@f5xc-salesdemos/xcsh 18.38.2 → 18.40.0

package/CHANGELOG.md

@@ -2,6 +2,34 @@
 
 ## [Unreleased]
 
+## [18.40.0] - 2026-05-05
+
+### Added
+
+- `use_tooling_api` parameter for `sf_query` tool to query Tooling API metadata objects (ApexTrigger, ApexClass, CustomField)
+- `all_rows` parameter for `sf_query` tool to include deleted/archived records in query results
+- Incomplete results warning when SOQL query returns `done: false`, recommending `sf data export bulk`
+- `#testApi` injection seam on `SfSetupTool`, `SfQueryTool`, `SfOrgDisplayTool` for mock-based unit testing
+- `collectAllOrgs()` shared helper that normalizes and deduplicates orgs from `sf org list --json` result arrays
+- Salesforce unit test suite expanded from 58 to 91 tests covering tool execute() paths, error handling, security whitelisting, schema params, and formatter edge cases
+
+### Fixed
+
+- Fixed duplicate orgs in `sf_setup status` and `sf_setup list_orgs` output caused by `sf org list --json` returning the same org in both `other` and `nonScratchOrgs` arrays
+- Fixed relationship column pollution in `flattenRecord` where null relationships (e.g., `Account: null`) created a bare `Account` column alongside `Account.Name` from non-null records
+- Fixed aggregate SOQL columns rendering as `expr0`/`expr1` by adding aliases (`TotalDeals`, `TotalAmount`) to template queries in sf-query prompt
+- Fixed duplicate org entries in welcome-screen Salesforce status check (`welcome-checks.ts`)
+- Fixed pre-existing biome lint warning in `glab/formatters.ts` (string concatenation -> template literal)
+- Fixed pre-existing test timeouts in `model-registry-runtime-provider.test.ts` and `interactive-mode-lsp-startup.test.ts` by increasing timeout for integration-level tests that shell out to CLIs
+- Fixed profile caching test contaminating real `~/.sf/config.json` with mock data by adding HOME isolation
+
+### Changed
+
+- Moved Salesforce user profile cache from `~/.sf/config.json` (xcsh.user.* keys squatting in sf CLI namespace) to `~/.xcsh/sf-profile.json` (standalone xcsh-owned file). Removes namespace collision risk and sf CLI sync leakage to `.sfdx/`.
+- Eliminated 3x copy-pasted org-list normalization blocks in `sf.ts` by extracting `collectAllOrgs()` helper
+- Updated `sf-query.md` template queries with SOQL aliases, `LIMIT 50` clauses, and `Owner.Name` instead of raw `OwnerId`
+- Updated `sf-setup.md` to clarify `set_default` action requires `org` parameter with a valid alias pattern
+
 ## [18.30.4] - 2026-05-01
 
 ### Added

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@f5xc-salesdemos/xcsh",
-	"version": "18.38.2",
+	"version": "18.40.0",
 	"description": "Coding agent CLI with read, bash, edit, write tools and session management",
 	"homepage": "https://github.com/f5xc-salesdemos/xcsh",
 	"author": "Can Boluk",
@@ -48,12 +48,12 @@
 	"dependencies": {
 		"@agentclientprotocol/sdk": "0.16.1",
 		"@mozilla/readability": "^0.6",
-		"@f5xc-salesdemos/xcsh-stats": "18.38.2",
-		"@f5xc-salesdemos/pi-agent-core": "18.38.2",
-		"@f5xc-salesdemos/pi-ai": "18.38.2",
-		"@f5xc-salesdemos/pi-natives": "18.38.2",
-		"@f5xc-salesdemos/pi-tui": "18.38.2",
-		"@f5xc-salesdemos/pi-utils": "18.38.2",
+		"@f5xc-salesdemos/xcsh-stats": "18.40.0",
+		"@f5xc-salesdemos/pi-agent-core": "18.40.0",
+		"@f5xc-salesdemos/pi-ai": "18.40.0",
+		"@f5xc-salesdemos/pi-natives": "18.40.0",
+		"@f5xc-salesdemos/pi-tui": "18.40.0",
+		"@f5xc-salesdemos/pi-utils": "18.40.0",
 		"@sinclair/typebox": "^0.34",
 		"@xterm/headless": "^6.0",
 		"ajv": "^8.18",

package/src/config/settings-schema.ts

@@ -1339,6 +1339,17 @@ export const SETTINGS_SCHEMA = {
 		},
 	},
 
+	"salesforce.enabled": {
+		type: "boolean",
+		default: true,
+		ui: {
+			tab: "tools",
+			label: "Salesforce CLI",
+			description:
+				"Enable sf_* tools for Salesforce org management, SOQL queries, and pipeline reporting via sf CLI",
+		},
+	},
+
 	"web_search.enabled": {
 		type: "boolean",
 		default: true,

package/src/internal-urls/build-info.generated.ts

@@ -17,17 +17,17 @@ export interface BuildInfo {
 }
 
 export const BUILD_INFO: BuildInfo = {
-	"version": "18.38.2",
-	"commit": "00adc74a7c09a600140ce7b87be1ba50aaa93a56",
-	"shortCommit": "00adc74",
+	"version": "18.40.0",
+	"commit": "888fc5b0eb94508573e6749ccde9407eb82c348b",
+	"shortCommit": "888fc5b",
 	"branch": "main",
-	"tag": "v18.38.2",
-	"commitDate": "2026-05-04T20:26:29Z",
-	"buildDate": "2026-05-04T20:50:41.251Z",
+	"tag": "v18.40.0",
+	"commitDate": "2026-05-05T03:53:27Z",
+	"buildDate": "2026-05-05T04:35:21.252Z",
 	"dirty": false,
 	"prNumber": "",
 	"repoUrl": "https://github.com/f5xc-salesdemos/xcsh",
 	"repoSlug": "f5xc-salesdemos/xcsh",
-	"commitUrl": "https://github.com/f5xc-salesdemos/xcsh/commit/00adc74a7c09a600140ce7b87be1ba50aaa93a56",
-	"releaseUrl": "https://github.com/f5xc-salesdemos/xcsh/releases/tag/v18.38.2"
+	"commitUrl": "https://github.com/f5xc-salesdemos/xcsh/commit/888fc5b0eb94508573e6749ccde9407eb82c348b",
+	"releaseUrl": "https://github.com/f5xc-salesdemos/xcsh/releases/tag/v18.40.0"
 };

