n8n-dan

Running on CPU Upgrade

danilonovais commited on 11 days ago

Commit

89f19e4

1 Parent(s): da48ebe

Initial commit: n8n infrastructure with AI and automation

Add production-ready n8n infrastructure for Hugging Face Spaces, including Docker setup, environment configuration, AI integrations (LangChain, OpenAI, Anthropic, Google Vertex AI), vector store (ChromaDB), Supabase PostgreSQL support, automated backup and restore scripts, and knowledge base synchronization. Includes documentation, security policy, and example configuration files.

Files changed (14) hide show

.DS_Store +0 -0
LICENSE +171 -0
README.md +458 -0
SECURITY.md +147 -0
config/.env.example +58 -0
config/custom-nodes.json +44 -0
docker/Dockerfile +56 -0
docker/docker-compose.yml +101 -0
knowledge/.DS_Store +0 -0
package.json +48 -0
scripts/backup.sh +198 -0
scripts/restore.sh +204 -0
scripts/sync-knowledge.sh +367 -0
scripts/test-infrastructure.sh +190 -0

.DS_Store ADDED Viewed

Binary file (6.15 kB). View file

LICENSE ADDED Viewed

	@@ -0,0 +1,171 @@

+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+1. Definitions.
+"License\" shall mean the terms and conditions for use, reproduction,
+and distribution as defined by Sections 1 through 9 of this document.
+"Licensor\" shall mean the copyright owner or entity granting the License.
+"Legal Entity\" shall mean the union of the acting entity and all
+other entities that control, are controlled by, or are under common
+control with that entity. For the purposes of this definition,
+"control\" means (i) the power, direct or indirect, to cause the
+direction or management of such entity, whether by contract or
+otherwise, or (ii) ownership of fifty percent (50%) or more of the
+outstanding shares, or (iii) beneficial ownership of such entity.
+"You" (or "Your") shall mean an individual or Legal Entity
+exercising permissions granted by this License.
+"Source\" form shall mean the preferred form for making modifications,
+including but not limited to software source code, documentation
+source, and configuration files.
+"Object\" form shall mean any form resulting from mechanical
+transformation or translation of a Source form, including but
+not limited to compiled object code, generated documentation,
+and conversions to other media types.
+"Work\" shall mean the work of authorship, whether in Source or
+Object form, made available under the License, as indicated by a
+copyright notice that is included in or attached to the work
+(which shall not include communications that are clearly marked or
+otherwise designated in writing by the copyright owner as "Not a Work").
+"Derivative Works\" shall mean any work, whether in Source or Object
+form, that is based upon (or derived from) the Work and for which the
+editorial revisions, annotations, elaborations, or other modifications
+represent, as a whole, an original work of authorship. For the purposes
+of this License, Derivative Works shall not include works that remain
+separable from, or merely link (or bind by name) to the interfaces of,
+the Work and derivative works thereof.
+"Contribution\" shall mean any work of authorship, including
+the original version of the Work and any modifications or additions
+to that Work or Derivative Works thereof, that is intentionally
+submitted to Licensor for inclusion in the Work by the copyright owner
+or by an individual or Legal Entity authorized to submit on behalf of
+the copyright owner. For the purposes of this definition, "submitted"
+means any form of electronic, verbal, or written communication sent
+to the Licensor or its representatives, including but not limited to
+communication on electronic mailing lists, source code control
+systems, and issue tracking systems that are managed by, or on behalf
+of, the Licensor for the purpose of discussing and improving the Work,
+but excluding communication that is conspicuously marked or otherwise
+designated in writing by the copyright owner as "Not a Contribution."
+2. Grant of Copyright License. Subject to the terms and conditions of
+this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+copyright license to use, reproduce, modify, distribute, and prepare
+Derivative Works of, and to publicly perform and publicly display the
+Work and such Derivative Works in Source or Object form.
+3. Grant of Patent License. Subject to the terms and conditions of
+this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+(except as stated in this section) patent license to make, have made,
+use, offer to sell, sell, import, and otherwise transfer the Work,
+where such license applies only to those patent claims licensable
+by such Contributor that are necessarily infringed by their
+Contribution(s) alone or by combination of their Contribution(s)
+with the Work to which such Contribution(s) was submitted. If You
+institute patent litigation against any entity (including a
+cross-claim or counterclaim in a lawsuit) alleging that the Work
+or a Contribution incorporated within the Work constitutes direct
+or contributory patent infringement, then any patent licenses
+granted to You under this License for that Work shall terminate
+as of the date such litigation is filed.
+4. Redistribution. You may reproduce and distribute copies of the
+Work or Derivative Works thereof in any medium, with or without
+modifications, and in Source or Object form, provided that You
+meet the following conditions:
+(a) You must give any other recipients of the Work or
+Derivative Works a copy of this License; and
+(b) You must cause any modified files to carry prominent notices
+stating that You changed the files; and
+(c) You must retain, in the Source form of any Derivative Works
+that You distribute, all copyright, trademark, patent, attribution
+notices from the Source form of the Work, excluding those notices
+that do not pertain to any part of the Derivative Works; and
+(d) If the Work includes a "NOTICE\" text file as part of its
+distribution, then any Derivative Works that You distribute must
+include a readable copy of the attribution notices contained
+within such NOTICE file, excluding those notices that do not
+pertain to any part of the Derivative Works, in at least one
+of the following places: within a NOTICE text file distributed
+as part of the Derivative Works; within the Source form or
+documentation, if provided along with the Derivative Works; or,
+within a display generated by the Derivative Works, if and
+wherever such third-party notices normally appear. The contents
+of the NOTICE file are for informational purposes only and
+do not modify the License. You may add Your own attribution
+notices within Derivative Works that You distribute, alongside
+or as an addendum to the NOTICE text from the Work, provided
+that such additional attribution notices cannot be construed
+as modifying the License.
+You may add Your own copyright notice to Your modifications and
+may provide additional or different license terms and conditions
+for use, reproduction, or distribution of Your modifications, or
+for any such Derivative Works as a whole, provided Your use,
+reproduction, and distribution of the Work otherwise complies with
+the conditions stated in this License.
+5. Submission of Contributions. Unless You explicitly state otherwise,
+any Contribution intentionally submitted for inclusion in the Work
+by You to the Licensor shall be under the terms and conditions of
+this License, without any additional terms or conditions.
+Notwithstanding the above, nothing herein shall supersede or modify
+the terms of any separate license agreement you may have executed
+with Licensor regarding such Contributions.
+6. Trademarks. This License does not grant permission to use the trade
+names, trademarks, service marks, or product names of the Licensor,
+except as required for reasonable and customary use in describing the
+origin of the Work and reproducing the content of the NOTICE file.
+7. Disclaimer of Warranty. Unless required by applicable law or
+agreed to in writing, Licensor provides the Work (and each
+Contributor provides its Contributions) on an "AS IS\" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+implied, including, without limitation, any warranties or conditions
+of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any
+risks associated with Your exercise of permissions under this License.
+8. Limitation of Liability. In no event and under no legal theory,
+whether in tort (including negligence), contract, or otherwise,
+unless required by applicable law (such as deliberate and grossly
+negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special,
+incidental, or consequential damages of any character arising as a
+result of this License or out of the use or inability to use the
+Work (including but not limited to damages for loss of goodwill,
+work stoppage, computer failure or malfunction, or any and all
+other commercial damages or losses), even if such Contributor
+has been advised of the possibility of such damages.
+9. Accepting Warranty or Additional Liability. When redistributing
+the Work or Derivative Works thereof, You may choose to offer,
+and charge a fee for, acceptance of support, warranty, indemnity,
+or other liability obligations and/or rights consistent with this
+License. However, in accepting such obligations, You may act only
+on Your own behalf and on Your sole responsibility, not on behalf
+of any other Contributor, and only if You agree to indemnify,
+defend, and hold each Contributor harmless for any liability
+incurred by, or claims asserted against, such Contributor by reason
+of your accepting any such warranty or additional liability.
+END OF TERMS AND CONDITIONS

