n8n for SpaceTech & Aerospace SaaS Vendors: 5 Automations for ITAR, EAR, NASA NPR 8621.1, FAA, and CMMC Compliance
The fastest compliance clock in SpaceTech: An ITAR violation discovered in your cloud automation pipeline requires IMMEDIATE voluntary disclosure to DDTC (22 CFR §127.12) — not hours or days. If your n8n instance is running in a multi-tenant cloud where non-US persons can access logs or data, every execution touching USML technical data is a criminal export without a license. Self-hosted n8n is the only architecture that keeps ITAR compliance inside your controlled boundary.
SpaceTech and aerospace SaaS vendors face the most complex compliance environment in the software industry: ITAR criminal penalties ($1M per violation per person), EAR dual-use export controls, NASA mishap notification windows (24h for Type A), FAA production approval requirements, DCSA facility clearance obligations, and CMMC 2.0 for DoD contractors. Every one of these imposes strict data residency requirements that make commercial cloud iPaaS a liability.
This article gives you five production-ready n8n workflows with complete JSON — all designed for self-hosted deployment within your compliance boundary.
Who This Is For: 7 SpaceTech Customer Tiers
| Tier | Examples | Primary Compliance Flags |
|---|---|---|
SATELLITE_OPERATIONS_SAAS_VENDOR |
Constellation ops, TT&C platforms, space situational awareness | ITAR_USML_COVERED, EAR_CCL_APPLICABLE |
LAUNCH_SERVICES_SAAS_PLATFORM |
Launch scheduling, range safety, mission telemetry | ITAR_USML_COVERED, NASA_NPR_8621_APPLICABLE |
DEFENSE_AEROSPACE_SAAS_VENDOR |
DoD primes, Tier 1/2 subs, classified platforms | ITAR_USML_COVERED, CMMC_2_REQUIRED, DCSA_FACILITY_CLEARANCE_HOLDER |
MRO_SAAS_VENDOR |
FAA Part 145 repair stations, aircraft MRO platforms | FAA_PRODUCTION_APPROVAL_HOLDER |
UAM_UAS_SAAS_PLATFORM |
Urban air mobility, commercial drone ops, sUAS fleet mgmt | FAA_PRODUCTION_APPROVAL_HOLDER, EAR_CCL_APPLICABLE |
SPACE_DATA_ANALYTICS_SAAS |
Earth observation, geospatial intelligence, remote sensing | EAR_CCL_APPLICABLE, ITAR_USML_COVERED |
SPACETECH_STARTUP |
Pre-revenue NewSpace, emerging launch vehicle companies | ITAR_USML_COVERED (if USML), SOC2_REQUIRED |
Compliance Flags
| Flag | Trigger Regulation | Key Obligation |
|---|---|---|
ITAR_USML_COVERED |
22 CFR §122.1 + Part 121 USML | Annual DDTC registration; TCP required; criminal penalties §127.3 |
EAR_CCL_APPLICABLE |
15 CFR §730–774 | Export license or exception required for CCL items and dual-use data |
CMMC_2_REQUIRED |
DFARS 252.204-7021 | Triennial C3PAO Level 2/3 assessment; CUI/CDI boundary controls |
NASA_NPR_8621_APPLICABLE |
NASA NPR 8621.1C | Type A mishap: 24h notification; Type B: 72h |
FAA_PRODUCTION_APPROVAL_HOLDER |
14 CFR §21.8 | Annual production approval audit; airworthiness directive compliance |
DCSA_FACILITY_CLEARANCE_HOLDER |
NISPOM Chapter 2-300 | 24h adverse information reporting; DISS reporting |
SOC2_REQUIRED |
AICPA TSC | Annual Type II audit for customer trust |
Why Cloud iPaaS Fails the ITAR Test
ITAR 22 CFR §120.17 defines "export" to include any transfer of technical data to a foreign national, regardless of where it occurs — including inside the United States. If your automation platform runs on a multi-tenant cloud where non-US infrastructure team members can access logs, execution data, or stored values, every workflow execution touching USML-controlled technical data is an unlicensed export. This is not a theoretical risk — DDTC has pursued enforcement actions against software companies for exactly this architecture.
| Risk | Cloud iPaaS | Self-hosted n8n |
|---|---|---|
| ITAR 22 CFR §120.17 export definition | Foreign nationals at vendor may access data logs | All data stays in your ITAR-compliant enclave |
| CMMC CUI/CDI boundary (DFARS §252.204-7021) | Cloud node = outside accredited boundary = C3PAO finding | Self-hosted = within your CMMC enclave |
| NASA NPR 8621.1 mishap record preservation | Vendor holds copies; discovery and hold orders split | All records within your document hold boundary |
| DCSA NISPOM Chapter 5 IT controls | Cleared facility boundary cannot include commercial SaaS | Air-gapped or VPN-only access within facility boundary |
| EAR 15 CFR §736 re-export controls | Cloud nodes in non-US regions = unlicensed re-export | Deployment jurisdiction controlled by you |
Workflow 1: Tier-Segmented Customer Onboarding Drip
Webhook fires on new customer signup. Routes by tier (7 paths). Day 0 email injects ITAR/CMMC compliance briefing for covered tiers. Day 3 check-in. Day 7 resource email. Logs all steps to Google Sheets.
