@raishin/vanguard-frontier-agentic 2.3.0 → 2.5.0

package/skills/azure/azure-identity-governance-review/references/official-sources.md

@@ -4,25 +4,25 @@
 
 Load only what is needed:
 
-- Azure identity and access management design area  
+- Azure identity and access management design area
   https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access
-- Landing zone identity and access management  
+- Landing zone identity and access management
   https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access-landing-zones
-- Microsoft Entra roles best practices  
+- Microsoft Entra roles best practices
   https://learn.microsoft.com/en-us/azure/active-directory/roles/best-practices
-- Privileged Identity Management documentation  
+- Privileged Identity Management documentation
   https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/
-- Assign Azure resource roles in Privileged Identity Management  
+- Assign Azure resource roles in Privileged Identity Management
   https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-assign-roles
-- Access reviews overview  
+- Access reviews overview
   https://learn.microsoft.com/en-us/entra/id-governance/access-reviews-overview
-- Manage access with access reviews  
+- Manage access with access reviews
   https://learn.microsoft.com/en-us/entra/id-governance/manage-access-review
-- Perform access reviews for Azure resource and Microsoft Entra roles in PIM  
+- Perform access reviews for Azure resource and Microsoft Entra roles in PIM
   https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-perform-roles-and-resource-roles-review
-- Entitlement management overview  
+- Entitlement management overview
   https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-overview
-- Create an access review of an access package in entitlement management  
+- Create an access review of an access package in entitlement management
   https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-reviews-create
-- Azure MCP tool inventory  
+- Azure MCP tool inventory
   https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/

package/skills/azure/azure-identity-governance-review/references/workflow-and-output.md

@@ -63,7 +63,7 @@
 3.
 
 ## Open questions
-- 
+-
 ```
 
 ## Red Flags

package/skills/azure/azure-key-vault-secret-lifecycle-auditor/references/workflow-and-output.md

@@ -88,7 +88,7 @@
 3.
 
 ## Open questions
-- 
+-
 ```
 
 ## Red Flags

package/skills/azure/azure-migrate-landing-zone-cutover/references/workflow-and-output.md

@@ -104,7 +104,7 @@
 3.
 
 ## Open questions
-- 
+-
 ```
 
 ## Red Flags

package/skills/azure/azure-platform-automation-devops/references/workflow-and-output.md

@@ -95,7 +95,7 @@
 3.
 
 ## Open questions
-- 
+-
 ```
 
 ## Red Flags

package/skills/azure/azure-private-endpoint-adoption-planner/references/workflow-and-output.md

@@ -87,7 +87,7 @@
 3.
 
 ## Open questions
-- 
+-
 ```
 
 ## Red Flags

package/skills/azure/azure-resource-health-incident-triage/references/workflow-and-output.md

@@ -2,17 +2,17 @@
 
 ## Safe Workflow
 
-1. **Frame the incident**  
+1. **Frame the incident**
    Confirm exact symptom, affected resource or workload, incident start time, environment, subscription or resource-group boundary, region, and current customer impact.
-2. **Check platform-health signals first**  
+2. **Check platform-health signals first**
    Review Resource Health status for the named resource or scoped set of resources. Check whether the signal is `Available`, `Unavailable`, `Degraded`, or `Unknown`, and capture reason/details if present.
-3. **Check broader service-impact signals**  
+3. **Check broader service-impact signals**
    Review Service Health events relevant to the subscription, services, region, and time window. Distinguish active issues, planned maintenance, advisories, and resolved history.
-4. **Correlate with Activity Log and alert evidence**  
+4. **Correlate with Activity Log and alert evidence**
    Check recent activity-log events, Resource Health notifications, and Service Health or activity-log alert behavior to see whether the timeline matches a platform event, a user or automation change, or neither.
-5. **Classify the likely failure domain**  
+5. **Classify the likely failure domain**
    Put the incident in one of these bins: `likely provider incident`, `likely tenant misconfiguration or change`, `resource-local issue with no broad Azure evidence`, or `unresolved`.
-6. **Return bounded next actions**  
+6. **Return bounded next actions**
    Recommend the next safest move: monitor, escalate to Microsoft, inspect specific tenant changes, hand off to application/SRE owners, or collect missing evidence.
 
 ## Role-Specific Stress Checks

package/skills/azure/azure-subscription-resource-organization/references/workflow-and-output.md

@@ -83,7 +83,7 @@
 3.
 
 ## Assumptions and unknowns
-- 
+-
 ```
 
