@raishin/vanguard-frontier-agentic 2.2.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (765) hide show
  1. package/.claude-plugin/marketplace.json +1 -1
  2. package/.claude-plugin/plugin.json +41 -1
  3. package/.cursor-plugin/plugin.json +41 -1
  4. package/.github/plugin/marketplace.json +1 -1
  5. package/README.md +48 -28
  6. package/agents/dotnet/README.md +57 -0
  7. package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/AGENT.md +57 -0
  8. package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/claude-code.agent.md +41 -0
  9. package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/codex.toml +40 -0
  10. package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/copilot.agent.md +41 -0
  11. package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/cursor.agent.md +41 -0
  12. package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/gemini.agent.md +41 -0
  13. package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/kiro-cli.agent.json +5 -0
  14. package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/kiro-ide.agent.md +41 -0
  15. package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/metadata.json +41 -0
  16. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/AGENT.md +56 -0
  17. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/claude-code.agent.md +40 -0
  18. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/codex.toml +38 -0
  19. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/copilot.agent.md +40 -0
  20. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/cursor.agent.md +40 -0
  21. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/gemini.agent.md +40 -0
  22. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/kiro-cli.agent.json +5 -0
  23. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/kiro-ide.agent.md +40 -0
  24. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/metadata.json +42 -0
  25. package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/AGENT.md +56 -0
  26. package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/claude-code.agent.md +40 -0
  27. package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/codex.toml +38 -0
  28. package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/copilot.agent.md +40 -0
  29. package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/cursor.agent.md +40 -0
  30. package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/gemini.agent.md +40 -0
  31. package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/kiro-cli.agent.json +5 -0
  32. package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/kiro-ide.agent.md +40 -0
  33. package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/metadata.json +42 -0
  34. package/agents/dotnet/dotnet-csharp-runtime-review-agent/AGENT.md +56 -0
  35. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/claude-code.agent.md +39 -0
  36. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/codex.toml +39 -0
  37. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/copilot.agent.md +39 -0
  38. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/cursor.agent.md +39 -0
  39. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/gemini.agent.md +39 -0
  40. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/kiro-cli.agent.json +5 -0
  41. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/kiro-ide.agent.md +39 -0
  42. package/agents/dotnet/dotnet-csharp-runtime-review-agent/metadata.json +42 -0
  43. package/agents/dotnet/dotnet-efcore-data-access-review-agent/AGENT.md +58 -0
  44. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/claude-code.agent.md +42 -0
  45. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/codex.toml +41 -0
  46. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/copilot.agent.md +42 -0
  47. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/cursor.agent.md +42 -0
  48. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/gemini.agent.md +42 -0
  49. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/kiro-cli.agent.json +5 -0
  50. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/kiro-ide.agent.md +42 -0
  51. package/agents/dotnet/dotnet-efcore-data-access-review-agent/metadata.json +42 -0
  52. package/agents/dotnet/dotnet-maestro-agent/AGENT.md +53 -0
  53. package/agents/dotnet/dotnet-maestro-agent/harnesses/claude-code.agent.md +36 -0
  54. package/agents/dotnet/dotnet-maestro-agent/harnesses/codex.toml +40 -0
  55. package/agents/dotnet/dotnet-maestro-agent/harnesses/copilot.agent.md +36 -0
  56. package/agents/dotnet/dotnet-maestro-agent/harnesses/cursor.agent.md +36 -0
  57. package/agents/dotnet/dotnet-maestro-agent/harnesses/gemini.agent.md +36 -0
  58. package/agents/dotnet/dotnet-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  59. package/agents/dotnet/dotnet-maestro-agent/harnesses/kiro-ide.agent.md +36 -0
  60. package/agents/dotnet/dotnet-maestro-agent/metadata.json +40 -0
  61. package/agents/dotnet/dotnet-observability-otel-review-agent/AGENT.md +57 -0
  62. package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/claude-code.agent.md +41 -0
  63. package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/codex.toml +40 -0
  64. package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/copilot.agent.md +41 -0
  65. package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/cursor.agent.md +41 -0
  66. package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/gemini.agent.md +41 -0
  67. package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/kiro-cli.agent.json +5 -0
  68. package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/kiro-ide.agent.md +41 -0
  69. package/agents/dotnet/dotnet-observability-otel-review-agent/metadata.json +41 -0
  70. package/agents/dotnet/dotnet-performance-aot-review-agent/AGENT.md +56 -0
  71. package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/claude-code.agent.md +40 -0
  72. package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/codex.toml +39 -0
  73. package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/copilot.agent.md +40 -0
  74. package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/cursor.agent.md +40 -0
  75. package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/gemini.agent.md +40 -0
  76. package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/kiro-cli.agent.json +5 -0
  77. package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/kiro-ide.agent.md +40 -0
  78. package/agents/dotnet/dotnet-performance-aot-review-agent/metadata.json +41 -0
  79. package/agents/dotnet/dotnet-supply-chain-review-agent/AGENT.md +57 -0
  80. package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/claude-code.agent.md +41 -0
  81. package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/codex.toml +40 -0
  82. package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/copilot.agent.md +41 -0
  83. package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/cursor.agent.md +41 -0
  84. package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/gemini.agent.md +41 -0
  85. package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/kiro-cli.agent.json +5 -0
  86. package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/kiro-ide.agent.md +41 -0
  87. package/agents/dotnet/dotnet-supply-chain-review-agent/metadata.json +42 -0
  88. package/agents/dotnet/dotnet-testing-quality-review-agent/AGENT.md +56 -0
  89. package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/claude-code.agent.md +40 -0
  90. package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/codex.toml +39 -0
  91. package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/copilot.agent.md +40 -0
  92. package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/cursor.agent.md +40 -0
  93. package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/gemini.agent.md +40 -0
  94. package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/kiro-cli.agent.json +5 -0
  95. package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/kiro-ide.agent.md +40 -0
  96. package/agents/dotnet/dotnet-testing-quality-review-agent/metadata.json +41 -0
  97. package/agents/hetzner/README.md +1 -1
  98. package/agents/hr/hr-analytics-people-data-agent/metadata.json +3 -7
  99. package/agents/hr/hr-benefits-payroll-agent/metadata.json +3 -7
  100. package/agents/hr/hr-compensation-equity-agent/metadata.json +3 -7
  101. package/agents/hr/hr-culture-dei-agent/metadata.json +3 -7
  102. package/agents/hr/hr-employee-relations-agent/metadata.json +3 -7
  103. package/agents/hr/hr-hris-process-controls-agent/metadata.json +3 -7
  104. package/agents/hr/hr-learning-policy-agent/metadata.json +3 -7
  105. package/agents/hr/hr-leave-accommodation-agent/metadata.json +3 -7
  106. package/agents/hr/hr-maestro-agent/metadata.json +4 -8
  107. package/agents/hr/hr-performance-management-agent/metadata.json +3 -7
  108. package/agents/hr/hr-recruiting-selection-agent/metadata.json +3 -7
  109. package/agents/hr/hr-risk-triage-review-agent/metadata.json +3 -3
  110. package/agents/hr/hr-termination-readiness-agent/metadata.json +3 -7
  111. package/agents/hr/hr-workforce-planning-rif-agent/metadata.json +3 -7
  112. package/agents/hr/hr-workplace-investigations-agent/metadata.json +3 -7
  113. package/agents/legal/legal-contract-review-agent/metadata.json +3 -7
  114. package/agents/legal/legal-counsel-review-agent/metadata.json +3 -3
  115. package/agents/legal/legal-employment-law-risk-agent/metadata.json +4 -8
  116. package/agents/legal/legal-ethics-investigations-agent/metadata.json +3 -7
  117. package/agents/legal/legal-ip-open-source-agent/metadata.json +3 -7
  118. package/agents/legal/legal-knowledge-management-agent/metadata.json +3 -7
  119. package/agents/legal/legal-litigation-discovery-hold-agent/metadata.json +3 -7
  120. package/agents/legal/legal-maestro-agent/metadata.json +4 -8
  121. package/agents/legal/legal-policy-governance-agent/metadata.json +3 -7
  122. package/agents/legal/legal-privacy-data-protection-agent/metadata.json +3 -7
  123. package/agents/legal/legal-public-disclosure-agent/metadata.json +3 -7
  124. package/agents/legal/legal-regulatory-compliance-agent/metadata.json +3 -7
  125. package/agents/legal/legal-vendor-procurement-risk-agent/metadata.json +3 -7
  126. package/agents/oci/oci-devops-container-platform-engineer-agent/AGENT.md +1 -1
  127. package/agents/oci/oci-exadata-platform-architect-agent/AGENT.md +1 -1
  128. package/agents/oci/oci-multi-cloud-architect-agent/AGENT.md +1 -1
  129. package/agents/prometheus/README.md +1 -1
  130. package/agents/qa/playwright-e2e-suite-review-agent/AGENT.md +3 -3
  131. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/claude-code.agent.md +3 -3
  132. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/copilot.agent.md +3 -3
  133. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/cursor.agent.md +3 -3
  134. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/gemini.agent.md +3 -3
  135. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/kiro-ide.agent.md +3 -3
  136. package/agents/salesforce/AGENTS.md +31 -0
  137. package/agents/salesforce/README.md +135 -0
  138. package/agents/salesforce/salesforce-adaptive-access-agent/AGENT.md +117 -0
  139. package/agents/salesforce/salesforce-adaptive-access-agent/LEAST-PRIVILEGES.md +91 -0
  140. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/claude-code.agent.md +69 -0
  141. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/codex.toml +30 -0
  142. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/copilot.agent.md +69 -0
  143. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/cursor.agent.md +69 -0
  144. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/gemini.agent.md +69 -0
  145. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-cli.agent.json +5 -0
  146. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-ide.agent.md +69 -0