README.md ADDED Viewed

	@@ -0,0 +1,458 @@

+# n8n Infrastructure Repository
+A comprehensive, production-ready infrastructure setup for deploying n8n automation platform on Hugging Face Spaces with AI integrations and automated knowledge management.
+## 🚀 Features
+### Core Platform
+- **n8n v1.17.1**: Self-hosted workflow automation platform
+- **Hugging Face Spaces**: Docker-based deployment with automatic scaling
+- **Supabase PostgreSQL**: SSL-encrypted database with pgvector extension
+- **ChromaDB**: Vector store for embeddings and AI-powered search
+### AI & Automation
+- **LangChain Integration**: Advanced AI workflow capabilities
+- **Multi-Model Support**: OpenAI GPT, Anthropic Claude, Google Vertex AI
+- **Vector Knowledge Base**: Automated content ingestion with embeddings
+- **Community Nodes**: Extended functionality with custom AI nodes
+### DevOps & Monitoring
+- **GitHub Actions CI/CD**: Automated deployment and maintenance
+- **Automated Backups**: Daily workflow and configuration backups
+- **Knowledge Sync**: Multi-repository content synchronization
+- **Health Monitoring**: Container health checks and alerting
+## 📋 Prerequisites
+Before setting up the infrastructure, ensure you have:
+1. **GitHub Account** with repository access
+2. **Hugging Face Account** with Spaces access
+3. **Supabase Account** with PostgreSQL database
+4. **Git** and **Docker** installed locally
+### Required Secrets
+Configure these secrets in your GitHub repository settings:
+```bash
+# Hugging Face
+HF_USERNAME=your-huggingface-username
+HF_TOKEN=your-hf-token
+HF_SPACE_NAME=n8n-automation
+# Database
+DB_POSTGRESDB_HOST=your-project.supabase.co
+DB_POSTGRESDB_USER=postgres
+DB_POSTGRESDB_PASSWORD=your-database-password
+DB_POSTGRESDB_DATABASE=postgres
+# n8n Configuration
+N8N_ENCRYPTION_KEY=your-32-character-encryption-key
+N8N_USER_MANAGEMENT_JWT_SECRET=your-jwt-secret
+WEBHOOK_URL=https://your-username-n8n-automation.hf.space
+# AI Services (Optional)
+OPENAI_API_KEY=sk-your-openai-key
+ANTHROPIC_API_KEY=sk-ant-your-anthropic-key
+GOOGLE_PROJECT_ID=your-gcp-project
+```
+## 🛠️ Quick Start
+### 1. Repository Setup
+```bash
+# Clone the repository
+git clone https://github.com/your-username/n8n-infra.git
+cd n8n-infra
+# Create environment configuration
+cp config/.env.example .env
+# Edit .env with your actual values
+```
+### 2. Local Development
+```bash
+# Start the full stack locally
+docker-compose -f docker/docker-compose.yml up -d
+# Check service status
+docker-compose -f docker/docker-compose.yml ps
+# View logs
+docker-compose -f docker/docker-compose.yml logs -f n8n
+```
+### 3. Hugging Face Deployment
+```bash
+# Trigger deployment via GitHub Actions
+git push origin main
+# Or deploy manually
+gh workflow run deploy-to-hf.yml
+```
+## 📊 Database Setup
+### Supabase Configuration
+1. **Create Supabase Project**:
+   ```sql
+   -- Enable pgvector extension
+   CREATE EXTENSION IF NOT EXISTS vector;
+   -- Create knowledge base schema
+   CREATE SCHEMA IF NOT EXISTS knowledge;
+   -- Create embeddings table
+   CREATE TABLE knowledge.embeddings (
+     id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+     content_id TEXT NOT NULL,
+     collection_name TEXT NOT NULL,
+     content TEXT NOT NULL,
+     embedding VECTOR(384),
+     metadata JSONB DEFAULT '{}',
+     created_at TIMESTAMPTZ DEFAULT NOW(),
+     updated_at TIMESTAMPTZ DEFAULT NOW()
+   );
+   -- Create indexes for performance
+   CREATE INDEX IF NOT EXISTS idx_embeddings_collection ON knowledge.embeddings(collection_name);
+   CREATE INDEX IF NOT EXISTS idx_embeddings_content_id ON knowledge.embeddings(content_id);
+   CREATE INDEX IF NOT EXISTS idx_embeddings_vector ON knowledge.embeddings
+   USING ivfflat (embedding vector_cosine_ops) WITH (lists = 100);
+   ```
+2. **Configure Row Level Security**:
+   ```sql
+   -- Enable RLS
+   ALTER TABLE knowledge.embeddings ENABLE ROW LEVEL SECURITY;
+   -- Allow authenticated users to read embeddings
+   CREATE POLICY "Users can read embeddings" ON knowledge.embeddings
+     FOR SELECT TO authenticated USING (true);
+   -- Allow service role to manage embeddings
+   CREATE POLICY "Service role can manage embeddings" ON knowledge.embeddings
+     FOR ALL TO service_role USING (true);
+   ```
+## 🤖 AI Integration Guide
+### LangChain Workflows
+The platform supports advanced LangChain workflows:
+```javascript
+// Example: Knowledge-based Q&A workflow
+{
+  "nodes": [
+    {
+      "name": "Vector Search",
+      "type": "n8n-nodes-vector-store",
+      "parameters": {
+        "operation": "similarity_search",
+        "query": "{{ $json.question }}",
+        "collection": "n8n",
+        "top_k": 5
+      }
+    },
+    {
+      "name": "LangChain QA",
+      "type": "@n8n/n8n-nodes-langchain",
+      "parameters": {
+        "chain_type": "question_answering",
+        "context": "{{ $json.vector_results }}",
+        "question": "{{ $json.question }}"
+      }
+    }
+  ]
+}
+```
+### Custom AI Nodes
+Install additional AI nodes:
+```bash
+# Install in running container
+docker exec n8n-automation npm install n8n-nodes-google-vertex-ai
+docker exec n8n-automation npm install n8n-nodes-openai-advanced
+# Restart to load new nodes
+docker-compose -f docker/docker-compose.yml restart n8n
+```
+## 🗄️ Knowledge Management
+### Automated Synchronization
+The system automatically syncs content from these repositories:
+- **n8n Knowledge**: `/projects/n8n` - Workflow examples and best practices
+- **Video & Animation**: `/projects/videos-e-animacoes` - Multimedia processing guides
+- **Midjourney Prompts**: `/projects/midjorney-prompt` - AI art generation prompts
+### Manual Knowledge Sync
+```bash
+# Sync specific collection
+./scripts/sync-knowledge.sh
+# Or trigger via GitHub Actions
+gh workflow run sync-knowledge.yml -f collections=n8n,midjourney-prompt
+```
+### Vector Search Setup
+Query the knowledge base in n8n workflows:
+```javascript
+// Vector similarity search node configuration
+{
+  "collection": "n8n",
+  "query": "How to create webhook workflows",
+  "top_k": 3,
+  "score_threshold": 0.7
+}
+```
+## 💾 Backup & Recovery
+### Automated Backups
+Daily backups include:
+- All n8n workflows (exported as JSON)
+- Encrypted credentials
+- Database schema
+- Knowledge base content
+- Vector embeddings
+### Manual Backup
+```bash
+# Create full backup
+./scripts/backup.sh custom-backup-name
+# List available backups
+ls workflows/backup/
+# Restore from backup
+./scripts/restore.sh n8n_backup_20240115_140230
+```
+### Backup Schedule
+- **Daily**: Automated workflow backup at 2 AM UTC
+- **Weekly**: Full system backup including database
+- **On-demand**: Manual backups via GitHub Actions
+## 🔧 Maintenance
+### Health Monitoring
+```bash
+# Check container health
+docker-compose -f docker/docker-compose.yml ps
+# View application logs
+docker-compose -f docker/docker-compose.yml logs -f n8n
+# Monitor vector store
+curl http://localhost:8000/api/v1/heartbeat
+```
+### Performance Tuning
+**Database Optimization**:
+```sql
+-- Monitor query performance
+SELECT query, mean_exec_time, calls
+FROM pg_stat_statements
+WHERE query LIKE '%n8n%'
+ORDER BY mean_exec_time DESC
+LIMIT 10;
+-- Optimize vector searches
+SET ivfflat.probes = 10;
+```
+**Container Resources**:
+```yaml
+# docker-compose.yml resource limits
+services:
+  n8n:
+    deploy:
+      resources:
+        limits:
+          cpus: '2.0'
+          memory: 4G
+        reservations:
+          cpus: '1.0'
+          memory: 2G
+```
+## 🔒 Security
+### SSL Configuration
+- All database connections use SSL encryption
+- Webhook URLs must use HTTPS
+- Container communication over encrypted networks
+### Credential Management
+```bash
+# Credentials are encrypted by n8n
+# Store sensitive files in config/credentials/
+mkdir -p config/credentials
+echo '{}' > config/credentials/google-service-account.json
+# Set proper permissions
+chmod 600 config/credentials/*
+```
+### Environment Security
+- Never commit `.env` files
+- Use GitHub Secrets for sensitive data
+- Rotate encryption keys regularly
+- Enable Supabase RLS policies
+## 🚨 Troubleshooting
+### Common Issues
+**Connection Problems**:
+```bash
+# Test database connection
+docker exec n8n-automation psql "$DB_POSTGRESDB_HOST" -U "$DB_POSTGRESDB_USER" -c "\l"
+# Check n8n logs
+docker logs n8n-automation --tail 50
+# Verify webhook connectivity
+curl -I "$WEBHOOK_URL/healthz"
+```
+**Deployment Issues**:
+```bash
+# Check Hugging Face Space status
+curl -I "https://huggingface.co/spaces/$HF_USERNAME/$HF_SPACE_NAME"
+# View GitHub Actions logs
+gh run list --workflow=deploy-to-hf.yml
+gh run view [run-id] --log
+```
+**Knowledge Sync Problems**:
+```bash
+# Manual knowledge sync debug
+./scripts/sync-knowledge.sh
+echo $?  # Should return 0 for success
+# Check embedding generation
+python3 -c "
+import json
+with open('knowledge/n8n/n8n_embeddings.json') as f:
+    data = json.load(f)
+    print(f'Embeddings loaded: {len(data)} documents')
+"
+```
+### Recovery Procedures
+**Emergency Restore**:
+1. Stop all services: `docker-compose down`
+2. Restore from latest backup: `./scripts/restore.sh [backup-name]`
+3. Restart services: `docker-compose up -d`
+4. Verify functionality: Access web interface
+**Database Recovery**:
+```sql
+-- Check database integrity
+SELECT schemaname, tablename, n_tup_ins, n_tup_upd, n_tup_del
+FROM pg_stat_user_tables
+WHERE schemaname = 'public';
+-- Rebuild vector indexes if needed
+REINDEX INDEX idx_embeddings_vector;
+```
+## 📈 Scaling
+### Horizontal Scaling
+- Multiple n8n instances with queue mode
+- Load balancer configuration
+- Distributed vector store
+### Performance Monitoring
+- Enable n8n metrics: `N8N_METRICS=true`
+- Database query monitoring
+- Vector search performance tracking
+- Container resource utilization
+## 🔄 CI/CD Pipeline
+### Workflow Triggers
+- **Push to main**: Automatic deployment
+- **Scheduled**: Daily backups and knowledge sync
+- **Manual**: On-demand operations via GitHub Actions
+### Pipeline Stages
+1. **Build**: Docker image creation and testing
+2. **Test**: Health checks and validation
+3. **Deploy**: Hugging Face Spaces deployment
+4. **Monitor**: Post-deployment verification
+## 📝 Contributing
+1. Fork the repository
+2. Create feature branch: `git checkout -b feature/new-capability`
+3. Commit changes: `git commit -am 'Add new capability'`
+4. Push branch: `git push origin feature/new-capability`
+5. Submit pull request
+### Development Workflow
+```bash
+# Local development
+docker-compose -f docker/docker-compose.yml up --build
+# Run tests
+./scripts/test-infrastructure.sh
+# Deploy to staging
+gh workflow run deploy-to-hf.yml -f force_deploy=true
+```
+## 📞 Support
+- **Issues**: GitHub Issues
+- **Documentation**: [n8n Documentation](https://docs.n8n.io)
+- **Community**: [n8n Community](https://community.n8n.io)
+## 📄 License
+This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
+---
+**⚡ Pro Tips**:
+1. **Performance**: Use queue mode for high-volume workflows
+2. **Security**: Regular credential rotation and access reviews
+3. **Monitoring**: Set up alerts for failed workflows and system health
+4. **Backup**: Test restore procedures regularly
+5. **Knowledge**: Keep your knowledge base updated with latest best practices
+---
+*Built with ❤️ for the n8n automation community*

