Automation Workflow Validator

Comprehensive pre-deployment validator for automation workflow JSON definitions across multiple platforms.

Supported Platforms

Power Automate (Microsoft)
n8n (Open-source)
Make (formerly Integromat)
Zapier
Other JSON-based workflow platforms

Purpose

Validates automation workflows against:

Syntax correctness - Valid JSON, proper structure
Platform compliance - Schema, required fields, valid operations (platform-specific)
Best practices - Error handling, performance, reliability
Security - Hardcoded credentials, injection risks
Documentation compliance - Connector/node limits, known constraints

When This Skill Activates

Triggers on:

"Validate this workflow JSON"
"Check this workflow JSON before deployment"
"Review my workflow JSON for [platform]"
"Is this flow ready to paste into Power Automate/n8n/Make?"
"Validate my n8n workflow"
"Lint this automation"
"Pre-deployment check"
Workflow JSON files - Any JSON with workflow/flow/automation context (examples: flow.json, workflow.json, scenario.json, automation.json, fixed_flow.json)

Validation Checklist

1. Syntax Validation

JSON Structure:

Valid JSON syntax (balanced brackets, proper escaping)
No trailing commas
Proper string escaping for expressions
No invalid characters

Power Automate Schema:

Correct $schema URL
Required root elements: definition, schemaVersion
Parameters include $connections
Valid contentVersion format

Structure:

{
  "definition": {
    "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
    "contentVersion": "1.0.0.0",
    "parameters": { /* Required */ },
    "triggers": { /* Required */ },
    "actions": { /* Required */ },
    "outputs": {}
  },
  "schemaVersion": "1.0.0.0"
}

2. Triggers Validation

Required Fields:

At least one trigger defined
Trigger has "type" field
Trigger has "inputs" object
Valid trigger types: Request, Recurrence, ApiConnection, etc.

Common Issues:

Missing "kind" in Request triggers
Invalid recurrence frequency
Missing required parameters for ApiConnection triggers

Example Check:

// GOOD
"triggers": {
  "manual": {
    "type": "Request",
    "kind": "Button",  // Required for manual triggers
    "inputs": {
      "schema": {}
    }
  }
}

// BAD - missing kind
"triggers": {
  "manual": {
    "type": "Request",
    "inputs": {}
  }
}

3. Actions Validation

Required Fields:

Each action has "type"
Each action has "inputs"
Each action has "runAfter" (or is first action)
Valid action types

runAfter Chain:

No orphaned actions (all connected to trigger)
No circular dependencies
runAfter references exist
Proper status values: Succeeded, Failed, Skipped, TimedOut

GUID Validation:

All GUIDs are valid format (if present)
No duplicate GUIDs
operationMetadataId unique per action

Example Check:

// GOOD
"actions": {
  "Action_1": {
    "type": "Compose",
    "inputs": "test",
    "runAfter": {}  // First action
  },
  "Action_2": {
    "type": "Compose",
    "inputs": "test2",
    "runAfter": {
      "Action_1": ["Succeeded"]  // References existing action
    }
  }
}

// BAD - Action_2 references non-existent action
"actions": {
  "Action_2": {
    "type": "Compose",
    "inputs": "test",
    "runAfter": {
      "NonExistent": ["Succeeded"]
    }
  }
}

4. Expression Validation

Common Expression Errors:

Check Patterns:

// GOOD
"@body('Get_Item')?['property']"
"@concat('Hello ', variables('Name'))"
"@if(equals(1, 1), 'true', 'false')"

// BAD
"body('Get_Item')['property']"  // Missing @
"@concat(Hello, variables('Name'))"  // Unquoted string
"@if(equals(1, 1) 'true', 'false')"  // Missing comma

Safe Navigation:

Use ?[] for optional properties
Null checks for nullable values
Default values with coalesce()

4.5. Data Structure Validation (NEW!)

CRITICAL CHECK: Verify data type consistency throughout flow

Array Type Consistency:

Check Query/Filter actions for data type indicators
Verify item() vs item()?['Property'] usage consistency
Validate loop items() usage matches source data structure
Ensure Select actions output correct structure

Pattern Detection:

// INCONSISTENT (BUG RISK):
// Filter uses:
"where": "@contains(item(), 'text')"  // ← Array of strings

// But loop uses:
"value": "@items('Loop')?['PropertyName']"  // ← Accessing property on string = ERROR

// CONSISTENT (CORRECT):
// Filter uses:
"where": "@contains(item(), 'text')"  // ← Array of strings

// Loop uses:
"value": "@items('Loop')"  // ← Direct string access = CORRECT

Validation Checks:

All Query actions: Check if where uses item() or item()?['Prop']
All Foreach loops: Verify items() access matches source type
All Select actions: Verify mappings create expected structure
Cross-reference: Filter → Loop → SetVariable consistency