  147. package/agents/salesforce/salesforce-adaptive-access-agent/metadata.json +30 -0
  148. package/agents/salesforce/salesforce-agentforce-ai-agent/AGENT.md +126 -0
  149. package/agents/salesforce/salesforce-agentforce-ai-agent/LEAST-PRIVILEGES.md +92 -0
  150. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/claude-code.agent.md +81 -0
  151. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/codex.toml +36 -0
  152. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/copilot.agent.md +81 -0
  153. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/cursor.agent.md +81 -0
  154. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/gemini.agent.md +81 -0
  155. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-cli.agent.json +5 -0
  156. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-ide.agent.md +49 -0
  157. package/agents/salesforce/salesforce-agentforce-ai-agent/metadata.json +41 -0
  158. package/agents/salesforce/salesforce-analytics-tableau-agent/AGENT.md +119 -0
  159. package/agents/salesforce/salesforce-analytics-tableau-agent/LEAST-PRIVILEGES.md +81 -0
  160. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/claude-code.agent.md +75 -0
  161. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/codex.toml +35 -0
  162. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/copilot.agent.md +75 -0
  163. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/cursor.agent.md +75 -0
  164. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/gemini.agent.md +75 -0
  165. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-cli.agent.json +5 -0
  166. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-ide.agent.md +45 -0
  167. package/agents/salesforce/salesforce-analytics-tableau-agent/metadata.json +41 -0
  168. package/agents/salesforce/salesforce-app-builder-automation-agent/AGENT.md +112 -0
  169. package/agents/salesforce/salesforce-app-builder-automation-agent/LEAST-PRIVILEGES.md +86 -0
  170. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/claude-code.agent.md +50 -0
  171. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/codex.toml +35 -0
  172. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/copilot.agent.md +50 -0
  173. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/cursor.agent.md +50 -0
  174. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/gemini.agent.md +50 -0
  175. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-cli.agent.json +5 -0
  176. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-ide.agent.md +50 -0
  177. package/agents/salesforce/salesforce-app-builder-automation-agent/metadata.json +40 -0
  178. package/agents/salesforce/salesforce-business-analyst-agent/AGENT.md +110 -0
  179. package/agents/salesforce/salesforce-business-analyst-agent/LEAST-PRIVILEGES.md +89 -0
  180. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/claude-code.agent.md +48 -0
  181. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/codex.toml +35 -0
  182. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/copilot.agent.md +48 -0
  183. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/cursor.agent.md +48 -0
  184. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/gemini.agent.md +48 -0
  185. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
  186. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-ide.agent.md +48 -0
  187. package/agents/salesforce/salesforce-business-analyst-agent/metadata.json +40 -0
  188. package/agents/salesforce/salesforce-certificate-lifecycle-agent/AGENT.md +112 -0
  189. package/agents/salesforce/salesforce-certificate-lifecycle-agent/LEAST-PRIVILEGES.md +81 -0
  190. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/claude-code.agent.md +66 -0
  191. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/codex.toml +30 -0
  192. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/copilot.agent.md +66 -0
  193. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/cursor.agent.md +66 -0
  194. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/gemini.agent.md +66 -0
  195. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-cli.agent.json +5 -0
  196. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-ide.agent.md +66 -0
  197. package/agents/salesforce/salesforce-certificate-lifecycle-agent/metadata.json +30 -0
  198. package/agents/salesforce/salesforce-change-impact-analyst-agent/AGENT.md +121 -0
  199. package/agents/salesforce/salesforce-change-impact-analyst-agent/LEAST-PRIVILEGES.md +87 -0
  200. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/claude-code.agent.md +74 -0
  201. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/codex.toml +30 -0
  202. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/copilot.agent.md +74 -0
  203. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/cursor.agent.md +74 -0
  204. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/gemini.agent.md +74 -0
  205. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
  206. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-ide.agent.md +74 -0
  207. package/agents/salesforce/salesforce-change-impact-analyst-agent/metadata.json +30 -0
  208. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/AGENT.md +119 -0
  209. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/LEAST-PRIVILEGES.md +88 -0
  210. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/claude-code.agent.md +67 -0
  211. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/codex.toml +30 -0
  212. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/copilot.agent.md +67 -0
  213. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/cursor.agent.md +67 -0
  214. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/gemini.agent.md +67 -0
  215. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-cli.agent.json +5 -0
  216. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-ide.agent.md +67 -0
  217. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/metadata.json +31 -0
  218. package/agents/salesforce/salesforce-compliance-privacy-agent/AGENT.md +130 -0
  219. package/agents/salesforce/salesforce-compliance-privacy-agent/LEAST-PRIVILEGES.md +85 -0
  220. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/claude-code.agent.md +84 -0
  221. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/codex.toml +36 -0
  222. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/copilot.agent.md +84 -0
  223. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/cursor.agent.md +84 -0
  224. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/gemini.agent.md +84 -0
  225. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-cli.agent.json +5 -0
  226. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-ide.agent.md +49 -0
  227. package/agents/salesforce/salesforce-compliance-privacy-agent/metadata.json +41 -0
  228. package/agents/salesforce/salesforce-continuous-verification-agent/AGENT.md +113 -0
  229. package/agents/salesforce/salesforce-continuous-verification-agent/LEAST-PRIVILEGES.md +90 -0
  230. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/claude-code.agent.md +64 -0
  231. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/codex.toml +30 -0
  232. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/copilot.agent.md +64 -0
  233. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/cursor.agent.md +64 -0
  234. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/gemini.agent.md +64 -0
  235. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-cli.agent.json +5 -0
  236. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-ide.agent.md +64 -0
  237. package/agents/salesforce/salesforce-continuous-verification-agent/metadata.json +31 -0
  238. package/agents/salesforce/salesforce-data-architecture-agent/AGENT.md +113 -0
  239. package/agents/salesforce/salesforce-data-architecture-agent/LEAST-PRIVILEGES.md +92 -0
  240. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/claude-code.agent.md +49 -0
  241. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/codex.toml +35 -0
  242. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/copilot.agent.md +49 -0
  243. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/cursor.agent.md +49 -0
  244. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/gemini.agent.md +49 -0
  245. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-cli.agent.json +5 -0
  246. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-ide.agent.md +49 -0
  247. package/agents/salesforce/salesforce-data-architecture-agent/metadata.json +40 -0
  248. package/agents/salesforce/salesforce-development-agent/AGENT.md +114 -0
  249. package/agents/salesforce/salesforce-development-agent/LEAST-PRIVILEGES.md +89 -0
  250. package/agents/salesforce/salesforce-development-agent/harnesses/claude-code.agent.md +50 -0
  251. package/agents/salesforce/salesforce-development-agent/harnesses/codex.toml +36 -0
  252. package/agents/salesforce/salesforce-development-agent/harnesses/copilot.agent.md +50 -0
  253. package/agents/salesforce/salesforce-development-agent/harnesses/cursor.agent.md +50 -0
  254. package/agents/salesforce/salesforce-development-agent/harnesses/gemini.agent.md +50 -0
  255. package/agents/salesforce/salesforce-development-agent/harnesses/kiro-cli.agent.json +5 -0
  256. package/agents/salesforce/salesforce-development-agent/harnesses/kiro-ide.agent.md +50 -0
  257. package/agents/salesforce/salesforce-development-agent/metadata.json +40 -0
  258. package/agents/salesforce/salesforce-devops-release-agent/AGENT.md +115 -0
  259. package/agents/salesforce/salesforce-devops-release-agent/LEAST-PRIVILEGES.md +90 -0
  260. package/agents/salesforce/salesforce-devops-release-agent/harnesses/claude-code.agent.md +51 -0
  261. package/agents/salesforce/salesforce-devops-release-agent/harnesses/codex.toml +35 -0
  262. package/agents/salesforce/salesforce-devops-release-agent/harnesses/copilot.agent.md +51 -0
  263. package/agents/salesforce/salesforce-devops-release-agent/harnesses/cursor.agent.md +51 -0
  264. package/agents/salesforce/salesforce-devops-release-agent/harnesses/gemini.agent.md +51 -0
  265. package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-cli.agent.json +5 -0
  266. package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-ide.agent.md +51 -0
  267. package/agents/salesforce/salesforce-devops-release-agent/metadata.json +40 -0
  268. package/agents/salesforce/salesforce-enterprise-architect-agent/AGENT.md +128 -0
  269. package/agents/salesforce/salesforce-enterprise-architect-agent/LEAST-PRIVILEGES.md +92 -0
  270. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/claude-code.agent.md +81 -0
  271. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/codex.toml +36 -0
  272. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/copilot.agent.md +81 -0
  273. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/cursor.agent.md +81 -0
  274. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/gemini.agent.md +81 -0
  275. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-cli.agent.json +5 -0
  276. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-ide.agent.md +49 -0
  277. package/agents/salesforce/salesforce-enterprise-architect-agent/metadata.json +41 -0
  278. package/agents/salesforce/salesforce-experience-cloud-agent/AGENT.md +124 -0
  279. package/agents/salesforce/salesforce-experience-cloud-agent/LEAST-PRIVILEGES.md +80 -0
  280. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/claude-code.agent.md +79 -0
  281. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/codex.toml +35 -0
  282. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/copilot.agent.md +79 -0
  283. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/cursor.agent.md +79 -0
  284. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/gemini.agent.md +79 -0
  285. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
