@raishin/vanguard-frontier-agentic 2.2.0 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +1 -1
- package/.claude-plugin/plugin.json +41 -1
- package/.cursor-plugin/plugin.json +41 -1
- package/.github/plugin/marketplace.json +1 -1
- package/README.md +48 -28
- package/agents/dotnet/README.md +57 -0
- package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/AGENT.md +57 -0
- package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/claude-code.agent.md +41 -0
- package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/codex.toml +40 -0
- package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/copilot.agent.md +41 -0
- package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/cursor.agent.md +41 -0
- package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/gemini.agent.md +41 -0
- package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/harnesses/kiro-ide.agent.md +41 -0
- package/agents/dotnet/dotnet-aspire-cloud-native-review-agent/metadata.json +41 -0
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/AGENT.md +56 -0
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/codex.toml +38 -0
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/copilot.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/cursor.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/gemini.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/kiro-ide.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/metadata.json +42 -0
- package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/AGENT.md +56 -0
- package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/codex.toml +38 -0
- package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/copilot.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/cursor.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/gemini.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/harnesses/kiro-ide.agent.md +40 -0
- package/agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent/metadata.json +42 -0
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/AGENT.md +56 -0
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/claude-code.agent.md +39 -0
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/codex.toml +39 -0
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/copilot.agent.md +39 -0
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/cursor.agent.md +39 -0
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/gemini.agent.md +39 -0
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/kiro-ide.agent.md +39 -0
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/metadata.json +42 -0
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/AGENT.md +58 -0
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/claude-code.agent.md +42 -0
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/codex.toml +41 -0
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/copilot.agent.md +42 -0
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/cursor.agent.md +42 -0
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/gemini.agent.md +42 -0
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/kiro-ide.agent.md +42 -0
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/metadata.json +42 -0
- package/agents/dotnet/dotnet-maestro-agent/AGENT.md +53 -0
- package/agents/dotnet/dotnet-maestro-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/dotnet/dotnet-maestro-agent/harnesses/codex.toml +40 -0
- package/agents/dotnet/dotnet-maestro-agent/harnesses/copilot.agent.md +36 -0
- package/agents/dotnet/dotnet-maestro-agent/harnesses/cursor.agent.md +36 -0
- package/agents/dotnet/dotnet-maestro-agent/harnesses/gemini.agent.md +36 -0
- package/agents/dotnet/dotnet-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-maestro-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/dotnet/dotnet-maestro-agent/metadata.json +40 -0
- package/agents/dotnet/dotnet-observability-otel-review-agent/AGENT.md +57 -0
- package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/claude-code.agent.md +41 -0
- package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/codex.toml +40 -0
- package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/copilot.agent.md +41 -0
- package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/cursor.agent.md +41 -0
- package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/gemini.agent.md +41 -0
- package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-observability-otel-review-agent/harnesses/kiro-ide.agent.md +41 -0
- package/agents/dotnet/dotnet-observability-otel-review-agent/metadata.json +41 -0
- package/agents/dotnet/dotnet-performance-aot-review-agent/AGENT.md +56 -0
- package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/codex.toml +39 -0
- package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/copilot.agent.md +40 -0
- package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/cursor.agent.md +40 -0
- package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/gemini.agent.md +40 -0
- package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-performance-aot-review-agent/harnesses/kiro-ide.agent.md +40 -0
- package/agents/dotnet/dotnet-performance-aot-review-agent/metadata.json +41 -0
- package/agents/dotnet/dotnet-supply-chain-review-agent/AGENT.md +57 -0
- package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/claude-code.agent.md +41 -0
- package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/codex.toml +40 -0
- package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/copilot.agent.md +41 -0
- package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/cursor.agent.md +41 -0
- package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/gemini.agent.md +41 -0
- package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-supply-chain-review-agent/harnesses/kiro-ide.agent.md +41 -0
- package/agents/dotnet/dotnet-supply-chain-review-agent/metadata.json +42 -0
- package/agents/dotnet/dotnet-testing-quality-review-agent/AGENT.md +56 -0
- package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/codex.toml +39 -0
- package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/copilot.agent.md +40 -0
- package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/cursor.agent.md +40 -0
- package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/gemini.agent.md +40 -0
- package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/dotnet/dotnet-testing-quality-review-agent/harnesses/kiro-ide.agent.md +40 -0
- package/agents/dotnet/dotnet-testing-quality-review-agent/metadata.json +41 -0
- package/agents/hetzner/README.md +1 -1
- package/agents/hr/hr-analytics-people-data-agent/metadata.json +3 -7
- package/agents/hr/hr-benefits-payroll-agent/metadata.json +3 -7
- package/agents/hr/hr-compensation-equity-agent/metadata.json +3 -7
- package/agents/hr/hr-culture-dei-agent/metadata.json +3 -7
- package/agents/hr/hr-employee-relations-agent/metadata.json +3 -7
- package/agents/hr/hr-hris-process-controls-agent/metadata.json +3 -7
- package/agents/hr/hr-learning-policy-agent/metadata.json +3 -7
- package/agents/hr/hr-leave-accommodation-agent/metadata.json +3 -7
- package/agents/hr/hr-maestro-agent/metadata.json +4 -8
- package/agents/hr/hr-performance-management-agent/metadata.json +3 -7
- package/agents/hr/hr-recruiting-selection-agent/metadata.json +3 -7
- package/agents/hr/hr-risk-triage-review-agent/metadata.json +3 -3
- package/agents/hr/hr-termination-readiness-agent/metadata.json +3 -7
- package/agents/hr/hr-workforce-planning-rif-agent/metadata.json +3 -7
- package/agents/hr/hr-workplace-investigations-agent/metadata.json +3 -7
- package/agents/legal/legal-contract-review-agent/metadata.json +3 -7
- package/agents/legal/legal-counsel-review-agent/metadata.json +3 -3
- package/agents/legal/legal-employment-law-risk-agent/metadata.json +4 -8
- package/agents/legal/legal-ethics-investigations-agent/metadata.json +3 -7
- package/agents/legal/legal-ip-open-source-agent/metadata.json +3 -7
- package/agents/legal/legal-knowledge-management-agent/metadata.json +3 -7
- package/agents/legal/legal-litigation-discovery-hold-agent/metadata.json +3 -7
- package/agents/legal/legal-maestro-agent/metadata.json +4 -8
- package/agents/legal/legal-policy-governance-agent/metadata.json +3 -7
- package/agents/legal/legal-privacy-data-protection-agent/metadata.json +3 -7
- package/agents/legal/legal-public-disclosure-agent/metadata.json +3 -7
- package/agents/legal/legal-regulatory-compliance-agent/metadata.json +3 -7
- package/agents/legal/legal-vendor-procurement-risk-agent/metadata.json +3 -7
- package/agents/oci/oci-devops-container-platform-engineer-agent/AGENT.md +1 -1
- package/agents/oci/oci-exadata-platform-architect-agent/AGENT.md +1 -1
- package/agents/oci/oci-multi-cloud-architect-agent/AGENT.md +1 -1
- package/agents/prometheus/README.md +1 -1
- package/agents/qa/playwright-e2e-suite-review-agent/AGENT.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/claude-code.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/copilot.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/cursor.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/gemini.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/kiro-ide.agent.md +3 -3
- package/agents/salesforce/AGENTS.md +31 -0
- package/agents/salesforce/README.md +135 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/AGENT.md +117 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/LEAST-PRIVILEGES.md +91 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/claude-code.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/copilot.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/cursor.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/gemini.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-ide.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/AGENT.md +126 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/LEAST-PRIVILEGES.md +92 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/claude-code.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/copilot.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/cursor.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/gemini.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/AGENT.md +119 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/LEAST-PRIVILEGES.md +81 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/claude-code.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/copilot.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/cursor.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/gemini.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-ide.agent.md +45 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/AGENT.md +112 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/LEAST-PRIVILEGES.md +86 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-business-analyst-agent/AGENT.md +110 -0