12 Deadline Types Monitored:
-
ITAR_ANNUAL_REGISTRATION— DDTC 22 CFR §122.1 (annual) -
ITAR_TECHNOLOGY_CONTROL_PLAN_REVIEW— TCP annual review -
EAR_EXPORT_LICENSE_RENEWAL— BIS license annual review -
NASA_NPR_8621_TYPE_A_MISHAP— 24h initial notification (fastest clock) -
NASA_NPR_8621_TYPE_B_MISHAP— 72h notification -
FAA_PRODUCTION_APPROVAL_ANNUAL— 14 CFR §21.8 annual audit -
DCSA_FCLA_ANNUAL_REVIEW— facility clearance annual review -
CMMC_2_C3PAO_ASSESSMENT— triennial C3PAO assessment -
FAA_AIRWORTHINESS_DIRECTIVE— compliance deadline per AD note -
EAR_RED_FLAG_REVIEW— BIS guidelines (before each transaction) -
ITAR_RETRANSFER_APPROVAL— 22 CFR §123.9 third-party transfer approval -
SOC2_TYPE2_ANNUAL— annual Type II audit
{
"name": "SpaceTech Tier-Segmented Onboarding Drip",
"nodes": [
{
"id": "n1",
"name": "Customer Signup Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 2,
"position": [
240,
300
],
"parameters": {
"path": "spacetech-signup",
"httpMethod": "POST",
"responseMode": "lastNode"
}
},
{
"id": "n2",
"name": "Log New Customer",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
460,
300
],
"parameters": {
"operation": "append",
"documentId": "{{$env.SHEET_ID}}",
"sheetName": "Customers",
"columns": {
"mappingMode": "defineBelow",
"value": {
"customer_id": "={{$json.customer_id}}",
"company_name": "={{$json.company_name}}",
"tier": "={{$json.tier}}",
"itar_usml_covered": "={{$json.flags.itar_usml_covered ?? false}}",
"ear_ccl_applicable": "={{$json.flags.ear_ccl_applicable ?? false}}",
"cmmc_2_required": "={{$json.flags.cmmc_2_required ?? false}}",
"nasa_npr_applicable": "={{$json.flags.nasa_npr_8621_applicable ?? false}}",
"dcsa_fc_holder": "={{$json.flags.dcsa_facility_clearance_holder ?? false}}",
"contact_email": "={{$json.contact_email}}",
"signed_up": "={{$now.toISO()}}",
"status": "onboarding"
}
}
}
},
{
"id": "n3",
"name": "Route by Tier",
"type": "n8n-nodes-base.switch",
"typeVersion": 3,
"position": [
680,
300
],
"parameters": {
"mode": "rules",
"rules": {
"values": [
{
"conditions": {
"options": {
"caseSensitive": true,
"leftValue": "",
"typeValidation": "strict"
},
"conditions": [
{
"leftValue": "={{$json.tier}}",
"rightValue": "SATELLITE_OPERATIONS_SAAS_VENDOR",
"operator": {
"type": "string",
"operation": "equals"
}
}
]
},
"output": 0
},
{
"conditions": {
"options": {
"caseSensitive": true,
"leftValue": "",
"typeValidation": "strict"
},
"conditions": [
{
"leftValue": "={{$json.tier}}",
"rightValue": "LAUNCH_SERVICES_SAAS_PLATFORM",
"operator": {
"type": "string",
"operation": "equals"
}
}
]
},
"output": 1
},
{
"conditions": {
"options": {
"caseSensitive": true,
"leftValue": "",
"typeValidation": "strict"
},
"conditions": [
{
"leftValue": "={{$json.tier}}",
"rightValue": "DEFENSE_AEROSPACE_SAAS_VENDOR",
"operator": {
"type": "string",
"operation": "equals"
}
}
]
},
"output": 2
},
{
"conditions": {
"options": {
"caseSensitive": true,
"leftValue": "",
"typeValidation": "strict"
},
"conditions": [
{
"leftValue": "={{$json.tier}}",
"rightValue": "MRO_SAAS_VENDOR",
"operator": {
"type": "string",
"operation": "equals"
}
}
]
},
"output": 3
},
{
"conditions": {
"options": {
"caseSensitive": true,
"leftValue": "",
"typeValidation": "strict"
},
"conditions": [
{
"leftValue": "={{$json.tier}}",
"rightValue": "UAM_UAS_SAAS_PLATFORM",
"operator": {
"type": "string",
"operation": "equals"
}
}
]
},
"output": 4
},
{
"conditions": {
"options": {
"caseSensitive": true,
"leftValue": "",
"typeValidation": "strict"
},
"conditions": [
{
"leftValue": "={{$json.tier}}",
"rightValue": "SPACE_DATA_ANALYTICS_SAAS",
"operator": {
"type": "string",
"operation": "equals"
}
}
]
},
"output": 5
}
]
},
"fallbackOutput": 6
}
},
{
"id": "n4",
"name": "Day 0 Welcome Email",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
920,
300
],
"parameters": {
"operation": "send",
"sendTo": "={{$('Customer Signup Webhook').item.json.contact_email}}",
"subject": "Welcome to FlowKit \u2014 Your SpaceTech Compliance Automation Is Live",