SECURITY.md ADDED Viewed

	@@ -0,0 +1,147 @@

+# Security Policy
+## Supported Versions
+We actively maintain and provide security updates for the following versions:
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.x   | :white_check_mark: |
+## Reporting a Vulnerability
+We take security vulnerabilities seriously. If you discover a security vulnerability in this n8n infrastructure, please report it responsibly.
+### How to Report
+1. **Do NOT** open a public GitHub issue for security vulnerabilities
+2. Send an email to: [email protected] (replace with your actual security contact)
+3. Include the following information:
+   - Description of the vulnerability
+   - Steps to reproduce the issue
+   - Potential impact assessment
+   - Suggested fix (if available)
+### What to Expect
+- **Acknowledgment**: Within 48 hours of your report
+- **Initial Assessment**: Within 7 days
+- **Fix Timeline**: Critical issues within 14 days, others within 30 days
+- **Disclosure**: Coordinated disclosure after fix is released
+## Security Best Practices
+### For Administrators
+1. **Environment Variables**:
+   - Never commit `.env` files to version control
+   - Use GitHub Secrets for all sensitive data
+   - Rotate encryption keys regularly (quarterly recommended)
+2. **Database Security**:
+   - Always use SSL connections to Supabase
+   - Enable Row Level Security (RLS) policies
+   - Regular backup encryption validation
+   - Monitor for unusual database activity
+3. **Container Security**:
+   - Keep n8n version pinned and updated
+   - Regular security scanning of Docker images
+   - Use non-root user inside containers
+   - Limit container network access
+4. **Access Control**:
+   - Enable n8n user management
+   - Use strong JWT secrets
+   - Implement webhook authentication
+   - Regular access review and cleanup
+### For Developers
+1. **Code Security**:
+   - No hardcoded credentials in source code
+   - Validate all webhook inputs
+   - Sanitize user inputs in workflows
+   - Use prepared statements for database queries
+2. **Workflow Security**:
+   - Audit workflow permissions regularly
+   - Secure credential storage in n8n
+   - Validate external API responses
+   - Implement proper error handling
+3. **AI Integration Security**:
+   - Validate AI model outputs
+   - Sanitize prompts and inputs
+   - Secure API key management
+   - Monitor AI usage and costs
+## Security Checklist
+### Pre-Deployment
+- [ ] All secrets configured in GitHub repository
+- [ ] Database SSL enforcement enabled
+- [ ] Container security scan passed
+- [ ] Webhook authentication configured
+- [ ] Network security policies reviewed
+### Post-Deployment
+- [ ] Health monitoring enabled
+- [ ] Backup encryption verified
+- [ ] Access logs configured
+- [ ] Incident response plan ready
+- [ ] Security contact information updated
+### Regular Maintenance
+- [ ] Monthly security updates applied
+- [ ] Quarterly credential rotation
+- [ ] Backup integrity verification
+- [ ] Security audit review
+- [ ] Vulnerability scanning
+## Known Security Considerations
+1. **Hugging Face Spaces**: Public spaces expose the application URL. Use authentication and access controls.
+2. **Vector Embeddings**: Knowledge base content may contain sensitive information. Review before indexing.
+3. **Webhook Endpoints**: Publicly accessible URLs should implement proper authentication.
+4. **Database Access**: Ensure Supabase RLS policies are properly configured for your use case.
+## Incident Response
+In case of a security incident:
+1. **Immediate Actions**:
+   - Disable affected services if necessary
+   - Preserve logs and evidence
+   - Assess scope and impact
+2. **Communication**:
+   - Notify security team immediately
+   - Prepare user communication if needed
+   - Coordinate with stakeholders
+3. **Recovery**:
+   - Apply security patches
+   - Restore from clean backups if needed
+   - Verify system integrity
+   - Update security measures
+## Security Resources
+- [n8n Security Documentation](https://docs.n8n.io/security/)
+- [Supabase Security Guide](https://supabase.com/docs/guides/platform/security)
+- [Docker Security Best Practices](https://docs.docker.com/develop/security-best-practices/)
+- [GitHub Actions Security](https://docs.github.com/en/actions/security-guides)
+## Contact
+For security-related questions or concerns:
+- Email: [email protected]
+- Security Team: @security-team (GitHub)
+---
+*Last updated: January 2025*