- package/agents/salesforce/salesforce-business-analyst-agent/LEAST-PRIVILEGES.md +89 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/claude-code.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/copilot.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/cursor.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/gemini.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/AGENT.md +112 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/LEAST-PRIVILEGES.md +81 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/claude-code.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/copilot.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/cursor.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/gemini.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-ide.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/AGENT.md +121 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/LEAST-PRIVILEGES.md +87 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/claude-code.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/copilot.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/cursor.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/gemini.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-ide.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/AGENT.md +119 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/LEAST-PRIVILEGES.md +88 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/claude-code.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/copilot.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/cursor.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/gemini.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-ide.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/metadata.json +31 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/AGENT.md +130 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/LEAST-PRIVILEGES.md +85 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/claude-code.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/copilot.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/cursor.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/gemini.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/LEAST-PRIVILEGES.md +90 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/claude-code.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/copilot.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/cursor.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/gemini.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-ide.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/metadata.json +31 -0
- package/agents/salesforce/salesforce-data-architecture-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-data-architecture-agent/LEAST-PRIVILEGES.md +92 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/claude-code.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/copilot.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/cursor.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/gemini.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-development-agent/AGENT.md +114 -0
- package/agents/salesforce/salesforce-development-agent/LEAST-PRIVILEGES.md +89 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-devops-release-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-devops-release-agent/LEAST-PRIVILEGES.md +90 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/claude-code.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/copilot.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/cursor.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/gemini.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-ide.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/AGENT.md +128 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/LEAST-PRIVILEGES.md +92 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/claude-code.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/copilot.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/cursor.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/gemini.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/AGENT.md +124 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/LEAST-PRIVILEGES.md +80 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/claude-code.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/copilot.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/cursor.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/gemini.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-ide.agent.md +59 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/LEAST-PRIVILEGES.md +80 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/claude-code.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/copilot.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/cursor.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/gemini.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-ide.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/AGENT.md +125 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/LEAST-PRIVILEGES.md +88 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/claude-code.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/codex.toml +41 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/copilot.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/cursor.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/gemini.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/metadata.json +42 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/LEAST-PRIVILEGES.md +91 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-live-guard-agent/AGENT.md +126 -0
- package/agents/salesforce/salesforce-live-guard-agent/LEAST-PRIVILEGES.md +100 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/claude-code.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/codex.toml +50 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/copilot.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/cursor.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/gemini.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-ide.agent.md +58 -0
- package/agents/salesforce/salesforce-live-guard-agent/metadata.json +39 -0
- package/agents/salesforce/salesforce-maestro-agent/AGENT.md +77 -0
- package/agents/salesforce/salesforce-maestro-agent/LEAST-PRIVILEGES.md +93 -0
- package/agents/salesforce/salesforce-maestro-agent/README.md +593 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/claude-code.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/codex.toml +66 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/copilot.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/cursor.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/gemini.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-ide.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/metadata.json +38 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/AGENT.md +124 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/LEAST-PRIVILEGES.md +86 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/claude-code.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/codex.toml +34 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/copilot.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/cursor.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/gemini.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/LEAST-PRIVILEGES.md +87 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/claude-code.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/copilot.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/cursor.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/gemini.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-ide.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/metadata.json +31 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/LEAST-PRIVILEGES.md +88 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/claude-code.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/copilot.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/cursor.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/gemini.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/LEAST-PRIVILEGES.md +83 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/AGENT.md +120 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/LEAST-PRIVILEGES.md +80 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/claude-code.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/copilot.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/cursor.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/gemini.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-ide.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/LEAST-PRIVILEGES.md +90 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/claude-code.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/copilot.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/cursor.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/gemini.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-ide.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/AGENT.md +118 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/LEAST-PRIVILEGES.md +85 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/claude-code.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/copilot.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/cursor.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/gemini.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-ide.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-service-field-service-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-service-field-service-agent/LEAST-PRIVILEGES.md +82 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-session-governance-agent/AGENT.md +116 -0
- package/agents/salesforce/salesforce-session-governance-agent/LEAST-PRIVILEGES.md +91 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/claude-code.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/copilot.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/cursor.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/gemini.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-ide.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/AGENT.md +123 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/LEAST-PRIVILEGES.md +86 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/claude-code.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/copilot.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/cursor.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/gemini.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/metadata.json +41 -0