"message": "<p>Hi {{$('Customer Signup Webhook').item.json.first_name}},</p><p>Your FlowKit n8n templates are ready. Your tier: <strong>{{$('Customer Signup Webhook').item.json.tier}}</strong>.</p>{{$('Customer Signup Webhook').item.json.flags?.itar_usml_covered ? '<p><strong>ITAR Note (22 CFR \u00a7122.1):</strong> As an ITAR-registered vendor, your FlowKit instance must run within your Technology Control Plan boundary. Self-hosted n8n ensures USML technical data never transits non-compliant cloud infrastructure. Review your TCP before connecting external APIs.</p>' : ''}}{{$('Customer Signup Webhook').item.json.flags?.cmmc_2_required ? '<p><strong>CMMC 2.0 Note:</strong> Your CUI/CDI workflows must remain within your accredited CMMC enclave. Self-hosted n8n is the only compliant deployment model for CDI-touching automations per DFARS 252.204-7021.</p>' : ''}}<p>Reply to this email with any questions.</p>",
"options": {
"appendAttributionToText": false
}
}
},
{
"id": "n5",
"name": "Wait 3 Days",
"type": "n8n-nodes-base.wait",
"typeVersion": 1,
"position": [
1140,
300
],
"parameters": {
"resume": "timeInterval",
"unit": "days",
"amount": 3
}
},
{
"id": "n6",
"name": "Day 3 Compliance Check-in",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1360,
300
],
"parameters": {
"operation": "send",
"sendTo": "={{$('Customer Signup Webhook').item.json.contact_email}}",
"subject": "Day 3 \u2014 Is Your ITAR/EAR Deadline Tracker Running?",
"message": "<p>Hi {{$('Customer Signup Webhook').item.json.first_name}},</p><p>Three days in \u2014 have you activated the ITAR/EAR/NASA/FAA compliance deadline tracker? It monitors 12 deadline types including ITAR annual registration (22 CFR \u00a7122.1), NASA NPR 8621.1 mishap windows, and FAA production approval reviews.</p><p>If you have DCSA_FACILITY_CLEARANCE_HOLDER flag set, also configure the adverse information 24-hour notification workflow.</p>",
"options": {
"appendAttributionToText": false
}
}
},
{
"id": "n7",
"name": "Wait 4 Days",
"type": "n8n-nodes-base.wait",
"typeVersion": 1,
"position": [
1580,
300
],
"parameters": {
"resume": "timeInterval",
"unit": "days",
"amount": 4
}
},
{
"id": "n8",
"name": "Day 7 Self-Hosting Resources",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1800,
300
],
"parameters": {
"operation": "send",
"sendTo": "={{$('Customer Signup Webhook').item.json.contact_email}}",
"subject": "Week 1 Done \u2014 Key SpaceTech Self-Hosting Resources",
"message": "<p>Hi {{$('Customer Signup Webhook').item.json.first_name}},</p><p>A week in. Here is what your team should have configured by now:</p><ul><li>ITAR deadline tracker \u2014 12 types active, Slack #compliance-critical connected</li><li>Satellite/launch API health monitor \u2014 15-minute polling tighter than NASA 24h mishap window</li><li>Incident pipeline \u2014 ITAR_VIOLATION_DETECTED set to IMMEDIATE escalation</li><li>Weekly KPI dashboard \u2014 CEO + CISO briefing scheduled Monday 08:00 UTC</li></ul><p>Questions? Reply here.</p>",
"options": {
"appendAttributionToText": false
}
}
}
],
"connections": {
"Customer Signup Webhook": {
"main": [
[
{
"node": "Log New Customer",
"type": "main",
"index": 0
}
]
]
},
"Log New Customer": {
"main": [
[
{
"node": "Route by Tier",
"type": "main",
"index": 0
}
]
]
},
"Route by Tier": {
"main": [
[
{
"node": "Day 0 Welcome Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Day 0 Welcome Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Day 0 Welcome Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Day 0 Welcome Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Day 0 Welcome Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Day 0 Welcome Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Day 0 Welcome Email",
"type": "main",
"index": 0
}
]
]
},
"Day 0 Welcome Email": {
"main": [
[
{
"node": "Wait 3 Days",
"type": "main",
"index": 0
}
]
]
},
"Wait 3 Days": {
"main": [
[
{
"node": "Day 3 Compliance Check-in",
"type": "main",
"index": 0
}
]
]
},
"Day 3 Compliance Check-in": {
"main": [
[
{
"node": "Wait 4 Days",
"type": "main",
"index": 0
}
]
]
},
"Wait 4 Days": {
"main": [
[
{
"node": "Day 7 Self-Hosting Resources",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 2: ITAR/EAR/FAA/NASA/CMMC Deadline Tracker
Runs daily at 08:00 UTC. Loads ComplianceDeadlines sheet. Classifies every deadline as OVERDUE / CRITICAL (≤7d) / URGENT (≤14d) / WARNING (≤30d) / NOTICE (≤60d). Escalates CRITICAL/URGENT to Slack #compliance-critical + direct email to compliance owner. Logs all checks to audit sheet.