 ## Red Flags

package/skills/cross-functional/salesforce-case-capsule/SKILL.md

@@ -0,0 +1,164 @@
+---
+name: salesforce-case-capsule
+description: Use this skill when a Salesforce specialist agent must hand a matter to another agent and the context, uncertainty, evidence quality, privilege posture, and privacy posture must survive the handoff intact. Defines the shared salesforce-case-capsule — a controlled, auditable exchange record with redacted identifiers, risk labels, privilege and privacy labels, a decision-owner field, and an explicit do-not-do list. Trigger phrases: "create a handoff capsule for this Salesforce matter", "structure this Salesforce handoff", "prepare a Salesforce case capsule". Do not use when you only need to classify a matter (use salesforce-routing-protocol), when you need to assess live-mutation risk (use salesforce-live-change-approval-protocol), or when you need to escalate a data exposure event (use salesforce-data-exposure-escalation-protocol). Does not give Salesforce or business advice and does not authorize any action.
+allowed-tools: Read Grep Glob
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+  updated: "2026-05-20"
+  category: platform
+  lifecycle: experimental
+---
+
+# Salesforce Case Capsule
+
+## Purpose
+This skill defines the **salesforce-case-capsule** — the single structured
+record that Salesforce specialist agents exchange when a matter crosses an agent
+boundary. The capsule exists so that no agent works in a silo, no context is
+lost in a handoff, and every cross-domain exchange is auditable. It is a data
+contract, not a decision: a capsule never approves, denies, or directs an
+action. It carries facts, uncertainty, risk posture, and an explicit decision
+owner.
+
+## When to use
+- A maestro agent routes a Salesforce matter to one or more specialist agents.
+- A specialist agent escalates a matter that has crossed into another domain.
+- Any matter touches multiple Salesforce risk domains and must be reviewed
+  in parallel.
+- A matter must be paused and escalated to a human owner.
+
+## When not to use
+- You only need to classify a matter — use `salesforce-routing-protocol`.
+- A live org mutation is being proposed — use `salesforce-live-change-approval-protocol`.
+- A data exposure event has been triggered — use `salesforce-data-exposure-escalation-protocol`.
+- The handoff is within the same agent session without domain crossing.
+
+## Minimum payload (required inputs)
+- Description of the Salesforce matter in plain language (sanitized, no credentials or PII).
+- Matter type (from salesforce-risk-taxonomy).
+- Risk tier (Critical / High / Medium / Low / Unknown).
+- Originating agent or human invoker.
+- Intended receiving agent(s).
+
+## Core rules
+- Every cross-agent handoff MUST be expressed as a capsule. No free-form
+  agent-to-agent chatter.
+- Every capsule MUST name exactly one `decision_owner` (an accountable human)
+  and exactly one `primary_agent`.
+- Every capsule MUST carry a `do_not_do_list`. An empty list is not acceptable;
+  if nothing is prohibited, the capsule is not ready to send.
+- Every capsule MUST label `privilege_sensitivity` and `privacy_sensitivity`.
+- Identifiers MUST be redacted to the minimum necessary. Replace org IDs, user
+  IDs, customer names, and tenant IDs with placeholders.
+- A capsule records uncertainty honestly: `assumptions`, `inferences`, and
+  `missing_evidence` are mandatory fields, not optional.
+- A capsule never states "this is compliant", "this is approved", or "this
+  configuration is safe". `risk_rating` uses risk language only.
+- High-risk cross-domain capsules MUST set `escalation_required: true` and
+  `recommended_next_action` to a pause-and-escalate posture unless documented
+  controls already exist.
+
+## Capsule field set
+
+### Identity and routing
+- `matter_id` — unique identifier (generated, never a real org ID)
+- `matter_type` — from salesforce-risk-taxonomy matter type list
+- `source_agent` — agent or human invoker creating the capsule
+- `receiving_agent` — primary receiving agent
+- `secondary_agents` — list of parallel-review agents if any
+- `primary_agent` — agent with primary accountability
+- `decision_owner` — named accountable human
+- `org_environment_type` — sandbox / scratch / staging / production (placeholder, not real ID)
+- `business_unit` — redacted business unit reference
+- `timeline` — relevant dates and deadlines (no PII)
+
+### Evidence discipline
+- `facts` — confirmed facts from sanitized inputs
+- `assumptions` — inferences the agent made without direct evidence