- package/assets/logos/cloud/salesforce/salesforce.svg +34 -0
- package/catalog/agents.json +1785 -353
- package/catalog/asset-integrity.json +2866 -411
- package/catalog/install-roles.json +96 -0
- package/catalog/skill-manifest.json +1238 -138
- package/catalog/skills.json +1587 -333
- package/package.json +3 -2
- package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +1 -1
- package/powers/vanguard-salesforce/POWER.md +42 -0
- package/schemas/agent.schema.json +5 -1
- package/schemas/skill.frontmatter.schema.json +33 -3
- package/schemas/skill.schema.json +5 -1
- package/scripts/export-marketplace-agents.mjs +30 -2
- package/scripts/generate-kiro-powers.mjs +12 -0
- package/scripts/release-prepare.mjs +35 -0
- package/skills/aws/aws-agentcore/references/official-sources.md +19 -19
- package/skills/aws/aws-generative-ai-developer/references/official-sources.md +10 -10
- package/skills/azure/azure-ai-foundry-ops-governor/references/workflow-and-output.md +2 -2
- package/skills/azure/azure-aks-platform-operator/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-app-service-production-readiness/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-cosmosdb-application-developer/references/official-sources.md +11 -11
- package/skills/azure/azure-cosmosdb-performance-investigator/references/official-sources.md +11 -11
- package/skills/azure/azure-cosmosdb-platform-operator/references/official-sources.md +10 -10
- package/skills/azure/azure-cost-estimation-review/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-cost-optimization-governor/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-entra-id-specialist/references/official-sources.md +28 -28
- package/skills/azure/azure-identity-governance-review/references/official-sources.md +11 -11
- package/skills/azure/azure-identity-governance-review/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-key-vault-secret-lifecycle-auditor/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-migrate-landing-zone-cutover/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-platform-automation-devops/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-private-endpoint-adoption-planner/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-resource-health-incident-triage/references/workflow-and-output.md +6 -6
- package/skills/azure/azure-subscription-resource-organization/references/workflow-and-output.md +1 -1
- package/skills/cross-functional/salesforce-case-capsule/SKILL.md +164 -0
- package/skills/cross-functional/salesforce-case-capsule/metadata.json +19 -0
- package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/SKILL.md +165 -0
- package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/metadata.json +19 -0
- package/skills/cross-functional/salesforce-live-change-approval-protocol/SKILL.md +118 -0
- package/skills/cross-functional/salesforce-live-change-approval-protocol/metadata.json +19 -0
- package/skills/cross-functional/salesforce-risk-taxonomy/SKILL.md +162 -0
- package/skills/cross-functional/salesforce-risk-taxonomy/metadata.json +19 -0
- package/skills/cross-functional/salesforce-routing-protocol/SKILL.md +159 -0
- package/skills/cross-functional/salesforce-routing-protocol/metadata.json +19 -0
- package/skills/dotnet/dotnet-aspire-cloud-native-review/SKILL.md +53 -0
- package/skills/dotnet/dotnet-aspire-cloud-native-review/metadata.json +27 -0
- package/skills/dotnet/dotnet-aspire-cloud-native-review/references/workflow-and-output.md +115 -0
- package/skills/dotnet/dotnet-aspnetcore-api-review/SKILL.md +53 -0
- package/skills/dotnet/dotnet-aspnetcore-api-review/metadata.json +28 -0
- package/skills/dotnet/dotnet-aspnetcore-api-review/references/workflow-and-output.md +115 -0
- package/skills/dotnet/dotnet-aspnetcore-identity-authz-review/SKILL.md +48 -0
- package/skills/dotnet/dotnet-aspnetcore-identity-authz-review/metadata.json +28 -0
- package/skills/dotnet/dotnet-aspnetcore-identity-authz-review/references/workflow-and-output.md +125 -0
- package/skills/dotnet/dotnet-csharp-runtime-review/SKILL.md +56 -0
- package/skills/dotnet/dotnet-csharp-runtime-review/metadata.json +28 -0
- package/skills/dotnet/dotnet-csharp-runtime-review/references/workflow-and-output.md +141 -0
- package/skills/dotnet/dotnet-efcore-data-access-review/SKILL.md +57 -0
- package/skills/dotnet/dotnet-efcore-data-access-review/metadata.json +28 -0
- package/skills/dotnet/dotnet-efcore-data-access-review/references/workflow-and-output.md +140 -0
- package/skills/dotnet/dotnet-maestro/SKILL.md +106 -0
- package/skills/dotnet/dotnet-maestro/metadata.json +26 -0
- package/skills/dotnet/dotnet-observability-otel-review/SKILL.md +53 -0
- package/skills/dotnet/dotnet-observability-otel-review/metadata.json +27 -0
- package/skills/dotnet/dotnet-observability-otel-review/references/workflow-and-output.md +119 -0
- package/skills/dotnet/dotnet-performance-aot-review/SKILL.md +53 -0
- package/skills/dotnet/dotnet-performance-aot-review/metadata.json +27 -0
- package/skills/dotnet/dotnet-performance-aot-review/references/workflow-and-output.md +123 -0
- package/skills/dotnet/dotnet-supply-chain-review/SKILL.md +55 -0
- package/skills/dotnet/dotnet-supply-chain-review/metadata.json +28 -0
- package/skills/dotnet/dotnet-supply-chain-review/references/workflow-and-output.md +132 -0
- package/skills/dotnet/dotnet-testing-quality-review/SKILL.md +54 -0
- package/skills/dotnet/dotnet-testing-quality-review/metadata.json +27 -0
- package/skills/dotnet/dotnet-testing-quality-review/references/workflow-and-output.md +142 -0
- package/skills/finops/focus-spec-normalizer/references/focus-columns.md +2 -2
- package/skills/gcp/gcp-alloydb-ai-developer/SKILL.md +1 -1
- package/skills/gcp/gcp-gemini-api-developer/SKILL.md +2 -2
- package/skills/hr/hr-risk-triage-review/metadata.json +9 -2
- package/skills/legal/legal-counsel-review/metadata.json +9 -2
- package/skills/nvidia/nvidia-model-promotion-gatekeeper/SKILL.md +1 -1
- package/skills/nvidia/nvidia-model-promotion-gatekeeper/references/allowlist-commands.md +1 -1
- package/skills/oci/oci-compute-platform-operator/SKILL.md +0 -2
- package/skills/oci/oci-cost-finops-analyst/SKILL.md +0 -2
- package/skills/oci/oci-database-platform-dba/SKILL.md +0 -2
- package/skills/oci/oci-devops-container-platform-engineer/SKILL.md +0 -2
- package/skills/oci/oci-identity-access-governor/SKILL.md +0 -2
- package/skills/oci/oci-multi-cloud-architect/SKILL.md +0 -2
- package/skills/oci/oci-network-architect/SKILL.md +0 -2
- package/skills/oci/oci-observability-incident-responder/SKILL.md +0 -2
- package/skills/oci/oci-security-compliance-reviewer/SKILL.md +0 -2
- package/skills/oci/oci-solution-architect/SKILL.md +1 -3
- package/skills/oci/oci-storage-backup-steward/SKILL.md +0 -2
- package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +1 -1
- package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +4 -4
- package/skills/qa/ci-test-pipeline-review/references/workflow-and-output.md +1 -1
- package/skills/qa/llm-ai-pipeline-test-review/references/workflow-and-output.md +1 -1
- package/skills/qa/playwright-e2e-suite-review/SKILL.md +4 -4
- package/skills/qa/playwright-e2e-suite-review/references/workflow-and-output.md +12 -12
- package/skills/qa/plc-control-logic-safety-review/references/workflow-and-output.md +2 -2
- package/skills/qa/test-coverage-quality-review/SKILL.md +1 -1
- package/skills/qa/test-coverage-quality-review/references/workflow-and-output.md +8 -8
- package/skills/qa/test-flakiness-triage/SKILL.md +1 -1
- package/skills/qa/test-flakiness-triage/references/workflow-and-output.md +1 -1
- package/skills/salesforce/README.md +117 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/SKILL.md +206 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/action-safety-matrix.md +160 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/agentforce-anti-patterns.md +193 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/grounding-source-evaluation.md +162 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/SKILL.md +557 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/metadata.json +41 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/observability-rubric.md +219 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/privacy-redaction.md +240 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/stdm-queries.md +436 -0
- package/skills/salesforce/salesforce-apex-generator-skill/SKILL.md +307 -0
- package/skills/salesforce/salesforce-apex-generator-skill/metadata.json +30 -0
- package/skills/salesforce/salesforce-apex-generator-skill/references/apex-patterns.md +224 -0
- package/skills/salesforce/salesforce-apex-generator-skill/references/governor-limits.md +175 -0
- package/skills/salesforce/salesforce-apex-generator-skill/references/security-defaults.md +155 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/SKILL.md +360 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/metadata.json +38 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/governor-limit-signatures.md +174 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/log-format-reference.md +154 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/redaction-rules.md +178 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/SKILL.md +195 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/apex-anti-patterns.md +270 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/governor-limits-reference.md +198 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/lwc-security.md +206 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/SKILL.md +274 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/metadata.json +29 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/references/assertion-patterns.md +174 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/references/async-testing.md +217 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/references/test-data-factory.md +174 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/SKILL.md +344 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/metadata.json +37 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/references/cli-commands.md +162 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/references/coverage-analysis.md +107 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/references/failure-diagnosis.md +187 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/SKILL.md +356 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/metadata.json +29 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/references/anonymous-apex-patterns.md +380 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/references/data-loader-templates.md +209 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/references/rollback-strategy.md +209 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/SKILL.md +380 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/metadata.json +37 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/references/cli-commands.md +264 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/references/production-refusal-rules.md +243 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/references/test-selection-strategy.md +250 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/SKILL.md +195 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/metadata.json +19 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/change-impact-categories.md +216 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sandbox-masking-strategy.md +193 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sca-rule-catalog.md +226 -0