{
"name": "ITAR/EAR/FAA/NASA/CMMC Compliance Deadline Tracker",
"nodes": [
{
"id": "n1",
"name": "Daily 08:00 UTC",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * *"
}
]
}
}
},
{
"id": "n2",
"name": "Load Deadlines",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
460,
300
],
"parameters": {
"operation": "readAllRows",
"documentId": "{{$env.SHEET_ID}}",
"sheetName": "ComplianceDeadlines"
}
},
{
"id": "n3",
"name": "Classify by Days Remaining",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
680,
300
],
"parameters": {
"jsCode": "\nconst today = new Date();\nconst deadlines = $input.all().map(item => item.json);\nconst results = [];\nfor (const d of deadlines) {\n const due = new Date(d.due_date);\n const daysRemaining = Math.ceil((due - today) / (1000 * 60 * 60 * 24));\n let severity = 'NOTICE';\n if (daysRemaining < 0) severity = 'OVERDUE';\n else if (daysRemaining <= 7) severity = 'CRITICAL';\n else if (daysRemaining <= 14) severity = 'URGENT';\n else if (daysRemaining <= 30) severity = 'WARNING';\n results.push({ ...d, days_remaining: daysRemaining, severity, checked_at: today.toISOString() });\n}\nreturn results.filter(r => ['OVERDUE','CRITICAL','URGENT','WARNING'].includes(r.severity));\n"
}
},
{
"id": "n4",
"name": "Critical or Urgent?",
"type": "n8n-nodes-base.if",
"typeVersion": 2,
"position": [
900,
300
],
"parameters": {
"conditions": {
"options": {
"caseSensitive": true,
"leftValue": "",
"typeValidation": "strict"
},
"conditions": [
{
"leftValue": "={{$json.severity}}",
"rightValue": "NOTICE",
"operator": {
"type": "string",
"operation": "notEquals"
}
},
{
"leftValue": "={{$json.severity}}",
"rightValue": "WARNING",
"operator": {
"type": "string",
"operation": "notEquals"
}
}
],
"combinator": "and"
}
}
},
{
"id": "n5",
"name": "Slack #compliance-critical",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1120,
200
],
"parameters": {
"channel": "#compliance-critical",
"text": "*{{$json.severity}} \u2014 {{$json.deadline_type}}*\nOwner: {{$json.owner_name}}\nDue: {{$json.due_date}} ({{$json.days_remaining}} days)\nRegulation: {{$json.regulation_cite}}\n_Check ComplianceDeadlines sheet for details._"
}
},
{
"id": "n6",
"name": "Email Compliance Owner",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1120,
380
],
"parameters": {
"operation": "send",
"sendTo": "={{$json.owner_email}}",
"subject": "{{$json.severity}}: {{$json.deadline_type}} due in {{$json.days_remaining}} days",
"message": "<p>Hi {{$json.owner_name}},</p><p>Compliance deadline alert: <strong>{{$json.deadline_type}}</strong> is due on {{$json.due_date}} ({{$json.days_remaining}} days remaining).</p><p>Regulation: {{$json.regulation_cite}}</p><p>Action required: {{$json.action_required}}</p>",
"options": {
"appendAttributionToText": false
}
}
},
{
"id": "n7",
"name": "Log to Audit Sheet",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
1340,
300
],
"parameters": {
"operation": "append",
"documentId": "{{$env.SHEET_ID}}",
"sheetName": "DeadlineAuditLog",
"columns": {
"mappingMode": "defineBelow",
"value": {
"deadline_type": "={{$json.deadline_type}}",
"severity": "={{$json.severity}}",
"days_remaining": "={{$json.days_remaining}}",
"checked_at": "={{$json.checked_at}}",
"notified": "=true"
}
}
}
}
],
"connections": {
"Daily 08:00 UTC": {
"main": [
[
{
"node": "Load Deadlines",
"type": "main",
"index": 0
}
]
]
},
"Load Deadlines": {
"main": [
[
{
"node": "Classify by Days Remaining",
"type": "main",
"index": 0
}
]
]
},
"Classify by Days Remaining": {
"main": [
[
{
"node": "Critical or Urgent?",
"type": "main",
"index": 0
}
]
]
},
"Critical or Urgent?": {
"main": [
[
{
"node": "Slack #compliance-critical",
"type": "main",
"index": 0
}
],
[
{
"node": "Log to Audit Sheet",
"type": "main",
"index": 0
}
]
]
},
"Slack #compliance-critical": {
"main": [
[
{
"node": "Email Compliance Owner",
"type": "main",
"index": 0
}
]
]
},
"Email Compliance Owner": {
"main": [
[
{
"node": "Log to Audit Sheet",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 3: SpaceTech API Health Monitor (15-min polling)
Polls 5 mission-critical endpoints every 15 minutes — tighter than any statutory notification window. Each endpoint tagged with its compliance citation. Anomalies (non-200 or latency >5s) trigger Slack alert with compliance context and log to SLA sheet.
Endpoints monitored:
-
launch_telemetry_api— ITAR 22 CFR §122.1 controlled technical data -
satellite_ops_api— ITAR 22 CFR Part 121 USML Category XV -
itar_screening_api— EAR 15 CFR §764 end-user screening -
nasa_reporting_portal— NASA NPR 8621.1C §2.4.2 24h mishap clock -
faa_avs_interface— FAA 14 CFR §21.8 production approval
{
"name": "SpaceTech API Health Monitor (15-min)",
"nodes": [
{
"id": "n1",
"name": "Every 15 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "minutes",
"minutesInterval": 15
}
]
}
}
},
{
"id": "n2",
"name": "Check launch_telemetry_api",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
160
],
"parameters": {
"url": "{{$env.LAUNCH_TELEMETRY_API}}/health",
"method": "GET",
"timeout": 10000,
"response": {
"response": {
"neverError": true
}
},
"options": {}
},
"notes": "Launch telemetry \u2014 ITAR \u00a7122.1 controlled technical data endpoint. Downtime = compliance gap in telemetry chain."
