Gitpulse
Merged
Size
M
Change Breakdown
Feature80%
Testing20%
#28120feat(core): Make instance AI aware of read-only environments (no-changelog)

Instance AI now respects read-only environments

Instance AI now respects read-only environments
CA
Cadiac
·Apr 8, 2026

The n8n AI assistant now blocks destructive operations on protected instances, allowing only safe actions like publishing workflows, managing credentials, and browsing the filesystem.

The problem: When n8n instances are configured as read-only through source control settings, the built-in AI assistant lacked awareness of this constraint. Users could ask the AI to perform blocked operations like creating workflows or modifying data tables—only to receive confusing errors or unexpected failures.

What changed: The Instance AI system now checks whether an instance is in read-only mode before attempting write operations. When branchReadOnly is enabled, the AI proactively communicates restrictions to users rather than failing mid-operation. A subset of operations remains available: publishing and unpublishing workflows, restoring previous versions, managing credentials, and reading files or fetching URLs. All other write actions—workflow creation, data table mutations, folder management, execution controls—are blocked with clear explanations.

The change lives in the @n8n/instance-ai and @n8n/api-types packages, with adapter logic in the CLI service and a visible callout banner added to the chat interface. This ensures the AI behaves consistently with the web UI's read-only protections, maintaining predictable behavior across interaction modes.

View Original GitHub Description

Summary

Only allow limited set of actions on read-only instances (branchReadOnly = true).

We allow publishing/unpublishing workflows, restoring old versions and deleting/modifying credentials, so that should match what we can do on the UI.

Related Linear tickets, Github issues, and Community forum posts

<!-- Include links to **Linear ticket** or Github issue or Community forum post. Important in order to close *automatically* and provide context to reviewers. https://linear.app/n8n/issue/ --> <!-- Use "closes #<issue-number>", "fixes #<issue-number>", or "resolves #<issue-number>" to automatically close issues when the PR is merged. -->

Review / Merge checklist

  • PR title and summary are descriptive. (conventions) <!-- **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** -->
  • Docs updated or follow-up ticket created.
  • Tests included. <!-- A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. -->
  • PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)
© 2026 · via Gitpulse