Hidden Assumptions in n8n

JavaScript expressions in node parameters referencing $node() data will always find existing node results, and that the referenced node data structure hasn't changed between expression compilation and evaluation

If this fails: If a workflow is modified while running, or if nodes are executed in unexpected order, expressions will access undefined properties or stale data, producing silent wrong results instead of clear errors

Files specified in '_FILE' environment variables (like N8N_DB_PASSWORD_FILE) exist, are readable, and contain only the secret value without additional formatting or whitespace that matters for authentication

If this fails: If the file is missing, has wrong permissions, or contains extra whitespace, authentication with databases or external services will fail silently or with cryptic connection errors that don't point to the file issue

AgentMessage array in conversation history maintains chronological order with alternating user/assistant roles, and that conversation context doesn't exceed the model's context window

If this fails: Out-of-order messages confuse the language model leading to nonsensical responses, while context overflow causes silent truncation of important conversation history, making agents forget previous tool results or user instructions

Workflows have reasonable numbers of nodes (under 100) and connections — the execution engine doesn't have depth limits or cycle detection for node dependency resolution

If this fails: Workflows with hundreds of nodes or circular dependencies cause stack overflow during execution planning, while deeply nested subworkflow calls can exhaust memory without clear error messages about the architectural limits

Server-sent event streams from AI providers follow standard SSE format with proper 'data:' prefixes and JSON payloads, and that streams don't contain malformed or incomplete JSON chunks

If this fails: Malformed SSE data from AI providers causes JSON parsing errors that crash AI agent workflows, while incomplete chunks result in hanging connections or corrupted tool call data that silently produces wrong automation results

Node type implementations loaded from the registry have execute() methods that return INodeExecutionData arrays with the same structure expected by downstream nodes — there's no interface validation at runtime

If this fails: Custom or third-party nodes that return malformed execution data cause type errors in subsequent nodes, leading to workflow failures that are difficult to debug since the error appears in the consumer node, not the producer

External systems being polled maintain consistent API responses and don't rate-limit or block polling requests — the polling interval is fixed regardless of external system behavior

If this fails: When external systems implement rate limiting or change their API responses, polling workflows fail repeatedly without backoff, potentially getting the n8n instance IP blocked, while API changes cause silent data parsing failures

Agent conversation history can grow indefinitely in memory without cleanup, and that multiple concurrent agent conversations don't interfere with each other's memory state

If this fails: Long-running agents accumulate unbounded conversation history causing memory leaks, while concurrent agents may corrupt each other's memory if shared instances are used, leading to agents responding with context from other conversations

When binary storage mode is set to 'filesystem', the configured path is writable and has sufficient permissions, and when set to 'S3', the AWS credentials and bucket configuration are valid and persistent

If this fails: Permission changes or credential rotation cause binary data operations to fail with unclear error messages, while filesystem permission issues result in workflow failures whenever files need to be stored or retrieved

The predefined list of allowed Python standard library modules covers all legitimate use cases while blocking dangerous ones — there's no dynamic security assessment based on actual code patterns

If this fails: Users may be blocked from legitimate automation tasks if required modules aren't allowlisted, while new attack vectors through allowed modules won't be detected until manual security reviews update the configuration

Generated workflows from natural language prompts will have valid node configurations and proper connections — the builder assumes LLM outputs follow the expected workflow schema without comprehensive validation

If this fails: AI-generated workflows may have invalid node parameters or broken connections that only fail at execution time, making it difficult to distinguish between user intent errors and AI generation bugs

Workflow connection objects maintain referential integrity where every connection references existing node IDs, and that connection data structures don't contain cycles that would cause infinite traversal

If this fails: Workflows with dangling references or circular connections cause stack overflow when traversing node dependencies, while invalid node references lead to undefined behavior during workflow analysis and execution planning