@aaron-pienza/mcp-server-salesforce 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Tapas Mukherjee
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,398 @@
+# Salesforce MCP Server
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/tsmztech/mcp-server-salesforce/badge)](https://securityscorecards.dev/viewer/?uri=github.com/tsmztech/mcp-server-salesforce)
+
+
+An MCP (Model Context Protocol) server implementation that integrates Claude with Salesforce, enabling natural language interactions with your Salesforce data and metadata. This server allows Claude to query, modify, and manage your Salesforce objects and records using everyday language.
+
+<a href="https://glama.ai/mcp/servers/kqeniawbr6">
+  <img width="380" height="200" src="https://glama.ai/mcp/servers/kqeniawbr6/badge" alt="Salesforce Server MCP server" />
+</a>
+
+## Features
+
+* **Object and Field Management**: Create and modify custom objects and fields using natural language
+* **Smart Object Search**: Find Salesforce objects using partial name matches
+* **Detailed Schema Information**: Get comprehensive field and relationship details for any object
+* **Flexible Data Queries**: Query records with relationship support and complex filters
+* **Data Manipulation**: Insert, update, delete, and upsert records with ease
+* **Cross-Object Search**: Search across multiple objects using SOSL
+* **Apex Code Management**: Read, create, and update Apex classes and triggers
+* **Reports & Dashboards**: List, describe, run reports with filter overrides, and retrieve dashboard component data
+* **REST API Passthrough**: Call any Salesforce REST endpoint directly — Reports, Composite API, Files, Limits, and more
+* **Input Sanitization**: SOQL/SOSL injection prevention, identifier validation, and secure query construction
+* **Intuitive Error Handling**: Clear feedback with Salesforce-specific error details
+* **Switchable Authentication**: Supports multiple orgs. Easily switch your active Salesforce org based on the default org configured in your VS Code workspace (use Salesforce_CLI authentication for this feature).
+
+## Installation
+
+### Global Installation (npm)
+
+```bash
+npm install -g @tsmztech/mcp-server-salesforce
+```
+
+### Claude Desktop Quick Installation
+
+For easy setup with Claude Desktop, download the pre-configured extension:
+
+1. Download [`salesforce-mcp-extension.dxt`](./claude-desktop/salesforce-mcp-extension.dxt) from the `claude-desktop/` folder
+2. Open Claude Desktop → Settings → Extensions
+3. Drag the `.dxt` file into the Extensions window
+4. Configure your Salesforce credentials when prompted
+
+For manual Claude Desktop configuration, see [Usage with Claude Desktop](#usage-with-claude-desktop) below.
+
+## Tools
+
+### salesforce_search_objects
+Search for standard and custom objects:
+* Search by partial name matches
+* Finds both standard and custom objects
+* Example: "Find objects related to Account" will find Account, AccountHistory, etc.
+
+### salesforce_describe_object
+Get detailed object schema information:
+* Field definitions and properties
+* Relationship details
+* Picklist values
+* Example: "Show me all fields in the Account object"
+
+### salesforce_query_records
+Query records with relationship support:
+* Parent-to-child relationships
+* Child-to-parent relationships
+* Complex WHERE conditions
+* Example: "Get all Accounts with their related Contacts"
+* Note: For queries with GROUP BY or aggregate functions, use salesforce_aggregate_query
+
+### salesforce_aggregate_query
+Execute aggregate queries with GROUP BY:
+* GROUP BY single or multiple fields
+* Aggregate functions: COUNT, COUNT_DISTINCT, SUM, AVG, MIN, MAX
+* HAVING clauses for filtering grouped results
+* Date/time grouping functions
+* Example: "Count opportunities by stage" or "Find accounts with more than 10 opportunities"
+
+### salesforce_dml_records
+Perform data operations:
+* Insert new records
+* Update existing records
+* Delete records
+* Upsert using external IDs
+* Example: "Update status of multiple accounts"
+
+### salesforce_manage_object
+Create and modify custom objects:
+* Create new custom objects
+* Update object properties
+* Configure sharing settings
+* Example: "Create a Customer Feedback object"
+
+### salesforce_manage_field
+Manage object fields:
+* Add new custom fields
+* Modify field properties
+* Create relationships
+* Automatically grants Field Level Security to System Administrator by default
+* Use `grantAccessTo` parameter to specify different profiles
+* Example: "Add a Rating picklist field to Account"
+
+### salesforce_manage_field_permissions
+Manage Field Level Security (Field Permissions):
+* Grant or revoke read/edit access to fields for specific profiles
+* View current field permissions
+* Bulk update permissions for multiple profiles
+* Useful for managing permissions after field creation or for existing fields
+* Example: "Grant System Administrator access to Custom_Field__c on Account"
+
+### salesforce_search_all
+Search across multiple objects:
+* SOSL-based search
+* Multiple object support
+* Field snippets
+* Example: "Search for 'cloud' across Accounts and Opportunities"
+
+### salesforce_read_apex
+Read Apex classes:
+* Get full source code of specific classes
+* List classes matching name patterns
+* View class metadata (API version, status, etc.)