- package/skills/salesforce/salesforce-field-mapping-skill/SKILL.md +348 -0
- package/skills/salesforce/salesforce-field-mapping-skill/metadata.json +29 -0
- package/skills/salesforce/salesforce-field-mapping-skill/references/api-name-normalization.md +141 -0
- package/skills/salesforce/salesforce-field-mapping-skill/references/picklist-value-mapping.md +245 -0
- package/skills/salesforce/salesforce-field-mapping-skill/references/type-mismatch-detection.md +187 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/SKILL.md +163 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/references/automation-conflict-matrix.md +193 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/references/fault-path-design.md +189 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/references/flow-anti-patterns.md +211 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/SKILL.md +355 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/metadata.json +35 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/references/fault-path-design.md +175 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/references/flow-error-patterns.md +247 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/references/interview-log-redaction.md +171 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/SKILL.md +137 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/metadata.json +19 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/references/hyperforce-deployment-controls.md +181 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/references/network-policy-reference.md +200 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/references/session-policy-reference.md +219 -0
- package/skills/salesforce/salesforce-integration-review-skill/SKILL.md +186 -0
- package/skills/salesforce/salesforce-integration-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-integration-review-skill/references/integration-anti-patterns.md +280 -0
- package/skills/salesforce/salesforce-integration-review-skill/references/integration-pattern-reference.md +239 -0
- package/skills/salesforce/salesforce-integration-review-skill/references/named-credential-design.md +211 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/SKILL.md +204 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-anti-patterns.md +247 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-model-reference.md +205 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/references/regulatory-mapping.md +192 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/SKILL.md +418 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/metadata.json +50 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/references/cli-commands.md +347 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/references/delegation-routing.md +416 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/references/sanitization-rules.md +392 -0
- package/skills/salesforce/salesforce-metadata-review-skill/SKILL.md +148 -0
- package/skills/salesforce/salesforce-metadata-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-metadata-review-skill/references/deprecated-metadata.md +217 -0
- package/skills/salesforce/salesforce-metadata-review-skill/references/field-hygiene-rules.md +182 -0
- package/skills/salesforce/salesforce-metadata-review-skill/references/object-design-patterns.md +187 -0
- package/skills/salesforce/salesforce-org-assessment-skill/SKILL.md +137 -0
- package/skills/salesforce/salesforce-org-assessment-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-org-assessment-skill/references/assessment-rubric.md +228 -0
- package/skills/salesforce/salesforce-org-assessment-skill/references/risk-register-template.md +211 -0
- package/skills/salesforce/salesforce-org-assessment-skill/references/tech-debt-indicators.md +252 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/SKILL.md +165 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/references/fls-review-patterns.md +235 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/references/permission-set-strategy.md +203 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/references/toxic-combinations.md +228 -0
- package/skills/salesforce/salesforce-release-readiness-skill/SKILL.md +185 -0
- package/skills/salesforce/salesforce-release-readiness-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-release-readiness-skill/references/release-checklist.md +191 -0
- package/skills/salesforce/salesforce-release-readiness-skill/references/rollback-strategy.md +234 -0
- package/skills/salesforce/salesforce-release-readiness-skill/references/test-coverage-strategy.md +314 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/SKILL.md +391 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/metadata.json +35 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/references/cli-commands.md +266 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/references/least-privilege-scope.md +224 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/references/safe-query-patterns.md +317 -0
- package/skills/salesforce/salesforce-soql-generator-skill/SKILL.md +305 -0
- package/skills/salesforce/salesforce-soql-generator-skill/metadata.json +25 -0
- package/skills/salesforce/salesforce-soql-generator-skill/references/common-patterns.md +293 -0
- package/skills/salesforce/salesforce-soql-generator-skill/references/governor-limits.md +171 -0
- package/skills/salesforce/salesforce-soql-generator-skill/references/soql-syntax-quickref.md +255 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/SKILL.md +329 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/metadata.json +28 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/references/error-message-style.md +132 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/references/formula-syntax-quickref.md +182 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/references/validation-patterns.md +214 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/SKILL.md +164 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/metadata.json +19 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/continuous-verification-patterns.md +209 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/maturity-scoring-rubric.md +179 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/nist-zta-pillars.md +194 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/01-csharp-runtime.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/02-aspnetcore-api.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/03-identity-authz.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/04-efcore-data.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/05-testing-quality.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/06-supply-chain.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/07-performance-aot.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/08-observability-otel.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/09-aspire-cloud-native.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/10-multi-domain.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/11-ambiguous.json +4 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/adv-ambiguous-near-miss.json +4 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/adv-instruction-injection.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/adv-live-guard-bypass.json +4 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/adv-parallel-saturation.json +9 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/adv-persona-replacement.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/expected/adv-secrets-bait.json +6 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/01-csharp-runtime.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/02-aspnetcore-api.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/03-identity-authz.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/04-efcore-data.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/05-testing-quality.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/06-supply-chain.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/07-performance-aot.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/08-observability-otel.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/09-aspire-cloud-native.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/10-multi-domain.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/11-ambiguous.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/adv-ambiguous-near-miss.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/adv-instruction-injection.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/adv-live-guard-bypass.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/adv-parallel-saturation.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/adv-persona-replacement.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/inputs/adv-secrets-bait.json +7 -0