config/.env.example ADDED Viewed

	@@ -0,0 +1,58 @@

+# n8n Infrastructure Environment Configuration
+# Copy this file to .env and fill in your actual values
+# ===== CORE N8N CONFIGURATION =====
+N8N_ENCRYPTION_KEY=your-32-character-encryption-key-here
+N8N_USER_MANAGEMENT_JWT_SECRET=your-jwt-secret-key-here
+N8N_HOST=your-n8n-domain.com
+WEBHOOK_URL=https://your-n8n-domain.com
+# ===== DATABASE CONFIGURATION =====
+DB_TYPE=postgresdb
+DB_POSTGRESDB_HOST=your-supabase-host.supabase.co
+DB_POSTGRESDB_PORT=5432
+DB_POSTGRESDB_DATABASE=postgres
+DB_POSTGRESDB_USER=postgres
+DB_POSTGRESDB_PASSWORD=your-supabase-password
+DB_POSTGRESDB_SSL=true
+# ===== DEPLOYMENT CONFIGURATION =====
+HF_TOKEN=your-hugging-face-token
+HF_SPACE_NAME=your-username/n8n-automation
+GITHUB_TOKEN=your-github-token
+# ===== AI INTEGRATIONS =====
+GOOGLE_PROJECT_ID=your-google-cloud-project-id
+GOOGLE_CREDENTIALS_PATH=/home/node/.n8n/credentials/google-service-account.json
+OPENAI_API_KEY=sk-your-openai-api-key
+ANTHROPIC_API_KEY=sk-ant-your-anthropic-key
+VERTEX_AI_PROJECT=your-vertex-ai-project
+VERTEX_AI_LOCATION=us-central1
+# ===== VECTOR STORE CONFIGURATION =====
+CHROMA_AUTH_TOKEN=your-chroma-auth-token
+CHROMA_HOST=vector-store
+CHROMA_PORT=8000
+# ===== KNOWLEDGE BASE SYNC =====
+KB_REPO_N8N=https://github.com/danilonovaisv/CHATGPT-knowledge-base.git
+KB_BRANCH_N8N=main
+KB_PATH_N8N=projects/n8n
+KB_PATH_VIDEOS=projects/videos-e-animacoes
+KB_PATH_MIDJOURNEY=projects/midjorney-prompt
+# ===== MONITORING AND LOGGING =====
+N8N_LOG_LEVEL=info
+N8N_METRICS=true
+SENTRY_DSN=your-sentry-dsn (optional)
+# ===== BACKUP CONFIGURATION =====
+BACKUP_SCHEDULE=0 2 * * *
+BACKUP_RETENTION_DAYS=30
+BACKUP_ENCRYPTION_PASSWORD=your-backup-encryption-password
+# ===== SECURITY =====
+ALLOWED_ORIGINS=https://your-domain.com,https://your-n8n-domain.com
+CSRF_SECRET=your-csrf-secret
+RATE_LIMIT_WINDOW=15
+RATE_LIMIT_MAX=100

config/custom-nodes.json ADDED Viewed

	@@ -0,0 +1,44 @@

+{
+  "name": "n8n-custom-configuration",
+  "version": "1.0.0",
+  "description": "Custom configuration for n8n automation platform",
+  "customNodes": [
+    {
+      "name": "@n8n/n8n-nodes-langchain",
+      "version": "latest",
+      "description": "LangChain integration nodes for AI workflows"
+    },
+    {
+      "name": "n8n-nodes-google-vertex-ai",
+      "version": "latest",
+      "description": "Google Vertex AI integration"
+    },
+    {
+      "name": "n8n-nodes-supabase",
+      "version": "latest",
+      "description": "Supabase database operations"
+    },
+    {
+      "name": "n8n-nodes-vector-store",
+      "version": "latest",
+      "description": "Vector database operations for embeddings"
+    }
+  ],
+  "credentialTypes": [
+    {
+      "name": "googleCloudApi",
+      "displayName": "Google Cloud API",
+      "documentationUrl": "https://cloud.google.com/docs/authentication"
+    },
+    {
+      "name": "supabaseApi",
+      "displayName": "Supabase API",
+      "documentationUrl": "https://supabase.com/docs/guides/api"
+    },
+    {
+      "name": "openAiApi",
+      "displayName": "OpenAI API",
+      "documentationUrl": "https://platform.openai.com/docs/api-reference"
+    }
+  ]
+}

docker/Dockerfile ADDED Viewed

	@@ -0,0 +1,56 @@

+# Production-ready n8n Dockerfile for Hugging Face Spaces
+FROM n8nio/n8n:1.17.1
+# Set environment for production
+ENV NODE_ENV=production
+ENV N8N_PORT=7860
+ENV N8N_LISTEN_ADDRESS=0.0.0.0
+ENV N8N_PROTOCOL=https
+ENV N8N_METRICS=true
+ENV N8N_LOG_LEVEL=info
+ENV N8N_LOG_OUTPUT=console
+ENV EXECUTIONS_MODE=queue
+ENV N8N_DISABLE_UI=false
+# Create app user for security
+USER root
+# Install additional dependencies for AI and automation
+RUN apk add --no-cache \
+    curl \
+    git \
+    python3 \
+    py3-pip \
+    postgresql-client \
+    && pip3 install --no-cache-dir \
+    langchain \
+    chromadb \
+    sentence-transformers
+# Create necessary directories
+RUN mkdir -p /home/node/.n8n/custom \
+    && mkdir -p /home/node/.n8n/nodes \
+    && mkdir -p /home/node/.n8n/credentials \
+    && mkdir -p /home/node/knowledge
+# Copy custom configurations
+COPY config/custom-nodes.json /home/node/.n8n/custom/
+COPY knowledge/ /home/node/knowledge/
+# Set proper permissions
+RUN chown -R node:node /home/node/.n8n \
+    && chown -R node:node /home/node/knowledge \
+    && chmod +x /home/node/knowledge/sync-*.sh
+# Switch back to node user
+USER node
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+  CMD curl -f http://localhost:7860/healthz || exit 1
+# Expose port for Hugging Face Spaces
+EXPOSE 7860
+# Start n8n
+CMD ["n8n", "start"]

docker/docker-compose.yml ADDED Viewed

	@@ -0,0 +1,101 @@

+version: '3.8'
+services:
+  n8n:
+    build:
+      context: ..
+      dockerfile: docker/Dockerfile
+    container_name: n8n-automation
+    restart: unless-stopped
+    ports:
+      - "7860:7860"
+    environment:
+      # Core Configuration
+      - NODE_ENV=production
+      - N8N_PORT=7860
+      - N8N_LISTEN_ADDRESS=0.0.0.0
+      - N8N_PROTOCOL=https
+      - N8N_HOST=${N8N_HOST:-localhost}
+      # Security
+      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
+      - N8N_USER_MANAGEMENT_JWT_SECRET=${N8N_USER_MANAGEMENT_JWT_SECRET}
+      # Database Configuration
+      - DB_TYPE=postgresdb
+      - DB_POSTGRESDB_HOST=${DB_POSTGRESDB_HOST}
+      - DB_POSTGRESDB_PORT=${DB_POSTGRESDB_PORT:-5432}
+      - DB_POSTGRESDB_DATABASE=${DB_POSTGRESDB_DATABASE}
+      - DB_POSTGRESDB_USER=${DB_POSTGRESDB_USER}
+      - DB_POSTGRESDB_PASSWORD=${DB_POSTGRESDB_PASSWORD}
+      - DB_POSTGRESDB_SSL=true
+      # Webhooks and External Access
+      - WEBHOOK_URL=${WEBHOOK_URL}
+      - N8N_EDITOR_BASE_URL=${WEBHOOK_URL}
+      # AI and External Integrations
+      - GOOGLE_PROJECT_ID=${GOOGLE_PROJECT_ID}
+      - GOOGLE_CREDENTIALS_PATH=${GOOGLE_CREDENTIALS_PATH}
+      - OPENAI_API_KEY=${OPENAI_API_KEY}
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
+      # Performance
+      - EXECUTIONS_MODE=queue
+      - EXECUTIONS_DATA_SAVE_ON_ERROR=all
+      - EXECUTIONS_DATA_SAVE_ON_SUCCESS=all
+      - EXECUTIONS_DATA_SAVE_MANUAL_EXECUTIONS=true
+      # Logging and Monitoring
+      - N8N_LOG_LEVEL=info
+      - N8N_LOG_OUTPUT=console
+      - N8N_METRICS=true
+    volumes:
+      - n8n_data:/home/node/.n8n
+      - ./knowledge:/home/node/knowledge:ro
+      - ./config/credentials:/home/node/.n8n/credentials:ro
+      - ./workflows/backup:/home/node/.n8n/backup
+    networks:
+      - n8n-network
+    depends_on:
+      - vector-store
+      - backup-service
+  vector-store:
+    image: chromadb/chroma:latest
+    container_name: n8n-vector-store
+    restart: unless-stopped
+    ports:
+      - "8000:8000"
+    environment:
+      - CHROMA_SERVER_AUTHN_CREDENTIALS=${CHROMA_AUTH_TOKEN}
+      - CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token.TokenAuthServerProvider
+    volumes:
+      - vector_data:/chroma/chroma
+    networks:
+      - n8n-network
+  backup-service:
+    image: alpine:latest
+    container_name: n8n-backup
+    restart: "no"
+    command: /bin/sh -c "while true; do sleep 3600; done"
+    volumes:
+      - n8n_data:/backup/n8n:ro
+      - ./scripts:/scripts:ro
+      - ./workflows/backup:/backup/workflows
+    networks:
+      - n8n-network
+volumes:
+  n8n_data:
+    driver: local
+  vector_data:
+    driver: local
+networks:
+  n8n-network:
+    driver: bridge