Common Bugs to Detect:

// BUG PATTERN 1: Property access on primitives
{
  "Filter": {
    "where": "@contains(item(), 'value')"  // String array
  },
  "Loop": {
    "foreach": "@body('Filter')",
    "actions": {
      "BugAction": {
        "value": "@items('Loop')?['Nom']"  // ❌ ERROR: Can't access property on string
      }
    }
  }
}

// BUG PATTERN 2: Empty Select mapping
{
  "Select": {
    "select": {
      "Nom": ""  // ❌ ERROR: Empty mapping creates useless output
    }
  }
}

// BUG PATTERN 3: Inconsistent data access
{
  "Compose1": {
    "inputs": "@item()?['Name']"  // Expects objects
  },
  "Compose2": {
    "inputs": "@item()"  // Treats as primitives
  }
  // ❌ ERROR: Inconsistent - which is it?
}

Validation Actions:

⚠️ WARNING if data structure inconsistency detected
⚠️ WARNING if Select action has empty mappings
⚠️ WARNING if item() usage is inconsistent across actions
❌ ERROR if property access clearly mismatches source type

5. Best Practices Validation

Error Handling:

Critical actions wrapped in Scope
Scope has corresponding error handler
Error handler uses "Configure run after"
Proper handling of Failed, TimedOut states

Example:

"Scope_Main": {
  "type": "Scope",
  "actions": { /* critical actions */ }
},
"Handle_Errors": {
  "type": "Compose",
  "inputs": "Error occurred",
  "runAfter": {
    "Scope_Main": ["Failed", "TimedOut"]
  }
}

Performance:

Apply to each has concurrency configured for API calls
Delays present in loops with API calls
Filtering at source (not in Apply to each)
Do until has timeout and count limits

Reliability:

Retry policies for transient errors
Idempotent operations where possible
Proper timeout configuration
Variable initialization at flow start

6. Security Validation

Critical Issues:

No hardcoded passwords or API keys
No hardcoded connection strings
Credentials use secure parameters
Sensitive data not logged in plain text

Check for:

// BAD - hardcoded credentials
"inputs": {
  "authentication": {
    "password": "MyPassword123",  // SECURITY ISSUE
    "username": "admin@contoso.com"
  }
}

// GOOD - parameterized
"inputs": {
  "authentication": {
    "password": "@parameters('$connections')['connection']['password']",
    "username": "@parameters('$connections')['connection']['username']"
  }
}

Injection Risks:

User input sanitized
SQL queries parameterized
Dynamic URLs validated
File paths validated

7. Connector-Specific Validation

SharePoint:

API calls respect 600/60s limit
Delays present in loops
List names don't contain periods
Attachment size checks (90MB)

OneDrive:

API calls respect 100/60s limit
File size checks (50MB for triggers)
Proper delays (3 seconds recommended)

HTTP:

Timeout configured
Retry policy for transient failures
Authentication configured
URL validation for user input

Control (Apply to each):

Concurrency set for API operations
Max 5000 items (default)
Proper error handling inside loop

Do Until:

Timeout configured
Count limit configured
Exit condition will eventually be true

8. Documentation Compliance

Reference PowerAutomateDocs:

Actions use documented parameters
Respect documented limitations
Follow recommended patterns
Match documented examples

Check against:

PowerAutomateDocs/{Connector}/overview.md → Limitations
PowerAutomateDocs/{Connector}/actions.md → Parameters
PowerAutomateDocs/BuiltIn/ → Built-in connector patterns

Validation Output Format

# Power Automate Flow Validation Report

## Overall Status: ✅ PASS / ⚠️ WARNINGS / ❌ FAIL

---

## Syntax Validation
**Status**: ✅ Pass

- ✅ Valid JSON syntax
- ✅ Correct Power Automate schema
- ✅ All required root elements present

---

## Structure Validation
**Status**: ✅ Pass

### Triggers
- ✅ 1 trigger defined: "manual"
- ✅ Trigger type valid: Request
- ✅ Required fields present

### Actions
- ✅ 5 actions defined
- ✅ All actions have required fields
- ✅ runAfter chain valid (no orphans)
- ✅ No circular dependencies

---

## Best Practices
**Status**: ⚠️ Warnings

### Error Handling
- ⚠️ **Missing error handling** for "Get_Items" action
  - Recommendation: Wrap in Scope with error handler
  - Impact: Flow fails completely on error

### Performance
- ✅ Apply to each has concurrency configured
- ⚠️ **No delay in API loop**
  - Recommendation: Add 1-second delay after "Get_Items"
  - Impact: Risk of throttling (429 errors)