  286. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-ide.agent.md +59 -0
  287. package/agents/salesforce/salesforce-experience-cloud-agent/metadata.json +40 -0
  288. package/agents/salesforce/salesforce-hyperforce-security-agent/AGENT.md +113 -0
  289. package/agents/salesforce/salesforce-hyperforce-security-agent/LEAST-PRIVILEGES.md +80 -0
  290. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/claude-code.agent.md +72 -0
  291. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/codex.toml +28 -0
  292. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/copilot.agent.md +72 -0
  293. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/cursor.agent.md +72 -0
  294. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/gemini.agent.md +72 -0
  295. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-cli.agent.json +5 -0
  296. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-ide.agent.md +72 -0
  297. package/agents/salesforce/salesforce-hyperforce-security-agent/metadata.json +30 -0
  298. package/agents/salesforce/salesforce-industry-cloud-agent/AGENT.md +125 -0
  299. package/agents/salesforce/salesforce-industry-cloud-agent/LEAST-PRIVILEGES.md +88 -0
  300. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/claude-code.agent.md +80 -0
  301. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/codex.toml +41 -0
  302. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/copilot.agent.md +80 -0
  303. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/cursor.agent.md +80 -0
  304. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/gemini.agent.md +80 -0
  305. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
  306. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
  307. package/agents/salesforce/salesforce-industry-cloud-agent/metadata.json +42 -0
  308. package/agents/salesforce/salesforce-integration-mulesoft-agent/AGENT.md +115 -0
  309. package/agents/salesforce/salesforce-integration-mulesoft-agent/LEAST-PRIVILEGES.md +91 -0
  310. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/claude-code.agent.md +50 -0
  311. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/codex.toml +35 -0
  312. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/copilot.agent.md +50 -0
  313. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/cursor.agent.md +50 -0
  314. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/gemini.agent.md +50 -0
  315. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-cli.agent.json +5 -0
  316. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-ide.agent.md +50 -0
  317. package/agents/salesforce/salesforce-integration-mulesoft-agent/metadata.json +40 -0
  318. package/agents/salesforce/salesforce-live-guard-agent/AGENT.md +126 -0
  319. package/agents/salesforce/salesforce-live-guard-agent/LEAST-PRIVILEGES.md +100 -0
  320. package/agents/salesforce/salesforce-live-guard-agent/harnesses/claude-code.agent.md +85 -0
  321. package/agents/salesforce/salesforce-live-guard-agent/harnesses/codex.toml +50 -0
  322. package/agents/salesforce/salesforce-live-guard-agent/harnesses/copilot.agent.md +85 -0
  323. package/agents/salesforce/salesforce-live-guard-agent/harnesses/cursor.agent.md +85 -0
  324. package/agents/salesforce/salesforce-live-guard-agent/harnesses/gemini.agent.md +85 -0
  325. package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  326. package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-ide.agent.md +58 -0
  327. package/agents/salesforce/salesforce-live-guard-agent/metadata.json +39 -0
  328. package/agents/salesforce/salesforce-maestro-agent/AGENT.md +77 -0
  329. package/agents/salesforce/salesforce-maestro-agent/LEAST-PRIVILEGES.md +93 -0
  330. package/agents/salesforce/salesforce-maestro-agent/README.md +593 -0
  331. package/agents/salesforce/salesforce-maestro-agent/harnesses/claude-code.agent.md +65 -0
  332. package/agents/salesforce/salesforce-maestro-agent/harnesses/codex.toml +66 -0
  333. package/agents/salesforce/salesforce-maestro-agent/harnesses/copilot.agent.md +65 -0
  334. package/agents/salesforce/salesforce-maestro-agent/harnesses/cursor.agent.md +65 -0
  335. package/agents/salesforce/salesforce-maestro-agent/harnesses/gemini.agent.md +65 -0
  336. package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  337. package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-ide.agent.md +65 -0
  338. package/agents/salesforce/salesforce-maestro-agent/metadata.json +38 -0
  339. package/agents/salesforce/salesforce-marketing-cloud-agent/AGENT.md +124 -0
  340. package/agents/salesforce/salesforce-marketing-cloud-agent/LEAST-PRIVILEGES.md +86 -0
  341. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/claude-code.agent.md +78 -0
  342. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/codex.toml +34 -0
  343. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/copilot.agent.md +78 -0
  344. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/cursor.agent.md +78 -0
  345. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/gemini.agent.md +78 -0
  346. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
  347. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
  348. package/agents/salesforce/salesforce-marketing-cloud-agent/metadata.json +41 -0
  349. package/agents/salesforce/salesforce-network-policy-architect-agent/AGENT.md +113 -0
  350. package/agents/salesforce/salesforce-network-policy-architect-agent/LEAST-PRIVILEGES.md +87 -0
  351. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/claude-code.agent.md +72 -0
  352. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/codex.toml +28 -0
  353. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/copilot.agent.md +72 -0
  354. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/cursor.agent.md +72 -0
  355. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/gemini.agent.md +72 -0
  356. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-cli.agent.json +5 -0
  357. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-ide.agent.md +72 -0
  358. package/agents/salesforce/salesforce-network-policy-architect-agent/metadata.json +31 -0
  359. package/agents/salesforce/salesforce-platform-admin-review-agent/AGENT.md +113 -0
  360. package/agents/salesforce/salesforce-platform-admin-review-agent/LEAST-PRIVILEGES.md +88 -0
  361. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/claude-code.agent.md +49 -0
  362. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/codex.toml +36 -0
  363. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/copilot.agent.md +49 -0
  364. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/cursor.agent.md +49 -0
  365. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/gemini.agent.md +49 -0
  366. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-cli.agent.json +5 -0
  367. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-ide.agent.md +49 -0
  368. package/agents/salesforce/salesforce-platform-admin-review-agent/metadata.json +40 -0
  369. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/AGENT.md +115 -0
  370. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/LEAST-PRIVILEGES.md +83 -0
  371. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/claude-code.agent.md +50 -0
  372. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/codex.toml +35 -0
  373. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/copilot.agent.md +50 -0
  374. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/cursor.agent.md +50 -0
  375. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/gemini.agent.md +50 -0
  376. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-cli.agent.json +5 -0
  377. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-ide.agent.md +50 -0
  378. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/metadata.json +40 -0
  379. package/agents/salesforce/salesforce-sandbox-governance-agent/AGENT.md +120 -0
  380. package/agents/salesforce/salesforce-sandbox-governance-agent/LEAST-PRIVILEGES.md +80 -0
  381. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/claude-code.agent.md +72 -0
  382. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/codex.toml +30 -0
  383. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/copilot.agent.md +72 -0
  384. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/cursor.agent.md +72 -0
  385. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/gemini.agent.md +72 -0
  386. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-cli.agent.json +5 -0
  387. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-ide.agent.md +72 -0
  388. package/agents/salesforce/salesforce-sandbox-governance-agent/metadata.json +30 -0
  389. package/agents/salesforce/salesforce-sandbox-isolation-agent/AGENT.md +113 -0
  390. package/agents/salesforce/salesforce-sandbox-isolation-agent/LEAST-PRIVILEGES.md +90 -0
  391. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/claude-code.agent.md +71 -0
  392. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/codex.toml +28 -0
  393. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/copilot.agent.md +71 -0
  394. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/cursor.agent.md +71 -0
  395. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/gemini.agent.md +71 -0
  396. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-cli.agent.json +5 -0
  397. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-ide.agent.md +71 -0
  398. package/agents/salesforce/salesforce-sandbox-isolation-agent/metadata.json +30 -0
  399. package/agents/salesforce/salesforce-security-identity-access-agent/AGENT.md +118 -0
  400. package/agents/salesforce/salesforce-security-identity-access-agent/LEAST-PRIVILEGES.md +85 -0
  401. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/claude-code.agent.md +52 -0
  402. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/codex.toml +36 -0
  403. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/copilot.agent.md +52 -0
  404. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/cursor.agent.md +52 -0
  405. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/gemini.agent.md +52 -0
  406. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-cli.agent.json +5 -0
  407. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-ide.agent.md +52 -0
  408. package/agents/salesforce/salesforce-security-identity-access-agent/metadata.json +40 -0
  409. package/agents/salesforce/salesforce-service-field-service-agent/AGENT.md +115 -0
  410. package/agents/salesforce/salesforce-service-field-service-agent/LEAST-PRIVILEGES.md +82 -0
  411. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/claude-code.agent.md +50 -0
  412. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/codex.toml +35 -0
  413. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/copilot.agent.md +50 -0
  414. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/cursor.agent.md +50 -0
  415. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/gemini.agent.md +50 -0
  416. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-cli.agent.json +5 -0
  417. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-ide.agent.md +50 -0
  418. package/agents/salesforce/salesforce-service-field-service-agent/metadata.json +40 -0
  419. package/agents/salesforce/salesforce-session-governance-agent/AGENT.md +116 -0
  420. package/agents/salesforce/salesforce-session-governance-agent/LEAST-PRIVILEGES.md +91 -0
  421. package/agents/salesforce/salesforce-session-governance-agent/harnesses/claude-code.agent.md +74 -0
  422. package/agents/salesforce/salesforce-session-governance-agent/harnesses/codex.toml +28 -0
  423. package/agents/salesforce/salesforce-session-governance-agent/harnesses/copilot.agent.md +74 -0
  424. package/agents/salesforce/salesforce-session-governance-agent/harnesses/cursor.agent.md +74 -0
  425. package/agents/salesforce/salesforce-session-governance-agent/harnesses/gemini.agent.md +74 -0