- package/tests/fixtures/dotnet-maestro-routing/taxonomy.json +99 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/001-happy-platform-admin-review.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/002-happy-business-analyst.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/003-happy-app-builder-automation.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/004-happy-development.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/005-happy-devops-release.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/006-happy-security-identity-access.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/007-happy-data-architecture.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/008-happy-integration-mulesoft.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/009-happy-sales-cloud-revenue.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/010-happy-marketing-cloud.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/011-happy-agentforce-ai.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/012-happy-analytics-tableau.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/013-happy-compliance-privacy.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/014-happy-network-policy-architect.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/015-happy-hyperforce-security.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/016-happy-sandbox-isolation.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/017-happy-session-governance.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/018-happy-continuous-verification.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/019-happy-certificate-lifecycle.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/020-happy-adaptive-access.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/021-happy-code-analyzer-orchestrator.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/022-happy-sandbox-governance.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/023-happy-change-impact-analyst.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-ambiguous.json +4 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-instruction-injection.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-01-live-org-deploy-guard.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-02-live-mass-delete-guard.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-03-live-release-to-prod-guard.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-persona-replacement.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-secrets-bait.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/001-happy-platform-admin-review.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/002-happy-business-analyst.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/003-happy-app-builder-automation.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/004-happy-development.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/005-happy-devops-release.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/006-happy-security-identity-access.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/007-happy-data-architecture.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/008-happy-integration-mulesoft.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/009-happy-sales-cloud-revenue.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/010-happy-marketing-cloud.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/011-happy-agentforce-ai.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/012-happy-analytics-tableau.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/013-happy-compliance-privacy.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/014-happy-network-policy-architect.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/015-happy-hyperforce-security.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/016-happy-sandbox-isolation.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/017-happy-session-governance.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/018-happy-continuous-verification.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/019-happy-certificate-lifecycle.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/020-happy-adaptive-access.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/021-happy-code-analyzer-orchestrator.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/022-happy-sandbox-governance.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/023-happy-change-impact-analyst.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-ambiguous.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-instruction-injection.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-01-live-org-deploy-guard.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-02-live-mass-delete-guard.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-03-live-release-to-prod-guard.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-persona-replacement.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-secrets-bait.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/taxonomy.json +371 -0
- package/tests/test-vfa-export-coverage.test.mjs +29 -8
- package/tests/validate-catalog.py +15 -1
- package/tests/validate-plugin-manifest.py +11 -1
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "salesforce-soql-explorer-skill",
|
|
3
|
+
"name": "Salesforce SOQL Explorer Skill",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "salesforce",
|
|
6
|
+
"harnesses": ["claude-code", "codex", "cursor", "gemini", "kiro", "other"],
|
|
7
|
+
"summary": "Executes read-only SOQL queries against a connected Salesforce org via the sf CLI under T1 least-privilege scope. Returns sanitized JSON output with a structured audit envelope. Live operational counterpart to the static-review skills. No DML. No metadata mutation. Sanitized output only.",
|
|
8
|
+
"source_type": "original",
|
|
9
|
+
"category": "operational",
|
|
10
|
+
"execution_tier": "read-only-runtime",
|
|
11
|
+
"oauth_scopes": ["api", "refresh_token"],
|
|
12
|
+
"mcp_servers": [],
|
|
13
|
+
"run_as_permissions": {
|
|
14
|
+
"required": ["View Setup and Configuration"],
|
|
15
|
+
"denied": [
|
|
16
|
+
"ModifyAllData",
|
|
17
|
+
"ViewAllData",
|
|
18
|
+
"ViewEncryptedData",
|
|
19
|
+
"ModifyMetadata",
|
|
20
|
+
"AuthorApex",
|
|
21
|
+
"ManageConnectedApps"
|
|
22
|
+
]
|
|
23
|
+
},
|
|
24
|
+
"official_docs": [
|
|
25
|
+
"https://developer.salesforce.com/docs/atlas.en-us.sfdx_cli_reference.meta/sfdx_cli_reference/cli_reference_data_commands_unified.htm",
|
|
26
|
+
"https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql.htm",
|
|
27
|
+
"https://help.salesforce.com/s/articleView?id=sf.connected_app_overview.htm",
|
|
28
|
+
"https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_calls_query.htm"
|
|
29
|
+
],
|
|
30
|
+
"security_notes": "T1 read-only operational scope only. No DML permitted. OAuth scopes restricted to api + refresh_token. Run As service account has no ModifyAllData, ViewAllData, ViewEncryptedData, ModifyMetadata, AuthorApex, or ManageConnectedApps permissions. Org allowlist enforced by Connected App. Every execution emits a structured audit envelope. All Salesforce IDs, user IDs, and PII fields are redacted before output. Refresh token rotation immediately revokes access. Regulated-vertical orgs (Health Cloud, Financial Services Cloud) trigger mandatory compliance escalation.",
|
|
31
|
+
"last_verified": "2026-05-21",
|
|
32
|
+
"path": "skills/salesforce/salesforce-soql-explorer-skill",
|
|
33
|
+
"author": "github: Raishin",
|
|
34
|
+
"version": "0.1.0"
|
|
35
|
+
}
|
|
@@ -0,0 +1,266 @@
|
|
|
1
|
+
<!-- Parent: salesforce-soql-explorer-skill/SKILL.md -->
|
|
2
|
+
# Salesforce CLI Commands — SOQL Explorer Reference
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Org Introspection
|
|
8
|
+
|
|
9
|
+
### Confirm connectivity and org type
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
sf org display --target-org <alias>
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
Output includes: username, instance URL, org type (Scratch Org / Sandbox /
|
|
16
|
+
Production), OAuth client ID, access token expiry. Use this to verify
|
|
17
|
+
the org is reachable and that the alias resolves to the expected org type
|
|
18
|
+
before running any query.
|
|
19
|
+
|
|
20
|
+
**T1 check:** If `orgType` or `isDevHub` indicates production and the
|
|
21
|
+
Connected App allowlist does not explicitly authorize this alias, stop.
|
|
22
|
+
|
|
23
|
+
### List authorized orgs
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
sf org list --connected
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Returns all orgs with active authentication. Use to enumerate valid aliases
|
|
30
|
+
before accepting a user-provided alias. Cross-reference against the
|
|
31
|
+
org allowlist maintained in the Connected App configuration.
|
|
32
|
+
|
|
33
|
+
```bash
|
|
34
|
+
# JSON output for scripting / allowlist verification
|
|
35
|
+
sf org list --connected --json
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
---
|
|
39
|
+
|
|
40
|
+
## Schema Introspection
|
|
41
|
+
|
|
42
|
+
### Describe an sObject (field list, FLS, encryption flags)
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
sf sobject describe --sobject Account --target-org <alias>
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Read the output before building a query:
|
|
49
|
+
- `fields[].name` — API names of available fields
|
|
50
|
+
- `fields[].encrypted` — `true` if Shield PE / PMLE encrypted; **skip these**
|
|
51
|
+
- `fields[].nillable` / `fields[].type` — inform filter design
|
|
52
|
+
- `queryable: true` — confirms the object supports SOQL
|
|
53
|
+
|
|
54
|
+
```bash
|
|
55
|
+
# JSON output for jq processing
|
|
56
|
+
sf sobject describe --sobject Account --target-org <alias> --json \
|
|
57
|
+
| jq '[.result.fields[] | {name: .name, type: .type, encrypted: .encrypted}]'
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
**Encrypted field detection:**
|
|
61
|
+
|
|
62
|
+
```bash
|
|
63
|
+
sf sobject describe --sobject Contact --target-org <alias> --json \
|
|
64
|
+
| jq '[.result.fields[] | select(.encrypted == true) | .name]'
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
Remove any fields returned from this command from your query. Do not
|
|
68
|
+
include them even as placeholders.
|
|
69
|
+
|
|
70
|
+
---
|
|
71
|
+
|
|
72
|
+
## Query Execution
|
|
73
|
+
|
|
74
|
+
### Basic read-only query (JSON output — preferred)
|
|
75
|
+
|
|
76
|
+
```bash
|
|
77
|
+
sf data query \
|
|
78
|
+
--query "SELECT Id, Name, Industry FROM Account WHERE CreatedDate = LAST_N_DAYS:30 LIMIT 200" \
|
|
79
|
+
--target-org <alias> \
|
|
80
|
+
--result-format json
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
JSON output is preferred over the default human-readable table because it
|
|
84
|
+
is structured, pipeable to `jq` for redaction, and unambiguous about field
|
|
85
|
+
values.