},
{
"id": "n3",
"name": "Check satellite_ops_api",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
280
],
"parameters": {
"url": "{{$env.SATELLITE_OPS_API}}/health",
"method": "GET",
"timeout": 10000,
"response": {
"response": {
"neverError": true
}
},
"options": {}
}
},
{
"id": "n4",
"name": "Check itar_screening_api",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
400
],
"parameters": {
"url": "{{$env.ITAR_SCREENING_API}}/health",
"method": "GET",
"timeout": 10000,
"response": {
"response": {
"neverError": true
}
},
"options": {}
}
},
{
"id": "n5",
"name": "Check nasa_reporting_portal",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
520
],
"parameters": {
"url": "{{$env.NASA_REPORTING_PORTAL}}/health",
"method": "GET",
"timeout": 10000,
"response": {
"response": {
"neverError": true
}
},
"options": {}
}
},
{
"id": "n6",
"name": "Check faa_avs_interface",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
640
],
"parameters": {
"url": "{{$env.FAA_AVS_INTERFACE}}/health",
"method": "GET",
"timeout": 10000,
"response": {
"response": {
"neverError": true
}
},
"options": {}
}
},
{
"id": "n7",
"name": "Merge All Health Results",
"type": "n8n-nodes-base.merge",
"typeVersion": 3,
"position": [
700,
400
],
"parameters": {
"mode": "append"
}
},
{
"id": "n8",
"name": "Tag API Metadata",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
920,
400
],
"parameters": {
"jsCode": "const meta = [\n {api_name:'launch_telemetry_api',regulation_cite:'ITAR 22 CFR \u00a7122.1 \u2014 controlled tech data'},\n {api_name:'satellite_ops_api',regulation_cite:'ITAR 22 CFR Part 121 USML Category XV'},\n {api_name:'itar_screening_api',regulation_cite:'EAR 15 CFR \u00a7764 end-user screening'},\n {api_name:'nasa_reporting_portal',regulation_cite:'NASA NPR 8621.1C \u00a72.4.2 \u2014 24h mishap clock'},\n {api_name:'faa_avs_interface',regulation_cite:'FAA 14 CFR \u00a721.8 production approval'}\n];\nreturn $input.all().map((item,i) => ({...item.json, ...meta[i] ?? {}, last_success_at: item.json.status===200 ? new Date().toISOString() : null}));"
}
},
{
"id": "n9",
"name": "Classify Anomalies",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
1140,
400
],
"parameters": {
"jsCode": "\nconst results = [];\nfor (const item of $input.all()) {\n const api = item.json;\n const isDown = api.status !== 200 && api.status !== 204;\n const latencyMs = api.latency_ms ?? 0;\n const highLatency = latencyMs > 5000;\n if (isDown || highLatency) {\n const downSince = isDown ? new Date(api.last_success_at) : null;\n const minutesDown = downSince ? Math.floor((new Date() - downSince) / 60000) : 0;\n results.push({\n api_name: api.api_name,\n regulation_cite: api.regulation_cite,\n status: api.status,\n latency_ms: latencyMs,\n minutes_down: minutesDown,\n alert_level: (isDown && minutesDown > 60) ? 'CRITICAL' : isDown ? 'WARNING' : 'LATENCY',\n checked_at: new Date().toISOString()\n });\n }\n}\nreturn results;\n"
}
},
{
"id": "n10",
"name": "Any Anomaly?",
"type": "n8n-nodes-base.if",
"typeVersion": 2,
"position": [
1360,
400
],
"parameters": {
"conditions": {
"options": {
"caseSensitive": true,
"leftValue": "",
"typeValidation": "strict"
},
"conditions": [
{
"leftValue": "={{$json.alert_level}}",
"rightValue": "",
"operator": {
"type": "string",
"operation": "notEquals"
}
}
]
}
}
},
{
"id": "n11",
"name": "Slack #spacetech-ops",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1580,
300
],
"parameters": {
"channel": "#spacetech-ops",
"text": "*API {{$json.alert_level}}: {{$json.api_name}}*\nStatus: {{$json.status}} | Latency: {{$json.latency_ms}}ms | Down: {{$json.minutes_down}}min\nRegulation: {{$json.regulation_cite}}\n_Review immediately \u2014 compliance notification clocks may be running._"
}
},
{
"id": "n12",
"name": "Log to SLA Sheet",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
1580,
480
],
"parameters": {
"operation": "append",
"documentId": "{{$env.SHEET_ID}}",
"sheetName": "APIHealthLog",
"columns": {
"mappingMode": "defineBelow",
"value": {
"api_name": "={{$json.api_name}}",
"alert_level": "={{$json.alert_level}}",
"status": "={{$json.status}}",
