tenetsafe

TenetSafe accountability and audit trail nodes for n8n workflows with enhanced UX - capture tamper-evident evidence records with fail-open architecture

Package Information

Downloads: 0 weekly / 0 monthly
Latest Version: 1.2.1
Author: TenetSafe

Available Nodes

TenetSafe: Declare Intent icon
TenetSafe: Declare Intent
Declare workflow intent and capture authorization context
TenetSafe: Seal Execution icon
TenetSafe: Seal Execution
Seal workflow execution with outcome proof
TenetSafe: Human Oversight icon
TenetSafe: Human Oversight
Record verifiable human intervention events in automated workflows

Documentation

@tenetsafe/n8n-nodes-tenetsafe

TenetSafe n8n nodes let you add explicit accountability and tamper‑evident audit trails to your automated workflows.
The package provides three nodes that integrate with the TenetSafe Hub API:

  • Declare Intent – capture what a workflow is authorized to do before it runs.
  • Human Oversight – record verifiable human review and decisions inside workflows.
  • Seal Execution – seal outcomes with cryptographic hashes at the end of execution.

TenetSafe is designed for organizations that want visible, verifiable evidence of what automated systems were allowed to do and what they actually did.

IMPORTANT: n8n nodes require API keys to work with your account and TenetSafe Hub.

Visit https://tenetsafe.eu for more details.

Installation

Requirements

  • Self‑hosted n8n (community nodes are only supported on self‑hosted instances).
  • A running TenetSafe Hub API instance (cloud or self‑hosted).
  • A TenetSafe API key with permissions to write intents, seals, and (optionally) oversight events.

Install as a Community Node (recommended)

Follow the official n8n community nodes installation guide:
https://docs.n8n.io/integrations/community-nodes/installation/

In your n8n instance:

  1. Go to Settings → Community Nodes.
  2. Click Install.
  3. Enter the npm package name: @tenetsafe/n8n-nodes-tenetsafe.
  4. Review and accept the community node warning.
  5. Click Install and wait for n8n to restart/reload.

After installation:

  1. Open any workflow.
  2. Click + to add a node.
  3. Search for “TenetSafe”.
  4. You should see:
    • TenetSafe: Declare Intent
    • TenetSafe: Human Oversight
    • TenetSafe: Seal Execution

Install via npm (advanced / local setups)

If you manage n8n via code or want to add the package directly:

npm install @tenetsafe/n8n-nodes-tenetsafe

Make sure your n8n instance is configured to load community node packages according to the n8n documentation.

Credentials: TenetSafe API

The nodes use a shared TenetSafe API credential to talk to the Hub.

In n8n:

  1. Go to Credentials → New.
  2. Search for “TenetSafe API”.
  3. Configure:
    • Hub API URL – e.g. https://hub.tenetsafe.eu or your self‑hosted URL.
    • API Key – your TenetSafe API key.
  4. Click Test to verify connectivity.
  5. Click Save.

The same credential can be reused across all TenetSafe nodes in your workflows.

Provided Nodes

TenetSafe: Declare Intent

Purpose
Capture workflow authorization context at the start of execution and create an Intent Record in the TenetSafe Hub. The node returns an intent_id used to link all subsequent evidence.

Typical placement

  • Immediately after the trigger (Manual Trigger, Webhook, Schedule, etc.).
  • Before any side‑effects (API calls, emails, database writes, etc.).

Key fields (simplified)

  • Workflow Name – usually auto‑filled from the n8n workflow name.
  • Owning Team – who is responsible for this workflow (e.g. “Engineering”, “Ops”).
  • Purpose – short statement of what the workflow is authorized to do.
  • Systems Touched – external systems this workflow interacts with.

Optional fields (recommended but not required):

  • Risk Tierlow, medium, or high (for audit prioritization).
  • External Impact – whether the workflow affects external users/customers.
  • Reference ID – approval ticket, change request, or business identifier.

The node automatically captures additional platform metadata, such as workflow id, execution id, trigger type, and timestamps.

TenetSafe: Human Oversight

Purpose
Record verifiable human review events inside a workflow. This is useful for “human‑in‑the‑loop” patterns where a person must approve, reject, or escalate something before the workflow proceeds.

Typical placement

  • After AI / automated decision steps, before final actions.
  • Before committing high‑risk operations (payments, deployments, data changes).

Key fields

  • Intent ID – usually {{$json.intent_id}} from a previous Declare Intent node.
  • Reviewer – identity of the reviewer (e.g. full name or username).
  • Decision – e.g. “Approved”, “Rejected”, “Escalated”.

Optional:

  • Context – short explanation of why the decision was made.

The node writes an Oversight Event to the Hub and exposes the resulting oversight ID and timestamp in its output.

TenetSafe: Seal Execution

Purpose
Seal workflow outcomes by sending a Seal Record to the Hub, including a cryptographic hash of selected data. This links what happened back to the original intent.

Typical placement

  • At the end of the main success path.
  • At the end of important branches (e.g. success / failure).
  • After each significant step, if you want multi‑step sealing.

Key fields

  • Intent ID{{$json.intent_id}} from Declare Intent.
  • Statussuccess, failure, or aborted.
  • Hash Mode:
    • Compute Hash (recommended) – node computes a SHA‑256 hash from the payload you provide.
    • Manual Hash – you provide a precomputed SHA‑256 hash.

Recommended for Compute Hash:

  • Payload to Hash – e.g. {{JSON.stringify($json)}} or a more targeted subset of data.

Optional:

  • Outcome Summary – short human‑readable description of what happened.
  • Decision Metadata – small set of key/value pairs with decision signals (e.g. scores, model version, branch taken). Avoid raw payloads or PII here.

Quick Start Example

The simplest end‑to‑end pattern:

  1. Declare Intent
    • Place after your trigger.
    • Fill in workflow purpose, owning team, and systems touched.
  2. Workflow Logic
    • Add your existing nodes (HTTP Request, Email, database, etc.).
  3. Seal Execution
    • Place at the terminal point of your workflow.
    • Set Intent ID to {{$json.intent_id}} from Declare Intent.
    • Set Status to success (or use branches to handle failures).
    • Use Compute Hash with {{JSON.stringify($json)}} for the payload.

Execute the workflow and then:

  • Inspect TenetSafe node outputs for intent_id, seal_id, and status fields.
  • Use your TenetSafe Hub to query sessions and verify the new evidence records.

For more advanced patterns (branching, multi‑seal workflows, human‑in‑the‑loop), see the examples referenced in README-FULL.md.

Compatibility and Limitations

  • n8n version – designed for n8n 1.0.0 and later.
  • TenetSafe Hub – requires a running Hub API compatible with the schemas used by this package.
  • Self‑hosted only – these nodes are intended for self‑hosted n8n deployments where you control networking and external dependencies.

Development and Testing

If you want to contribute or run tests locally:

cd apps/n8n-nodes-tenetsafe

pnpm install
pnpm build
pnpm lint
pnpm test

The package uses the official @n8n/node-cli tooling for build, lint, and release scripts.
See README-FULL.md and DEVELOPMENT.md in this directory for full development and infrastructure details.

Support and Resources

  • Product & documentationhttps://tenetsafe.eu
  • Email supportsupport@tenetsafe.eu
  • n8n community docshttps://docs.n8n.io/integrations/community-nodes/

If you have general n8n questions, the n8n community forum is a good place to ask.
For questions specific to these nodes or to TenetSafe, please contact us via email or the website.

License

This package is licensed under the MIT License.
See the LICENSE file in this package for full terms.

Discussion