|
|
86
|
+
|
|
87
|
+
### Preview with LIMIT 5 before full execution
|
|
88
|
+
|
|
89
|
+
```bash
|
|
90
|
+
sf data query \
|
|
91
|
+
--query "SELECT Id, Name FROM Account LIMIT 5" \
|
|
92
|
+
--target-org <alias> \
|
|
93
|
+
--result-format json
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
Always preview first. Confirm field shape, check for unexpected values,
|
|
97
|
+
verify no encrypted or PII fields slipped through.
|
|
98
|
+
|
|
99
|
+
### Full execution with appropriate LIMIT
|
|
100
|
+
|
|
101
|
+
```bash
|
|
102
|
+
sf data query \
|
|
103
|
+
--query "SELECT Id, Name, StageName, Amount FROM Opportunity WHERE CloseDate >= THIS_QUARTER LIMIT 200" \
|
|
104
|
+
--target-org <alias> \
|
|
105
|
+
--result-format json
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
Maximum interactive LIMIT: 2,000. Do not exceed. For larger volumes,
|
|
109
|
+
route to `salesforce-bulk-data-ops-skill`.
|
|
110
|
+
|
|
111
|
+
### Count query (no record data returned)
|
|
112
|
+
|
|
113
|
+
```bash
|
|
114
|
+
sf data query \
|
|
115
|
+
--query "SELECT COUNT FROM Contact WHERE Email = null" \
|
|
116
|
+
--target-org <alias> \
|
|
117
|
+
--result-format json
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
Use COUNT to answer "how many" questions without returning record values.
|
|
121
|
+
Reduces PII exposure and governor limit consumption.
|
|
122
|
+
|
|
123
|
+
### Aggregate query
|
|
124
|
+
|
|
125
|
+
```bash
|
|
126
|
+
sf data query \
|
|
127
|
+
--query "SELECT StageName, COUNT(Id) cnt, SUM(Amount) total FROM Opportunity GROUP BY StageName" \
|
|
128
|
+
--target-org <alias> \
|
|
129
|
+
--result-format json
|
|
130
|
+
```
|
|
131
|
+
|
|
132
|
+
---
|
|
133
|
+
|
|
134
|
+
## Tooling API Queries
|
|
135
|
+
|
|
136
|
+
Use `--use-tooling-api` to query metadata objects (ApexClass, CustomField,
|
|
137
|
+
CustomObject, FlowDefinition, etc.) when schema introspection is needed
|
|
138
|
+
without a metadata retrieve.
|
|
139
|
+
|
|
140
|
+
```bash
|
|
141
|
+
# Query ApexClass metadata
|
|
142
|
+
sf data query \
|
|
143
|
+
--query "SELECT Id, Name, Status FROM ApexClass WHERE NamespacePrefix = null LIMIT 50" \
|
|
144
|
+
--target-org <alias> \
|
|
145
|
+
--use-tooling-api \
|
|
146
|
+
--result-format json
|
|
147
|
+
|
|
148
|
+
# Query CustomField metadata
|
|
149
|
+
sf data query \
|
|
150
|
+
--query "SELECT Id, DeveloperName, TableEnumOrId, DataType FROM CustomField WHERE TableEnumOrId = 'Account'" \
|
|
151
|
+
--target-org <alias> \
|
|
152
|
+
--use-tooling-api \
|
|
153
|
+
--result-format json
|
|
154
|
+
|
|
155
|
+
# Query FlowDefinition for automation inventory
|
|
156
|
+
sf data query \
|
|
157
|
+
--query "SELECT Id, ApiName, ActiveVersionId, ProcessType FROM FlowDefinition LIMIT 100" \
|
|
158
|
+
--target-org <alias> \
|
|
159
|
+
--use-tooling-api \
|
|
160
|
+
--result-format json
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
> **Note:** Tooling API queries access metadata, not record data. FLS does
|
|
164
|
+
> not apply the same way; however, the Run As account must still have
|
|
165
|
+
> View Setup and Configuration.
|
|
166
|
+
|
|
167
|
+
---
|
|
168
|
+
|
|
169
|
+
## Output Sanitization with jq
|
|
170
|
+
|
|
171
|
+
### Redact Salesforce IDs (replace with placeholder)
|
|
172
|
+
|
|
173
|
+
```bash
|
|
174
|
+
sf data query \
|
|
175
|
+
--query "SELECT Id, Name FROM Account LIMIT 10" \
|
|
176
|
+
--target-org <alias> \
|
|
177
|
+
--result-format json \
|
|
178
|
+
| jq '.result.records[] | {Id: "<record_id_placeholder>", Name: .Name}'
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
### Redact owner/user ID fields
|
|
182
|
+
|
|
183
|
+
```bash
|
|
184
|
+
sf data query \
|
|
185
|
+
--query "SELECT Id, Name, OwnerId FROM Opportunity LIMIT 10" \
|
|
186
|
+
--target-org <alias> \
|
|
187
|
+
--result-format json \
|
|
188
|
+
| jq '.result.records[] | {
|
|
189
|
+
Id: "<record_id_placeholder>",
|
|
190
|
+
Name: .Name,
|
|
191
|
+
OwnerId: "<user_id_placeholder>"
|
|
192
|
+
}'
|
|
193
|
+
```
|
|
194
|
+
|
|
195
|
+
### Extract record count only (no record values)
|
|
196
|
+
|
|
197
|
+
```bash
|
|
198
|
+
sf data query \
|
|
199
|
+
--query "SELECT COUNT FROM Account" \
|
|
200
|
+
--target-org <alias> \
|
|
201
|
+
--result-format json \
|
|
202
|
+
| jq '.result.totalSize'
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
### Extract specific fields with multi-field redaction
|
|
206
|
+
|
|
207
|
+
```bash
|
|
208
|
+
sf data query \
|
|
209
|
+
--query "SELECT Id, Name, Email, CreatedById FROM Contact LIMIT 5" \
|
|
210
|
+
--target-org <alias> \
|
|
211
|
+
--result-format json \
|
|
212
|
+
| jq '.result.records[] | {
|
|
213
|
+
Id: "<record_id_placeholder>",
|
|
214
|
+
Name: .Name,
|
|
215
|
+
Email: "<redacted_pii>",
|
|
216
|
+
CreatedById: "<user_id_placeholder>"
|
|
217
|
+
}'
|
|
218
|
+
```
|
|
219
|
+
|
|
220
|
+
---
|
|
221
|
+
|
|
222
|
+
## Bulk Flag Notes
|
|
223
|
+
|
|
224
|
+
|
|
225
|
+
### The --all-rows flag
|
|
226
|
+
|
|
227
|
+
```bash
|
|
228
|
+
sf data query \
|
|
229
|
+
--query "SELECT Id, Name, IsDeleted FROM Account WHERE IsDeleted = true LIMIT 50" \
|
|
230
|
+
--target-org <alias> \
|
|
231
|
+
--all-rows \
|
|
232
|
+
--result-format json
|
|
233
|
+
```
|
|
234
|
+
|
|
235
|
+
`--all-rows` includes soft-deleted records (records in the Recycle Bin).