"latency_ms": "={{$json.latency_ms}}",
"minutes_down": "={{$json.minutes_down}}",
"regulation_cite": "={{$json.regulation_cite}}",
"checked_at": "={{$json.checked_at}}"
}
}
}
}
],
"connections": {
"Every 15 Minutes": {
"main": [
[
{
"node": "Check launch_telemetry_api",
"type": "main",
"index": 0
}
],
[
{
"node": "Check satellite_ops_api",
"type": "main",
"index": 0
}
],
[
{
"node": "Check itar_screening_api",
"type": "main",
"index": 0
}
],
[
{
"node": "Check nasa_reporting_portal",
"type": "main",
"index": 0
}
],
[
{
"node": "Check faa_avs_interface",
"type": "main",
"index": 0
}
]
]
},
"Check launch_telemetry_api": {
"main": [
[
{
"node": "Merge All Health Results",
"type": "main",
"index": 0
}
]
]
},
"Check satellite_ops_api": {
"main": [
[
{
"node": "Merge All Health Results",
"type": "main",
"index": 1
}
]
]
},
"Check itar_screening_api": {
"main": [
[
{
"node": "Merge All Health Results",
"type": "main",
"index": 2
}
]
]
},
"Check nasa_reporting_portal": {
"main": [
[
{
"node": "Merge All Health Results",
"type": "main",
"index": 3
}
]
]
},
"Check faa_avs_interface": {
"main": [
[
{
"node": "Merge All Health Results",
"type": "main",
"index": 4
}
]
]
},
"Merge All Health Results": {
"main": [
[
{
"node": "Tag API Metadata",
"type": "main",
"index": 0
}
]
]
},
"Tag API Metadata": {
"main": [
[
{
"node": "Classify Anomalies",
"type": "main",
"index": 0
}
]
]
},
"Classify Anomalies": {
"main": [
[
{
"node": "Any Anomaly?",
"type": "main",
"index": 0
}
]
]
},
"Any Anomaly?": {
"main": [
[
{
"node": "Slack #spacetech-ops",
"type": "main",
"index": 0
}
],
[
{
"node": "Log to SLA Sheet",
"type": "main",
"index": 0
}
]
]
},
"Slack #spacetech-ops": {
"main": [
[
{
"node": "Log to SLA Sheet",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 4: Incident Notification Pipeline
Webhook trigger on incident detection. Routes 8 incident types through a compliance notification matrix. Fastest clock: ITAR_VIOLATION_DETECTED → IMMEDIATE voluntary disclosure (22 CFR §127.12). Sends Slack alert to appropriate channel + email to General Counsel. Logs all incidents to register.
8 Incident Types:
-
ITAR_VIOLATION_DETECTED— IMMEDIATE (voluntary disclosure 22 CFR §127.12) -
EAR_EXPORT_VIOLATION— IMMEDIATE (BIS voluntary disclosure) -
NASA_TYPE_A_MISHAP— 24h to NASA Safety Center (NPR 8621.1C §2.4.2) -
NASA_TYPE_B_MISHAP— 72h to NASA Safety Center -
DCSA_ADVERSE_INFORMATION— 24h to DCSA via DISS (NISPOM Chapter 2-300) -
CMMC_CDI_BREACH— 72h to DoD Cyber Crime Center DC3 (DFARS §252.204-7012(c)(1)) -
FAA_ACCIDENT_REPORT— oral immediately + written 10d (14 CFR §830.5) -
EXPORT_CONTROLLED_DATA_EGRESS— IMMEDIATE voluntary disclosure review
{
"name": "SpaceTech Incident Notification Pipeline",
"nodes": [
{
"id": "n1",
"name": "Incident Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 2,
"position": [
240,
300
],
"parameters": {
"path": "spacetech-incident",
"httpMethod": "POST",
"responseMode": "lastNode"
}
},
{
"id": "n2",
"name": "Classify Incident + Notification Rules",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
460,
300
],
"parameters": {
"jsCode": "\nconst incident = $input.first().json;\nconst NOTIFICATION_MATRIX = {\n 'ITAR_VIOLATION_DETECTED': {\n severity: 'CRITICAL',\n window: 'IMMEDIATE',\n notify: 'General Counsel + DDTC voluntary disclosure team (22 CFR \u00a7127.12)',\n action: 'Cease all related activity. Contact DDTC immediately. Document scope and remediation steps.',\n channel: '#legal-critical'\n },\n 'EAR_EXPORT_VIOLATION': {\n severity: 'CRITICAL',\n window: 'IMMEDIATE',\n notify: 'Export Compliance Officer + General Counsel + BIS voluntary disclosure',\n action: 'Identify controlled items/data. Assess license exception applicability. Submit BIS voluntary disclosure.',\n channel: '#legal-critical'\n },\n 'NASA_TYPE_A_MISHAP': {\n severity: 'CRITICAL',\n window: '24h \u2014 NASA NPR 8621.1C \u00a72.4.2',\n notify: 'NASA Safety Center + NASA HQ Code QS',\n action: 'Preserve all telemetry logs. Initiate Mishap Investigation Board. Submit initial notification within 24h.',\n channel: '#compliance-critical'\n },\n 'NASA_TYPE_B_MISHAP': {\n severity: 'HIGH',\n window: '72h \u2014 NASA NPR 8621.1C \u00a72.4.3',\n notify: 'NASA Safety Center',\n action: 'Begin mishap investigation. Submit formal report within 72h of occurrence.',\n channel: '#compliance-critical'\n },\n 'DCSA_ADVERSE_INFORMATION': {\n severity: 'HIGH',\n window: '24h \u2014 NISPOM Chapter 2-300',\n notify: 'DCSA Industrial Security Representative',\n action: 'Document adverse information. Submit report to DCSA via DISS within 24 hours.',\n channel: '#security-ops'\n },\n 'CMMC_CDI_BREACH': {\n severity: 'CRITICAL',\n window: '72h \u2014 DFARS 252.204-7012(c)(1)',\n notify: 'DoD Cyber Crime Center (DC3) + Prime contractor + CO',\n action: 'Isolate affected systems. Preserve forensic evidence. Submit mandatory report to DC3 within 72h.',\n channel: '#security-ops'\n },\n 'FAA_ACCIDENT_REPORT': {\n severity: 'HIGH',\n window: 'Immediate oral + 10d written \u2014 14 CFR \u00a7830.5',\n notify: 'NTSB + FAA via MedExpress',\n action: 'Preserve wreckage. Submit NTSB Form 6120.1 within 10 days. Preserve maintenance records.',\n channel: '#compliance-critical'\n },\n 'EXPORT_CONTROLLED_DATA_EGRESS': {\n severity: 'HIGH',\n window: 'IMMEDIATE \u2014 voluntary disclosure',\n notify: 'Export Compliance Officer + Legal',\n action: 'Identify what data was exposed. Assess ITAR vs EAR classification. Prepare voluntary disclosure.',\n channel: '#legal-critical'\n }\n};\nconst rule = NOTIFICATION_MATRIX[incident.incident_type] ?? {severity:'MEDIUM',window:'24h',notify:'Compliance Officer',action:'Investigate and escalate.',channel:'#compliance'};\nreturn [{...incident, ...rule, triggered_at: new Date().toISOString()}];\n"
}
},
{
"id": "n3",
"name": "Slack Alert",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
680,
200
],
"parameters": {
"channel": "={{$json.channel}}",
"text": "*{{$json.severity}} INCIDENT: {{$json.incident_type}}*\nWindow: {{$json.window}}\nNotify: {{$json.notify}}\nAction: {{$json.action}}\nTriggered: {{$json.triggered_at}}\n_This notification is time-sensitive. Do not delay._"
}
},
{
"id": "n4",
"name": "Email General Counsel",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
680,
380
],
"parameters": {
"operation": "send",
"sendTo": "={{$env.GENERAL_COUNSEL_EMAIL}}",
"subject": "[{{$json.severity}}] SpaceTech Incident: {{$json.incident_type}} \u2014 {{$json.window}}",
"message": "<p><strong>Incident Type:</strong> {{$json.incident_type}}</p><p><strong>Notification Window:</strong> {{$json.window}}</p><p><strong>Notify:</strong> {{$json.notify}}</p><p><strong>Required Action:</strong> {{$json.action}}</p><p><strong>Incident Details:</strong></p><pre>{{JSON.stringify($json, null, 2)}}</pre>",
"options": {
"appendAttributionToText": false
}
}
},
{
"id": "n5",
"name": "Log to Incident Register",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
900,
300
],
"parameters": {
"operation": "append",
"documentId": "{{$env.SHEET_ID}}",
"sheetName": "IncidentRegister",
"columns": {
"mappingMode": "defineBelow",
"value": {
"incident_id": "={{$json.incident_id}}",
"incident_type": "={{$json.incident_type}}",
"severity": "={{$json.severity}}",
"window": "={{$json.window}}",
"notify_target": "={{$json.notify}}",
"triggered_at": "={{$json.triggered_at}}",
"status": "open"
}
}
}
}
],
"connections": {
"Incident Webhook": {
"main": [
[
{
"node": "Classify Incident + Notification Rules",
"type": "main",
"index": 0
}
]
]
},
"Classify Incident + Notification Rules": {
"main": [
[
{
"node": "Slack Alert",
"type": "main",
"index": 0
}
]
]
},
"Slack Alert": {
"main": [
[
{
"node": "Email General Counsel",
"type": "main",
"index": 0
}
]
]
},
"Email General Counsel": {
"main": [
[
{
"node": "Log to Incident Register",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 5: Weekly SpaceTech KPI Dashboard
Monday 08:00 UTC. Loads full customer sheet. Computes total customers, MRR, WoW%, ITAR/CMMC/NASA tier counts, tier breakdown. Emails HTML report to CEO + BCC CISO/CCO. Posts one-liner to Slack #go-to-market. Uses $getWorkflowStaticData for WoW percentage — no external state store needed.