package/src/modes/components/welcome-checks.ts

@@ -232,3 +232,101 @@ export async function checkGitLabStatus(cwd: string): Promise<WelcomeGitLabStatu
 		return { state: "not_configured" };
 	}
 }
+
+export type SalesforceCheckState = "connected" | "auth_error" | "session_expired" | "not_configured";
+
+export interface WelcomeSalesforceStatus {
+	state: SalesforceCheckState;
+	username?: string;
+	orgAlias?: string;
+	instanceUrl?: string;
+}
+
+/** Idempotent startup check: sf installed -> org list -> default org -> display status. */
+export async function checkSalesforceStatus(_cwd: string): Promise<WelcomeSalesforceStatus | undefined> {
+	try {
+		if (!$which("sf")) return undefined;
+
+		// Suppress telemetry consent nag (idempotent)
+		await $`sf config set disable-telemetry true --global`.quiet().nothrow();
+
+		// Step 1: Get org list
+		const listResult = await $`sf org list --json`.quiet().nothrow();
+		if (listResult.exitCode !== 0) return { state: "auth_error" };
+
+		let listData: {
+			result?: {
+				nonScratchOrgs?: unknown[];
+				sandboxes?: unknown[];
+				scratchOrgs?: unknown[];
+				devHubs?: unknown[];
+				other?: unknown[];
+			};
+		};
+		try {
+			listData = JSON.parse(listResult.text());
+		} catch {
+			return { state: "auth_error" };
+		}
+
+		const r = listData.result ?? {};
+		const seen = new Set<string>();
+		const allRawOrgs = (
+			[
+				...(r.nonScratchOrgs ?? []),
+				...(r.sandboxes ?? []),
+				...(r.scratchOrgs ?? []),
+				...(r.devHubs ?? []),
+				...(r.other ?? []),
+			] as Record<string, unknown>[]
+		).filter(org => {
+			const id = String(org.orgId ?? org.orgid ?? "");
+			if (!id || seen.has(id)) return false;
+			seen.add(id);
+			return true;
+		});
+
+		if (allRawOrgs.length === 0) return { state: "auth_error" };
+
+		// Step 2: Find default org (normalize raw CLI fields)
+		const defaultRaw = allRawOrgs.find(
+			org =>
+				(typeof org.defaultMarker === "string" && org.defaultMarker.includes("(U)")) ||
+				org.isDefaultUsername === true,
+		);
+
+		if (!defaultRaw) {
+			return { state: "not_configured", username: allRawOrgs[0]?.username as string | undefined };
+		}
+
+		const alias = (defaultRaw.alias ?? defaultRaw.username) as string;
+
+		// Step 3: Display org details
+		const displayResult = await $`sf org display --target-org ${alias} --json`.quiet().nothrow();
+		if (displayResult.exitCode !== 0) {
+			return { state: "session_expired", username: defaultRaw.username as string | undefined, orgAlias: alias };
+		}
+
+		let displayData: { result?: Record<string, unknown> };
+		try {
+			displayData = JSON.parse(displayResult.text());
+		} catch {
+			return { state: "session_expired", username: defaultRaw.username as string | undefined, orgAlias: alias };
+		}
+
+		const result = displayData.result;
+		if (!result || result.connectedStatus !== "Connected") {
+			return { state: "session_expired", username: defaultRaw.username as string | undefined, orgAlias: alias };
+		}
+
+		return {
+			state: "connected",
+			username: result.username as string | undefined,
+			orgAlias: alias,
+			instanceUrl: result.instanceUrl as string | undefined,
+		};
+	} catch (err) {
+		logger.warn("Salesforce startup check failed", { error: String(err) });
+		return { state: "auth_error" };
+	}
+}

package/src/modes/components/welcome.ts

@@ -2,7 +2,7 @@ import { type Component, padding, truncateToWidth, visibleWidth } from "@f5xc-sa
 import { APP_NAME } from "@f5xc-salesdemos/pi-utils";
 import { theme } from "../../modes/theme/theme";
 import { formatStatusIcon } from "../../services/f5xc-context-indicators";
-import type { ModelStatus, WelcomeContextStatus, WelcomeGitLabStatus } from "./welcome-checks";
+import type { ModelStatus, WelcomeContextStatus, WelcomeGitLabStatus, WelcomeSalesforceStatus } from "./welcome-checks";
 
 export interface UpdateStatus {
 	available: boolean;
@@ -22,6 +22,7 @@ export class WelcomeComponent implements Component {
 		private updateStatus?: UpdateStatus,
 		private changelogStatus?: ChangelogStatus,
 		private gitlabStatus?: WelcomeGitLabStatus,
+		private salesforceStatus?: WelcomeSalesforceStatus,
 	) {}
 	invalidate(): void {}
 	setModelStatus(status: ModelStatus): void {
@@ -39,6 +40,9 @@ export class WelcomeComponent implements Component {
 	setGitLabStatus(status: WelcomeGitLabStatus | undefined): void {
 		this.gitlabStatus = status;
 	}
+	setSalesforceStatus(status: WelcomeSalesforceStatus | undefined): void {
+		this.salesforceStatus = status;
+	}
 
