This governance feature would be great for the long term, but in the meantime, are you aware of the NODES_INCLUDE and NODES_EXCLUDE environment variables?
They let you whitelist or blacklist nodes at the instance level. Not as granular as project-level policies, but it covers the basic “restrict which nodes are available” use case.
NODES_INCLUDE=["n8n-nodes-base.httpRequest","n8n-nodes-base.slack","n8n-nodes-base.code"]
Docs: Nodes environment variables | n8n Docs
One caveat: it doesn’t work for credential-only nodes (HTTP Request integrations like Datadog, Zabbix, etc.) - I’ve opened a separate feature request for that Allow NODES_INCLUDE/NODES_EXCLUDE to filter credential-only nodes (HTTP Request integrations)
Hope this help 