  426. package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-cli.agent.json +5 -0
  427. package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-ide.agent.md +74 -0
  428. package/agents/salesforce/salesforce-session-governance-agent/metadata.json +30 -0
  429. package/agents/salesforce/salesforce-slack-collaboration-agent/AGENT.md +123 -0
  430. package/agents/salesforce/salesforce-slack-collaboration-agent/LEAST-PRIVILEGES.md +86 -0
  431. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/claude-code.agent.md +79 -0
  432. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/codex.toml +35 -0
  433. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/copilot.agent.md +79 -0
  434. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/cursor.agent.md +79 -0
  435. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/gemini.agent.md +79 -0
  436. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-cli.agent.json +5 -0
  437. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-ide.agent.md +48 -0
  438. package/agents/salesforce/salesforce-slack-collaboration-agent/metadata.json +41 -0
  439. package/assets/logos/cloud/salesforce/salesforce.svg +34 -0
  440. package/catalog/agents.json +1785 -353
  441. package/catalog/asset-integrity.json +2866 -411
  442. package/catalog/install-roles.json +96 -0
  443. package/catalog/skill-manifest.json +1238 -138
  444. package/catalog/skills.json +1587 -333
  445. package/package.json +3 -2
  446. package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +1 -1
  447. package/powers/vanguard-salesforce/POWER.md +42 -0
  448. package/schemas/agent.schema.json +5 -1
  449. package/schemas/skill.frontmatter.schema.json +33 -3
  450. package/schemas/skill.schema.json +5 -1
  451. package/scripts/export-marketplace-agents.mjs +30 -2
  452. package/scripts/generate-kiro-powers.mjs +12 -0
  453. package/scripts/release-prepare.mjs +35 -0
  454. package/skills/aws/aws-agentcore/references/official-sources.md +19 -19
  455. package/skills/aws/aws-generative-ai-developer/references/official-sources.md +10 -10
  456. package/skills/azure/azure-ai-foundry-ops-governor/references/workflow-and-output.md +2 -2
  457. package/skills/azure/azure-aks-platform-operator/references/workflow-and-output.md +1 -1
  458. package/skills/azure/azure-app-service-production-readiness/references/workflow-and-output.md +1 -1
  459. package/skills/azure/azure-cosmosdb-application-developer/references/official-sources.md +11 -11
  460. package/skills/azure/azure-cosmosdb-performance-investigator/references/official-sources.md +11 -11
  461. package/skills/azure/azure-cosmosdb-platform-operator/references/official-sources.md +10 -10
  462. package/skills/azure/azure-cost-estimation-review/references/workflow-and-output.md +1 -1
  463. package/skills/azure/azure-cost-optimization-governor/references/workflow-and-output.md +1 -1
  464. package/skills/azure/azure-entra-id-specialist/references/official-sources.md +28 -28
  465. package/skills/azure/azure-identity-governance-review/references/official-sources.md +11 -11
  466. package/skills/azure/azure-identity-governance-review/references/workflow-and-output.md +1 -1
  467. package/skills/azure/azure-key-vault-secret-lifecycle-auditor/references/workflow-and-output.md +1 -1
  468. package/skills/azure/azure-migrate-landing-zone-cutover/references/workflow-and-output.md +1 -1
  469. package/skills/azure/azure-platform-automation-devops/references/workflow-and-output.md +1 -1
  470. package/skills/azure/azure-private-endpoint-adoption-planner/references/workflow-and-output.md +1 -1
  471. package/skills/azure/azure-resource-health-incident-triage/references/workflow-and-output.md +6 -6
  472. package/skills/azure/azure-subscription-resource-organization/references/workflow-and-output.md +1 -1
  473. package/skills/cross-functional/salesforce-case-capsule/SKILL.md +164 -0
  474. package/skills/cross-functional/salesforce-case-capsule/metadata.json +19 -0
  475. package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/SKILL.md +165 -0
  476. package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/metadata.json +19 -0
  477. package/skills/cross-functional/salesforce-live-change-approval-protocol/SKILL.md +118 -0
  478. package/skills/cross-functional/salesforce-live-change-approval-protocol/metadata.json +19 -0
  479. package/skills/cross-functional/salesforce-risk-taxonomy/SKILL.md +162 -0
  480. package/skills/cross-functional/salesforce-risk-taxonomy/metadata.json +19 -0
  481. package/skills/cross-functional/salesforce-routing-protocol/SKILL.md +159 -0
  482. package/skills/cross-functional/salesforce-routing-protocol/metadata.json +19 -0
  483. package/skills/dotnet/dotnet-aspire-cloud-native-review/SKILL.md +53 -0
  484. package/skills/dotnet/dotnet-aspire-cloud-native-review/metadata.json +27 -0
  485. package/skills/dotnet/dotnet-aspire-cloud-native-review/references/workflow-and-output.md +115 -0
  486. package/skills/dotnet/dotnet-aspnetcore-api-review/SKILL.md +53 -0
  487. package/skills/dotnet/dotnet-aspnetcore-api-review/metadata.json +28 -0
  488. package/skills/dotnet/dotnet-aspnetcore-api-review/references/workflow-and-output.md +115 -0
  489. package/skills/dotnet/dotnet-aspnetcore-identity-authz-review/SKILL.md +48 -0
  490. package/skills/dotnet/dotnet-aspnetcore-identity-authz-review/metadata.json +28 -0
  491. package/skills/dotnet/dotnet-aspnetcore-identity-authz-review/references/workflow-and-output.md +125 -0
  492. package/skills/dotnet/dotnet-csharp-runtime-review/SKILL.md +56 -0
  493. package/skills/dotnet/dotnet-csharp-runtime-review/metadata.json +28 -0
  494. package/skills/dotnet/dotnet-csharp-runtime-review/references/workflow-and-output.md +141 -0
  495. package/skills/dotnet/dotnet-efcore-data-access-review/SKILL.md +57 -0
  496. package/skills/dotnet/dotnet-efcore-data-access-review/metadata.json +28 -0
  497. package/skills/dotnet/dotnet-efcore-data-access-review/references/workflow-and-output.md +140 -0
  498. package/skills/dotnet/dotnet-maestro/SKILL.md +106 -0
  499. package/skills/dotnet/dotnet-maestro/metadata.json +26 -0
  500. package/skills/dotnet/dotnet-observability-otel-review/SKILL.md +53 -0
  501. package/skills/dotnet/dotnet-observability-otel-review/metadata.json +27 -0
  502. package/skills/dotnet/dotnet-observability-otel-review/references/workflow-and-output.md +119 -0
  503. package/skills/dotnet/dotnet-performance-aot-review/SKILL.md +53 -0
  504. package/skills/dotnet/dotnet-performance-aot-review/metadata.json +27 -0
  505. package/skills/dotnet/dotnet-performance-aot-review/references/workflow-and-output.md +123 -0
  506. package/skills/dotnet/dotnet-supply-chain-review/SKILL.md +55 -0
  507. package/skills/dotnet/dotnet-supply-chain-review/metadata.json +28 -0
  508. package/skills/dotnet/dotnet-supply-chain-review/references/workflow-and-output.md +132 -0
  509. package/skills/dotnet/dotnet-testing-quality-review/SKILL.md +54 -0
  510. package/skills/dotnet/dotnet-testing-quality-review/metadata.json +27 -0
  511. package/skills/dotnet/dotnet-testing-quality-review/references/workflow-and-output.md +142 -0
  512. package/skills/finops/focus-spec-normalizer/references/focus-columns.md +2 -2
  513. package/skills/gcp/gcp-alloydb-ai-developer/SKILL.md +1 -1
  514. package/skills/gcp/gcp-gemini-api-developer/SKILL.md +2 -2
  515. package/skills/hr/hr-risk-triage-review/metadata.json +9 -2
  516. package/skills/legal/legal-counsel-review/metadata.json +9 -2
  517. package/skills/nvidia/nvidia-model-promotion-gatekeeper/SKILL.md +1 -1
  518. package/skills/nvidia/nvidia-model-promotion-gatekeeper/references/allowlist-commands.md +1 -1
  519. package/skills/oci/oci-compute-platform-operator/SKILL.md +0 -2
  520. package/skills/oci/oci-cost-finops-analyst/SKILL.md +0 -2
  521. package/skills/oci/oci-database-platform-dba/SKILL.md +0 -2
  522. package/skills/oci/oci-devops-container-platform-engineer/SKILL.md +0 -2
  523. package/skills/oci/oci-identity-access-governor/SKILL.md +0 -2
  524. package/skills/oci/oci-multi-cloud-architect/SKILL.md +0 -2
  525. package/skills/oci/oci-network-architect/SKILL.md +0 -2
  526. package/skills/oci/oci-observability-incident-responder/SKILL.md +0 -2
  527. package/skills/oci/oci-security-compliance-reviewer/SKILL.md +0 -2
  528. package/skills/oci/oci-solution-architect/SKILL.md +1 -3
  529. package/skills/oci/oci-storage-backup-steward/SKILL.md +0 -2
  530. package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +1 -1
  531. package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +4 -4
  532. package/skills/qa/ci-test-pipeline-review/references/workflow-and-output.md +1 -1
  533. package/skills/qa/llm-ai-pipeline-test-review/references/workflow-and-output.md +1 -1
  534. package/skills/qa/playwright-e2e-suite-review/SKILL.md +4 -4
  535. package/skills/qa/playwright-e2e-suite-review/references/workflow-and-output.md +12 -12
  536. package/skills/qa/plc-control-logic-safety-review/references/workflow-and-output.md +2 -2
  537. package/skills/qa/test-coverage-quality-review/SKILL.md +1 -1
  538. package/skills/qa/test-coverage-quality-review/references/workflow-and-output.md +8 -8
  539. package/skills/qa/test-flakiness-triage/SKILL.md +1 -1
  540. package/skills/qa/test-flakiness-triage/references/workflow-and-output.md +1 -1
  541. package/skills/salesforce/README.md +117 -0
  542. package/skills/salesforce/salesforce-agentforce-risk-review-skill/SKILL.md +206 -0
  543. package/skills/salesforce/salesforce-agentforce-risk-review-skill/metadata.json +18 -0
  544. package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/action-safety-matrix.md +160 -0
  545. package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/agentforce-anti-patterns.md +193 -0
  546. package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/grounding-source-evaluation.md +162 -0
  547. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/SKILL.md +557 -0
  548. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/metadata.json +41 -0
  549. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/observability-rubric.md +219 -0
  550. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/privacy-redaction.md +240 -0
  551. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/stdm-queries.md +436 -0
  552. package/skills/salesforce/salesforce-apex-generator-skill/SKILL.md +307 -0
  553. package/skills/salesforce/salesforce-apex-generator-skill/metadata.json +30 -0
  554. package/skills/salesforce/salesforce-apex-generator-skill/references/apex-patterns.md +224 -0
  555. package/skills/salesforce/salesforce-apex-generator-skill/references/governor-limits.md +175 -0
  556. package/skills/salesforce/salesforce-apex-generator-skill/references/security-defaults.md +155 -0
  557. package/skills/salesforce/salesforce-apex-log-analyzer-skill/SKILL.md +360 -0
  558. package/skills/salesforce/salesforce-apex-log-analyzer-skill/metadata.json +38 -0
  559. package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/governor-limit-signatures.md +174 -0
  560. package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/log-format-reference.md +154 -0
  561. package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/redaction-rules.md +178 -0
  562. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/SKILL.md +195 -0
  563. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/metadata.json +18 -0
  564. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/apex-anti-patterns.md +270 -0
  565. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/governor-limits-reference.md +198 -0
  566. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/lwc-security.md +206 -0
  567. package/skills/salesforce/salesforce-apex-test-generator-skill/SKILL.md +274 -0
  568. package/skills/salesforce/salesforce-apex-test-generator-skill/metadata.json +29 -0