knowledge/.DS_Store ADDED Viewed

Binary file (6.15 kB). View file

package.json ADDED Viewed

	@@ -0,0 +1,48 @@

+{
+  "name": "n8n-infrastructure",
+  "version": "1.0.0",
+  "description": "Production-ready n8n infrastructure with AI integrations and automated knowledge management",
+  "private": true,
+  "keywords": [
+    "n8n",
+    "workflow-automation",
+    "ai-integration",
+    "langchain",
+    "vector-database",
+    "hugging-face",
+    "supabase",
+    "devops"
+  ],
+  "scripts": {
+    "dev": "docker compose -f docker/docker-compose.yml up --build",
+    "start": "docker compose -f docker/docker-compose.yml up -d",
+    "stop": "docker compose -f docker/docker-compose.yml down",
+    "logs": "docker compose -f docker/docker-compose.yml logs -f n8n",
+    "backup": "bash scripts/backup.sh",
+    "restore": "bash scripts/restore.sh",
+    "sync-knowledge": "bash scripts/sync-knowledge.sh",
+    "health-check": "curl -f http://localhost:7860/healthz",
+    "clean": "docker compose -f docker/docker-compose.yml down -v && docker system prune -f",
+    "deploy": "gh workflow run deploy-to-hf.yml",
+    "test": "bash scripts/test-infrastructure.sh"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/your-username/n8n-infra.git"
+  },
+  "author": {
+    "name": "Your Name",
+    "email": "[email protected]"
+  },
+  "license": "Apache-2.0",
+  "engines": {
+    "node": ">=18.0.0",
+    "npm": ">=9.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0"
+  },
+  "dependencies": {
+    "huggingface_hub": "^0.20.1"
+  }
+}

scripts/backup.sh ADDED Viewed

	@@ -0,0 +1,198 @@

+#!/bin/bash
+# n8n Infrastructure Backup Script
+# Backs up workflows, credentials, and configurations
+# Usage: ./backup.sh [backup-name]
+set -euo pipefail
+# Configuration
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+BACKUP_DIR="$PROJECT_ROOT/workflows/backup"
+TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
+BACKUP_NAME="${1:-n8n_backup_$TIMESTAMP}"
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+# Check if Docker is running
+check_docker() {
+    if ! docker ps > /dev/null 2>&1; then
+        log_error "Docker is not running or accessible"
+        exit 1
+    fi
+}
+# Create backup directory
+create_backup_dir() {
+    local backup_path="$BACKUP_DIR/$BACKUP_NAME"
+    mkdir -p "$backup_path"
+    echo "$backup_path"
+}
+# Backup n8n workflows via API
+backup_workflows() {
+    local backup_path="$1"
+    local container_name="n8n-automation"
+    log_info "Backing up n8n workflows..."
+    if docker ps --format '{{.Names}}' | grep -q "^$container_name$"; then
+        # Export workflows using n8n CLI inside container
+        docker exec "$container_name" n8n export:workflow --all --output="/home/node/.n8n/backup/workflows_$TIMESTAMP.json" || {
+            log_warn "Failed to export workflows via CLI, trying API approach"
+            return 1
+        }
+        # Copy exported file to backup directory
+        docker cp "$container_name:/home/node/.n8n/backup/workflows_$TIMESTAMP.json" "$backup_path/"
+        log_info "Workflows backed up successfully"
+    else
+        log_error "n8n container not found or not running"
+        return 1
+    fi
+}
+# Backup credentials (encrypted)
+backup_credentials() {
+    local backup_path="$1"
+    local container_name="n8n-automation"
+    log_info "Backing up encrypted credentials..."
+    if docker ps --format '{{.Names}}' | grep -q "^$container_name$"; then
+        docker cp "$container_name:/home/node/.n8n/credentials" "$backup_path/" 2>/dev/null || {
+            log_warn "No credentials found or access denied"
+        }
+    fi
+}
+# Backup database schema and essential data
+backup_database() {
+    local backup_path="$1"
+    log_info "Backing up database schema..."
+    if [[ -n "${DB_POSTGRESDB_PASSWORD:-}" ]]; then
+        export PGPASSWORD="$DB_POSTGRESDB_PASSWORD"
+        pg_dump \
+            --host="${DB_POSTGRESDB_HOST}" \
+            --port="${DB_POSTGRESDB_PORT:-5432}" \
+            --username="${DB_POSTGRESDB_USER}" \
+            --dbname="${DB_POSTGRESDB_DATABASE}" \
+            --schema-only \
+            --no-owner \
+            --no-privileges \
+            > "$backup_path/schema_$TIMESTAMP.sql" || {
+            log_error "Database backup failed"
+            return 1
+        }
+        log_info "Database schema backed up successfully"
+    else
+        log_warn "Database credentials not available, skipping database backup"
+    fi
+}
+# Backup knowledge base content
+backup_knowledge() {
+    local backup_path="$1"
+    log_info "Backing up knowledge base..."
+    if [[ -d "$PROJECT_ROOT/knowledge" ]]; then
+        cp -r "$PROJECT_ROOT/knowledge" "$backup_path/"
+        log_info "Knowledge base backed up successfully"
+    else
+        log_warn "Knowledge base directory not found"
+    fi
+}
+# Create backup metadata
+create_metadata() {
+    local backup_path="$1"
+    cat > "$backup_path/backup_metadata.json" << EOF
+{
+  "backup_name": "$BACKUP_NAME",
+  "timestamp": "$TIMESTAMP",
+  "created_at": "$(date -Iseconds)",
+  "n8n_version": "$(docker exec n8n-automation n8n --version 2>/dev/null || echo 'unknown')",
+  "backup_type": "full",
+  "components": [
+    "workflows",
+    "credentials",
+    "database_schema",
+    "knowledge_base"
+  ],
+  "notes": "Automated backup created by backup.sh script"
+}
+EOF
+}
+# Cleanup old backups
+cleanup_old_backups() {
+    local retention_days="${BACKUP_RETENTION_DAYS:-30}"
+    log_info "Cleaning up backups older than $retention_days days..."
+    find "$BACKUP_DIR" -type d -name "n8n_backup_*" -mtime "+$retention_days" -exec rm -rf {} + 2>/dev/null || true
+}
+# Main backup process
+main() {
+    log_info "Starting n8n infrastructure backup: $BACKUP_NAME"
+    # Preliminary checks
+    check_docker
+    # Load environment variables
+    if [[ -f "$PROJECT_ROOT/.env" ]]; then
+        source "$PROJECT_ROOT/.env"
+    fi
+    # Create backup directory
+    local backup_path=$(create_backup_dir)
+    log_info "Backup directory created: $backup_path"
+    # Perform backups
+    backup_workflows "$backup_path" || log_warn "Workflow backup incomplete"
+    backup_credentials "$backup_path" || log_warn "Credentials backup incomplete"
+    backup_database "$backup_path" || log_warn "Database backup incomplete"
+    backup_knowledge "$backup_path" || log_warn "Knowledge base backup incomplete"
+    # Create metadata
+    create_metadata "$backup_path"
+    # Cleanup old backups
+    cleanup_old_backups
+    log_info "Backup completed successfully: $backup_path"
+    # Optional: Create compressed archive
+    if command -v tar > /dev/null; then
+        local archive_name="$BACKUP_DIR/${BACKUP_NAME}.tar.gz"
+        tar -czf "$archive_name" -C "$BACKUP_DIR" "$BACKUP_NAME"
+        log_info "Compressed backup created: $archive_name"
+    fi
+}
+# Run main function
+main "$@"

