Skip to content
in/guard/out
in/guard/out

Integration

Guardrails & checkpoints for n8n AI workflows

n8n made it easy to give an AI agent real tools – a Gmail trigger, an HTTP node, a database write – which is exactly why it needs real guardrails. The failure mode is documented and fraud-shaped: a poisoned email or order note steers the agent, and a workflow node executes the result with production credentials.

The integration meets the workflow where it is, three ways. AI nodes point at the proxy base URL, so every model call runs the pipeline. The Guardrails Checkpoint community node drops in front of consequential steps – the bank-API call, the bulk email – and asks the policy engine “may I proceed?”, honoring allow, deny, or require-approval. And the category-unique piece: upload your workflow export and it compiles into a runtime sequence policy, so the diagram you already drew becomes the ordering rules the proxy enforces – payments only after a vendor lookup, sends capped per run.

§01 Setting it up

1. Repoint the AI nodes

Set the proxy base URL and your gr- key in the AI model credentials. Model traffic – including the agent’s tool_call decisions – now crosses the pipeline.

2. Drop in the Checkpoint node

Install the Guardrails Checkpoint community node and place it before consequential nodes. Deterministic steps that never touch an LLM get gated by the same policies.

3. Import the workflow as policy

Export your workflow JSON and upload it in the Keys tab – it compiles into a sequence policy enforced as a state machine over each run’s tool history.

4. Watch the run graph

Each execution appears as one reconstructed run – model calls, tool calls, checkpoints – with violations, tiers, and cost burn-down in one trace.

§02 Frequently asked questions

Do I have to redesign my n8n workflow?

No. The base-URL change is a credentials edit; the checkpoint node is an added node in front of steps you already have; the workflow import needs only your existing export file.

What does the workflow import actually produce?

A sequence policy: the allowed orderings and limits implied by your diagram, compiled into rules the proxy enforces at runtime – flag in FIX, block in PREVENT. When the agent improvises a path your diagram never drew, that is a violation.

What happens when the checkpoint says require-approval?

The node returns the decision to your workflow, which routes accordingly – park the item, ping Slack, wait for sign-off. The decision and its resolution are recorded in the same run as everything else.

Can it stop the swapped-IBAN invoice attack?

That scenario is the worked example on our fintech page: the injection scan flags the poisoned email, action grounding blocks the IBAN that appears nowhere in the invoice, the sequence policy requires the vendor lookup, and the payment tier parks it on approval. Four independent layers.

§03 Related

Compile your n8n workflow into policy

Point your AI nodes at the proxy and drop in the checkpoint node - your workflow export becomes the enforcement. We are running a limited demo - sign up and we will get you in as soon as we can.