
+        continue;
+      }
+
+      const filtered = includeLow
+        ? scanResult.components
+        : scanResult.components.filter((c) => c.risk.severity !== Severity.Low);
+
+      if (format === 'markdown') {
+        returnData.push({
+          json: { report: generateMarkdown(scanResult, filtered) },
+        });
+      } else {
+        returnData.push({
+          json: generateJsonSummary(scanResult, filtered) as unknown as IDataObject,
+        });
+      }
+    }
+
+    return [returnData];
+  }
+}
+
+function severityEmoji(severity: string): string {
+  switch (severity) {
+    case 'critical': return '[CRITICAL]';
+    case 'high': return '[HIGH]';
+    case 'medium': return '[MEDIUM]';
+    case 'low': return '[LOW]';
+    default: return '';
+  }
+}
+
+function generateMarkdown(result: ScanResult, components: AIComponent[]): string {
+  const lines: string[] = [];
+
+  lines.push('# Trusera AI-BOM Security Report');
+  lines.push('');
+  lines.push(`**Scan Date:** ${result.scanTimestamp}`);
+  lines.push(`**Target:** ${result.targetPath}`);
+  lines.push(`**AI-BOM Version:** ${result.aiBomVersion}`);
+  lines.push('');
+
+  // Summary
+  const summary = result.summary;
+  lines.push('## Summary');
+  lines.push('');
+  lines.push(`| Metric | Value |`);
+  lines.push(`| --- | --- |`);
+  lines.push(`| Total Components | ${summary.totalComponents} |`);
+  lines.push(`| Files Scanned | ${summary.totalFilesScanned} |`);
+  lines.push(`| Highest Risk Score | ${summary.highestRiskScore} |`);
+  lines.push(`| Scan Duration | ${summary.scanDurationSeconds.toFixed(2)}s |`);
+  lines.push('');
+
+  // Severity breakdown
+  if (Object.keys(summary.bySeverity).length > 0) {
+    lines.push('### By Severity');
+    lines.push('');
+    for (const [sev, count] of Object.entries(summary.bySeverity)) {
+      lines.push(`- ${severityEmoji(sev)} **${sev}**: ${count}`);
+    }
+    lines.push('');
+  }
+
+  // Provider breakdown
+  if (Object.keys(summary.byProvider).length > 0) {
+    lines.push('### By Provider');
+    lines.push('');
+    for (const [provider, count] of Object.entries(summary.byProvider)) {
+      lines.push(`- **${provider}**: ${count}`);
+    }
+    lines.push('');
+  }
+
+  // Findings
+  if (components.length > 0) {
+    lines.push('## Findings');
+    lines.push('');
+
+    const sorted = [...components].sort((a, b) => b.risk.score - a.risk.score);
+
+    for (const comp of sorted) {
+      lines.push(
+        `### ${severityEmoji(comp.risk.severity)} ${comp.name} (Score: ${comp.risk.score})`,
+      );
+      lines.push('');
+      lines.push(`- **Type:** ${comp.type}`);
+      lines.push(`- **Provider:** ${comp.provider}`);
+      if (comp.modelName) lines.push(`- **Model:** ${comp.modelName}`);
+      lines.push(`- **Location:** ${comp.location.filePath}`);
+      if (comp.location.contextSnippet) {
+        lines.push(`- **Context:** ${comp.location.contextSnippet}`);
+      }
+
+      if (comp.flags.length > 0) {
+        lines.push('- **Flags:**');
+        for (const flag of comp.flags) {
+          const desc = FLAG_DESCRIPTIONS[flag] || flag.replace(/_/g, ' ');
+          lines.push(`  - \`${flag}\`: ${desc}`);
+        }
+      }
+
+      if (comp.risk.factors.length > 0) {
+        lines.push('- **Risk Factors:**');
+        for (const factor of comp.risk.factors) {
+          lines.push(`  - ${factor}`);
+        }
+      }
+
+      lines.push('');
+    }
+  } else {
+    lines.push('## Findings');
+    lines.push('');
+    lines.push('No findings above the selected severity threshold.');
+    lines.push('');
+  }
+
+  lines.push('---');
+  lines.push('*Generated by [Trusera AI-BOM](https://trusera.dev)*');
+
+  return lines.join('\n');
+}
+
+function generateJsonSummary(
+  result: ScanResult,
+  components: AIComponent[],
+): Record<string, unknown> {
+  return {
+    scanTimestamp: result.scanTimestamp,
+    targetPath: result.targetPath,
+    aiBomVersion: result.aiBomVersion,
+    summary: result.summary,
+    findingsCount: components.length,
+    findings: components.map((c) => ({
+      name: c.name,
+      type: c.type,
+      provider: c.provider,
+      modelName: c.modelName,
+      severity: c.risk.severity,
+      score: c.risk.score,
+      flags: c.flags,
+      factors: c.risk.factors,
+    })),
+  };
+}

package/nodes/TruseraReport/trusera.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" fill="none">
+  <path d="M32 4L56 18V46L32 60L8 46V18L32 4Z" fill="#0F172A" stroke="#3B82F6" stroke-width="2"/>
+  <text x="32" y="40" text-anchor="middle" font-family="Arial, sans-serif" font-size="28" font-weight="bold" fill="#3B82F6">T</text>
+</svg>

package/nodes/TruseraScan/TruseraScan.node.json

@@ -0,0 +1,17 @@
+{
+  "node": "n8n-nodes-trusera.truseraScan",
+  "nodeVersion": "1.0",
+  "codexVersion": "1.0",
+  "categories": ["AI", "Miscellaneous"],
+  "resources": {
+    "primaryDocumentation": [
+      {
+        "url": "https://trusera.dev/docs/n8n"
+      }
+    ]
+  },
+  "alias": ["ai-bom", "security", "scan", "trusera", "ai", "risk"],
+  "subcategories": {
+    "AI": ["Security"]
+  }
+}