scripts/restore.sh ADDED Viewed

	@@ -0,0 +1,204 @@

+#!/bin/bash
+# n8n Infrastructure Restore Script
+# Restores workflows, credentials, and configurations from backup
+# Usage: ./restore.sh <backup-name>
+set -euo pipefail
+# Configuration
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+BACKUP_DIR="$PROJECT_ROOT/workflows/backup"
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+# Validate backup name argument
+if [[ $# -eq 0 ]]; then
+    log_error "Usage: $0 <backup-name>"
+    log_info "Available backups:"
+    ls -1 "$BACKUP_DIR" | grep -E "^n8n_backup_" | head -10
+    exit 1
+fi
+BACKUP_NAME="$1"
+BACKUP_PATH="$BACKUP_DIR/$BACKUP_NAME"
+# Check if backup exists
+if [[ ! -d "$BACKUP_PATH" ]]; then
+    # Try with .tar.gz extension
+    if [[ -f "$BACKUP_DIR/$BACKUP_NAME.tar.gz" ]]; then
+        log_info "Found compressed backup, extracting..."
+        tar -xzf "$BACKUP_DIR/$BACKUP_NAME.tar.gz" -C "$BACKUP_DIR"
+    else
+        log_error "Backup not found: $BACKUP_NAME"
+        exit 1
+    fi
+fi
+# Verify backup integrity
+verify_backup() {
+    local metadata_file="$BACKUP_PATH/backup_metadata.json"
+    if [[ ! -f "$metadata_file" ]]; then
+        log_warn "Backup metadata not found, proceeding with caution"
+        return 0
+    fi
+    log_info "Backup verification:"
+    cat "$metadata_file" | jq -r '.backup_name, .created_at, .backup_type'
+}
+# Restore workflows
+restore_workflows() {
+    local container_name="n8n-automation"
+    log_info "Restoring workflows..."
+    if ! docker ps --format '{{.Names}}' | grep -q "^$container_name$"; then
+        log_error "n8n container not running. Start the container first."
+        return 1
+    fi
+    # Find workflow backup file
+    local workflow_file=$(find "$BACKUP_PATH" -name "workflows_*.json" | head -1)
+    if [[ -n "$workflow_file" ]]; then
+        # Copy workflow file to container
+        docker cp "$workflow_file" "$container_name:/tmp/workflows_restore.json"
+        # Import workflows
+        docker exec "$container_name" n8n import:workflow --input="/tmp/workflows_restore.json" || {
+            log_error "Failed to import workflows"
+            return 1
+        }
+        log_info "Workflows restored successfully"
+    else
+        log_warn "No workflow backup file found"
+    fi
+}
+# Restore credentials
+restore_credentials() {
+    local container_name="n8n-automation"
+    log_info "Restoring credentials..."
+    if [[ -d "$BACKUP_PATH/credentials" ]]; then
+        docker cp "$BACKUP_PATH/credentials/." "$container_name:/home/node/.n8n/credentials/"
+        log_info "Credentials restored successfully"
+    else
+        log_warn "No credentials backup found"
+    fi
+}
+# Restore database (schema only, data should be preserved)
+restore_database() {
+    log_info "Restoring database schema..."
+    local schema_file=$(find "$BACKUP_PATH" -name "schema_*.sql" | head -1)
+    if [[ -n "$schema_file" && -n "${DB_POSTGRESDB_PASSWORD:-}" ]]; then
+        export PGPASSWORD="$DB_POSTGRESDB_PASSWORD"
+        log_warn "This will update database schema. Proceed? (y/N)"
+        read -r response
+        if [[ "$response" =~ ^[Yy]$ ]]; then
+            psql \
+                --host="${DB_POSTGRESDB_HOST}" \
+                --port="${DB_POSTGRESDB_PORT:-5432}" \
+                --username="${DB_POSTGRESDB_USER}" \
+                --dbname="${DB_POSTGRESDB_DATABASE}" \
+                --file="$schema_file" || {
+                log_error "Database restore failed"
+                return 1
+            }
+            log_info "Database schema restored successfully"
+        else
+            log_info "Database restore skipped"
+        fi
+    else
+        log_warn "No database backup found or credentials missing"
+    fi
+}
+# Restart services after restore
+restart_services() {
+    log_info "Restarting n8n services..."
+    docker-compose -f "$PROJECT_ROOT/docker/docker-compose.yml" restart n8n
+    # Wait for service to be ready
+    local max_attempts=30
+    local attempt=1
+    while [[ $attempt -le $max_attempts ]]; do
+        if curl -f http://localhost:7860/healthz > /dev/null 2>&1; then
+            log_info "n8n service is ready"
+            break
+        fi
+        log_info "Waiting for n8n to start... ($attempt/$max_attempts)"
+        sleep 10
+        ((attempt++))
+    done
+    if [[ $attempt -gt $max_attempts ]]; then
+        log_error "n8n failed to start after restore"
+        return 1
+    fi
+}
+# Main restore process
+main() {
+    log_info "Starting n8n infrastructure restore: $BACKUP_NAME"
+    # Load environment variables
+    if [[ -f "$PROJECT_ROOT/.env" ]]; then
+        source "$PROJECT_ROOT/.env"
+    fi
+    # Verify backup
+    verify_backup
+    # Confirm restore operation
+    log_warn "This will restore n8n configuration from backup: $BACKUP_NAME"
+    log_warn "Current workflows and credentials may be overwritten. Continue? (y/N)"
+    read -r response
+    if [[ ! "$response" =~ ^[Yy]$ ]]; then
+        log_info "Restore operation cancelled"
+        exit 0
+    fi
+    # Perform restore operations
+    restore_workflows || log_warn "Workflow restore incomplete"
+    restore_credentials || log_warn "Credentials restore incomplete"
+    restore_database || log_warn "Database restore incomplete"
+    # Restart services
+    restart_services
+    log_info "Restore completed successfully"
+    log_info "Access your n8n instance at: ${WEBHOOK_URL:-http://localhost:7860}"
+}
+# Run main function
+main "$@"

