AI workflow safety n8n + MCP + agents

Check the workflow before the agent gets hands.

Drafting is cheap. Unapproved action is expensive.

Use this checklist before activating n8n AI agents, Claude Code handoffs, Codex automations, MCP tools, or any workflow that can publish, send, charge, delete, merge, or touch customer data.

Audit n8n JSON -> Download auditor JSON Open n8n hub
approval/checklist

$ rule

read-only first. dry-run second. approval before action.

$ risk

customer-facing, public, financial, production

Checklist

The four gates before activation.

SCOPE_01.MD

Keep the agent job small

  • Name the one judgment step the agent owns.
  • Keep credentials, scheduling, retries, and logs in the workflow layer.
  • Avoid one giant prompt that owns the entire business process.
INPUTS_02.MD

Treat imported context as untrusted

  • Inspect pasted JSON, scraped pages, user uploads, and external docs before activation.
  • Remove hardcoded secrets and token-shaped strings from workflow files.
  • Store credentials in n8n credentials or environment variables, not inline nodes.
ACTIONS_03.MD

Put approval before real-world effects

  • Require human approval before publishing, emailing, charging, deleting, merging, or touching production.
  • Add a dry-run path before the live path.
  • Log the final input, model output, decision, approver, and action taken.
FAILURES_04.MD

Design the boring fallback

  • Add error handling before the workflow runs unattended.
  • Route uncertain model outputs to manual review.
  • Notify a human when risk score, confidence, or missing data crosses the threshold.

Ship Lean rule

Use each layer for the job it is good at

Claude Code and Codex are good at repo-aware building and judgment. n8n is good at triggers, credentials, routing, retries, run history, and notifications. MCP is good at exposing tools and resources to AI clients. The human gate protects anything with real consequences.

The goal is not to make the agent sound smart. The goal is to make the workflow boring enough to trust.

Where to use this next

  1. Run the n8n Workflow JSON Auditor on imported workflows.
  2. Download the auditor workflow JSON and import it into n8n.
  3. Map new workflows in the n8n AI Agent Workflow Builder.
  4. Use the Claude Code + n8n planner when the automation needs repo context.

FAQ

What is an AI agent workflow safety checklist?

It is a pre-activation review for workflows that combine AI judgment with tools, triggers, credentials, or external actions. The goal is to catch risky inputs, unsafe action paths, missing approvals, and weak fallback behavior before the workflow runs unattended.

When should an AI workflow require human approval?

Require approval before anything public, customer-facing, financial, production-facing, destructive, or hard to reverse. Drafting can be automatic. Consequential action should usually be approved.

How does this apply to MCP servers?

An MCP server gives AI clients tools, resources, and prompts. That is useful, but it also means tool boundaries matter. Read-only tools are safer. Write, send, charge, publish, and delete tools should have explicit approval or narrow permissions.

How does this apply to n8n AI agents?

Use n8n for triggers, routing, credentials, retries, and logs. Let the AI agent handle one scoped judgment step. Put human approval before outbound actions like email, Slack, publishing, database writes, and customer updates.