Knowledge resilience report
Moderate Resilience 70/100 · C · multi org profile
security
packages/@n8n/workflow-sdk/src/types/base.ts
Business implication An unexpected departure of the top contributor would orphan 949 critical files and likely slow feature delivery by 3–5 weeks while the team learns the surface.
Pair Declan Carroll (declan@n8n.io) on 'security' — bus factor 1 across 3 files
Resilience is **Moderate** (70/100). Weakest dimension: review hygiene (D).
Risk inventory: 1 service(s) rest on a single contributor; 949 file(s) would become orphans if the top contributor leaves; 234 file(s) carry high correction load (≥35% fix/revert); 6 service(s) lack AI-readable operational context.
Top recommended action: Pair Declan Carroll (declan@n8n.io) on 'security' — bus factor 1 across 3 files
--api-key sk-ant-... --provider anthropic --model claude-sonnet-4-6or set
narrative.api_key in .blindspot.yaml.
Without a key, this rule-based narrator is used — deterministic,
in-process, no network.
Moderate resilience overall (score 70). Weakest dimension: AI operational readiness at 0.
Multi-org / enterprise Concentration signals here are real risks, not artefacts.
Six concrete questions, each with a one-number answer. This is the
report. Each signal opens up below into the files, services and people
behind its number — run with --detailed for the
architecture deep-dive.
Concrete next steps derived from the signals in this report. Each action is tied to a specific finding — treat them as conversation starters with the team, not directives.
| Priority | Confidence | Category | Title | Target | Evidence |
|---|---|---|---|---|---|
| High | High | Quality Guardrail |
Fragile velocity
Stabilize delivery on packages/@n8n/workflow-sdk/src/types/base.ts
50% of recent commits to this file are follow-up fixes or reverts (4 of 8). Consider tightening review depth, adding regression tests, or pairing on the next non-trivial change to this surface.
▸ 50% of recent commits to this file are follow-up fixes or reverts — work surface ships fast but corrections pay the bill.
|
packages/@n8n/workflow-sdk/src/types/base.ts |
correction_ratio=50%, fixes=4, reverts=0, total=8 |
| Medium | High | Ownership Diversification |
Single-owner concentration
Diversify ownership of 'security' (currently single-owner)
Service 'security' has bus factor 1 across 3 files; Declan Carroll (declan@n8n.io) holds 100% of effective ownership. Pair them with at least two additional engineers and rotate code reviews for this area over the next 60 days.
▸ Bus factor 1 over 3 files — Declan Carroll (declan@n8n.io) holds 100% of effective ownership.
|
security |
bus_factor=1, top_owner_coverage=100%, files=3 |
Each signal above, opened up — the files, services and people behind the headline number. Risk signals are expanded by default; healthy ones stay collapsed.
Bus factor measures how many people would need to leave before knowledge of a service is critically lost. A bus factor of 1 means a single person carries the service.
| Service | Files | Bus factor | Risk | Top owner | Their coverage |
|---|---|---|---|---|---|
security |
3 | 1 | critical | Declan Carroll (declan@n8n.io) | 100% |
.github |
156 | 2 | high | Matsu (huhta.matias@gmail.com) | 50% |
docker |
6 | 2 | high | Declan Carroll (declan@n8n.io) | 78% |
scripts |
4 | 2 | high | Declan Carroll (declan@n8n.io) | 75% |
patches |
3 | 3 | medium | Albert Alises (albert.alises@gmail.com) | 33% |
(config) |
53 | 4 | healthy | Csaba Tuncsik (csaba@n8n.io) | 49% |
(root) |
17 | 11 | healthy | Declan Carroll (declan@n8n.io) | 29% |
packages |
8048 | 30 | healthy | oleg (me@olegivaniv.com) | 13% |
For each of the top contributors by aggregate ownership coverage, this is what would happen if they left tomorrow: how many files lose their primary expert, how many become unowned (orphan, top remaining coverage < 30%), and which services take the largest hit. Use this to prioritise pair-work and knowledge transfer.