scripts/sync-knowledge.sh ADDED Viewed

	@@ -0,0 +1,367 @@

+#!/bin/bash
+# Knowledge Base Synchronization Script
+# Syncs content from multiple GitHub repositories and generates embeddings
+# Usage: ./sync-knowledge.sh
+set -euo pipefail
+# Configuration
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+KNOWLEDGE_DIR="$PROJECT_ROOT/knowledge"
+TEMP_DIR="/tmp/kb-sync-$$"
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+log_debug() {
+    echo -e "${BLUE}[DEBUG]${NC} $1"
+}
+# Cleanup function
+cleanup() {
+    log_info "Cleaning up temporary files..."
+    rm -rf "$TEMP_DIR"
+}
+# Set trap for cleanup
+trap cleanup EXIT
+# Check dependencies
+check_dependencies() {
+    local deps=("git" "curl" "jq")
+    for dep in "${deps[@]}"; do
+        if ! command -v "$dep" > /dev/null; then
+            log_error "Required dependency not found: $dep"
+            exit 1
+        fi
+    done
+}
+# Load environment variables
+load_env() {
+    if [[ -f "$PROJECT_ROOT/.env" ]]; then
+        source "$PROJECT_ROOT/.env"
+    else
+        log_error ".env file not found. Copy .env.example and configure it."
+        exit 1
+    fi
+}
+# Clone or update repository
+sync_repository() {
+    local repo_url="$1"
+    local target_path="$2"
+    local branch="${3:-main}"
+    local subpath="$4"
+    log_info "Syncing repository: $repo_url"
+    log_debug "Target: $target_path, Branch: $branch, Subpath: $subpath"
+    local repo_name=$(basename "$repo_url" .git)
+    local temp_repo_path="$TEMP_DIR/$repo_name"
+    # Clone repository to temp directory
+    git clone --depth 1 --branch "$branch" "$repo_url" "$temp_repo_path" || {
+        log_error "Failed to clone repository: $repo_url"
+        return 1
+    }
+    # Copy specific subpath to target
+    local source_path="$temp_repo_path/$subpath"
+    if [[ -d "$source_path" ]]; then
+        mkdir -p "$(dirname "$target_path")"
+        cp -r "$source_path/." "$target_path/"
+        log_info "Successfully synced to: $target_path"
+    else
+        log_warn "Subpath not found: $subpath in $repo_url"
+        return 1
+    fi
+}
+# Generate embeddings for knowledge content
+generate_embeddings() {
+    local knowledge_path="$1"
+    local collection_name="$2"
+    log_info "Generating embeddings for: $collection_name"
+    # Create Python script for embedding generation
+    cat > "$TEMP_DIR/generate_embeddings.py" << 'EOF'
+import os
+import json
+import sys
+from pathlib import Path
+import hashlib
+import requests
+from sentence_transformers import SentenceTransformer
+def load_model():
+    """Load sentence transformer model"""
+    try:
+        model = SentenceTransformer('all-MiniLM-L6-v2')
+        return model
+    except Exception as e:
+        print(f"Error loading model: {e}")
+        return None
+def process_text_files(knowledge_path, collection_name):
+    """Process text files and generate embeddings"""
+    model = load_model()
+    if not model:
+        return False
+    embeddings_data = []
+    knowledge_path = Path(knowledge_path)
+    # Process markdown and text files
+    for file_path in knowledge_path.rglob("*.md"):
+        try:
+            with open(file_path, 'r', encoding='utf-8') as f:
+                content = f.read()
+            # Generate embedding
+            embedding = model.encode(content).tolist()
+            # Create document metadata
+            doc_id = hashlib.md5(str(file_path).encode()).hexdigest()
+            embeddings_data.append({
+                "id": doc_id,
+                "content": content,
+                "embedding": embedding,
+                "metadata": {
+                    "file_path": str(file_path.relative_to(knowledge_path)),
+                    "file_name": file_path.name,
+                    "collection": collection_name,
+                    "content_type": "markdown",
+                    "size": len(content)
+                }
+            })
+        except Exception as e:
+            print(f"Error processing file {file_path}: {e}")
+    # Save embeddings to JSON file
+    output_file = knowledge_path / f"{collection_name}_embeddings.json"
+    with open(output_file, 'w', encoding='utf-8') as f:
+        json.dump(embeddings_data, f, indent=2, ensure_ascii=False)
+    print(f"Generated {len(embeddings_data)} embeddings for {collection_name}")
+    return True
+if __name__ == "__main__":
+    if len(sys.argv) != 3:
+        print("Usage: python generate_embeddings.py <knowledge_path> <collection_name>")
+        sys.exit(1)
+    knowledge_path = sys.argv[1]
+    collection_name = sys.argv[2]
+    if process_text_files(knowledge_path, collection_name):
+        print("Embedding generation completed successfully")
+    else:
+        print("Embedding generation failed")
+        sys.exit(1)
+EOF
+    # Run embedding generation
+    python3 "$TEMP_DIR/generate_embeddings.py" "$knowledge_path" "$collection_name" || {
+        log_error "Failed to generate embeddings for $collection_name"
+        return 1
+    }
+}
+# Upload embeddings to vector store
+upload_embeddings() {
+    local embeddings_file="$1"
+    local collection_name="$2"
+    log_info "Uploading embeddings to vector store: $collection_name"
+    if [[ ! -f "$embeddings_file" ]]; then
+        log_error "Embeddings file not found: $embeddings_file"
+        return 1
+    fi
+    # Upload to ChromaDB
+    local chroma_url="http://${CHROMA_HOST:-localhost}:${CHROMA_PORT:-8000}"
+    curl -X POST "$chroma_url/api/v1/collections" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${CHROMA_AUTH_TOKEN}" \
+        -d "{\"name\": \"$collection_name\"}" || true
+    # Process and upload embeddings in batches
+    python3 - << EOF
+import json
+import requests
+import sys
+from pathlib import Path
+def upload_batch(embeddings_data, collection_name, chroma_url, auth_token):
+    """Upload embeddings in batches to ChromaDB"""
+    batch_size = 100
+    total_docs = len(embeddings_data)
+    for i in range(0, total_docs, batch_size):
+        batch = embeddings_data[i:i+batch_size]
+        # Prepare batch data for ChromaDB
+        ids = [doc["id"] for doc in batch]
+        embeddings = [doc["embedding"] for doc in batch]
+        metadatas = [doc["metadata"] for doc in batch]
+        documents = [doc["content"] for doc in batch]
+        payload = {
+            "ids": ids,
+            "embeddings": embeddings,
+            "metadatas": metadatas,
+            "documents": documents
+        }
+        try:
+            response = requests.post(
+                f"{chroma_url}/api/v1/collections/{collection_name}/add",
+                json=payload,
+                headers={
+                    "Content-Type": "application/json",
+                    "Authorization": f"Bearer {auth_token}"
+                },
+                timeout=30
+            )
+            if response.status_code == 200:
+                print(f"Uploaded batch {i//batch_size + 1} ({len(batch)} documents)")
+            else:
+                print(f"Error uploading batch {i//batch_size + 1}: {response.status_code}")
+                print(f"Response: {response.text}")
+        except Exception as e:
+            print(f"Error uploading batch {i//batch_size + 1}: {e}")
+            continue
+# Load and upload embeddings
+embeddings_file = "$embeddings_file"
+collection_name = "$collection_name"
+chroma_url = "$chroma_url"
+auth_token = "${CHROMA_AUTH_TOKEN:-}"
+try:
+    with open(embeddings_file, 'r', encoding='utf-8') as f:
+        embeddings_data = json.load(f)
+    upload_batch(embeddings_data, collection_name, chroma_url, auth_token)
+    print(f"Successfully uploaded {len(embeddings_data)} embeddings to {collection_name}")
+except Exception as e:
+    print(f"Error: {e}")
+    sys.exit(1)
+EOF
+}
+# Sync all knowledge repositories
+sync_all_repositories() {
+    log_info "Starting knowledge base synchronization..."
+    mkdir -p "$TEMP_DIR"
+    # Repository configurations
+    declare -A repos=(
+        ["n8n"]="${KB_REPO_N8N:-}:${KB_PATH_N8N:-projects/n8n}"
+        ["videos-e-animacoes"]="${KB_REPO_N8N:-}:${KB_PATH_VIDEOS:-projects/videos-e-animacoes}"
+        ["midjourney-prompt"]="${KB_REPO_N8N:-}:${KB_PATH_MIDJOURNEY:-projects/midjorney-prompt}"
+    )
+    for collection in "${!repos[@]}"; do
+        local repo_config="${repos[$collection]}"
+        local repo_url=$(echo "$repo_config" | cut -d':' -f1)
+        local subpath=$(echo "$repo_config" | cut -d':' -f2)
+        local target_path="$KNOWLEDGE_DIR/$collection"
+        if [[ -n "$repo_url" ]]; then
+            log_info "Syncing collection: $collection"
+            # Sync repository
+            sync_repository "$repo_url" "$target_path" "${KB_BRANCH_N8N:-main}" "$subpath"
+            # Generate embeddings
+            generate_embeddings "$target_path" "$collection"
+            # Upload to vector store
+            local embeddings_file="$target_path/${collection}_embeddings.json"
+            if [[ -f "$embeddings_file" ]]; then
+                upload_embeddings "$embeddings_file" "$collection"
+            fi
+        else
+            log_warn "Repository URL not configured for collection: $collection"
+        fi
+    done
+}
+# Update n8n with new knowledge
+update_n8n_knowledge() {
+    log_info "Notifying n8n of knowledge base updates..."
+    # Create a webhook trigger to refresh knowledge in n8n workflows
+    if [[ -n "${WEBHOOK_URL:-}" ]]; then
+        local webhook_endpoint="$WEBHOOK_URL/webhook/knowledge-sync"
+        curl -X POST "$webhook_endpoint" \
+            -H "Content-Type: application/json" \
+            -d "{\"event\": \"knowledge_updated\", \"timestamp\": \"$(date -Iseconds)\"}" \
+            > /dev/null 2>&1 || {
+            log_warn "Failed to notify n8n of knowledge updates"
+        }
+    fi
+}
+# Main synchronization process
+main() {
+    log_info "Starting knowledge base synchronization"
+    # Preliminary checks
+    check_dependencies
+    load_env
+    # Create knowledge directories
+    mkdir -p "$KNOWLEDGE_DIR"/{n8n,videos-e-animacoes,midjourney-prompt}
+    # Sync all repositories
+    sync_all_repositories
+    # Update n8n
+    update_n8n_knowledge
+    log_info "Knowledge base synchronization completed"
+    # Generate summary
+    log_info "Synchronization Summary:"
+    find "$KNOWLEDGE_DIR" -name "*_embeddings.json" -exec basename {} \; | while read file; do
+        local collection=$(echo "$file" | sed 's/_embeddings.json//')
+        local count=$(jq '. | length' "$KNOWLEDGE_DIR/$collection/$file" 2>/dev/null || echo "0")
+        log_info "  - $collection: $count documents"
+    done
+}
+# Run main function
+main "$@"