+- `inferences` — derived conclusions labeled as such
+- `missing_evidence` — what is unknown and needed
+- `evidence_quality` — High / Medium / Low / Insufficient
+
+### Risk posture
+- `risk_rating` — Critical / High / Medium / Low / Unknown per salesforce-risk-taxonomy
+- `matter_type_flags` — relevant escalation gates from salesforce-risk-taxonomy
+- `privilege_sensitivity` — None / Advisory / Legal-Privilege
+- `privacy_sensitivity` — None / Internal / PII / Regulated-Data
+- `data_exposure_risk` — boolean + description if true
+- `guest_user_risk` — boolean
+- `autonomous_ai_risk` — boolean
+- `finance_revenue_risk` — boolean
+- `irreversible_change_risk` — boolean
+
+### Ownership and action
+- `human_approval_required` — boolean
+- `escalation_required` — boolean
+- `escalation_gate_fired` — name of gate from salesforce-risk-taxonomy or null
+- `recommended_next_action` — pause-and-escalate / proceed-with-approval / proceed-with-review / blocked
+- `do_not_do_list` — explicit list of actions the receiving agent must not take
+- `open_questions` — questions that must be answered before the matter can proceed
+- `blockers` — conditions that prevent forward progress
+- `approval_state` — draft / pending-human-review / approved / rejected
+- `audit_log_summary` — one-line summary of routing decision and rationale
+
+## Workflow
+1. Receive matter description and classify using salesforce-risk-taxonomy.
+2. Assign matter_id (generated placeholder), matter_type, risk_rating.
+3. Identify decision_owner, primary_agent, receiving_agent.
+4. Populate facts, assumptions, inferences, missing_evidence honestly.
+5. Assess risk posture flags (data exposure, guest user, AI, finance, irreversible).
+6. Set privilege_sensitivity and privacy_sensitivity.
+7. Populate do_not_do_list — must not be empty.
+8. Set escalation_required and escalation_gate_fired if applicable.
+9. Set recommended_next_action.
+10. Output the complete capsule.
+
+## Evidence requirements
+- Sanitized matter description (no credentials, tokens, PII, org IDs).
+- Matter type classification with basis stated.
+- Risk rating with evidence basis stated.
+- Named decision owner.
+
+## Output format
+Produce a structured capsule with all fields from the field set above.
+Label each section clearly. Every `assumptions` entry must state its basis.
+Every `do_not_do_list` entry must state the reason.
+
+## Redaction rules
+- Never request secrets, credentials, OAuth tokens, refresh tokens, session IDs, MFA seeds, customer PII.
+- Sanitize org IDs, user IDs (replace with placeholders such as `[ORG-ID]`, `[USER-ID]`) before including in capsule.
+- Never carry privileged email text, legal hold communications, or medical data.
+
+## Privilege / data handling rules
+- The capsule is a minimum-necessary record. Do not widen it to carry full
+  configuration exports, debug logs with PII, or production data samples.
+- A capsule that would extend circulation of privileged or investigation material
+  must be narrowed before it is sent.
+- Privacy_sensitivity = Regulated-Data requires escalation_required = true.
+
+## Handoff rules
+- Capsule hands off to: salesforce-org-assessment-skill, salesforce-metadata-review-skill,
+  salesforce-permission-model-review-skill, salesforce-flow-automation-review-skill,
+  salesforce-apex-lwc-code-review-skill, salesforce-release-readiness-skill,
+  salesforce-integration-review-skill, salesforce-marketing-consent-review-skill,
+  salesforce-agentforce-risk-review-skill (per matter_type routing).
+- Required handoff fields: matter_id, matter_type, risk_rating, decision_owner,
+  do_not_do_list, escalation_required, recommended_next_action.
+
+## Audit log fields
+- matter_id, skill_id, skill_version, invoked_by, input_hash, evidence_quality, output_verdict, escalation_fired, timestamp
+
+## Stop conditions
+- do_not_do_list cannot be populated — capsule is not ready; gather more context first.
+- decision_owner is unknown — stop and ask the invoker to name an accountable human.
+- Matter involves regulated personal data and privacy_sensitivity cannot be determined — stop and escalate.
+- Capsule would require carrying production credentials or PII — stop and refuse.
+
+## Security notes
+- The capsule is a minimum-necessary record. Never authorize action. Any field
+  that reads as a directive to deploy, configure, or modify production is a
+  defect — rewrite as a recommendation with a named human owner.
+- Org IDs and user IDs are always replaced with placeholders before inclusion.
+- Capsules with escalation_gate_fired set must be reviewed by a human before
+  any downstream agent acts.