packages
1203/8048 files, 945 orphan, 13% avg loss
(root)
0/17 files, 4 orphan, 5% avg loss
(config)
1/53 files, 1% avg loss
packages
454/8048 files, 630 orphan, 5% avg loss
.github
76/156 files, 54 orphan, 43% avg loss
(root)
5/17 files, 6 orphan, 29% avg loss
packages
468/8048 files, 564 orphan, 5% avg loss
(root)
0/17 files, 4 orphan, 1% avg loss
.github
0/156 files, 0% avg loss
Decay rises when an owner stops touching a file and others have been changing it. The 90-day projection shows the trajectory if nothing changes.
| File | Top owner | Days since touch | Decay score | Risk | 90-day projection |
|---|---|---|---|---|---|
packages/@n8n/db/src/migrations/dsl/column.ts |
Michael Drury (me@michaeldrury.co.uk) | 76 | 36% | medium | 46% |
packages/@n8n/workflow-sdk/src/types/base.ts |
Mutasem Aldmour (mutdmour@github) | 9 | 6% | low | 35% |
packages/@n8n/db/src/migrations/migration-types.ts |
Iván Ovejero (ivov.src@gmail.com) | 2 | 2% | low | 34% |
Review data fetched from GitHub (50 PRs analyzed). A rubber-stamp ratio is the share of approvals on a file that arrived without a single review comment. Reviewer diversity measures whether several people share the review load.
Share of recent commits to each file that are follow-up fixes or reverts. A high ratio is observable evidence of stability debt — work is shipping but corrections are paying for it. Look at the surface, not the person.
| File | Total commits | Fixes | Reverts | Correction ratio | Risk |
|---|---|---|---|---|---|
packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts |
5 | 5 | 0 | 100% | critical |
packages/cli/src/modules/source-control.ee/source-control-git.service.ee.ts |
5 | 5 | 0 | 100% | critical |
packages/@n8n/workflow-sdk/src/generate-types/generate-zod-schemas.test.ts |
8 | 7 | 0 | 88% | critical |
packages/@n8n/instance-ai/src/workflow-loop/__tests__/guidance.test.ts |
7 | 6 | 0 | 86% | critical |
packages/@n8n/instance-ai/src/workflow-loop/guidance.ts |
7 | 6 | 0 | 86% | critical |
packages/@n8n/instance-ai/src/tools/__tests__/index.test.ts |
5 | 4 | 0 | 80% | critical |
packages/frontend/editor-ui/src/app/components/WorkflowPreview.vue |
10 | 8 | 0 | 80% | critical |
packages/frontend/editor-ui/src/features/agents/components/AgentToolsModal.vue |
5 | 4 | 0 | 80% | critical |
packages/@n8n/instance-ai/evaluations/binaryChecks/checks/index.ts |
5 | 4 | 0 | 80% | critical |
packages/@n8n/workflow-sdk/src/validation/validation.test.ts |
5 | 4 | 0 | 80% | critical |
packages/nodes-base/nodes/Schedule/GenericFunctions.ts |
5 | 4 | 0 | 80% | critical |
packages/nodes-base/nodes/Schedule/test/GenericFunctions.test.ts |
5 | 4 | 0 | 80% | critical |
packages/nodes-base/nodes/Notion/test/GenericFunctions.test.ts |
5 | 4 | 0 | 80% | critical |
packages/cli/src/webhooks/__tests__/test-webhooks.test.ts |
5 | 4 | 0 | 80% | critical |
packages/@n8n/db/src/repositories/__tests__/workflow.repository.test.ts |
5 | 4 | 0 | 80% | critical |
Coverage of AI-readable organizational memory — agent rules, specs, prompts, architecture decisions, skills. The repo-root row is what the signal grades; per-service rows are shown for context. This is not an AI-generated-code detector.
| Surface | Agent rules | Specs | Prompts | Architecture | Skills | Coverage |
|---|---|---|---|---|---|---|
| (repo) | ✓ | — | — | — | ✓ | 40% |
| .github | — | — | — | — | — | 0% |
| docker | — | — | — | — | — | 0% |
| packages | — | — | — | — | — | 0% |
| patches | — | — | — | — | — | 0% |
| scripts | — | — | — | — | — | 0% |
| security | — | — | — | — | — | 0% |