+* Support for wildcards (* and ?) in name patterns
+* Example: "Show me the AccountController class" or "Find all classes matching Account*Cont*"
+
+### salesforce_write_apex
+Create and update Apex classes:
+* Create new Apex classes
+* Update existing class implementations
+* Specify API versions
+* Example: "Create a new Apex class for handling account operations"
+
+### salesforce_read_apex_trigger
+Read Apex triggers:
+* Get full source code of specific triggers
+* List triggers matching name patterns
+* View trigger metadata (API version, object, status, etc.)
+* Support for wildcards (* and ?) in name patterns
+* Example: "Show me the AccountTrigger" or "Find all triggers for Contact object"
+
+### salesforce_write_apex_trigger
+Create and update Apex triggers:
+* Create new Apex triggers for specific objects
+* Update existing trigger implementations
+* Specify API versions and event operations
+* Example: "Create a new trigger for the Account object" or "Update the Lead trigger"
+
+### salesforce_execute_anonymous
+Execute anonymous Apex code:
+* Run Apex code without creating a permanent class
+* View debug logs and execution results
+* Useful for data operations not directly supported by other tools
+* Example: "Execute Apex code to calculate account metrics" or "Run a script to update related records"
+
+### salesforce_manage_debug_logs
+Manage debug logs for Salesforce users:
+* Enable debug logs for specific users
+* Disable active debug log configurations
+* Retrieve and view debug logs
+* Configure log levels (NONE, ERROR, WARN, INFO, DEBUG, FINE, FINER, FINEST)
+* Example: "Enable debug logs for user@example.com" or "Retrieve recent logs for an admin user"
+
+### salesforce_rest_api
+Make direct REST API calls to any Salesforce REST endpoint:
+* Access any Salesforce REST API endpoint not covered by other tools
+* Supports GET, POST, PATCH, PUT, and DELETE methods
+* Automatically handles API version prefixing (`/services/data/vXX.0/`)
+* Supports raw paths for custom Apex REST endpoints (`/services/apexrest/...`)
+* Query parameters and JSON request bodies
+* Configurable API version override
+* Large response truncation to prevent client overload
+* Examples:
+  - "Get our org's API limits" → `GET /limits`
+  - "Run report 00O5e000004XXXX" → `GET /analytics/reports/{id}`
+  - "Get the Composite API to batch requests" → `POST /composite`
+  - "Download file content" → `GET /sobjects/ContentVersion/{id}/VersionData`
+  - "Call our custom Apex REST endpoint" → `GET /services/apexrest/MyEndpoint` (with `rawPath: true`)
+
+## Setup
+
+### Salesforce Authentication
+You can connect to Salesforce using one of three authentication methods:
+
+#### 1. Username/Password Authentication (Default)
+1. Set up your Salesforce credentials
+2. Get your security token (Reset from Salesforce Settings)
+
+#### 2. OAuth 2.0 Client Credentials Flow
+1. Create a Connected App in Salesforce
+2. Enable OAuth settings and select "Client Credentials Flow"
+3. Set appropriate scopes (typically "api" is sufficient)
+4. Save the Client ID and Client Secret
+5. **Important**: Note your instance URL (e.g., `https://your-domain.my.salesforce.com`) as it's required for authentication
+
+#### 3. Salesforce CLI Authentication (Recommended for local/dev) (contribution by @andrea9293)
+1. Install and authenticate Salesforce CLI (`sf`).
+2. Make sure your org is authenticated and accessible via `sf org display --json` in the root of your Salesforce project.
+3. The server will automatically retrieve the access token and instance url using the CLI.
+
+
+
+### Usage with Claude Desktop
+
+
+Add to your `claude_desktop_config.json`:
+
+
+#### For Salesforce CLI Authentication:
+```json
+{
+  "mcpServers": {
+    "salesforce": {
+      "command": "npx",
+      "args": ["-y", "@tsmztech/mcp-server-salesforce"],
+      "env": {
+        "SALESFORCE_CONNECTION_TYPE": "Salesforce_CLI"
+      }
+    }
+  }
+}
+```
+
+#### For Username/Password Authentication:
+```json
+{
+  "mcpServers": {
+    "salesforce": {
+      "command": "npx",
+      "args": ["-y", "@tsmztech/mcp-server-salesforce"],
+      "env": {
+        "SALESFORCE_CONNECTION_TYPE": "User_Password",
+        "SALESFORCE_USERNAME": "your_username",
+        "SALESFORCE_PASSWORD": "your_password",
+        "SALESFORCE_TOKEN": "your_security_token",
+        "SALESFORCE_INSTANCE_URL": "org_url"        // Optional. Default value: https://login.salesforce.com
+      }
+    }
+  }
+}
+```
+
+#### For OAuth 2.0 Client Credentials Flow:
+```json
+{
+  "mcpServers": {
+    "salesforce": {
+      "command": "npx",
+      "args": ["-y", "@tsmztech/mcp-server-salesforce"],
+      "env": {
+        "SALESFORCE_CONNECTION_TYPE": "OAuth_2.0_Client_Credentials",
+        "SALESFORCE_CLIENT_ID": "your_client_id",
+        "SALESFORCE_CLIENT_SECRET": "your_client_secret",
+        "SALESFORCE_INSTANCE_URL": "https://your-domain.my.salesforce.com"  // REQUIRED: Must be your exact Salesforce instance URL
+      }
+    }
+  }
+}
+```
+
+> **Note**: For OAuth 2.0 Client Credentials Flow, the `SALESFORCE_INSTANCE_URL` must be your exact Salesforce instance URL (e.g., `https://your-domain.my.salesforce.com`). The token endpoint will be constructed as `<instance_url>/services/oauth2/token`.
