01 / REVIEW OBJECT
One exact workflow and one explicit evidence boundary.
The reviewed artifact is the self-directed n8n Reliability Lab, workflow ID ReliabilityLab2026. Evidence consists of its versioned workflow JSON, one isolated local import and CLI execution, the sanitized final result, and an independent mutation-guard test.
| Review input | Observed evidence |
|---|---|
| Runtime | n8n 2.26.8 on Node.js 24.14.0, local CLI execution. |
| Fixture set | Five deterministic items covering ready, duplicate, retry, invalid, and exhausted-failure paths. |
| Control result | Seven runtime invariants passed; the independent mutation guard confirmed a changed outcome fails closed. |
| Access | No credentials, external nodes, HTTP requests, webhooks, messages, or writes. |
| Out of scope | Third-party behavior, durable state, concurrency, load, uptime, security assessment, and business impact. |
02 / EXECUTIVE VERDICT
The declared control path is verified. Production connection is blocked.
The workflow does what this local test says it does: validate intake, suppress one in-run duplicate, distinguish retry from review, and prevent every external action. That is useful evidence for routing logic, but it is not production readiness.
Suitable as a reliability test harness. Not approved for a live integration until the production gaps below have evidence and an accountable owner accepts them.
03 / CONTROL EVIDENCE
Pass, blocked, and untested are different states.
| Control | State | Evidence or gap |
|---|---|---|
| Required-field validation | Verified | Invalid input routes to review before an action is planned. |
| Duplicate behavior | Verified in-run only | One duplicate is suppressed inside one execution; no durable or concurrent store is tested. |
| Retry boundary | Verified as planning | One temporary failure becomes retry; exhausted failure becomes review. No dependency call occurs. |
| Human-review routing | Verified as state | Two fixtures enter review. No accountable queue, notification, or decision record is connected. |
| External side effects | Blocked by design | The workflow plans a label only; executed side effects and external actions remain zero. |
| Secrets and least privilege | Untested | No credential exists, so ownership, scope, rotation, and environment separation are not demonstrated. |
| Observability and recovery | Untested | The final result is inspectable, but alert delivery, run retention, replay, and operator recovery are not exercised. |
| Rollback and handoff | Untested | No deployed version, configuration inventory, rollback trigger, or operator runbook is part of the lab. |
04 / PRIORITY FINDINGS
What must change before a real write is enabled.
- R-01 · High · durable idempotency absentChoose a stable business-event key, durable store, retention rule, concurrency behavior, and replay test before any non-reversible write.
- R-02 · High · side-effect contract absentName the target state, destination identifier, authorization, ambiguous-response reconciliation, and the conditions that withhold a write.
- R-03 · Medium · review is not yet an operating queueAssign an owner, decision options, safe evidence packet, age/escalation rule, and auditable decision outcome.
- R-04 · Medium · environment and credential controls untestedSeparate test and production endpoints, apply least privilege, record secret ownership and rotation, and keep exports and logs credential-free.
- R-05 · Medium · recovery evidence absentExercise alert delivery, terminal-state retention, safe replay, deployment verification, rollback, and the operator runbook.
05 / ACCEPTANCE GATE
The next decision needs evidence, not confidence.
- One accountable owner confirms source, destination, data, and production authority.
- Input and output contracts define valid, invalid, partial, stale, duplicate, and withheld states.
- A sandbox or test account exercises the exact target API with sanitized fixtures.
- Durable idempotency and ambiguous-write reconciliation pass replay and concurrency cases.
- Retryable, terminal, unavailable, and human-review paths produce inspectable evidence.
- Credential scope, environment separation, rotation, and revocation are documented.
- Alert ownership, recovery steps, rollback trigger, and handoff are tested.
- The accountable owner records final acceptance of the exact candidate version and remaining risks.
06 / SAMPLE BOUNDARY
This demonstrates the review format, not a client outcome.
Every statement above is derived from the self-directed n8n Reliability Lab and its recorded local execution. This is not a client audit, security assessment, certification, official n8n partnership claim, delivered integration, uptime claim, or evidence of business impact. A real review starts from the authorized workflow, systems, fixtures, and acceptance owner supplied for that engagement.