 	render(termWidth: number): string[] {
 		const minLeftCol = 48;
@@ -137,6 +141,9 @@ export class WelcomeComponent implements Component {
 		if (this.gitlabStatus) {
 			lines.push(" GitLab", ...this.#renderGitLabStatus());
 		}
+		if (this.salesforceStatus) {
+			lines.push(" Salesforce", ...this.#renderSalesforceStatus());
+		}
 		if (this.#showUpdateSection()) {
 			lines.push(" Update Available", ...this.#renderUpdateStatus());
 		}
@@ -168,6 +175,13 @@ export class WelcomeComponent implements Component {
 			lines.push(...this.#renderGitLabStatus());
 			lines.push("");
 		}
+		if (this.salesforceStatus) {
+			lines.push(separator);
+			lines.push("");
+			lines.push(` ${theme.bold(theme.fg("contentAccent", "Salesforce"))}`);
+			lines.push(...this.#renderSalesforceStatus());
+			lines.push("");
+		}
 		if (this.#showUpdateSection()) {
 			lines.push(separator);
 			lines.push("");
@@ -215,7 +229,7 @@ export class WelcomeComponent implements Component {
 		const p = provider ?? "unknown";
 		switch (state) {
 			case "connected":
-				return [` ${formatStatusIcon("connected")} ${theme.fg("muted", p)} ${theme.fg("dim", "\u2014 connected")}`];
+				return [` ${formatStatusIcon("connected")} ${theme.fg("muted", p)}`];
 			case "auth_error":
 				return [
 					` ${formatStatusIcon("error")} ${theme.fg("muted", p)} ${theme.fg("error", "\u2014 connection failed")}`,
@@ -235,7 +249,7 @@ export class WelcomeComponent implements Component {
 		const n = name ?? "(unknown)";
 		switch (state) {
 			case "connected":
-				return [` ${formatStatusIcon("connected")} ${theme.fg("muted", n)} ${theme.fg("dim", "\u2014 connected")}`];
+				return [` ${formatStatusIcon("connected")} ${theme.fg("muted", n)}`];
 			case "auth_error":
 				return [
 					` ${formatStatusIcon("error")} ${theme.fg("muted", n)} ${theme.fg("error", "\u2014 token invalid")}`,
@@ -265,9 +279,7 @@ export class WelcomeComponent implements Component {
 		const { state, project } = this.gitlabStatus;
 		switch (state) {
 			case "connected":
-				return [
-					` ${formatStatusIcon("connected")} ${theme.fg("muted", project ?? "configured")} ${theme.fg("dim", "\u2014 connected")}`,
-				];
+				return [` ${formatStatusIcon("connected")} ${theme.fg("muted", project ?? "configured")}`];
 			case "auth_error":
 				return [
 					` ${formatStatusIcon("error")} ${theme.fg("error", "Not authenticated")}`,
@@ -288,6 +300,32 @@ export class WelcomeComponent implements Component {
 		}
 	}
 
+	#renderSalesforceStatus(): string[] {
+		if (!this.salesforceStatus) return [];
+		const { state, username, orgAlias } = this.salesforceStatus;
+		switch (state) {
+			case "connected":
+				return [
+					` ${formatStatusIcon("connected")} ${theme.fg("muted", orgAlias ?? "org")}${username ? ` ${theme.fg("dim", `(${username})`)}` : ""}`,
+				];
+			case "not_configured":
+				return [
+					` ${formatStatusIcon("warning")} ${theme.fg("warning", "Authenticated (no default org)")}`,
+					`   ${theme.fg("dim", "Run")} ${theme.fg("contentAccent", "sf_setup")} ${theme.fg("dim", "with action set_default")}`,
+				];
+			case "auth_error":
+				return [
+					` ${formatStatusIcon("error")} ${theme.fg("error", "Not authenticated")}`,
+					`   ${theme.fg("dim", "Run")} ${theme.fg("contentAccent", "sf org login web --set-default --alias SFDC")}`,
+				];
+			case "session_expired":
+				return [
+					` ${formatStatusIcon("warning")} ${theme.fg("muted", orgAlias ?? "org")} ${theme.fg("warning", "— session expired")}`,
+					`   ${theme.fg("dim", "Re-authenticate with")} ${theme.fg("contentAccent", "sf org login web --set-default")}`,
+				];
+		}
+	}
+
 	#f5ColorLine(line: string): string {
 		const red = "\x1b[38;5;160m";
 		const white = "\x1b[1;37m";

package/src/modes/interactive-mode.ts

@@ -50,7 +50,7 @@ import type { PythonExecutionComponent } from "./components/python-execution";
 import { StatusLineComponent } from "./components/status-line";
 import type { ToolExecutionHandle } from "./components/tool-execution";
 import { type ChangelogStatus, type UpdateStatus, WelcomeComponent } from "./components/welcome";
-import { checkGitLabStatus, runWelcomeChecks } from "./components/welcome-checks";
+import { checkGitLabStatus, checkSalesforceStatus, runWelcomeChecks } from "./components/welcome-checks";
 import { BtwController } from "./controllers/btw-controller";
 import { CommandController } from "./controllers/command-controller";
 import { EventController } from "./controllers/event-controller";
@@ -310,12 +310,13 @@ export class InteractiveMode implements InteractiveModeContext {
 			getProjectDir(),
 		);
 
-		// Run blocking welcome screen status checks (model + context + gitlab) in parallel
-		const [welcomeResult, gitlabStatus] = await Promise.all([
+		// Run blocking welcome screen status checks (model + context + gitlab + salesforce) in parallel
+		const [welcomeResult, gitlabStatus, salesforceStatus] = await Promise.all([
 			logger.time("InteractiveMode.init:welcomeChecks", () =>
 				runWelcomeChecks(this.session.model, this.session.modelRegistry.authStorage),
 			),
 			checkGitLabStatus(getProjectDir()).catch(() => undefined),
+			checkSalesforceStatus(getProjectDir()).catch(() => undefined),
 		]);
 
 		const startupQuiet = settings.get("startup.quiet");
@@ -336,6 +337,7 @@ export class InteractiveMode implements InteractiveModeContext {
 				this.#initialUpdateStatus,
 				this.#changelogStatus,
 				gitlabStatus,
+				salesforceStatus,
 			);
 
 			// Setup UI layout

package/src/prompts/tools/sf-org-display.md

@@ -0,0 +1,7 @@
+Display safe metadata about a Salesforce org via sf CLI.
+
+<instruction>
+Returns only safe fields: username, orgId, instanceUrl, connectedStatus, alias.
+NEVER return access tokens, client IDs, refresh tokens, or the raw sf org display JSON.
+Use to verify org connectivity before running queries.
+</instruction>

package/src/prompts/tools/sf-query.md

@@ -0,0 +1,24 @@
+Execute SOQL queries against Salesforce via sf CLI. Returns structured results as markdown tables.
+
+<instruction>
+Use for pipeline reporting, case management, account intelligence, and ad-hoc data queries.
+
+Common query templates (substitute {userId} from cached xcsh.user.id in ~/.sf/config.json):
+
+Pipeline summary:
+  SELECT StageName, COUNT(Id) TotalDeals, SUM(Amount) TotalAmount FROM Opportunity WHERE IsClosed = false GROUP BY StageName ORDER BY SUM(Amount) DESC LIMIT 50
+
+My open deals:
+  SELECT Name, StageName, Amount, CloseDate, Account.Name FROM Opportunity WHERE OwnerId = '{userId}' AND IsClosed = false ORDER BY CloseDate LIMIT 50
+
+Open cases:
+  SELECT CaseNumber, Subject, Status, Priority, Account.Name, CreatedDate FROM Case WHERE IsClosed = false ORDER BY Priority, CreatedDate DESC LIMIT 50
+
+Account overview:
+  SELECT Name, Industry, AnnualRevenue, Type, Owner.Name FROM Account WHERE Type = 'Customer' ORDER BY AnnualRevenue DESC LIMIT 50
+
+Results with relationship fields (e.g., Account.Name) are automatically flattened into dot-notation columns.
+If the query returns more than 10,000 records, suggest using sf data export bulk instead.
+Set use_tooling_api to true when querying metadata objects (ApexTrigger, ApexClass, CustomField).
+Set all_rows to true to include deleted or archived records in results.
+</instruction>