### Reliability
- ✅ Variables initialized
- ✅ Do until has timeout configured

---

## Security
**Status**: ✅ Pass

- ✅ No hardcoded credentials
- ✅ Using connection parameters
- ✅ No SQL injection risks
- ✅ Sensitive data properly handled

---

## Connector-Specific
**Status**: ⚠️ Warnings

### SharePoint (Get Items)
- ⚠️ **Throttling risk**: 100 iterations with no delays
  - Limit: 600 calls/60 seconds
  - Recommendation: Add 1-second delay or reduce concurrency
  - Reference: PowerAutomateDocs/SharePoint/overview.md

- ✅ Attachment size checks present
- ✅ List names valid (no periods)

---

## Critical Issues: 0
## Warnings: 3
## Passed Checks: 28

---

## Recommendations (Priority Order)

### High Priority
1. **Add error handling for Get_Items**
   ```json
   "Scope_GetItems": {
     "type": "Scope",
     "actions": {
       "Get_Items": { /* existing action */ }
     }
   },
   "Handle_Errors": {
     "runAfter": {
       "Scope_GetItems": ["Failed", "TimedOut"]
     }
   }

Add delay to prevent throttling

"Delay": {
  "type": "Wait",
  "inputs": {
    "interval": {
      "count": 1,
      "unit": "Second"
    }
  },
  "runAfter": {
    "Get_Items": ["Succeeded"]
  }
}

Medium Priority

Add timeout to HTTP action
- Current: No timeout (default 2 minutes)
- Recommended: Explicit timeout configuration

Ready for Deployment?

✅ YES - Flow is syntactically valid and can be pasted into Power Automate

⚠️ WITH WARNINGS - Flow will work but has performance/reliability risks

❌ NO - Critical issues must be fixed before deployment

Next Steps

Review warnings above
Apply high-priority recommendations
Test with sample data
Monitor first runs for issues
Revisit validation after changes

Validation Metadata

Validated: [timestamp]
Flow Actions: 5
Triggers: 1
Connectors Used: SharePoint, Control
Total Checks: 31


## Validation Levels

### Level 1: Syntax (Blocking)
**Must pass** - Flow won't paste into Power Automate
- Invalid JSON
- Missing required structure
- Invalid schema

### Level 2: Structure (Blocking)
**Must pass** - Flow won't run
- Invalid runAfter chains
- Missing action types
- Invalid expression syntax

### Level 3: Best Practices (Warnings)
**Should fix** - Flow runs but has risks
- Missing error handling
- No throttling mitigation
- Poor performance patterns

### Level 4: Optimization (Suggestions)
**Nice to have** - Improvements
- Better variable naming
- More efficient queries
- Enhanced logging

## Quick Validation Commands

For specific checks without full validation:

### Check Syntax Only

"Validate JSON syntax in workflow JSON"


### Check Best Practices Only

"Review best practices in this flow"


### Check Specific Connector

"Validate SharePoint usage in workflow JSON"


### Security Scan Only

"Security scan this Power Automate flow"


## Integration with Other Skills

**Before using workflow-builder**:
- Validate requirements are complete
- Check for known limitations

**After using automation-debugger**:
- Validate the fixed workflow JSON
- Ensure all issues resolved
- Verify no new issues introduced

**Before deployment**:
- Always run full validation
- Review warnings
- Document any accepted risks

## Common Validation Failures

### 1. Missing runAfter
```json
// FAIL
"actions": {
  "Action_2": {
    "type": "Compose",
    "inputs": "test"
    // Missing runAfter
  }
}

Fix: Add "runAfter": {} for first action or reference predecessor

2. Invalid Expression

// FAIL
"inputs": "@body('Get_Item')['property']"  // Will fail if property missing

Fix: "@body('Get_Item')?['property']" with safe navigation

3. No Error Handling

// FAIL
"Get_Items": { /* API call with no error handling */ }

Fix: Wrap in Scope with error handler

4. Throttling Risk

// FAIL
"Apply_to_each": {
  "foreach": "@range(0, 1000)",  // 1000 API calls
  "runtimeConfiguration": {
    "concurrency": {
      "repetitions": 50  // 50 parallel
    }
  }
}

Fix: Reduce concurrency to 1, add delays

5. Missing Timeout

// FAIL
"Do_until": {
  "expression": "@equals(variables('Done'), true)"
  // No limit
}

Fix: Add "limit": {"count": 60, "timeout": "PT1H"}

Best Practices Enforcement

Enable strict mode for production flows:

All errors must have handlers
All loops must have limits
All API calls must have delays
All expressions must be safe
No hardcoded values
Full documentation compliance

Examples

User: "Validate my workflow JSON before I paste it"

Skill Response:

Reads workflow JSON file
Runs all validation checks
Generates detailed report
Highlights critical issues
Provides fix recommendations
Gives deployment readiness status

User: "Quick syntax check on my fixed workflow JSON"