+
+## Example Usage
+
+### Searching Objects
+```
+"Find all objects related to Accounts"
+"Show me objects that handle customer service"
+"What objects are available for order management?"
+```
+
+### Getting Schema Information
+```
+"What fields are available in the Account object?"
+"Show me the picklist values for Case Status"
+"Describe the relationship fields in Opportunity"
+```
+
+### Querying Records
+```
+"Get all Accounts created this month"
+"Show me high-priority Cases with their related Contacts"
+"Find all Opportunities over $100k"
+```
+
+### Aggregate Queries
+```
+"Count opportunities by stage"
+"Show me the total revenue by account"
+"Find accounts with more than 10 opportunities"
+"Calculate average deal size by sales rep and quarter"
+"Get the number of cases by priority and status"
+```
+
+### Managing Custom Objects
+```
+"Create a Customer Feedback object"
+"Add a Rating field to the Feedback object"
+"Update sharing settings for the Service Request object"
+```
+Examples with Field Level Security:
+```
+# Default - grants access to System Administrator automatically
+"Create a Status picklist field on Custom_Object__c"
+
+# Custom profiles - grants access to specified profiles
+"Create a Revenue currency field on Account and grant access to Sales User and Marketing User profiles"
+```
+
+### Managing Field Permissions
+```
+"Grant System Administrator access to Custom_Field__c on Account"
+"Give read-only access to Rating__c field for Sales User profile"
+"View which profiles have access to the Custom_Field__c"
+"Revoke field access for specific profiles"
+```
+
+### Searching Across Objects
+```
+"Search for 'cloud' in Accounts and Opportunities"
+"Find mentions of 'network issue' in Cases and Knowledge Articles"
+"Search for customer name across all relevant objects"
+```
+
+### Managing Apex Code
+```
+"Show me all Apex classes with 'Controller' in the name"
+"Get the full code for the AccountService class"
+"Create a new Apex utility class for handling date operations"
+"Update the LeadConverter class to add a new method"
+```
+
+### Managing Apex Triggers
+```
+"List all triggers for the Account object"
+"Show me the code for the ContactTrigger"
+"Create a new trigger for the Opportunity object"
+"Update the Case trigger to handle after delete events"
+```
+
+### Executing Anonymous Apex Code
+```
+"Execute Apex code to calculate account metrics"
+"Run a script to update related records"
+"Execute a batch job to process large datasets"
+```
+
+### Managing Debug Logs
+```
+"Enable debug logs for user@example.com"
+"Retrieve recent logs for an admin user"
+"Disable debug logs for a specific user"
+"Configure log level to DEBUG for a user"
+```
+
+### REST API Calls
+```
+"Check our org's API usage limits"
+"Run the weekly sales report"
+"Get all available REST API resources"
+"Call our custom Apex REST endpoint at /services/apexrest/AccountSync"
+"Use the Composite API to create an Account and Contact in one call"
+```
+
+## Security
+
+This server includes multiple layers of input sanitization and security controls:
+
+- **SOQL/SOSL injection prevention** — All user-supplied values are escaped before interpolation into queries. Object and field names are validated against Salesforce identifier patterns.
+- **Credential protection** — Access tokens are never logged. CLI output is redacted before logging.
+- **Audit logging** — Anonymous Apex execution is audit-logged with code length and preview.
+- **Shell injection prevention** — CLI invocation uses `execFile` (no shell) instead of `exec`.
+
+For full details, see [SECURITY.md](SECURITY.md).
+
+> **Note:** The `salesforce_execute_anonymous` and `salesforce_rest_api` tools are intentionally powerful — they provide full access to Salesforce capabilities within the connected user's permissions. Use Salesforce profiles and permission sets to restrict what the connected user can do.
+
+## Development
+
+### Building from source
+```bash
+# Clone the repository
+git clone https://github.com/tsmztech/mcp-server-salesforce.git
+
+# Navigate to directory
+cd mcp-server-salesforce
+
+# Install dependencies
+npm install
+
+# Build the project
+npm run build
+```
+
+## Contributing
+Contributions are welcome! Feel free to submit a Pull Request.
+
+## License
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## Issues and Support
+If you encounter any issues or need support, please file an issue on the [GitHub repository](https://github.com/tsmztech/mcp-server-salesforce/issues).

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};