package/skills/cross-functional/salesforce-case-capsule/metadata.json

@@ -0,0 +1,19 @@
+{
+  "id": "salesforce-case-capsule",
+  "name": "Salesforce Case Capsule",
+  "type": "skill",
+  "provider": "generic",
+  "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
+  "summary": "Shared, auditable handoff contract for Salesforce specialist agents — a redacted case capsule carrying facts, uncertainty, evidence quality, risk labels, privilege and privacy posture, a named decision owner, and an explicit do-not-do list. Does not give Salesforce or business advice and does not authorize any action.",
+  "source_type": "original",
+  "official_docs": [
+    "https://help.salesforce.com/",
+    "https://trailhead.salesforce.com/",
+    "https://developer.salesforce.com/docs"
+  ],
+  "security_notes": "Defines a minimum-necessary handoff record; never carries org credentials, session IDs, OAuth tokens, customer PII, or regulated data beyond what the matter requires. Never authorizes action; flags privilege and privacy posture and routes decisions to a named human owner.",
+  "last_verified": "2026-05-20",
+  "path": "skills/cross-functional/salesforce-case-capsule",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}

package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/SKILL.md

@@ -0,0 +1,165 @@
+---
+name: salesforce-data-exposure-escalation-protocol
+description: Use this skill when a Salesforce data exposure event has been detected or is strongly suspected. Triggers include: guest-user data exposure via Experience Cloud, cross-org data sync without a Data Processing Agreement, regulated-data sync in Marketing Cloud without a consent map, Experience Cloud sharing-set widening affecting personal data, and Data Cloud cross-org sharing without appropriate controls. Trigger phrases: "guest user can see records they should not", "data syncing across orgs without DPA", "sharing set was widened in production", "marketing data sync without consent", "Data Cloud sharing concern". Do not use for routine permission reviews (use salesforce-permission-model-review-skill), for pre-change risk assessment (use salesforce-live-change-approval-protocol), or for general security questions not involving a suspected exposure event. This skill governs the immediate escalation response path: pause, preserve evidence, name controllers and processors, escalate to privacy counsel and security, and document.
+allowed-tools: Read Grep Glob
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+  updated: "2026-05-20"
+  category: security
+  lifecycle: experimental
+---
+
+# Salesforce Data Exposure Escalation Protocol
+
+## Purpose
+This skill defines the immediate escalation response path when a Salesforce
+data exposure event has been detected or is strongly suspected. It exists
+because exposure events in Salesforce orgs — particularly involving guest
+users, Experience Cloud, Data Cloud, or Marketing Cloud — can involve
+regulated personal data that triggers legal notification obligations. The
+protocol must be followed immediately; it is not advisory after a trigger fires.
+
+## When to use
+- Guest-user data exposure: an Experience Cloud site's guest-user profile or
+  OWD gives unauthenticated access to records that should be restricted.
+- Cross-org data sync without DPA: data is flowing between Salesforce orgs or
+  to external systems without a documented Data Processing Agreement.
+- Regulated-data Marketing Cloud sync without consent map: personal or
+  regulated data is syncing to Marketing Cloud
+  without a documented lawful basis and consent map.
+- Experience Cloud sharing-set widening: a sharing set or sharing rule change
+  has expanded access to personal data beyond the intended scope.
+- Data Cloud cross-org sharing: Data Cloud