package/src/prompts/tools/sf-setup.md

@@ -0,0 +1,10 @@
+Salesforce onboarding wizard via sf CLI. Check installation, detect authentication, guide login, extract user profile.
+
+<instruction>
+Actions: "check" (verify sf installed), "status" (auth + default org + profile), "login" (detect auth and prompt user with login command), "list_orgs" (show all orgs), "set_default" (switch default org — requires org parameter with a valid alias), "profile" (extract and cache user profile via SOQL).
+
+When the user first asks about Salesforce, pipeline, cases, or accounts and no org is authenticated, run check, then status, then login if needed, then profile after auth is confirmed. The login action shows the user the exact command to run (sf org login web --set-default --alias SFDC for workstations, or echo "$SFDX_AUTH_URL" | sf org login sfdx-url --sfdx-url-stdin=- --set-default --alias f5 for containers).
+
+The login action does NOT execute authentication. It detects state and tells the user what command to run.
+The profile action runs a SOQL query against the User object and caches results as xcsh.user.* keys in ~/.sf/config.json.
+</instruction>

package/src/tools/glab/formatters.ts

@@ -65,7 +65,7 @@ export function formatIssueDetail(issue: GlabIssue): string {
 		for (const note of humanNotes) {
 			lines.push("");
 			lines.push(`**@${note.author.username}** (${formatDate(note.created_at)}):`);
-			lines.push("> " + note.body.split("\n").join("\n> "));
+			lines.push(`> ${note.body.split("\n").join("\n> ")}`);
 		}
 	}
 

package/src/tools/index.ts

@@ -53,6 +53,7 @@ import { createReportToolIssueTool, isAutoQaEnabled } from "./report-tool-issue"
 import { ResolveTool } from "./resolve";
 import { reportFindingTool } from "./review";
 import { SearchToolBm25Tool } from "./search-tool-bm25";
+import { SfOrgDisplayTool, SfQueryTool, SfSetupTool } from "./sf";
 import { loadSshTool } from "./ssh";
 import { SubmitResultTool } from "./submit-result";
 import { type TodoPhase, TodoWriteTool } from "./todo-write";
@@ -235,6 +236,9 @@ export const BUILTIN_TOOLS: Record<string, ToolFactory> = {
 	glab_issue_list: GlabIssueListTool.createIf,
 	glab_issue_view: GlabIssueViewTool.createIf,
 	glab_search: GlabSearchTool.createIf,
+	sf_setup: SfSetupTool.createIf,
+	sf_query: SfQueryTool.createIf,
+	sf_org_display: SfOrgDisplayTool.createIf,
 	find: s => new FindTool(s),
 	grep: s => new GrepTool(s),
 	lsp: LspTool.createIf,
@@ -405,6 +409,7 @@ export async function createTools(session: ToolSession, toolNames?: string[]): P
 		if (name === "grep") return session.settings.get("grep.enabled");
 		if (name.startsWith("gh_")) return session.settings.get("github.enabled");
 		if (name.startsWith("glab_")) return session.settings.get("gitlab.enabled");
+		if (name.startsWith("sf_")) return session.settings.get("salesforce.enabled");
 		if (name === "ast_grep") return session.settings.get("astGrep.enabled");
 		if (name === "ast_edit") return session.settings.get("astEdit.enabled");
 		if (name === "render_mermaid") return session.settings.get("renderMermaid.enabled");

package/src/tools/sf/config.ts

@@ -0,0 +1,44 @@
+import * as fs from "node:fs/promises";
+import * as path from "node:path";
+import { isEnoent } from "@f5xc-salesdemos/pi-utils";
+import type { SfUserProfile } from "./types";
+
+export function getProfilePath(): string {
+	const home = process.env.HOME || process.env.USERPROFILE || "";
+	return path.join(home, ".xcsh", "sf-profile.json");
+}
+
+export async function loadUserProfile(): Promise<SfUserProfile | null> {
+	try {
+		const raw = await fs.readFile(getProfilePath(), "utf8");
+		const profile = JSON.parse(raw) as SfUserProfile;
+		if (
+			!profile.userId ||
+			!profile.username ||
+			!profile.firstName ||
+			!profile.lastName ||
+			!profile.email ||
+			!profile.fetchedAt
+		) {
+			return null;
+		}
+		return profile;
+	} catch (err) {
+		if (isEnoent(err)) return null;
+		return null;
+	}
+}
+
+export async function saveUserProfile(profile: SfUserProfile): Promise<void> {
+	const profilePath = getProfilePath();
+	await fs.mkdir(path.dirname(profilePath), { recursive: true });
+	await fs.writeFile(profilePath, JSON.stringify(profile, null, 2), "utf8");
+}
+
+export async function clearUserProfile(): Promise<void> {
+	try {
+		await fs.unlink(getProfilePath());
+	} catch (err) {
+		if (!isEnoent(err)) throw err;
+	}
+}