  569. package/skills/salesforce/salesforce-apex-test-generator-skill/references/assertion-patterns.md +174 -0
  570. package/skills/salesforce/salesforce-apex-test-generator-skill/references/async-testing.md +217 -0
  571. package/skills/salesforce/salesforce-apex-test-generator-skill/references/test-data-factory.md +174 -0
  572. package/skills/salesforce/salesforce-apex-test-runner-skill/SKILL.md +344 -0
  573. package/skills/salesforce/salesforce-apex-test-runner-skill/metadata.json +37 -0
  574. package/skills/salesforce/salesforce-apex-test-runner-skill/references/cli-commands.md +162 -0
  575. package/skills/salesforce/salesforce-apex-test-runner-skill/references/coverage-analysis.md +107 -0
  576. package/skills/salesforce/salesforce-apex-test-runner-skill/references/failure-diagnosis.md +187 -0
  577. package/skills/salesforce/salesforce-bulk-data-ops-skill/SKILL.md +356 -0
  578. package/skills/salesforce/salesforce-bulk-data-ops-skill/metadata.json +29 -0
  579. package/skills/salesforce/salesforce-bulk-data-ops-skill/references/anonymous-apex-patterns.md +380 -0
  580. package/skills/salesforce/salesforce-bulk-data-ops-skill/references/data-loader-templates.md +209 -0
  581. package/skills/salesforce/salesforce-bulk-data-ops-skill/references/rollback-strategy.md +209 -0
  582. package/skills/salesforce/salesforce-deployment-validator-skill/SKILL.md +380 -0
  583. package/skills/salesforce/salesforce-deployment-validator-skill/metadata.json +37 -0
  584. package/skills/salesforce/salesforce-deployment-validator-skill/references/cli-commands.md +264 -0
  585. package/skills/salesforce/salesforce-deployment-validator-skill/references/production-refusal-rules.md +243 -0
  586. package/skills/salesforce/salesforce-deployment-validator-skill/references/test-selection-strategy.md +250 -0
  587. package/skills/salesforce/salesforce-devsecops-pipeline-skill/SKILL.md +195 -0
  588. package/skills/salesforce/salesforce-devsecops-pipeline-skill/metadata.json +19 -0
  589. package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/change-impact-categories.md +216 -0
  590. package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sandbox-masking-strategy.md +193 -0
  591. package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sca-rule-catalog.md +226 -0
  592. package/skills/salesforce/salesforce-field-mapping-skill/SKILL.md +348 -0
  593. package/skills/salesforce/salesforce-field-mapping-skill/metadata.json +29 -0
  594. package/skills/salesforce/salesforce-field-mapping-skill/references/api-name-normalization.md +141 -0
  595. package/skills/salesforce/salesforce-field-mapping-skill/references/picklist-value-mapping.md +245 -0
  596. package/skills/salesforce/salesforce-field-mapping-skill/references/type-mismatch-detection.md +187 -0
  597. package/skills/salesforce/salesforce-flow-automation-review-skill/SKILL.md +163 -0
  598. package/skills/salesforce/salesforce-flow-automation-review-skill/metadata.json +18 -0
  599. package/skills/salesforce/salesforce-flow-automation-review-skill/references/automation-conflict-matrix.md +193 -0
  600. package/skills/salesforce/salesforce-flow-automation-review-skill/references/fault-path-design.md +189 -0
  601. package/skills/salesforce/salesforce-flow-automation-review-skill/references/flow-anti-patterns.md +211 -0
  602. package/skills/salesforce/salesforce-flow-debugger-skill/SKILL.md +355 -0
  603. package/skills/salesforce/salesforce-flow-debugger-skill/metadata.json +35 -0
  604. package/skills/salesforce/salesforce-flow-debugger-skill/references/fault-path-design.md +175 -0
  605. package/skills/salesforce/salesforce-flow-debugger-skill/references/flow-error-patterns.md +247 -0
  606. package/skills/salesforce/salesforce-flow-debugger-skill/references/interview-log-redaction.md +171 -0
  607. package/skills/salesforce/salesforce-infrastructure-audit-skill/SKILL.md +137 -0
  608. package/skills/salesforce/salesforce-infrastructure-audit-skill/metadata.json +19 -0
  609. package/skills/salesforce/salesforce-infrastructure-audit-skill/references/hyperforce-deployment-controls.md +181 -0
  610. package/skills/salesforce/salesforce-infrastructure-audit-skill/references/network-policy-reference.md +200 -0
  611. package/skills/salesforce/salesforce-infrastructure-audit-skill/references/session-policy-reference.md +219 -0
  612. package/skills/salesforce/salesforce-integration-review-skill/SKILL.md +186 -0
  613. package/skills/salesforce/salesforce-integration-review-skill/metadata.json +18 -0
  614. package/skills/salesforce/salesforce-integration-review-skill/references/integration-anti-patterns.md +280 -0
  615. package/skills/salesforce/salesforce-integration-review-skill/references/integration-pattern-reference.md +239 -0
  616. package/skills/salesforce/salesforce-integration-review-skill/references/named-credential-design.md +211 -0
  617. package/skills/salesforce/salesforce-marketing-consent-review-skill/SKILL.md +204 -0
  618. package/skills/salesforce/salesforce-marketing-consent-review-skill/metadata.json +18 -0
  619. package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-anti-patterns.md +247 -0
  620. package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-model-reference.md +205 -0
  621. package/skills/salesforce/salesforce-marketing-consent-review-skill/references/regulatory-mapping.md +192 -0
  622. package/skills/salesforce/salesforce-metadata-fetcher-skill/SKILL.md +418 -0
  623. package/skills/salesforce/salesforce-metadata-fetcher-skill/metadata.json +50 -0
  624. package/skills/salesforce/salesforce-metadata-fetcher-skill/references/cli-commands.md +347 -0
  625. package/skills/salesforce/salesforce-metadata-fetcher-skill/references/delegation-routing.md +416 -0
  626. package/skills/salesforce/salesforce-metadata-fetcher-skill/references/sanitization-rules.md +392 -0
  627. package/skills/salesforce/salesforce-metadata-review-skill/SKILL.md +148 -0
  628. package/skills/salesforce/salesforce-metadata-review-skill/metadata.json +18 -0
  629. package/skills/salesforce/salesforce-metadata-review-skill/references/deprecated-metadata.md +217 -0
  630. package/skills/salesforce/salesforce-metadata-review-skill/references/field-hygiene-rules.md +182 -0
  631. package/skills/salesforce/salesforce-metadata-review-skill/references/object-design-patterns.md +187 -0
  632. package/skills/salesforce/salesforce-org-assessment-skill/SKILL.md +137 -0
  633. package/skills/salesforce/salesforce-org-assessment-skill/metadata.json +18 -0
  634. package/skills/salesforce/salesforce-org-assessment-skill/references/assessment-rubric.md +228 -0
  635. package/skills/salesforce/salesforce-org-assessment-skill/references/risk-register-template.md +211 -0
  636. package/skills/salesforce/salesforce-org-assessment-skill/references/tech-debt-indicators.md +252 -0
  637. package/skills/salesforce/salesforce-permission-model-review-skill/SKILL.md +165 -0
  638. package/skills/salesforce/salesforce-permission-model-review-skill/metadata.json +18 -0
  639. package/skills/salesforce/salesforce-permission-model-review-skill/references/fls-review-patterns.md +235 -0
  640. package/skills/salesforce/salesforce-permission-model-review-skill/references/permission-set-strategy.md +203 -0
  641. package/skills/salesforce/salesforce-permission-model-review-skill/references/toxic-combinations.md +228 -0
  642. package/skills/salesforce/salesforce-release-readiness-skill/SKILL.md +185 -0
  643. package/skills/salesforce/salesforce-release-readiness-skill/metadata.json +18 -0
  644. package/skills/salesforce/salesforce-release-readiness-skill/references/release-checklist.md +191 -0
  645. package/skills/salesforce/salesforce-release-readiness-skill/references/rollback-strategy.md +234 -0
  646. package/skills/salesforce/salesforce-release-readiness-skill/references/test-coverage-strategy.md +314 -0
  647. package/skills/salesforce/salesforce-soql-explorer-skill/SKILL.md +391 -0
  648. package/skills/salesforce/salesforce-soql-explorer-skill/metadata.json +35 -0
  649. package/skills/salesforce/salesforce-soql-explorer-skill/references/cli-commands.md +266 -0
  650. package/skills/salesforce/salesforce-soql-explorer-skill/references/least-privilege-scope.md +224 -0
  651. package/skills/salesforce/salesforce-soql-explorer-skill/references/safe-query-patterns.md +317 -0
  652. package/skills/salesforce/salesforce-soql-generator-skill/SKILL.md +305 -0
  653. package/skills/salesforce/salesforce-soql-generator-skill/metadata.json +25 -0
  654. package/skills/salesforce/salesforce-soql-generator-skill/references/common-patterns.md +293 -0
  655. package/skills/salesforce/salesforce-soql-generator-skill/references/governor-limits.md +171 -0
  656. package/skills/salesforce/salesforce-soql-generator-skill/references/soql-syntax-quickref.md +255 -0
  657. package/skills/salesforce/salesforce-validation-rule-writer-skill/SKILL.md +329 -0
  658. package/skills/salesforce/salesforce-validation-rule-writer-skill/metadata.json +28 -0
  659. package/skills/salesforce/salesforce-validation-rule-writer-skill/references/error-message-style.md +132 -0
  660. package/skills/salesforce/salesforce-validation-rule-writer-skill/references/formula-syntax-quickref.md +182 -0
  661. package/skills/salesforce/salesforce-validation-rule-writer-skill/references/validation-patterns.md +214 -0
  662. package/skills/salesforce/salesforce-zero-trust-maturity-skill/SKILL.md +164 -0
  663. package/skills/salesforce/salesforce-zero-trust-maturity-skill/metadata.json +19 -0
  664. package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/continuous-verification-patterns.md +209 -0
  665. package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/maturity-scoring-rubric.md +179 -0
  666. package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/nist-zta-pillars.md +194 -0
  667. package/tests/fixtures/dotnet-maestro-routing/expected/01-csharp-runtime.json +6 -0
  668. package/tests/fixtures/dotnet-maestro-routing/expected/02-aspnetcore-api.json +6 -0
  669. package/tests/fixtures/dotnet-maestro-routing/expected/03-identity-authz.json +6 -0
  670. package/tests/fixtures/dotnet-maestro-routing/expected/04-efcore-data.json +6 -0
  671. package/tests/fixtures/dotnet-maestro-routing/expected/05-testing-quality.json +6 -0
  672. package/tests/fixtures/dotnet-maestro-routing/expected/06-supply-chain.json +6 -0
  673. package/tests/fixtures/dotnet-maestro-routing/expected/07-performance-aot.json +6 -0
  674. package/tests/fixtures/dotnet-maestro-routing/expected/08-observability-otel.json +6 -0
  675. package/tests/fixtures/dotnet-maestro-routing/expected/09-aspire-cloud-native.json +6 -0
  676. package/tests/fixtures/dotnet-maestro-routing/expected/10-multi-domain.json +7 -0
  677. package/tests/fixtures/dotnet-maestro-routing/expected/11-ambiguous.json +4 -0
  678. package/tests/fixtures/dotnet-maestro-routing/expected/adv-ambiguous-near-miss.json +4 -0
  679. package/tests/fixtures/dotnet-maestro-routing/expected/adv-instruction-injection.json +6 -0
  680. package/tests/fixtures/dotnet-maestro-routing/expected/adv-live-guard-bypass.json +4 -0
  681. package/tests/fixtures/dotnet-maestro-routing/expected/adv-parallel-saturation.json +9 -0
  682. package/tests/fixtures/dotnet-maestro-routing/expected/adv-persona-replacement.json +6 -0
  683. package/tests/fixtures/dotnet-maestro-routing/expected/adv-secrets-bait.json +6 -0
  684. package/tests/fixtures/dotnet-maestro-routing/inputs/01-csharp-runtime.json +7 -0
  685. package/tests/fixtures/dotnet-maestro-routing/inputs/02-aspnetcore-api.json +7 -0
  686. package/tests/fixtures/dotnet-maestro-routing/inputs/03-identity-authz.json +7 -0
  687. package/tests/fixtures/dotnet-maestro-routing/inputs/04-efcore-data.json +7 -0
  688. package/tests/fixtures/dotnet-maestro-routing/inputs/05-testing-quality.json +7 -0