+  is sharing data across orgs without documented controls, purpose limitation,
+  or appropriate consent.
+
+## When not to use
+- Routine permission review with no suspected exposure — use `salesforce-permission-model-review-skill`.
+- Pre-change risk assessment before a deployment — use `salesforce-live-change-approval-protocol`.
+- General security audit without a specific exposure event — use `salesforce-org-assessment-skill`.
+- The trigger is hypothetical or a design question, not an observed event.
+
+## Minimum payload (required inputs)
+- Description of the suspected exposure event (sanitized, no credentials or PII beyond what is strictly necessary to describe the exposure type).
+- Trigger type (one or more from the trigger list above).
+- Environment: is the exposure in a production org? (If unknown, assume yes.)
+- Approximate time of discovery.
+- Who discovered it and how.
+
+## Escalation response path
+
+**Step 1 — Pause**
+Immediately recommend pausing any ongoing data sync, automation, or
+configuration change that is contributing to the exposure. Do not delete
+evidence. Do not attempt to silently fix the configuration without escalation.
+
+**Step 2 — Preserve evidence**
+Recommend capturing and preserving:
+- Sanitized description of the configuration state (sharing rules, sharing
+  sets, OWD, guest-user profile permissions, Data Cloud segment definitions,
+  Marketing Cloud
+data extension scope).
+- Approximate time window of exposure.
+- System or event logs if accessible (do not request log content containing PII).
+- Change history (who changed what, when — from audit trail if available).
+
+Evidence must not be modified or deleted. If litigation hold risk exists,
+flag it immediately.
+
+**Step 3 — Name controllers and processors**
+Identify (using role/placeholder references, not real names):
+- Which Salesforce org is the data controller.
+- Which system (org, cloud, middleware) is acting as a data processor.
+- Which third parties received or may have received the data.
+- Whether a DPA exists between controller and processor.
+
+**Step 4 — Escalate to privacy counsel and security**
+Recommend immediate escalation to:
+- Privacy counsel or Data Protection Officer (DPO) for assessment of
+  notification obligations under applicable law (GDPR, CCPA, HIPAA, or
+  other jurisdiction-specific requirements).
+- Information security team for technical containment assessment.
+- Salesforce Trust (
+  https://help.salesforce.com/s/trust) if the exposure may involve a
+  Salesforce platform-level issue.
+
+Do not conclude that notification is required or not required — that is a
+legal determination for qualified counsel.
+
+**Step 5 — Document**
+Produce a structured escalation record (salesforce-case-capsule with
+escalation_gate_fired = `production-data-exposure`) containing:
+- Trigger type(s) fired.
+- Evidence preservation status.
+- Controller/processor identification (placeholder references).
+- Escalation recipients (roles, not personal identifiers).
+- Open questions for privacy counsel.
+- Do-not-do list.
+- Decision owner (named human).
+
+## Workflow
+1. Receive sanitized exposure description.
+2. Match against trigger list; identify all triggers that apply.
+3. Output ESCALATE immediately — do not defer.
+4. Execute steps 1–5 in order.
+5. Produce salesforce-case-capsule with escalation_gate_fired = `production-data-exposure`.
+6. List open questions for privacy counsel (do not answer them — they require legal determination).
+7. Remind invoker: no self-remediation without human authorization.
+
+## Evidence requirements
+- Sanitized description of the configuration state at time of discovery.
+- Trigger type(s) clearly identified.
+- Time of discovery and approximate exposure window.