package/src/tools/sf/exec.ts

@@ -0,0 +1,104 @@
+import type { SfJsonResult, SfRawResult } from "./types";
+
+export type { SfRawResult } from "./types";
+
+export class SfNotFoundError extends Error {
+	constructor() {
+		super("Salesforce CLI (sf) is not installed. Install with: brew install sf");
+		this.name = "SfNotFoundError";
+	}
+}
+
+export class SfAuthError extends Error {
+	constructor() {
+		super("No authenticated Salesforce orgs found. Run: sf org login web --set-default --alias SFDC");
+		this.name = "SfAuthError";
+	}
+}
+
+export class SfSessionExpiredError extends Error {
+	constructor() {
+		super("Salesforce session expired. Re-authenticate with: sf org login web --set-default --alias SFDC");
+		this.name = "SfSessionExpiredError";
+	}
+}
+
+export class SfNoDefaultOrgError extends Error {
+	constructor() {
+		super(
+			"Authenticated orgs exist but no default is set. Run sf_setup with action 'set_default' to choose a default org.",
+		);
+		this.name = "SfNoDefaultOrgError";
+	}
+}
+
+export class SfExecError extends Error {
+	constructor(
+		message: string,
+		readonly exitCode: number,
+	) {
+		super(`sf CLI error (exit ${exitCode}): ${message}`);
+		this.name = "SfExecError";
+	}
+}
+
+export class SfQueryError extends SfExecError {
+	constructor(
+		message: string,
+		readonly query: string,
+	) {
+		super(message, 1);
+		this.name = "SfQueryError";
+	}
+}
+
+export function detectSfError(message: string, exitCode: number, query?: string): Error {
+	const lower = message.toLowerCase();
+	if (lower.includes("invalid_session_id")) {
+		return new SfSessionExpiredError();
+	}
+	if (lower.includes("no default org")) {
+		return new SfNoDefaultOrgError();
+	}
+	if (lower.includes("no orgs found")) {
+		return new SfAuthError();
+	}
+	if ((lower.includes("malformed_query") || lower.includes("invalid_field")) && query !== undefined) {
+		return new SfQueryError(message, query);
+	}
+	return new SfExecError(message, exitCode);
+}
+
+export function parseSfJsonOutput(raw: string): SfJsonResult {
+	try {
+		return JSON.parse(raw) as SfJsonResult;
+	} catch {
+		throw new SfExecError("Failed to parse sf CLI JSON output", 1);
+	}
+}
+
+export interface SfExecApi {
+	exec(command: string, args: string[], options?: { signal?: AbortSignal }): Promise<SfRawResult>;
+}
+
+export async function execSfJson(
+	api: SfExecApi,
+	args: string[],
+	signal?: AbortSignal,
+	query?: string,
+): Promise<SfJsonResult> {
+	const result = await api.exec("sf", [...args, "--json"], { signal });
+	const parsed = parseSfJsonOutput(result.stdout);
+	if (parsed.status !== 0 && parsed.message !== undefined) {
+		throw detectSfError(parsed.message, parsed.status, query);
+	}
+	return parsed;
+}
+
+export async function execSfRaw(api: SfExecApi, args: string[], signal?: AbortSignal): Promise<SfRawResult> {
+	const result = await api.exec("sf", args, { signal });
+	if (result.exitCode !== 0) {
+		throw detectSfError(result.stderr || result.stdout, result.exitCode);
+	}
+	return result;
+}

package/src/tools/sf/formatters.ts

@@ -0,0 +1,150 @@
+import type { SfOrg, SfQueryResult, SfUserProfile } from "./types";
+
+export function formatOrgTable(orgs: SfOrg[]): string {
+	if (orgs.length === 0) {
+		return "No authenticated orgs found.";
+	}
+
+	const header = "| Alias | Username | Org ID | Instance | Status |";
+	const divider = "|-------|----------|--------|----------|--------|";
+
+	const rows = orgs.map(org => {
+		const alias = org.alias
+			? org.isDefault
+				? `${org.alias} (default)`
+				: org.alias
+			: org.isDefault
+				? "(none) (default)"
+				: "(none)";
+		return `| ${alias} | ${org.username} | ${org.orgId} | ${org.instanceUrl} | ${org.connectedStatus} |`;
+	});
+
+	return [header, divider, ...rows].join("\n");
+}
+
+export function formatOrgDetail(org: SfOrg): string {
+	const lines: string[] = [];
+
+	lines.push(`**${org.alias || org.username}**`);
+	lines.push(`Username: ${org.username}`);
+	lines.push(`Org ID: ${org.orgId}`);
+	lines.push(`Instance: ${org.instanceUrl}`);
+	lines.push(`Status: ${org.connectedStatus}`);
+
+	if (org.isDefault) {
+		lines.push("Default: yes");
+	}
+
+	if (org.isSandbox) {
+		lines.push("Type: Sandbox");
+	}
+
+	return lines.join("\n");
+}
+
+export function flattenRecord(record: Record<string, unknown>): Record<string, unknown> {
+	const result: Record<string, unknown> = {};
+
+	for (const [key, value] of Object.entries(record)) {
+		if (key === "attributes") {
+			continue;
+		}
+
+		if (value === null) {
+			continue;
+		}
+
+		if (typeof value === "object" && !Array.isArray(value)) {
+			const nested = value as Record<string, unknown>;
+			for (const [nestedKey, nestedValue] of Object.entries(nested)) {
+				if (nestedKey === "attributes") {
+					continue;
+				}
+				result[`${key}.${nestedKey}`] = nestedValue;
+			}
+			continue;
+		}
+
+		result[key] = value;
+	}
+
+	return result;
+}
+
+export function formatQueryResults(result: SfQueryResult): string {
+	if (result.records.length === 0) {
+		return "No records found.";
+	}
+
+	const flatRecords = result.records.map(r => flattenRecord(r as Record<string, unknown>));
+
+	const allColumns = Array.from(
+		flatRecords.reduce((cols, record) => {
+			for (const key of Object.keys(record)) {
+				cols.add(key);
+			}
+			return cols;
+		}, new Set<string>()),
+	);
+
+	const header = `| ${allColumns.join(" | ")} |`;
+	const divider = `| ${allColumns.map(() => "---").join(" | ")} |`;
+
+	const rows = flatRecords.map(record => {
+		const cells = allColumns.map(col => {
+			const val = record[col];
+			return val === null || val === undefined ? "" : String(val);
+		});
+		return `| ${cells.join(" | ")} |`;
+	});
+
+	return `${result.totalSize} records returned.\n\n${[header, divider, ...rows].join("\n")}`;
+}
+
+export function formatUserProfile(profile: SfUserProfile): string {
+	const lines: string[] = [];
+
+	lines.push(`**${profile.firstName} ${profile.lastName}** (${profile.username})`);
+
+	if (profile.title) {
+		lines.push(`Title: ${profile.title}`);
+	}
+
+	if (profile.department) {
+		lines.push(`Department: ${profile.department}`);
+	}
+
+	if (profile.division) {
+		lines.push(`Division: ${profile.division}`);
+	}
+
+	if (profile.role) {
+		lines.push(`Role: ${profile.role}`);
+	}
+
+	if (profile.profile) {
+		lines.push(`Profile: ${profile.profile}`);
+	}
+
+	if (profile.aboutMe) {
+		lines.push(`About: ${profile.aboutMe}`);
+	}
+
+	if (profile.managerName) {
+		const managerLine = profile.managerEmail
+			? `Manager: ${profile.managerName} (${profile.managerEmail})`
+			: `Manager: ${profile.managerName}`;
+		lines.push(managerLine);
+	}
+
+	if (profile.phone) {
+		lines.push(`Phone: ${profile.phone}`);
+	}
+
+	const locationParts = [profile.city, profile.state, profile.country].filter(Boolean);
+	if (locationParts.length > 0) {
+		lines.push(`Location: ${locationParts.join(", ")}`);
+	}
+
+	return lines.join("\n");
+}