  689. package/tests/fixtures/dotnet-maestro-routing/inputs/06-supply-chain.json +7 -0
  690. package/tests/fixtures/dotnet-maestro-routing/inputs/07-performance-aot.json +7 -0
  691. package/tests/fixtures/dotnet-maestro-routing/inputs/08-observability-otel.json +7 -0
  692. package/tests/fixtures/dotnet-maestro-routing/inputs/09-aspire-cloud-native.json +7 -0
  693. package/tests/fixtures/dotnet-maestro-routing/inputs/10-multi-domain.json +7 -0
  694. package/tests/fixtures/dotnet-maestro-routing/inputs/11-ambiguous.json +7 -0
  695. package/tests/fixtures/dotnet-maestro-routing/inputs/adv-ambiguous-near-miss.json +7 -0
  696. package/tests/fixtures/dotnet-maestro-routing/inputs/adv-instruction-injection.json +7 -0
  697. package/tests/fixtures/dotnet-maestro-routing/inputs/adv-live-guard-bypass.json +7 -0
  698. package/tests/fixtures/dotnet-maestro-routing/inputs/adv-parallel-saturation.json +7 -0
  699. package/tests/fixtures/dotnet-maestro-routing/inputs/adv-persona-replacement.json +7 -0
  700. package/tests/fixtures/dotnet-maestro-routing/inputs/adv-secrets-bait.json +7 -0
  701. package/tests/fixtures/dotnet-maestro-routing/taxonomy.json +99 -0
  702. package/tests/fixtures/salesforce-maestro-routing/expected/001-happy-platform-admin-review.json +6 -0
  703. package/tests/fixtures/salesforce-maestro-routing/expected/002-happy-business-analyst.json +6 -0
  704. package/tests/fixtures/salesforce-maestro-routing/expected/003-happy-app-builder-automation.json +6 -0
  705. package/tests/fixtures/salesforce-maestro-routing/expected/004-happy-development.json +6 -0
  706. package/tests/fixtures/salesforce-maestro-routing/expected/005-happy-devops-release.json +6 -0
  707. package/tests/fixtures/salesforce-maestro-routing/expected/006-happy-security-identity-access.json +6 -0
  708. package/tests/fixtures/salesforce-maestro-routing/expected/007-happy-data-architecture.json +6 -0
  709. package/tests/fixtures/salesforce-maestro-routing/expected/008-happy-integration-mulesoft.json +6 -0
  710. package/tests/fixtures/salesforce-maestro-routing/expected/009-happy-sales-cloud-revenue.json +6 -0
  711. package/tests/fixtures/salesforce-maestro-routing/expected/010-happy-marketing-cloud.json +6 -0
  712. package/tests/fixtures/salesforce-maestro-routing/expected/011-happy-agentforce-ai.json +6 -0
  713. package/tests/fixtures/salesforce-maestro-routing/expected/012-happy-analytics-tableau.json +6 -0
  714. package/tests/fixtures/salesforce-maestro-routing/expected/013-happy-compliance-privacy.json +6 -0
  715. package/tests/fixtures/salesforce-maestro-routing/expected/014-happy-network-policy-architect.json +6 -0
  716. package/tests/fixtures/salesforce-maestro-routing/expected/015-happy-hyperforce-security.json +6 -0
  717. package/tests/fixtures/salesforce-maestro-routing/expected/016-happy-sandbox-isolation.json +6 -0
  718. package/tests/fixtures/salesforce-maestro-routing/expected/017-happy-session-governance.json +6 -0
  719. package/tests/fixtures/salesforce-maestro-routing/expected/018-happy-continuous-verification.json +6 -0
  720. package/tests/fixtures/salesforce-maestro-routing/expected/019-happy-certificate-lifecycle.json +6 -0
  721. package/tests/fixtures/salesforce-maestro-routing/expected/020-happy-adaptive-access.json +6 -0
  722. package/tests/fixtures/salesforce-maestro-routing/expected/021-happy-code-analyzer-orchestrator.json +6 -0
  723. package/tests/fixtures/salesforce-maestro-routing/expected/022-happy-sandbox-governance.json +6 -0
  724. package/tests/fixtures/salesforce-maestro-routing/expected/023-happy-change-impact-analyst.json +6 -0
  725. package/tests/fixtures/salesforce-maestro-routing/expected/adv-ambiguous.json +4 -0
  726. package/tests/fixtures/salesforce-maestro-routing/expected/adv-instruction-injection.json +6 -0
  727. package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-01-live-org-deploy-guard.json +6 -0
  728. package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-02-live-mass-delete-guard.json +6 -0
  729. package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-03-live-release-to-prod-guard.json +6 -0
  730. package/tests/fixtures/salesforce-maestro-routing/expected/adv-persona-replacement.json +6 -0
  731. package/tests/fixtures/salesforce-maestro-routing/expected/adv-secrets-bait.json +6 -0
  732. package/tests/fixtures/salesforce-maestro-routing/inputs/001-happy-platform-admin-review.json +7 -0
  733. package/tests/fixtures/salesforce-maestro-routing/inputs/002-happy-business-analyst.json +7 -0
  734. package/tests/fixtures/salesforce-maestro-routing/inputs/003-happy-app-builder-automation.json +7 -0
  735. package/tests/fixtures/salesforce-maestro-routing/inputs/004-happy-development.json +7 -0
  736. package/tests/fixtures/salesforce-maestro-routing/inputs/005-happy-devops-release.json +7 -0
  737. package/tests/fixtures/salesforce-maestro-routing/inputs/006-happy-security-identity-access.json +7 -0
  738. package/tests/fixtures/salesforce-maestro-routing/inputs/007-happy-data-architecture.json +7 -0
  739. package/tests/fixtures/salesforce-maestro-routing/inputs/008-happy-integration-mulesoft.json +7 -0
  740. package/tests/fixtures/salesforce-maestro-routing/inputs/009-happy-sales-cloud-revenue.json +7 -0
  741. package/tests/fixtures/salesforce-maestro-routing/inputs/010-happy-marketing-cloud.json +7 -0
  742. package/tests/fixtures/salesforce-maestro-routing/inputs/011-happy-agentforce-ai.json +7 -0
  743. package/tests/fixtures/salesforce-maestro-routing/inputs/012-happy-analytics-tableau.json +7 -0
  744. package/tests/fixtures/salesforce-maestro-routing/inputs/013-happy-compliance-privacy.json +7 -0
  745. package/tests/fixtures/salesforce-maestro-routing/inputs/014-happy-network-policy-architect.json +7 -0
  746. package/tests/fixtures/salesforce-maestro-routing/inputs/015-happy-hyperforce-security.json +7 -0
  747. package/tests/fixtures/salesforce-maestro-routing/inputs/016-happy-sandbox-isolation.json +7 -0
  748. package/tests/fixtures/salesforce-maestro-routing/inputs/017-happy-session-governance.json +7 -0
  749. package/tests/fixtures/salesforce-maestro-routing/inputs/018-happy-continuous-verification.json +7 -0
  750. package/tests/fixtures/salesforce-maestro-routing/inputs/019-happy-certificate-lifecycle.json +7 -0
  751. package/tests/fixtures/salesforce-maestro-routing/inputs/020-happy-adaptive-access.json +7 -0
  752. package/tests/fixtures/salesforce-maestro-routing/inputs/021-happy-code-analyzer-orchestrator.json +7 -0
  753. package/tests/fixtures/salesforce-maestro-routing/inputs/022-happy-sandbox-governance.json +7 -0
  754. package/tests/fixtures/salesforce-maestro-routing/inputs/023-happy-change-impact-analyst.json +7 -0
  755. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-ambiguous.json +7 -0
  756. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-instruction-injection.json +7 -0
  757. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-01-live-org-deploy-guard.json +7 -0
  758. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-02-live-mass-delete-guard.json +7 -0
  759. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-03-live-release-to-prod-guard.json +7 -0
  760. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-persona-replacement.json +7 -0
  761. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-secrets-bait.json +7 -0
  762. package/tests/fixtures/salesforce-maestro-routing/taxonomy.json +371 -0
  763. package/tests/test-vfa-export-coverage.test.mjs +29 -8
  764. package/tests/validate-catalog.py +15 -1
  765. package/tests/validate-plugin-manifest.py +11 -1
package/skills/salesforce/salesforce-infrastructure-audit-skill/references/hyperforce-deployment-controls.md ADDED
@@ -0,0 +1,181 @@
1
+ # Hyperforce Deployment Controls Reference
2
+
3
+ Reference for Salesforce Hyperforce
4
+ deployment controls covering
5
+ region selection, data residency commitments, and Infrastructure Access boundary
6
+ management.
7
+
8
+ ---
9
+
10
+ ## What Hyperforce Is
11
+
12
+ Hyperforce is Salesforce's public cloud-based infrastructure built on top of
13
+ major cloud providers (AWS, Azure, GCP, Alibaba Cloud — varies by region).
14
+
15
+ Hyperforce is distinct from legacy Salesforce infrastructure ("Classic") in
16
+ that:
17
+ - Customer data is hosted within defined cloud regions with contractual data
18
+ residency boundaries.
19
+ - Compute and storage are on public cloud infrastructure with Salesforce's
20
+ security controls applied on top.
21
+ - Upgrades and scaling occur at the public cloud layer.
22
+
23
+ ---
24
+
25
+ ## Region Selection
26
+
27
+ ### Available Hyperforce Regions
28
+
29
+ Region availability changes as Hyperforce expands.
30
+ Verify current available regions with Salesforce documentation or account team.
31
+
32
+ As of the last validated date, Hyperforce regions include (not exhaustive):
33
+
34
+ | Region | Cloud Provider | Data Residency Boundary |
35
+ |--------|---------------|------------------------|
36
+ | US East | AWS | United States |
37
+ | US West | AWS | United States |
38
+ | EU (Frankfurt) | AWS | European Union (Germany) |
39
+ | EU (London) | AWS | United Kingdom |
40
+ | APAC (Tokyo) | AWS | Japan |
41
+ | APAC (Singapore) | AWS | Singapore/ASEAN |
42
+ | India | AWS | India |
43
+ | Australia | AWS | Australia |
44
+
45
+ ### Region Selection Criteria
46
+
47
+ 1. **Regulatory requirement:** GDPR requires EU personal data to remain in EEA
48
+ or countries with adequacy decisions. Select an EU region for EU-resident data.
49
+ 2. **Data sovereignty:** Government and financial regulators in some countries
50
+ require in-country data storage. Verify with legal counsel.
51
+ 3. **Latency:** Select the region closest to the majority of end users.
52
+ 4. **Availability:** Not all Salesforce products are available in all Hyperforce
53
+ regions on the same timeline.
54
+
55
+ ### How to Identify Your Org's Hyperforce Region
56
+
57
+ ```bash
58
+ # Check the org's instance name and location
59
+ sf org display -o your-org-alias --json | jq '.result.instanceUrl'
60
+ # e.g., https://mycompany.my.salesforce.com
61
+
62
+ # Cross-reference instance name with Salesforce Trust status page instance list
63
+ # to identify the hosting region
64
+ ```
65
+
66
+ Salesforce Trust (trust.salesforce.com) lists all instances with region labels.
67
+ Hyperforce instances are typically labeled with their cloud region
68
+ (e.g., `CS102` for a US instance, `EU64` for an EU instance).
69
+
70
+ ---
71
+
72
+ ## Data Residency Controls
73
+
74
+ ### What Hyperforce Guarantees
75
+
76
+ Hyperforce provides:
77
+ - Data-at-rest encrypted and stored within the contracted region.
78
+ - Metadata (configuration, schema) may also be region-bound depending on the
79
+ product and contract.
80
+ - Salesforce support access controls via the Customer Trust Access Management
81
+ feature.
82
+
83
+ ### What Hyperforce Does NOT Guarantee by Default
84
+
85
+ - Prevention of data flowing to Salesforce support systems outside the region
86
+ during incident investigation (unless Customer Trust Access Management is enabled).
87
+ - Restricting CDN edge nodes to a specific region (traffic routing optimizations
88
+ may traverse geographic boundaries at the network layer).
89
+
90
+ ### Verifying Data Residency via Contract
91
+
92
+ Data residency is a contractual commitment, not purely a technical one. Review:
93
+ - Order Form for the "Data Residency Option" or "Hyperforce region" specification.
94
+ - Data Processing Addendum (DPA) for region binding commitments.
95
+ - Business Associate Agreement (BAA) if HIPAA-regulated data is processed.
96
+
97
+ ---
98
+
99
+ ## Infrastructure Access Controls
100
+
101
+ ### What Infrastructure Access Means
102
+
103
+ Infrastructure Access refers to whether Salesforce support engineers and
104
+ infrastructure teams can access customer org data for troubleshooting.
