Cron schedules in n8n call the ClawBot FastAPI worker on a single VPS. The worker pulls contacts from HubSpot or Airtable, runs prompts, applies guardrails, and writes drafted messages to task_queue_sales for human approval. No event-driven triggers from Airtable. No webhooks between callers.
Body: {list_id, playbook_id, source_workflow, enrich, [limit]}
HubSpot list_id drives the contact set. 7661 is shared by Close Lost, Deals Follow Up, Cross-Sell and Stale Contacts — they differ only by playbook_id.
Body: {playbook_id, source_workflow, [view_id]}
Airtable view_id drives the order set. Used for rebooking and order-followup flows that depend on internal CRM state, not HubSpot lists.
Source of truth: Workflows & Automations SSOT · tbl38RfIpWTRJKyiQ. Owner split: Jess 13 · Danny 3. Only TQ-01 is marked Active; the rest run in prod while flagged In Development or Spec Ready.
| Code | Endpoint | Source | Owner | Status |
|---|---|---|---|---|
| TQ-01 | /pipeline/orders | Airtable view | Jess | Active |
| RB-01 | /pipeline/orders | Airtable view | Jess | In Dev |
| OF-01 | /pipeline/orders | Airtable view | Jess | In Dev |
| CL-01 Close Lost | /pipeline/list | HubSpot 7661 | Jess | In Dev |
| DF-01 Deals Follow Up | /pipeline/list | HubSpot 7661 | Jess | In Dev |
| CS-01 Cross-Sell | /pipeline/list | HubSpot 7661 | Jess | In Dev |
| SC-01 Stale Contacts | /pipeline/list | HubSpot 7661 | Jess | In Dev |
| COLD-FAC-01 Facilities | /pipeline/list | HubSpot list | Danny | Spec Ready |
| COLD Sustainability | /pipeline/list | HubSpot list | Danny | Trigger empty |
| COLD Procurement | /pipeline/list | HubSpot list | Danny | Trigger empty |
| + 6 more · Jess | /pipeline/list | HubSpot lists | Jess | In Dev |
15 of 16 playbooks show Status: In Development or Spec Ready while Enabled=True and a cron is firing in production. Two COLD playbooks (Procurement, Sustainability) have empty Trigger and Approval fields. Reviewing dashboards alone will under-report what’s live.
All 16 callers use HTTP Basic auth embedded directly in the request URL. No abstracted n8n credential, no HTTPS, no rotation history.
http://clawbot:MTuh-F6t8VVES9hGjWZaDuLhd-2NQicO@187.77.29.73:8788/pipeline/list
User clawbot · password is the same fixed token in every workflow. Timeout: 60s.
Rotating the password requires editing each n8n workflow JSON individually. There is no central credential vault. HTTP (not HTTPS) means the token travels in plaintext to 187.77.29.73.
Mitigation tracked in Risks · R-04 and the Phase F2 milestone in Roadmap.
n8n is timer + HTTP client + low-code router. The drafting brain (prompts, guardrails, bot selection) lives in ClawBot FastAPI. Migrating these flows to a backend deletes n8n without losing logic.
scheduleTrigger fires every X hrs/days → POST /pipeline/list or /pipeline/orders with HTTP Basic in URL. No transform. Just timer + auth.
Replaceable by: NestJS @Cron decorator + Secrets Manager. 1 day of work.
Receives webhooks (Gmail, forms, Slack) → parses → writes Airtable robin_tasks with PAT. Has logic: email parsing, rule-based routing.
Replaceable by: NestJS controllers + class-validator. 3-5 days.
HubSpot ↔ Airtable sync, WhatsApp notifications, ad-hoc syncs. Mix of cron + webhook. Lowest priority, highest variety.
Replaceable by: NestJS services per integration. 1-2 weeks.
n8n today = 16 workflows that each duplicate the same HTTP Basic URL with the password in plaintext. Rotating credentials = editing 16 JSONs by hand. No central logging, no retry queue, no version control. Moving cron + router into the Hub v2 backend (NestJS) consolidates auth, gets git-based diffs, and lets the same team that ships Hub v2 own the schedules.