package/src/tools/sf/types.ts

@@ -0,0 +1,67 @@
+export interface SfUserProfile {
+	userId: string;
+	username: string;
+	firstName: string;
+	lastName: string;
+	email: string;
+	title?: string;
+	department?: string;
+	division?: string;
+	role?: string;
+	profile?: string;
+	aboutMe?: string;
+	companyName?: string;
+	managerId?: string;
+	managerName?: string;
+	managerEmail?: string;
+	phone?: string;
+	street?: string;
+	city?: string;
+	state?: string;
+	postalCode?: string;
+	country?: string;
+	fetchedAt: string;
+}
+
+export interface SfOrg {
+	alias?: string;
+	username: string;
+	orgId: string;
+	instanceUrl: string;
+	connectedStatus: string;
+	isDefault: boolean;
+	isSandbox: boolean;
+}
+
+export interface SfQueryResult<T = Record<string, unknown>> {
+	totalSize: number;
+	done: boolean;
+	records: T[];
+}
+
+export interface SfOrgListResult {
+	nonScratchOrgs: SfOrg[];
+	sandboxes: SfOrg[];
+	scratchOrgs: SfOrg[];
+	devHubs: SfOrg[];
+	other: SfOrg[];
+}
+
+export interface SfJsonResult {
+	status: number;
+	result: unknown;
+	message?: string;
+	warnings?: string[];
+}
+
+export interface SfRawResult {
+	stdout: string;
+	stderr: string;
+	exitCode: number;
+}
+
+export const SF_ORG_SAFE_FIELDS = ["username", "orgId", "instanceUrl", "connectedStatus", "alias"] as const;
+
+export const USER_PROFILE_SOQL = `SELECT Id, Username, FirstName, LastName, Email, Title, Department, Division, CompanyName, AboutMe, ManagerId, Manager.Name, Manager.Email, UserRole.Name, Profile.Name, Street, City, State, PostalCode, Country, Phone, MobilePhone FROM User WHERE Username = '{username}'`;
+
+export const ORG_ALIAS_PATTERN = /^[a-zA-Z0-9._@-]+$/;

