FastAPI-powered backend for intelligent workflow generation with three-phase processing: Build → QA → Security.
Paste a requirement, get a hardened n8n workflow JSON. Minimal surface, maximum signal.
pip install -r requirements.txtuvicorn app.main:app --reload- Frontend:
http://localhost:8000 - Swagger Docs:
http://localhost:8000/docs - API Health:
http://localhost:8000/api/health
Production-ready workflow generation in seconds.
- 🔄 Three-Phase Pipeline - Build → QA → Security validation
- ⚡ Instant JSON - Convert prompts to n8n workflows instantly
- 🛡️ API Key Auth - Secure endpoints with X-API-Key
- 📊 Structured Logging - JSON-formatted request tracking
- 🌐 CORS Ready - Works with any frontend
- 💾 In-Memory Storage - Fast, stateless management
- 📥 Export Workflows - Download as JSON files
- 📚 Interactive Docs - Swagger & ReDoc built-in
app/
├── main.py # FastAPI + middleware + static files
├── routes/
│ └── workflow.py # 5 workflow endpoints
├── services/
│ └── workflow_service.py # 3-phase logic
├── schemas.py # Pydantic models
├── auth.py # API key authentication
└── logger.py # JSON logging
Creates workflow architecture with nodes, connections, and requirements
Validates structure, transforms naming, runs 4 compliance checks
Adds timeout, retries, rate limiting, SSL verification, SSRF prevention
| Method | Path | Auth | Purpose |
|---|---|---|---|
GET |
/ |
NO | Serves frontend |
GET |
/api/health |
NO | Health check |
POST |
/api/generate-workflow |
YES | Generate workflow |
GET |
/api/workflow/{id} |
YES | Get workflow |
GET |
/api/workflow/{id}/export |
YES | Download JSON |
GET |
/api/workflows |
YES | List all |
- Open
http://localhost:8000 - Type your requirement
- Click "Generate & Download JSON"
- Three phases execute automatically
- JSON downloads instantly
curl -X POST http://localhost:8000/api/generate-workflow \
-H "X-API-Key: default-api-key-change-in-production" \
-H "Content-Type: application/json" \
-d '{"requirements":"Email notification workflow"}'{
"success": true,
"workflow_id": "1234567890",
"workflow": {
"name": "Generated Workflow",
"nodes": [...],
"connections": [...],
"security": {
"timeout": 300,
"retryCount": 3
}
},
"phases": {
"build": {...},
"qa": {...},
"security": {...}
}
}Environment Variables
API_KEY=your-secure-key-here # Default: default-api-key-change-in-productionServer
- Host:
0.0.0.0 - Port:
8000 - Reload: Enabled in dev mode
Authentication
- Header:
X-API-Key - Required for all
/api/*endpoints (except/health)
# Health check
curl http://localhost:8000/api/health
# List workflows
curl http://localhost:8000/api/workflows \
-H "X-API-Key: default-api-key-change-in-production"
# Generate workflow
curl -X POST http://localhost:8000/api/generate-workflow \
-H "X-API-Key: default-api-key-change-in-production" \
-H "Content-Type: application/json" \
-d '{"requirements":"Your requirement here"}'- Interactive Docs:
http://localhost:8000/docs(Swagger) - Alternative Docs:
http://localhost:8000/redoc - Full Report: See VERIFICATION_REPORT.md
- CSP: Content Security Policy enabled
- HSTS: HTTP Strict Transport Security
- CORS: Configured for all origins
- API Key Auth: Token-based protection
- SSRF Prevention: Built-in
- Data: In-memory (no persistence)
- Framework: FastAPI 0.104.1
- Server: Uvicorn 0.24.0
- Validation: Pydantic 2.5.0
- Config: python-dotenv 1.0.0
- Frontend: Vanilla HTML/CSS/JS
Production Ready
- All endpoints tested
- Full error handling
- Security headers configured
- Documentation complete
- Workflows stored in-memory
Project Steve — FastAPI Backend | Intelligent Workflow Automation | 2026