|
|
236
|
+
Use only when explicitly investigating deleted record state. Document the
|
|
237
|
+
intent in the audit envelope `assumptions` field.
|
|
238
|
+
|
|
239
|
+
---
|
|
240
|
+
|
|
241
|
+
## Query Plan Analysis
|
|
242
|
+
|
|
243
|
+
Use `--plan` to inspect the query execution plan before running a query
|
|
244
|
+
against a large object. Requires the Tooling API flag.
|
|
245
|
+
|
|
246
|
+
```bash
|
|
247
|
+
sf data query \
|
|
248
|
+
--query "SELECT Id FROM Account WHERE Name = 'Acme'" \
|
|
249
|
+
--target-org <alias> \
|
|
250
|
+
--use-tooling-api \
|
|
251
|
+
--plan
|
|
252
|
+
```
|
|
253
|
+
|
|
254
|
+
Key fields in plan output:
|
|
255
|
+
- `leadingOperationType: "Index"` — query uses an index (efficient)
|
|
256
|
+
- `leadingOperationType: "TableScan"` — full table scan (warn if object > 10k records)
|
|
257
|
+
- `relativeCost < 1` — efficient
|
|
258
|
+
- `cardinality` — estimated rows returned
|
|
259
|
+
|
|
260
|
+
If plan shows `TableScan` on a large object, revise the query to add a
|
|
261
|
+
selective indexed filter before executing.
|
|
262
|
+
|
|
263
|
+
---
|
|
264
|
+
|
|
265
|
+
## Required CLI Version
|
|
266
|
+
|
|
@@ -0,0 +1,224 @@
|
|
|
1
|
+
<!-- Parent: salesforce-soql-explorer-skill/SKILL.md -->
|
|
2
|
+
# T1 Least-Privilege Scope — SOQL Explorer
|
|
3
|
+
|
|
4
|
+
.
|
|
5
|
+
|
|
6
|
+
This document defines the least-privilege boundary for the T1 read-only
|
|
7
|
+
operational tier. Every claim here must be verified against a live Salesforce
|
|
8
|
+
org before production use. Do not assume parity with legacy sfdx behavior.
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## OAuth Connected App Configuration
|
|
13
|
+
|
|
14
|
+
The skill authenticates via a Connected App using the OAuth 2.0 JWT Bearer
|
|
15
|
+
or Web Server flow. The Connected App must be configured as follows:
|
|
16
|
+
|
|
17
|
+
### Permitted OAuth Scopes (check exactly these two)
|
|
18
|
+
|
|
19
|
+
```
|
|
20
|
+
[x] Access and manage your data (api)
|
|
21
|
+
[x] Perform requests on your behalf at any time (refresh_token, offline_access)
|
|
22
|
+
[ ] Full access (full) ← MUST be unchecked
|
|
23
|
+
[ ] Web (web) ← MUST be unchecked
|
|
24
|
+
[ ] Salesforce Platform API features (sfap_api) ← MUST be unchecked
|
|
25
|
+
[ ] CDP Query API (cdp_query_api) ← MUST be unchecked
|
|
26
|
+
[ ] Manage user data via APIs (api) + openid ← not needed; omit
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Any scope beyond `api` and `refresh_token` is prohibited for T1 skills.
|
|
30
|
+
|
|
31
|
+
### IP Allowlisting
|
|
32
|
+
|
|
33
|
+
Set **Permitted Users** to "Admin approved users are pre-authorized" and
|
|
34
|
+
configure **IP Relaxation** to "Enforce IP restrictions". Add only the
|
|
35
|
+
IP ranges from which the skill runner (CI system, local developer machine,
|
|
36
|
+
or agent orchestrator) operates.
|
|
37
|
+
|
|
38
|
+
Do not set IP Relaxation to "Relax IP restrictions".
|
|
39
|
+
|
|
40
|
+
### Callback URL
|
|
41
|
+
|
|
42
|
+
Use a non-production callback URL (e.g., `http://localhost:1717/OauthRedirect`
|
|
43
|
+
for JWT flows) or the CI system's callback. Never use a production endpoint
|
|
44
|
+
as the callback for a T1 service account.
|
|
45
|
+
|
|
46
|
+
### Refresh Token Rotation
|
|
47
|
+
|
|
48
|
+
Enable **Refresh Token Rotation** in the Connected App OAuth settings.
|
|
49
|
+
This ensures that each token refresh issues a new refresh token and
|
|
50
|
+
invalidates the previous one — a prerequisite for the revocation model
|
|
51
|
+
described below.
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
55
|
+
## Run As Service Account — Profile Design
|
|
56
|
+
|
|
57
|
+
The "Run As" account is a dedicated Salesforce user (not a named human user)
|
|
58
|
+
whose profile and permission sets define the T1 access boundary.
|
|
59
|
+
|
|
60
|
+
### System Permissions — REQUIRED
|
|
61
|
+
|
|
62
|
+
```
|
|
63
|
+
[x] View Setup and Configuration
|
|
64
|
+
(API: ViewSetup)
|
|
65
|
+
Required for: sf org display, sobject describe, tooling API queries
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
No other system permissions are required for T1 SOQL exploration. Do not
|
|
69
|
+
grant any system permission not listed here.
|
|
70
|
+
|
|
71
|
+
### System Permissions — EXPLICITLY DENIED
|
|
72
|
+
|
|
73
|
+
These permissions must be absent from the Run As account's profile AND from
|
|
74
|
+
any permission set assigned to the account. Verify via Setup > Users >
|
|
75
|
+
[Run As User] > View Summary.
|
|
76
|
+
|
|
77
|
+
```
|
|
78
|
+
[ ] Modify All Data (API: ModifyAllData)
|
|
79
|
+
[ ] View All Data (API: ViewAllData) ← system bypass, not record access
|
|
80
|
+
[ ] View Encrypted Data (API: ViewEncryptedData)
|
|
81
|
+
[ ] Modify Metadata Through Metadata API Functions
|
|
82
|
+
(API: ModifyMetadata)
|
|
83
|
+
[ ] Author Apex (API: AuthorApex)
|
|
84
|
+
[ ] Customize Application (API: CustomizeApplication)
|
|
85
|
+
[ ] Manage Connected Apps (API: ManageConnectedApps)
|
|
86
|
+
[ ] API Enabled ← Wait — this IS required for CLI access. See note below.