package/nodes/TruseraScan/TruseraScan.node.ts

@@ -0,0 +1,150 @@
+import type {
+  IDataObject,
+  IExecuteFunctions,
+  INodeExecutionData,
+  INodeType,
+  INodeTypeDescription,
+} from 'n8n-workflow';
+
+import { scanWorkflow, scanWorkflows, isValidWorkflow } from '../../lib/scanner';
+
+export class TruseraScan implements INodeType {
+  description: INodeTypeDescription = {
+    displayName: 'Trusera Scan',
+    name: 'truseraScan',
+    icon: 'file:trusera.svg',
+    group: ['transform'],
+    version: 1,
+    subtitle: '={{$parameter["operation"]}}',
+    description: 'Scan n8n workflows for AI security risks using Trusera AI-BOM',
+    defaults: {
+      name: 'Trusera Scan',
+    },
+    inputs: ['main'],
+    outputs: ['main'],
+    credentials: [
+      {
+        name: 'truseraApi',
+        required: false,
+      },
+    ],
+    properties: [
+      {
+        displayName: 'Operation',
+        name: 'operation',
+        type: 'options',
+        noDataExpression: true,
+        options: [
+          {
+            name: 'Scan Workflow JSON',
+            value: 'scanJson',
+            description: 'Scan a workflow JSON object from input',
+            action: 'Scan a workflow JSON object',
+          },
+          {
+            name: 'Scan Multiple Workflows',
+            value: 'scanMultiple',
+            description: 'Scan multiple workflow JSON objects from input array',
+            action: 'Scan multiple workflow JSON objects',
+          },
+        ],
+        default: 'scanJson',
+      },
+      {
+        displayName: 'Workflow JSON Field',
+        name: 'jsonField',
+        type: 'string',
+        default: 'json',
+        required: true,
+        description: 'Name of the input field containing the n8n workflow JSON',
+        displayOptions: {
+          show: {
+            operation: ['scanJson'],
+          },
+        },
+      },
+      {
+        displayName: 'Workflows Array Field',
+        name: 'arrayField',
+        type: 'string',
+        default: 'workflows',
+        required: true,
+        description: 'Name of the input field containing an array of workflow JSON objects',
+        displayOptions: {
+          show: {
+            operation: ['scanMultiple'],
+          },
+        },
+      },
+      {
+        displayName: 'File Path',
+        name: 'filePath',
+        type: 'string',
+        default: 'workflow.json',
+        required: false,
+        description: 'Virtual file path used in scan results for identification',
+      },
+    ],
+  };
+
+  async execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]> {
+    const items = this.getInputData();
+    const returnData: INodeExecutionData[] = [];
+
+    for (let i = 0; i < items.length; i++) {
+      const operation = this.getNodeParameter('operation', i) as string;
+      const filePath = this.getNodeParameter('filePath', i, 'workflow.json') as string;
+
+      if (operation === 'scanJson') {
+        const jsonField = this.getNodeParameter('jsonField', i) as string;
+        const workflowData = items[i].json[jsonField] ?? items[i].json;
+
+        if (!isValidWorkflow(workflowData)) {
+          returnData.push({
+            json: {
+              error: 'Invalid n8n workflow JSON: missing nodes or connections',
+              components: [],
+              summary: null,
+            },
+          });
+          continue;
+        }
+
+        const components = scanWorkflow(workflowData, filePath);
+        returnData.push({
+          json: {
+            components,
+            totalComponents: components.length,
+            filePath,
+          },
+        });
+      } else if (operation === 'scanMultiple') {
+        const arrayField = this.getNodeParameter('arrayField', i) as string;
+        const workflowsArray = items[i].json[arrayField];
+
+        if (!Array.isArray(workflowsArray)) {
+          returnData.push({
+            json: {
+              error: `Field "${arrayField}" is not an array`,
+              components: [],
+              summary: null,
+            },
+          });
+          continue;
+        }
+
+        const workflows = workflowsArray.map((data: unknown, idx: number) => ({
+          data,
+          filePath: `${filePath.replace('.json', '')}_${idx}.json`,
+        }));
+
+        const result = scanWorkflows(workflows);
+        returnData.push({
+          json: result as unknown as IDataObject,
+        });
+      }
+    }
+
+    return [returnData];
+  }
+}

package/nodes/TruseraScan/trusera.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" fill="none">
+  <path d="M32 4L56 18V46L32 60L8 46V18L32 4Z" fill="#0F172A" stroke="#3B82F6" stroke-width="2"/>
+  <text x="32" y="40" text-anchor="middle" font-family="Arial, sans-serif" font-size="28" font-weight="bold" fill="#3B82F6">T</text>
+</svg>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "n8n-nodes-trusera",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "n8n community node to scan workflows for AI security risks using Trusera AI-BOM",
   "keywords": [
     "n8n-community-node-package",
@@ -10,7 +10,7 @@
     "trusera",
     "workflow-security"
   ],
-  "license": "Apache-2.0",
+  "license": "MIT",
   "homepage": "https://trusera.dev",
   "author": {
     "name": "Trusera",
@@ -18,7 +18,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/trusera/ai-bom"
+    "url": "https://github.com/trusera/ai-bom",
+    "directory": "n8n-node"
   },
   "bugs": {
     "url": "https://github.com/trusera/ai-bom/issues"
@@ -45,6 +46,8 @@
   },
   "files": [
     "dist",
+    "credentials",
+    "nodes",
     "package.json",
     "LICENSE"
   ],