scripts/test-infrastructure.sh ADDED Viewed

	@@ -0,0 +1,190 @@

+#!/bin/bash
+# Infrastructure Testing Script
+# Tests all components of the n8n infrastructure
+# Usage: ./test-infrastructure.sh
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
+log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
+log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
+log_test() { echo -e "${BLUE}[TEST]${NC} $1"; }
+# Test results tracking
+TESTS_TOTAL=0
+TESTS_PASSED=0
+TESTS_FAILED=0
+run_test() {
+    local test_name="$1"
+    local test_command="$2"
+    ((TESTS_TOTAL++))
+    log_test "Running: $test_name"
+    if eval "$test_command" > /dev/null 2>&1; then
+        echo "  ✅ PASSED"
+        ((TESTS_PASSED++))
+        return 0
+    else
+        echo "  ❌ FAILED"
+        ((TESTS_FAILED++))
+        return 1
+    fi
+}
+# Load environment
+if [[ -f "$PROJECT_ROOT/.env" ]]; then
+    source "$PROJECT_ROOT/.env"
+fi
+# Test Docker configuration
+test_docker() {
+    log_info "Testing Docker configuration..."
+    run_test "Docker daemon accessible" "docker --version"
+    run_test "Docker Compose available" "docker-compose --version"
+    run_test "Dockerfile syntax" "docker build -f docker/Dockerfile --dry-run . 2>/dev/null || docker build -f docker/Dockerfile -t n8n-test . --dry-run"
+    run_test "Docker Compose syntax" "docker-compose -f docker/docker-compose.yml config"
+}
+# Test environment configuration
+test_environment() {
+    log_info "Testing environment configuration..."
+    run_test "Environment example exists" "[[ -f config/.env.example ]]"
+    run_test "Required directories exist" "[[ -d workflows && -d knowledge && -d scripts ]]"
+    if [[ -f .env ]]; then
+        run_test "Environment file loaded" "[[ -n \${N8N_ENCRYPTION_KEY:-} ]]"
+        run_test "Database config present" "[[ -n \${DB_POSTGRESDB_HOST:-} ]]"
+    else
+        log_warn "No .env file found - using example for testing"
+    fi
+}
+# Test scripts
+test_scripts() {
+    log_info "Testing infrastructure scripts..."
+    run_test "Backup script executable" "[[ -x scripts/backup.sh ]]"
+    run_test "Restore script executable" "[[ -x scripts/restore.sh ]]"
+    run_test "Sync script executable" "[[ -x scripts/sync-knowledge.sh ]]"
+    run_test "Backup script syntax" "bash -n scripts/backup.sh"
+    run_test "Restore script syntax" "bash -n scripts/restore.sh"
+    run_test "Sync script syntax" "bash -n scripts/sync-knowledge.sh"
+}
+# Test GitHub Actions
+test_github_actions() {
+    log_info "Testing GitHub Actions workflows..."
+    run_test "Deploy workflow exists" "[[ -f .github/workflows/deploy-to-hf.yml ]]"
+    run_test "Backup workflow exists" "[[ -f .github/workflows/backup-workflows.yml ]]"
+    run_test "Sync workflow exists" "[[ -f .github/workflows/sync-knowledge.yml ]]"
+    # Validate workflow syntax (basic YAML check)
+    if command -v python3 > /dev/null; then
+        run_test "Deploy workflow syntax" "python3 -c \"import yaml; yaml.safe_load(open('.github/workflows/deploy-to-hf.yml'))\""
+        run_test "Backup workflow syntax" "python3 -c \"import yaml; yaml.safe_load(open('.github/workflows/backup-workflows.yml'))\""
+        run_test "Sync workflow syntax" "python3 -c \"import yaml; yaml.safe_load(open('.github/workflows/sync-knowledge.yml'))\""
+    fi
+}
+# Test database connectivity
+test_database() {
+    log_info "Testing database connectivity..."
+    if [[ -n "${DB_POSTGRESDB_HOST:-}" && -n "${DB_POSTGRESDB_PASSWORD:-}" ]]; then
+        export PGPASSWORD="$DB_POSTGRESDB_PASSWORD"
+        run_test "Database connection" "pg_isready -h '$DB_POSTGRESDB_HOST' -p '${DB_POSTGRESDB_PORT:-5432}' -U '$DB_POSTGRESDB_USER'"
+        run_test "Database access" "psql -h '$DB_POSTGRESDB_HOST' -p '${DB_POSTGRESDB_PORT:-5432}' -U '$DB_POSTGRESDB_USER' -d '$DB_POSTGRESDB_DATABASE' -c 'SELECT 1;'"
+        run_test "pgvector extension" "psql -h '$DB_POSTGRESDB_HOST' -p '${DB_POSTGRESDB_PORT:-5432}' -U '$DB_POSTGRESDB_USER' -d '$DB_POSTGRESDB_DATABASE' -c 'SELECT * FROM pg_extension WHERE extname = \\'vector\\';'"
+    else
+        log_warn "Database credentials not available - skipping connectivity tests"
+    fi
+}
+# Test knowledge base
+test_knowledge() {
+    log_info "Testing knowledge base configuration..."
+    run_test "Knowledge directories exist" "[[ -d knowledge/n8n && -d knowledge/videos-e-animacoes && -d knowledge/midjourney-prompt ]]"
+    # Test Python dependencies for embedding generation
+    if command -v python3 > /dev/null; then
+        run_test "Python available" "python3 --version"
+        run_test "Required Python packages" "python3 -c 'import sentence_transformers, json, hashlib'"
+    fi
+}
+# Integration tests
+test_integration() {
+    log_info "Running integration tests..."
+    # Test if we can start services locally
+    if run_test "Start services locally" "docker-compose -f docker/docker-compose.yml up -d --build"; then
+        sleep 30
+        run_test "n8n health endpoint" "curl -f http://localhost:7860/healthz"
+        run_test "Vector store endpoint" "curl -f http://localhost:8000/api/v1/heartbeat"
+        # Cleanup
+        docker-compose -f docker/docker-compose.yml down > /dev/null 2>&1
+    else
+        log_error "Failed to start services - skipping integration tests"
+    fi
+}
+# Main test execution
+main() {
+    log_info "🧪 Starting n8n Infrastructure Test Suite"
+    echo "================================================"
+    cd "$PROJECT_ROOT"
+    # Run all test categories
+    test_docker
+    test_environment
+    test_scripts
+    test_github_actions
+    test_database
+    test_knowledge
+    # Skip integration tests if Docker unavailable
+    if docker --version > /dev/null 2>&1; then
+        test_integration
+    else
+        log_warn "Docker not available - skipping integration tests"
+    fi
+    # Test summary
+    echo ""
+    echo "================================================"
+    log_info "🎯 Test Results Summary"
+    echo "   Total Tests: $TESTS_TOTAL"
+    echo "   Passed: $TESTS_PASSED"
+    echo "   Failed: $TESTS_FAILED"
+    if [[ $TESTS_FAILED -eq 0 ]]; then
+        echo "   Status: ✅ ALL TESTS PASSED"
+        exit 0
+    else
+        echo "   Status: ❌ SOME TESTS FAILED"
+        exit 1
+    fi
+}
+main "$@"