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
> **Note on API Enabled:** The Run As account must have `API Enabled` checked
|
|
90
|
+
> (required for any CLI or API access). All other API-adjacent permissions
|
|
91
|
+
> (ModifyAllData, ViewAllData, etc.) must still be denied. `API Enabled`
|
|
92
|
+
> alone grants only the ability to make authenticated API calls subject
|
|
93
|
+
> to standard sharing and FLS — it does not bypass sharing or FLS.
|
|
94
|
+
|
|
95
|
+
### Object Permissions — Per-Object Read Only
|
|
96
|
+
|
|
97
|
+
For each sObject in scope:
|
|
98
|
+
|
|
99
|
+
```
|
|
100
|
+
[x] Read
|
|
101
|
+
[ ] Create
|
|
102
|
+
[ ] Edit
|
|
103
|
+
[ ] Delete
|
|
104
|
+
[ ] View All ← MUST be unchecked (bypasses sharing)
|
|
105
|
+
[ ] Modify All ← MUST be unchecked
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
Grant Read access only on the specific objects the skill will query. Do not
|
|
109
|
+
grant Read on all objects by default — enumerate the scope explicitly per
|
|
110
|
+
matter or engagement.
|
|
111
|
+
|
|
112
|
+
### Field-Level Security (FLS)
|
|
113
|
+
|
|
114
|
+
For each field the skill may query:
|
|
115
|
+
|
|
116
|
+
```
|
|
117
|
+
[x] Read
|
|
118
|
+
[ ] Edit
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
FLS must be explicitly configured. The T1 Run As account must not have
|
|
122
|
+
Read access to:
|
|
123
|
+
- Fields marked as encrypted (Shield PE / PMLE)
|
|
124
|
+
- Fields containing PII (email, phone, SSN, health data, financial account
|
|
125
|
+
numbers) unless the matter explicitly requires it and the field is not
|
|
126
|
+
encrypted
|
|
127
|
+
- Fields in shadow objects or reporting snapshots unless the matter requires
|
|
128
|
+
|
|
129
|
+
Use the `sf sobject describe` output (see `cli-commands.md`) to verify
|
|
130
|
+
which fields the Run As account can actually read before constructing queries.
|
|
131
|
+
|
|
132
|
+
---
|
|
133
|
+
|
|
134
|
+
## IP Allowlisting at the Connected App Level
|
|
135
|
+
|
|
136
|
+
Configure the Connected App's IP restrictions to match the expected source
|
|
137
|
+
ranges for the skill runner:
|
|
138
|
+
|
|
139
|
+
| Environment | Expected Source |
|
|
140
|
+
|---|---|
|
|
141
|
+
| Local developer | Developer machine IP or VPN exit node |
|
|
142
|
+
| CI/CD pipeline | CI runner IP range (static or NAT gateway) |
|
|
143
|
+
| Agent orchestrator | Orchestrator cluster egress IP range |
|
|
144
|
+
|
|
145
|
+
Review and update IP allowlists quarterly or when infrastructure changes.
|
|
146
|
+
Do not use `0.0.0.0/0`.
|
|
147
|
+
|
|
148
|
+
---
|
|
149
|
+
|
|
150
|
+
## Refresh Token Rotation and Revocation
|
|
151
|
+
|
|
152
|
+
### Rotation cadence
|
|
153
|
+
|
|
154
|
+
Rotate the Run As account's refresh token:
|
|
155
|
+
- At minimum every 90 days
|
|
156
|
+
- Immediately upon any suspected compromise
|
|
157
|
+
- When the Run As account's org is decommissioned
|
|
158
|
+
|
|
159
|
+
### Revocation procedure
|
|
160
|
+
|
|
161
|
+
1. Log in to the Salesforce org as an administrator.
|
|
162
|
+
2. Navigate to Setup > Connected Apps > [App Name] > Manage > OAuth Usage.
|
|
163
|
+
3. Find the Run As account's active token and revoke it.
|
|
164
|
+
4. Alternatively, reset the Run As user's security token via Setup > Users >
|
|
165
|
+
[Run As User] > Reset Security Token.
|
|
166
|
+
5. Confirm the skill can no longer authenticate by running `sf org display --target-org <alias>`.
|
|
167
|
+
|
|
168
|
+
Rotating the refresh token immediately invalidates all active sessions for
|
|
169
|
+
the Run As account without affecting any other user or integration.
|
|
170
|
+
|
|
171
|
+
---
|
|
172
|
+
|
|
173
|
+
## Audit Trail Enablement
|
|
174
|
+
|
|
175
|
+
Enable the following in the target Salesforce org to support the T1 audit model:
|
|
176
|
+
|
|
177
|
+
1. **Setup Audit Trail** — automatically enabled in all orgs. Captures
|
|
178
|
+
metadata and setup changes. The Run As account's actions appear here.
|
|
179
|
+
2. **Event Monitoring** (add-on, if licensed
|
|
180
|
+
)
|
|
181
|
+
— captures API query events, login events, and data export events.
|
|
182
|
+
Strongly recommended for production-adjacent T1 use.
|
|
183
|
+
3. **Platform Event logging** — if the org uses Platform Events, confirm
|
|
184
|
+
the Run As account cannot publish events (no Create permission on
|
|
185
|
+
Platform Event objects).
|
|
186
|
+
|
|
187
|
+
The skill's audit envelope (see `SKILL.md`) is a local record only. The
|
|
188
|
+
org-side audit trail is the authoritative log for compliance purposes.
|
|
189
|
+
|
|
190
|
+
---
|
|
191
|
+
|
|
192
|
+
## Org Allowlist Verification
|
|
193
|
+
|
|
194
|
+
Before executing any query, the skill calls `sf org list --connected --json`
|
|
195
|
+
and verifies that the `--target-org` alias appears in the list. If the alias
|
|
196
|
+
is not in the list:
|
|
197
|
+
|
|
198
|
+
1. The skill does not attempt to authenticate.
|
|
199
|
+
2. The skill emits a refusal with reason `alias_not_authorized`.
|
|
200
|
+
3. The skill suggests running `sf org login web --alias <alias>` or
|
|
201
|
+
`sf org login jwt --alias <alias>` as the appropriate remediation.
|
|
202
|
+
|
|
203
|
+
The Connected App allowlist (Permitted Users + IP restrictions) is the
|
|
204
|
+
enforcement layer. The `sf org list` check is a soft pre-flight that
|
|
205
|
+
reduces unnecessary authentication failures.
|
|
206
|
+
|
|
207
|
+
---
|
|
208
|
+
|
|
209
|
+
##Tags in This Document
|
|
210
|
+
|
|
211
|
+
The following items in this file must be re-verified against the live
|
|
212
|
+
Salesforce documentation before merging to main:
|
|
213
|
+
|
|
214
|
+
- Permission API names (`ModifyAllData`, `ViewAllData`, `ViewEncryptedData`,
|
|
215
|
+
`ModifyMetadata`, `AuthorApex`, `CustomizeApplication`, `ManageConnectedApps`,
|
|
216
|
+
`ViewSetup`) — confirm these match current API names in Spring '26 or later.
|
|
217
|
+
- Connected App OAuth scope labels — Salesforce has renamed scopes in past
|
|
218
|
+
releases; confirm `api` and `refresh_token` (offline_access) are the
|
|
219
|
+
correct scope identifiers.
|
|
220
|
+
- Event Monitoring availability and licensing model.
|
|
221
|
+
- `Refresh Token Rotation` Connected App option — confirm it is available
|
|
222
|
+
in the org edition being targeted.
|
|
223
|
+
- Health Cloud and Financial Services Cloud as regulated-vertical indicators
|
|
224
|
+
— confirm both are still the primary regulated cloud products.
|