{
"name": "Weekly SpaceTech KPI Dashboard",
"nodes": [
{
"id": "n1",
"name": "Monday 08:00 UTC",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1"
}
]
}
}
},
{
"id": "n2",
"name": "Load Customer Data",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
460,
300
],
"parameters": {
"operation": "readAllRows",
"documentId": "{{$env.SHEET_ID}}",
"sheetName": "Customers"
}
},
{
"id": "n3",
"name": "Compute KPIs + WoW",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
680,
300
],
"parameters": {
"jsCode": "\nconst prev = $getWorkflowStaticData('node');\nconst rows = $input.all().map(i => i.json);\nconst total = rows.length;\nconst byTier = {};\nfor (const r of rows) { byTier[r.tier] = (byTier[r.tier] ?? 0) + 1; }\nconst mrr = rows.reduce((s,r) => s + (Number(r.mrr_usd) || 0), 0);\nconst itarCount = rows.filter(r => r.itar_usml_covered === 'TRUE' || r.itar_usml_covered === true).length;\nconst cmmcCount = rows.filter(r => r.cmmc_2_required === 'TRUE' || r.cmmc_2_required === true).length;\nconst nasaCount = rows.filter(r => r.nasa_npr_applicable === 'TRUE' || r.nasa_npr_applicable === true).length;\nconst wow = prev.mrr ? (((mrr - prev.mrr) / prev.mrr) * 100).toFixed(1) + '%' : 'N/A (first run)';\nprev.mrr = mrr;\nprev.total = total;\nreturn [{total_customers: total, mrr_usd: mrr, wow_mrr: wow, itar_customers: itarCount, cmmc_customers: cmmcCount, nasa_customers: nasaCount, tier_breakdown: JSON.stringify(byTier), week_ending: new Date().toISOString().slice(0,10)}];\n"
}
},
{
"id": "n4",
"name": "Build HTML Report",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
900,
300
],
"parameters": {
"jsCode": "const d = $input.first().json;\nconst html = '<h2>Weekly SpaceTech KPI Report</h2><table border=1 cellpadding=8><tr><th>Metric</th><th>Value</th></tr><tr><td>Total Customers</td><td>' + d.total_customers + '</td></tr><tr><td>MRR</td><td>$' + d.mrr_usd.toLocaleString() + '</td></tr><tr><td>WoW MRR</td><td>' + d.wow_mrr + '</td></tr><tr><td>ITAR-Covered Customers</td><td>' + d.itar_customers + '</td></tr><tr><td>CMMC 2.0 Customers</td><td>' + d.cmmc_customers + '</td></tr><tr><td>NASA NPR Customers</td><td>' + d.nasa_customers + '</td></tr><tr><td>Tier Breakdown</td><td><pre>' + d.tier_breakdown + '</pre></td></tr></table><p>Week ending: ' + d.week_ending + '</p>';\nreturn [{...d, html_report: html}];"
}
},
{
"id": "n5",
"name": "Email CEO + CISO",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1120,
200
],
"parameters": {
"operation": "send",
"sendTo": "={{$env.CEO_EMAIL}}",
"ccList": "={{$env.CISO_EMAIL}},={{$env.CCO_EMAIL}}",
"subject": "Weekly SpaceTech KPI \u2014 w/e {{$json.week_ending}} | MRR ${{$json.mrr_usd.toLocaleString()}} ({{$json.wow_mrr}})",
"message": "={{$json.html_report}}",
"options": {
"appendAttributionToText": false
}
}
},
{
"id": "n6",
"name": "Slack #go-to-market",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1120,
420
],
"parameters": {
"channel": "#go-to-market",
"text": "*Weekly SpaceTech KPI ({{$json.week_ending}})*\nCustomers: {{$json.total_customers}} | MRR: ${{$json.mrr_usd.toLocaleString()}} ({{$json.wow_mrr}} WoW)\nITAR: {{$json.itar_customers}} | CMMC: {{$json.cmmc_customers}} | NASA NPR: {{$json.nasa_customers}}"
}
}
],
"connections": {
"Monday 08:00 UTC": {
"main": [
[
{
"node": "Load Customer Data",
"type": "main",
"index": 0
}
]
]
},
"Load Customer Data": {
"main": [
[
{
"node": "Compute KPIs + WoW",
"type": "main",
"index": 0
}
]
]
},
"Compute KPIs + WoW": {
"main": [
[
{
"node": "Build HTML Report",
"type": "main",
"index": 0
}
]
]
},
"Build HTML Report": {
"main": [
[
{
"node": "Email CEO + CISO",
"type": "main",
"index": 0
}
],
[
{
"node": "Slack #go-to-market",
"type": "main",
"index": 0
}
]
]
}
}
}
Setup Guide
- Self-host n8n within your ITAR-compliant enclave (on-premise or FedRAMP-authorized cloud with BAA/ISA in place). Do not use n8n Cloud if processing USML technical data.
-
Create Google Sheets:
Customers,ComplianceDeadlines,APIHealthLog,IncidentRegister,DeadlineAuditLog. -
Set environment variables in your n8n instance:
SHEET_ID,LAUNCH_TELEMETRY_API,SATELLITE_OPS_API,ITAR_SCREENING_API,NASA_REPORTING_PORTAL,FAA_AVS_INTERFACE,GENERAL_COUNSEL_EMAIL,CEO_EMAIL,CISO_EMAIL,CCO_EMAIL. - Import all 5 workflows via Settings > Import Workflow in your self-hosted n8n.
- Configure Slack with #compliance-critical, #spacetech-ops, #legal-critical, #security-ops, #go-to-market channels.
- Populate ComplianceDeadlines with your actual ITAR registration dates, TCP review dates, NASA mission windows, FAA audit dates, DCSA FCLA dates, CMMC assessment dates.
- Activate workflows. The incident pipeline and API monitor activate immediately. The deadline tracker runs at 08:00 UTC daily. Onboarding drip activates on first customer webhook.
All 5 Workflows + 10 More in the FlowKit Bundle
The complete FlowKit n8n template bundle includes 15 production-ready workflows across all verticals. Available at stripeai.gumroad.com.
Individual workflows: $12–$29. Complete bundle (15 templates): $97.
Top comments (0)