package/src/tools/sf.ts

@@ -0,0 +1,405 @@
+import type {
+	AgentTool,
+	AgentToolContext,
+	AgentToolResult,
+	AgentToolUpdateCallback,
+} from "@f5xc-salesdemos/pi-agent-core";
+import { $which, prompt } from "@f5xc-salesdemos/pi-utils";
+import { type Static, Type } from "@sinclair/typebox";
+import sfOrgDisplayDescription from "../prompts/tools/sf-org-display.md" with { type: "text" };
+import sfQueryDescription from "../prompts/tools/sf-query.md" with { type: "text" };
+import sfSetupDescription from "../prompts/tools/sf-setup.md" with { type: "text" };
+import type { ToolSession } from ".";
+import { loadUserProfile, saveUserProfile } from "./sf/config";
+import type { SfExecApi } from "./sf/exec";
+import { execSfJson, execSfRaw } from "./sf/exec";
+import { formatOrgDetail, formatOrgTable, formatQueryResults, formatUserProfile } from "./sf/formatters";
+import type { SfOrg, SfQueryResult, SfRawResult, SfUserProfile } from "./sf/types";
+import { ORG_ALIAS_PATTERN, USER_PROFILE_SOQL } from "./sf/types";
+
+function makeExecApi(cwd: string): SfExecApi {
+	return {
+		async exec(command: string, args: string[], _options?: { signal?: AbortSignal }): Promise<SfRawResult> {
+			// Never pass signal to Bun.spawn and never pre-check signal.aborted.
+			// sf commands finish in 1-5s. Passing the signal or pre-checking causes
+			// false cancellations when xcsh's AbortSignal fires between multi-turn
+			// tool calls (the signal is stale from a prior turn).
+			const child = Bun.spawn([command, ...args], {
+				cwd,
+				stdin: "ignore",
+				stdout: "pipe",
+				stderr: "pipe",
+			});
+			if (!child.stdout || !child.stderr) {
+				return { stdout: "", stderr: "Failed to capture output", exitCode: 1 };
+			}
+			const [stdout, stderr, exitCode] = await Promise.all([
+				new Response(child.stdout).text(),
+				new Response(child.stderr).text(),
+				child.exited,
+			]);
+			return {
+				stdout: stdout.trim(),
+				stderr: stderr.trim(),
+				exitCode: exitCode ?? 0,
+			};
+		},
+	};
+}
+
+// ─── Schemas ─────────────────────────────────────────────────────────────
+
+const sfSetupSchema = Type.Object({
+	action: Type.Union(
+		[
+			Type.Literal("check"),
+			Type.Literal("status"),
+			Type.Literal("login"),
+			Type.Literal("list_orgs"),
+			Type.Literal("set_default"),
+			Type.Literal("profile"),
+		],
+		{ description: "Onboarding action to perform" },
+	),
+	org: Type.Optional(Type.String({ description: "Org alias (used with set_default)" })),
+});
+
+const sfQuerySchema = Type.Object({
+	query: Type.String({ description: "SOQL query to execute" }),
+	target_org: Type.Optional(Type.String({ description: "Org alias or username to query against" })),
+	use_tooling_api: Type.Optional(
+		Type.Boolean({ description: "Use Tooling API to query metadata objects like ApexTrigger" }),
+	),
+	all_rows: Type.Optional(Type.Boolean({ description: "Include deleted records in results" })),
+});
+
+const sfOrgDisplaySchema = Type.Object({
+	target_org: Type.Optional(Type.String({ description: "Org alias or username to display" })),
+});
+
+type SfSetupInput = Static<typeof sfSetupSchema>;
+type SfQueryInput = Static<typeof sfQuerySchema>;
+type SfOrgDisplayInput = Static<typeof sfOrgDisplaySchema>;
+
+interface SfToolDetails {
+	orgs?: SfOrg[];
+	queryResult?: SfQueryResult;
+	profile?: SfUserProfile;
+}
+
+function textResult(text: string, details?: SfToolDetails): AgentToolResult<SfToolDetails> {
+	return { content: [{ type: "text", text }], details };
+}
+
+// ─── Helpers ─────────────────────────────────────────────────────────────
+
+export function normalizeOrg(raw: Record<string, unknown>): SfOrg {
+	return {
+		alias: raw.alias as string | undefined,
+		username: raw.username as string,
+		orgId: (raw.orgId ?? raw.orgid) as string,
+		instanceUrl: raw.instanceUrl as string,
+		connectedStatus: (raw.connectedStatus ?? "Unknown") as string,
+		isDefault: Boolean(raw.isDefaultUsername) || String(raw.defaultMarker ?? "").includes("(U)"),
+		isSandbox: Boolean(raw.isSandbox),
+	};
+}
+
+function normalizeOrgList(rawOrgs: Record<string, unknown>[]): SfOrg[] {
+	return (rawOrgs ?? []).map(normalizeOrg);
+}
+
+export function collectAllOrgs(orgList: Record<string, unknown[]>): SfOrg[] {
+	const all = [
+		...normalizeOrgList((orgList.nonScratchOrgs ?? []) as Record<string, unknown>[]),
+		...normalizeOrgList((orgList.scratchOrgs ?? []) as Record<string, unknown>[]),
+		...normalizeOrgList((orgList.sandboxes ?? []) as Record<string, unknown>[]),
+		...normalizeOrgList((orgList.devHubs ?? []) as Record<string, unknown>[]),
+		...normalizeOrgList((orgList.other ?? []) as Record<string, unknown>[]),
+	];
+	const seen = new Set<string>();
+	return all.filter(org => {
+		if (seen.has(org.orgId)) return false;
+		seen.add(org.orgId);
+		return true;
+	});
+}
+
+function extractRelationshipField(
+	record: Record<string, unknown>,
+	relationship: string,
+	field: string,
+): string | undefined {
+	const related = record[relationship];
+	if (related && typeof related === "object" && !Array.isArray(related)) {
+		const value = (related as Record<string, unknown>)[field];
+		if (value) return String(value);
+	}
+	return undefined;
+}
+
+// ─── SfSetupTool ─────────────────────────────────────────────────────────
+
+export class SfSetupTool implements AgentTool<typeof sfSetupSchema, SfToolDetails> {
+	readonly name = "sf_setup";
+	readonly label = "Salesforce Setup";
+	readonly description = prompt.render(sfSetupDescription);
+	readonly parameters = sfSetupSchema;
+
+	#testApi?: SfExecApi;
+	constructor(
+		readonly session: ToolSession,
+		testApi?: SfExecApi,
+	) {
+		this.#testApi = testApi;
+	}
+
+	static createIf(session: ToolSession): SfSetupTool | null {
+		if (!$which("sf")) return null;
+		return new SfSetupTool(session);
+	}
+
+	async execute(
+		_toolCallId: string,
+		params: SfSetupInput,
+		signal?: AbortSignal,
+		_onUpdate?: AgentToolUpdateCallback<SfToolDetails>,
+		_context?: AgentToolContext,
+	): Promise<AgentToolResult<SfToolDetails>> {
+		const api = this.#testApi ?? makeExecApi(this.session.cwd);
+
+		switch (params.action) {
+			case "check": {
+				const result = await execSfRaw(api, ["--version"], signal);
+				return textResult(`sf is installed: ${result.stdout}`);
+			}
+
+			case "status": {
+				const orgResult = await execSfJson(api, ["org", "list"], signal);
+				const allOrgs = collectAllOrgs(orgResult.result as Record<string, unknown[]>);
+				let output = formatOrgTable(allOrgs);
+
+				const cached = await loadUserProfile();
+				if (cached) {
+					output += `\n\nCached user profile: **${cached.firstName} ${cached.lastName}** (${cached.username}), fetched ${cached.fetchedAt}`;
+				}
+
+				return textResult(output, { orgs: allOrgs });
+			}
+
+			case "login": {
+				const orgResult = await execSfJson(api, ["org", "list"], signal);
+				const allOrgs = collectAllOrgs(orgResult.result as Record<string, unknown[]>);
+				if (allOrgs.length > 0) {
+					return textResult("Already authenticated. Use 'profile' action to extract your user data.", {
+						orgs: allOrgs,
+					});
+				}
+				return textResult(
+					"No authenticated orgs found.\n\nRun one of these commands to authenticate:\n" +
+						"- **Workstation**: `sf org login web --set-default --alias SFDC`\n" +
+						'- **Container**: `echo "$SFDX_AUTH_URL" | sf org login sfdx-url --sfdx-url-stdin=- --set-default --alias f5`\n\n' +