105
+
106
+ By default, Salesforce support has time-limited access to org data for support
107
+ purposes. This is detailed in the Salesforce Privacy and Security Documentation.
108
+
109
+ ### Customer Trust Access Management
110
+
111
+ Hyperforce customers can enable Customer Trust Access Management to require
112
+ explicit customer approval before Salesforce support personnel access production
113
+ org data.
114
+
115
+ Controls available (subject to contract and product tier):
116
+ - Require customer approval for all Salesforce support access to production data.
117
+ - Access requests expire after a defined time window (e.g., 4 hours).
118
+ - Access events are logged and visible to the customer.
119
+
120
+ To review access logs (if enabled):
121
+ ```sql
122
+ SELECT Id, Action, ActorName, ActorType, EventDate, Summary
123
+ FROM SetupAuditTrail
124
+ WHERE Action LIKE '%Access%' OR Action LIKE '%Support%'
125
+ ORDER BY EventDate DESC
126
+ LIMIT 200
127
+ ```
128
+
129
+ ### Admin Lockout Controls
130
+
131
+ Hyperforce includes the ability to restrict Salesforce admin-level access to
132
+ specific named individuals. This is part of the Enterprise Key Management and
133
+ Infrastructure Access offering.
134
+
135
+ ---
136
+
137
+ ## Shield Encryption and Key Management
138
+
139
+ Salesforce Shield Platform Encryption
140
+ provides encryption
141
+ at-rest for selected fields and files. On Hyperforce, encryption key management
142
+ options include:
143
+
144
+ | Option | Description | Key Custody |
145
+ |--------|-------------|------------|
146
+ | Salesforce-managed keys | Default; Salesforce manages key lifecycle | Salesforce |
147
+ | Customer-managed keys (Bring Your Own Key) | Customer uploads and rotates keys | Customer |
148
+ | External Key Management (EKM) | Keys stored in customer's external HSM or KMS | Customer HSM/KMS |
149
+
150
+ ### Key Management Audit Points
151
+
152
+ - [ ] Verify encryption tenant secret rotation schedule (recommended: 90 days).
153
+ - [ ] Confirm key derivation history shows at least one manual rotation in the
154
+ last 12 months.
155
+ - [ ] If using BYOK, confirm the master HSM/KMS is geographically co-located
156
+ with the Hyperforce region.
157
+ - [ ] Verify Shield encryption covers all regulated field types (PII, PHI, financial).
158
+
159
+ ```sql
160
+ // Query encrypted field configuration (requires Shield)
161
+ SELECT EntityDefinition.QualifiedApiName, QualifiedApiName, Label,
162
+ IsEncrypted
163
+ FROM FieldDefinition
164
+ WHERE IsEncrypted = true
165
+ ORDER BY EntityDefinition.QualifiedApiName, QualifiedApiName
166
+ ```
167
+
168
+ ---
169
+
170
+ ## Hyperforce Deployment Readiness Checklist
171
+
172
+ - [ ] Org instance confirmed as Hyperforce (not legacy Classic infrastructure).
173
+ - [ ] Hyperforce region documented and matches regulatory data residency requirement.
174
+ - [ ] Contract includes Data Residency Option for the required region.
175
+ - [ ] Data Processing Addendum (DPA) executed with correct region binding.
176
+ - [ ] Customer Trust Access Management evaluated and configured if required.
177
+ - [ ] Salesforce Shield Platform Encryption coverage reviewed for regulated fields.
178
+ - [ ] Encryption key rotation schedule documented and tested.
179
+ - [ ] BYOK/EKM configured if customer-controlled keys are contractually required.
180
+ - [ ] Salesforce Trust status subscriptions configured for the org's specific instance.
181
+ - [ ] Incident response plan includes Hyperforce region-specific escalation contacts.
package/skills/salesforce/salesforce-infrastructure-audit-skill/references/network-policy-reference.md ADDED
@@ -0,0 +1,200 @@
1
+ # Network Policy Reference
2
+
3
+ Reference for Salesforce network access controls including IP allowlists,
4
+ login IP ranges, CSP Trusted Sites, and connected app network policies.
5
+
6
+ ---
7
+
8
+ ## IP Restriction Layers in Salesforce
9
+
10
+ Salesforce provides multiple independently configurable IP restriction layers.
11
+ They are not equivalent and must all be reviewed.
12
+
13
+ | Layer | Where Configured | Scope | Enforcement Point |
14
+ |-------|-----------------|-------|------------------|
15
+ | Org-wide trusted IP ranges | Setup > Network Access | All users | Login block if not in range |
16
+ | Profile login IP ranges | Setup > Profiles > Login IP Ranges | Users on that profile | Login block |
17
+ | Connected App IP restrictions | Setup > Connected Apps > [App] > IP Ranges | OAuth API sessions for that app | API call block |
18
+ | Named Credential IP | Not configurable at Named Credential level | N/A | Controlled by callout destination |
19
+
20
+ ---
21
+
22
+ ## Org-Wide Trusted IP Ranges
23
+
24
+ Path: Setup > Security > Network Access
25
+
26
+ Trusted IP ranges affect the SMS/email verification challenge. If a user logs
27
+ in from a non-trusted IP, Salesforce sends a verification challenge. Trusted
28
+ ranges bypass this challenge.
29
+
30
+ ```
31
+ Recommended: Do NOT add overly broad ranges such as 0.0.0.0-255.255.255.255
32
+ This disables the verification challenge for all users globally.
33
+
34
+ Acceptable: Office IP ranges, VPN egress IPs, CI/CD pipeline IPs.
35
+ Review: Any entry covering a /8 or /16 subnet needs justification.
36
+ ```
37
+
38
+ ### Query trusted IP ranges via Metadata API
39
+ ```bash
40
+ sf org retrieve metadata \
41
+ --metadata NetworkAccess \
42
+ -o my-org \
43
+ --target-dir /tmp/network-policy/
44
+ cat /tmp/network-policy/force-app/main/default/networkAccess/NetworkAccess.networkAccess-meta.xml
45
+ ```
46
+
47
+ ### Audit script (anonymous Apex)
48
+ ```apex
49
+ // Network access ranges cannot be queried via Apex — use Metadata API
50
+ // as shown above or review via Setup UI.
51
+ // However, you can inspect Profile-level login IP ranges:
52
+ for (Profile p : [SELECT Id, Name FROM Profile WHERE UserLicense.Name != 'Guest']) {
53
+ System.debug('Profile: ' + p.Name + ' | Id: ' + p.Id);
54
+ }
55
+ // Then use Metadata API to extract LoginIpRanges per profile
56
+ ```
57
+
58
+ ---
59
+
60
+ ## Profile Login IP Ranges
61
+
62
+ Path: Setup > Profiles > [Profile Name] > Login IP Ranges
63
+
64
+ Login IP ranges restrict which IPs a user on that profile can log in from.
65
+ Profiles with no login IP ranges configured allow login from any IP (subject
66
+ to trusted IP challenge for untrusted IPs).
67
+
68
+ ### High-Risk Profile Findings
69
+
70
+ | Finding | Risk Level |
71
+ |---------|-----------|
72
+ | System Administrator profile with no login IP range | HIGH |
73
+ | Integration user profile with no login IP range | HIGH |
74
+ | Integration user profile with IP range 0.0.0.0/0 | CRITICAL |
75
+ | Guest User profile with login IP range (misconfigured — Guest login not IP restricted at profile level) | MEDIUM |
76
+
77
+ ### Recommended Login IP Ranges by Profile Type
78
+
79
+ | Profile Type | Recommended Range |
80
+ |-------------|------------------|
81
+ | System Administrator | Specific corporate IPs + VPN egress only |
82
+ | Integration User | Middleware server IPs only (no user interactive login) |
83
+ | Standard internal user | Corporate VPN range acceptable |
84
+ | External Community user | No restriction (users are globally distributed) |
85
+ | Guest User | No effective restriction via login IP ranges |
86
+
87
+ ---
88
+
89
+ ## CSP Trusted Sites
90
+
91
+ Path: Setup > Security > CSP Trusted Sites
92
+
93
+ Salesforce enforces a Content Security Policy on all Lightning pages. External
94
+ resources (images, scripts, fonts, API endpoints, WebSockets) must be listed
95
+ in CSP Trusted Sites or the browser will block them.
96
+
97
+ ### CSP Directive Mapping in Salesforce
98
+
99
+ | CSP Directive | Controls |
100
+ |---------------|----------|
101
+ | `connect-src` | XHR/fetch API calls, WebSocket connections |
102
+ | `img-src` | Images loaded from external URLs |
103
+ | `style-src` | External stylesheets |
104
+ | `font-src` | External fonts |
105
+ | `frame-src` | Embedded iframes |
106
+ | `script-src` | External scripts (Salesforce blocks most external scripts by default) |
107
+
108
+ ### CSP Trusted Site Audit Checklist
109
+
110
+ - [ ] No wildcard domains (`*.example.com` acceptable; `*` or `*.com` is a finding).
111
+ - [ ] HTTPS enforced for all entries (no `http://` in CSP Trusted Sites).
112
+ - [ ] Entries for localhost or internal staging domains removed before production.
113
+ - [ ] `frame-src` includes only explicitly required embedding origins.
114
+ - [ ] Review annually; remove origins for decommissioned integrations.
115
+
116
+ ### Retrieve CSP Trusted Sites via SOQL
117
+ ```sql
118
+ SELECT Id, EndpointUrl, IsActive, Context, Description
119
+ FROM CspTrustedSite
120
+ WHERE IsActive = true
121
+ ORDER BY EndpointUrl
122
+ ```
123
+
124
+ ---
125
+
126
+ ## Session Security Settings
127
+
128
+ Path: Setup > Security > Session Settings
129
+
130
+ ### Critical Settings to Review
131
+
132
+ | Setting | Secure Configuration | Risk if Misconfigured |
133
+ |---------|---------------------|----------------------|
134
+ | Session Timeout | 15 min (admin), 2-8 hours (standard) | Longer = session hijacking risk |
135
+ | Lock sessions to IP | Enabled | Prevents session token reuse from different IP |
136
+ | Lock sessions to domain | Enabled | Prevents cookie leakage across subdomains |
137
+ | Force logout on session timeout | Enabled | Ensures clean session termination |
138
+ | Clickjack Protection | Enabled for all pages | Prevents UI redress attacks |
139
+ | Content Sniff Protection | Enabled | Prevents MIME-type sniffing |
140
+ | HSTS | Enabled | Prevents SSL-stripping attacks |
141
+ | XSS Protection | Enabled | Browser-level XSS mitigation |
142
+ | Require HTTPS | Enabled | Prevents plaintext session cookies |
143
+
144
+ ### High Assurance Session Requirements
145
+
146
+ High Assurance sessions are required before accessing certain sensitive areas
147
+ (certificates, Auth. Providers configuration, Connected App settings).