+						"After authenticating, call sf_setup with action 'status' to confirm.",
+				);
+			}
+
+			case "list_orgs": {
+				const orgResult = await execSfJson(api, ["org", "list"], signal);
+				const allOrgs = collectAllOrgs(orgResult.result as Record<string, unknown[]>);
+				return textResult(formatOrgTable(allOrgs), { orgs: allOrgs });
+			}
+
+			case "set_default": {
+				if (!params.org) {
+					return textResult("Error: org parameter is required for set_default action.");
+				}
+				if (!ORG_ALIAS_PATTERN.test(params.org)) {
+					return textResult(
+						`Error: invalid org alias "${params.org}". Only alphanumeric characters, dots, underscores, hyphens, and @ are allowed.`,
+					);
+				}
+				await execSfRaw(api, ["config", "set", "target-org", params.org, "--global"], signal);
+				return textResult(`Default org set to: **${params.org}**`);
+			}
+
+			case "profile": {
+				// Step 1: Get the current user's username from org display
+				const orgInfo = await execSfJson(api, ["org", "display"], signal);
+				const orgResult = orgInfo.result as Record<string, unknown>;
+				const username = orgResult.username as string;
+				if (!username) {
+					return textResult("Could not determine username from org display. Ensure a default org is set.");
+				}
+
+				// Step 2: Build and run SOQL query for user profile
+				const soql = USER_PROFILE_SOQL.replace("{username}", username);
+				const queryResult = await execSfJson(api, ["data", "query", "--query", soql], signal, soql);
+				const queryData = queryResult.result as SfQueryResult<Record<string, unknown>>;
+
+				if (!queryData.records || queryData.records.length === 0) {
+					return textResult(`No user record found for username: ${username}`);
+				}
+
+				const record = queryData.records[0];
+
+				// Step 3: Map SOQL fields to SfUserProfile
+				const profile: SfUserProfile = {
+					userId: String(record.Id ?? ""),
+					username: String(record.Username ?? ""),
+					firstName: String(record.FirstName ?? ""),
+					lastName: String(record.LastName ?? ""),
+					email: String(record.Email ?? ""),
+					title: record.Title ? String(record.Title) : undefined,
+					department: record.Department ? String(record.Department) : undefined,
+					division: record.Division ? String(record.Division) : undefined,
+					companyName: record.CompanyName ? String(record.CompanyName) : undefined,
+					aboutMe: record.AboutMe ? String(record.AboutMe) : undefined,
+					managerId: record.ManagerId ? String(record.ManagerId) : undefined,
+					managerName: extractRelationshipField(record, "Manager", "Name"),
+					managerEmail: extractRelationshipField(record, "Manager", "Email"),
+					role: extractRelationshipField(record, "UserRole", "Name"),
+					profile: extractRelationshipField(record, "Profile", "Name"),
+					phone: record.Phone || record.MobilePhone ? String(record.Phone ?? record.MobilePhone) : undefined,
+					street: record.Street ? String(record.Street) : undefined,
+					city: record.City ? String(record.City) : undefined,
+					state: record.State ? String(record.State) : undefined,
+					postalCode: record.PostalCode ? String(record.PostalCode) : undefined,
+					country: record.Country ? String(record.Country) : undefined,
+					fetchedAt: new Date().toISOString(),
+				};
+
+				// Step 4: Cache the profile
+				await saveUserProfile(profile);
+
+				return textResult(formatUserProfile(profile), { profile });
+			}
+
+			default:
+				return textResult(`Unknown action: ${params.action}`);
+		}
+	}
+}
+
+// ─── SfQueryTool ─────────────────────────────────────────────────────────
+
+export class SfQueryTool implements AgentTool<typeof sfQuerySchema, SfToolDetails> {
+	readonly name = "sf_query";
+	readonly label = "Salesforce Query";
+	readonly description = prompt.render(sfQueryDescription);
+	readonly parameters = sfQuerySchema;
+
+	#testApi?: SfExecApi;
+	constructor(
+		readonly session: ToolSession,
+		testApi?: SfExecApi,
+	) {
+		this.#testApi = testApi;
+	}
+
+	static createIf(session: ToolSession): SfQueryTool | null {
+		if (!$which("sf")) return null;
+		return new SfQueryTool(session);
+	}
+
+	async execute(
+		_toolCallId: string,
+		params: SfQueryInput,
+		signal?: AbortSignal,
+		_onUpdate?: AgentToolUpdateCallback<SfToolDetails>,
+		_context?: AgentToolContext,
+	): Promise<AgentToolResult<SfToolDetails>> {
+		const api = this.#testApi ?? makeExecApi(this.session.cwd);
+
+		if (params.target_org && !ORG_ALIAS_PATTERN.test(params.target_org)) {
+			return textResult(
+				`Error: invalid org alias "${params.target_org}". Only alphanumeric characters, dots, underscores, hyphens, and @ are allowed.`,
+			);
+		}
+
+		const args = ["data", "query", "--query", params.query];
+		if (params.target_org) {
+			args.push("--target-org", params.target_org);
+		}
+		if (params.use_tooling_api) {
+			args.push("--use-tooling-api");
+		}
+		if (params.all_rows) {
+			args.push("--all-rows");
+		}
+
+		const result = await execSfJson(api, args, signal, params.query);
+		const queryData = result.result as SfQueryResult<Record<string, unknown>>;
+
+		const queryResult: SfQueryResult = {
+			totalSize: queryData.totalSize ?? 0,
+			done: queryData.done ?? true,
+			records: queryData.records ?? [],
+		};
+
+		let output = formatQueryResults(queryResult);
+		if (!queryResult.done) {
+			output +=
+				"\n\n**Warning**: Results are incomplete. The query returned more records than the API limit. Use `sf data export bulk` for the full dataset.";
+		}
+		return textResult(output, { queryResult });
+	}
+}
+
+// ─── SfOrgDisplayTool ────────────────────────────────────────────────────
+
+export class SfOrgDisplayTool implements AgentTool<typeof sfOrgDisplaySchema, SfToolDetails> {
+	readonly name = "sf_org_display";
+	readonly label = "Salesforce Org Display";
+	readonly description = prompt.render(sfOrgDisplayDescription);
+	readonly parameters = sfOrgDisplaySchema;
+
+	#testApi?: SfExecApi;
+	constructor(
+		readonly session: ToolSession,
+		testApi?: SfExecApi,
+	) {
+		this.#testApi = testApi;
+	}
+
+	static createIf(session: ToolSession): SfOrgDisplayTool | null {
+		if (!$which("sf")) return null;
+		return new SfOrgDisplayTool(session);
+	}
+
+	async execute(
+		_toolCallId: string,
+		params: SfOrgDisplayInput,
+		signal?: AbortSignal,
+		_onUpdate?: AgentToolUpdateCallback<SfToolDetails>,
+		_context?: AgentToolContext,
+	): Promise<AgentToolResult<SfToolDetails>> {
+		const api = this.#testApi ?? makeExecApi(this.session.cwd);
+
+		if (params.target_org && !ORG_ALIAS_PATTERN.test(params.target_org)) {
+			return textResult(
+				`Error: invalid org alias "${params.target_org}". Only alphanumeric characters, dots, underscores, hyphens, and @ are allowed.`,
+			);
+		}
+
+		const args = ["org", "display"];
+		if (params.target_org) {
+			args.push("--target-org", params.target_org);
+		}
+
+		const result = await execSfJson(api, args, signal);
+		const raw = result.result as Record<string, unknown>;
+
+		// SECURITY: only extract whitelisted fields
+		const org: SfOrg = {
+			username: String(raw.username ?? ""),
+			orgId: String(raw.id ?? raw.orgId ?? ""),
+			instanceUrl: String(raw.instanceUrl ?? ""),
+			connectedStatus: String(raw.connectedStatus ?? "Connected"),
+			alias: raw.alias ? String(raw.alias) : undefined,
+			isDefault: false,
+			isSandbox: Boolean(raw.isSandbox ?? false),
+		};
+
+		return textResult(formatOrgDetail(org), { orgs: [org] });
+	}
+}