148
+
149
+ Configure which operations require High Assurance:
150
+ Path: Setup > Security > Session Settings > Session Security Levels
151
+
152
+ Recommended High Assurance operations:
153
+ - Manage Users
154
+ - Manage Connected Apps
155
+ - Manage Auth. Providers
156
+ - Manage Remote Sites
157
+ - Manage Certificates
158
+
159
+ ---
160
+
161
+ ## Connected App Network Controls
162
+
163
+ For each Connected App:
164
+ - Set IP Relaxation to "Enforce IP restrictions" (not "Relax IP restrictions").
165
+ - OAuth Token Timeout: set to minimum required for the integration use case.
166
+ - Review Callback URL — should be HTTPS only.
167
+
168
+ ```sql
169
+ SELECT Id, Name, OptionsAllowAdminApprovedUsersOnly,
170
+ MobileStartUrl, StartUrl
171
+ FROM ConnectedApplication
172
+ ORDER BY Name
173
+ ```
174
+
175
+ Detailed OAuth policy review requires Metadata API retrieval of `ConnectedApp`
176
+ metadata type.
177
+
178
+ ---
179
+
180
+ ## Remote Site Settings
181
+
182
+ Path: Setup > Security > Remote Site Settings
183
+
184
+ Remote Site Settings control which external URLs Apex code and Visualforce
185
+ can make HTTP callouts to.
186
+
187
+ ```sql
188
+ SELECT Id, EndpointUrl, IsActive, Description, DisableProtocolSecurity
189
+ FROM RemoteProxy
190
+ WHERE IsActive = true
191
+ ORDER BY EndpointUrl
192
+ ```
193
+
194
+ **HIGH finding:** Any record where `DisableProtocolSecurity = true`.
195
+ This disables SSL certificate verification for that endpoint — equivalent to
196
+ `TrustManager.TRUST_ALL` in Java.
197
+
198
+ **Review:** All HTTP (non-HTTPS) endpoints. All endpoints on the pattern
199
+ `http://localhost` or `http://127.0.0.1` (only acceptable in developer orgs
200
+ for local Salesforce Functions development).
package/skills/salesforce/salesforce-infrastructure-audit-skill/references/session-policy-reference.md ADDED
@@ -0,0 +1,219 @@
1
+ # Session Policy Reference
2
+
3
+ Reference for Salesforce session security configuration including timeout values,
4
+ clickjack protection, high-assurance session requirements, and HTTPS enforcement.
5
+
6
+ ---
7
+
8
+ ## Session Settings Location
9
+
10
+ Path: Setup > Security > Session Settings
11
+
12
+ All settings in this section apply org-wide unless overridden at the connected
13
+ app or profile level.
14
+
15
+ ---
16
+
17
+ ## Timeout Configuration
18
+
19
+ ### Session Timeout Values
20
+
21
+ Salesforce allows timeout values from 15 minutes to 24 hours.
22
+
23
+ | User Type | Recommended Timeout | Maximum Acceptable |
24
+ |-----------|--------------------|--------------------|
25
+ | System Administrator | 15 minutes | 30 minutes |
26
+ | Integration API user | N/A (use server-to-server OAuth, not interactive session) | N/A |
27
+ | Standard internal user | 2 hours | 8 hours |
28
+ | External Community user | 2 hours | 12 hours |
29
+ | Guest User | 15 minutes (read-only context) | 30 minutes |
30
+
31
+ **Finding:** Org-wide session timeout > 8 hours is a MEDIUM finding.
32
+ **Finding:** System Administrator session timeout > 30 minutes is a HIGH finding.
33
+
34
+ ### Timeout Behavior Settings
35
+
36
+ | Setting | Recommended Value |
37
+ |---------|------------------|
38
+ | Timeout Action | Lock (not Logout, to preserve user work) |
39
+ | Force Logout on Timeout | Enabled for Admin profiles |
40
+ | Disable Session Timeout Warning Popup | Disabled (users should see warning) |
41
+
42
+ ---
43
+
44
+ ## Lock Sessions Settings
45
+
46
+ ### Lock Sessions to IP Address
47
+
48
+ When enabled, a session token is bound to the IP address used at login. The
49
+ session is invalidated if a request arrives from a different IP with the same
50
+ token.
51
+
52
+ **Recommended:** Enabled for all user types.
53
+
54
+ **Exception:** Mobile users on carrier networks may have rotating IPs. For mobile
55
+ use cases, evaluate the trade-off between security and usability.
56
+
57
+ **Setting location:** Session Settings > Lock sessions to the IP address from
58
+ which they originated.
59
+
60
+ ### Lock Sessions to Domain
61
+
62
+ When enabled, session cookies are bound to the specific Salesforce subdomain.
63
+ Cross-subdomain cookie reuse is blocked.
64
+
65
+ **Recommended:** Enabled.
66
+
67
+ ---
68
+
69
+ ## Clickjack Protection
70
+
71
+ Clickjack (UI Redress) attacks embed Salesforce pages in an iframe on an
72
+ attacker-controlled page and trick users into clicking buttons they cannot see.
73
+
74
+ ### Protection Levels
75
+
76
+
77
+ | Setting | Description | Recommendation |
78
+ |---------|-------------|----------------|
79
+ | Allow framing by any page | No protection | Never use in production |
80
+ | Allow framing by the same origin only | Allows same-domain embedding | Minimum |
81
+ | Don't allow framing by any page | Strict X-Frame-Options: DENY | Recommended |
82
+
83
+ Path: Setup > Security > Session Settings > Clickjack Protection Level
84
+
85
+ **Additional settings to enable:**
86
+ - Enable clickjack protection for non-setup Salesforce pages (standard pages)
87
+ - Enable clickjack protection for setup Salesforce pages
88
+
89
+ **Visualforce clickjack protection:**
90
+ Each Visualforce page can override with the `showHeader` attribute interaction
91
+ with `<apex:page>`. Review VF pages that embed external content.
92
+
93
+ ---
94
+
95
+ ## HTTPS Enforcement
96
+
97
+ ### Require Secure Connections (HTTPS)
98
+
99
+ Path: Setup > Security > Session Settings > Require secure connections (HTTPS)
100
+
101
+ **Recommended:** Enabled. This setting forces all Salesforce traffic over HTTPS.
102
+
103
+ ### HTTP Strict Transport Security (HSTS)
104
+
105
+ HSTS instructs browsers to only connect to Salesforce over HTTPS for a defined
106
+ period, preventing SSL-stripping attacks.
107
+
108
+ Salesforce enables HSTS by default on all production orgs. Verify it is not
109
+ disabled in custom domain configurations.
110
+
111
+ **Custom domain HSTS verification:**
112
+ ```bash
113
+ curl -I https://yourcustomdomain.my.salesforce.com 2>/dev/null | grep -i strict
114
+ # Expected: strict-transport-security: max-age=31536000; includeSubDomains
115
+ ```
116
+
117
+ ---
118
+
119
+ ## High-Assurance Session Requirements
120
+
121
+ A High Assurance session requires the user to authenticate with a stronger
122
+ method (MFA hardware token, certificate) before accessing sensitive areas.
123
+
124
+ ### How High Assurance Works
125
+
126
+ Salesforce defines two session security levels:
127
+ - **Standard:** Regular username/password or SSO.
128
+ - **High Assurance:** MFA required (hardware key, Salesforce Authenticator app,
129
+ TOTP authenticator).
130
+
131
+ ### Required High Assurance Operations (Recommended)
132
+
133
+ Path: Setup > Security > Session Settings > Session Security Levels
134
+
135
+ | Operation | Risk If Not High Assurance |
136
+ |-----------|--------------------------|
137
+ | Manage Users | Account takeover via compromised admin session |
138
+ | Manage Connected Apps | OAuth token theft |
139
+ | Manage Auth. Providers | Identity provider tampering |
140
+ | Manage Certificates | PKI compromise |
141
+ | Manage Remote Sites | Add malicious callout targets |
142
+ | View Setup Audit Trail | Audit log access |
143
+ | Manage Encryption | Shield encryption key access |
144
+
145
+ ### Assigning High Assurance to Permission Sets
146
+
147
+ You can require High Assurance for any Permission Set:
148
+ ```
149
+ Setup > Permission Sets > [Set] > Session Activation Required = High Assurance
150
+ ```
151
+
152
+ Users who activate this permission set in a Standard session will be prompted
153
+ to step up to High Assurance.
154
+
155
+ ---
156
+
157
+ ## OAuth Token Security Settings
158
+
159
+ Path: Setup > Security > OAuth and OpenID Connect Settings
160
+
161
+ | Setting | Secure Value |
162
+ |---------|-------------|
163
+ | Allow OAuth Username-Password Flows | Disabled (deprecated, no MFA support) |
164
+ | Allow OAuth User-Agent Flows | Disabled (implicit flow deprecated in OAuth 2.1) |
165
+ | Token Expiration for web apps | 2 hours maximum |
166
+ | Refresh Token Policy | Expire on first use or set fixed expiry |
167
+
168
+ **HIGH finding:** OAuth Username-Password Flow enabled in production.
169
+ This flow transmits credentials in the request body and bypasses MFA.
170
+
171
+ ---
172
+
173
+ ## Audit Settings
174
+
175
+ ### Login History Retention
176
+
177
+ Salesforce retains login history for 6 months. For compliance requirements
178
+ beyond 6 months, export and store in a SIEM.
179
+
180
+ ```sql
181
+ SELECT UserId, LoginTime, LoginType, LoginUrl, SourceIp,
182
+ Status, Application, Browser, Platform
183
+ FROM LoginHistory
184
+ WHERE LoginTime = LAST_N_DAYS:90
185
+ ORDER BY LoginTime DESC
186
+ LIMIT 1000
187
+ ```
188
+
189
+ ### Setup Audit Trail
190
+
191
+ Path: Setup > Security > View Setup Audit Trail
192
+
193
+ Salesforce retains the Setup Audit Trail for 180 days. For compliance, export
194
+ regularly.
195
+
196
+ ```bash
197
+ sf data query \
198
+ --query "SELECT CreatedDate, CreatedByUser, Action, Section, Display \
199
+ FROM SetupAuditTrail \
200
+ ORDER BY CreatedDate DESC \
201
+ LIMIT 2000" \
202
+ -o my-org \
203
+ --result-format csv > audit-trail.csv
204
+ ```
205
+
206
+ ---
207
+
208
+ ## Session Security Review Checklist
209
+
210
+ - [ ] Session timeout <= 8 hours for standard users, <= 30 min for admins.
211
+ - [ ] Lock sessions to IP: Enabled.
212
+ - [ ] Lock sessions to domain: Enabled.
213
+ - [ ] Clickjack protection: Enabled for all pages.
214
+ - [ ] HTTPS required: Enabled.
215
+ - [ ] High Assurance required for: Manage Users, Connected Apps, Auth. Providers.
216
+ - [ ] OAuth Username-Password Flow: Disabled.
217
+ - [ ] OAuth User-Agent Flow (implicit): Disabled.
218
+ - [ ] Login history exported to SIEM if retention > 6 months required.
219
+ - [ ] MFA enforced via profile or org-wide policy.