+- Whether regulated data (PII, HIPAA, PCI, financial) is or may be involved.
+
+## Output format
+```
+escalation_verdict: ESCALATE
+triggers_fired: [list]
+environment: production | unknown (treat as production)
+regulated_data_in_scope: yes | no | unknown
+pause_recommendation: [specific actions to pause]
+evidence_preservation_checklist: [items to capture]
+controller_processor_map: [placeholder references]
+escalation_recipients: [roles: privacy counsel, DPO, security team, Salesforce Trust if applicable]
+open_questions_for_counsel: [list — do not answer]
+do_not_do_list: [explicit prohibitions]
+decision_owner: [named human role]
+salesforce_case_capsule_required: true
+```
+
+## Redaction rules
+- Never request secrets, credentials, OAuth tokens, refresh tokens, session IDs, MFA seeds, customer PII.
+- Sanitize org IDs, user IDs (replace with placeholders) before sharing in outputs.
+- Exposure descriptions must use role and system references, not real names or customer identifiers.
+
+## Privilege / data handling rules
+- Escalation records may be subject to legal privilege if prepared in anticipation of litigation.
+  Flag this and recommend handling only through or with counsel.
+- Do not circulate the escalation record beyond the named escalation recipients.
+- The escalation record is not a public incident disclosure; do not draft customer
+  communications without qualified counsel involved.
+
+## Handoff rules
+- Always hands off to salesforce-case-capsule with escalation_gate_fired = `production-data-exposure`.
+- Escalates to privacy counsel (external) and security team (internal) as human recipients.
+- If regulated-vertical is in scope, also escalates to compliance lead.
+- Required handoff fields: trigger_type, environment, regulated_data_in_scope, evidence_preservation_status, decision_owner.
+
+## Audit log fields
+- matter_id, skill_id, skill_version, invoked_by, input_hash, evidence_quality, output_verdict, escalation_fired, timestamp
+
+## Stop conditions
+- Invoker provides real PII, credentials, or customer data in the description — stop and ask for sanitized version.
+- Invoker requests self-remediation without human involvement — stop and refuse; escalation requires human authorization.
+- Notification obligation is asserted or denied without counsel — stop and state that legal determination is required.
+
+## Security notes
+- This protocol never determines whether regulatory notification is required.
+  That is a legal determination for qualified privacy counsel.
+- Pausing is always safer than attempting a silent configuration fix.
+- Evidence must be preserved; do not recommend deletion of logs or configuration
+  snapshots even if they contain evidence of misconfiguration.
+- Salesforce Trust contacts are referenced for platform-level issues only;
+  verify current contact information at https://help.salesforce.com/s/trust before use.

package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/metadata.json

@@ -0,0 +1,19 @@
+{
+  "id": "salesforce-data-exposure-escalation-protocol",
+  "name": "Salesforce Data Exposure Escalation Protocol",
+  "type": "skill",
+  "provider": "generic",
+  "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
+  "summary": "Immediate escalation-response protocol for Salesforce data exposure events — fires on guest-user exposure, cross-org sync without DPA, regulated-data Marketing Cloud sync without consent map, Experience Cloud sharing-set widening, and Data Cloud cross-org sharing. Required path: pause, preserve evidence, name controllers and processors, escalate to privacy counsel and security, and document.",
+  "source_type": "original",
+  "official_docs": [
+    "https://help.salesforce.com/",
+    "https://trailhead.salesforce.com/",
+    "https://developer.salesforce.com/docs"
+  ],
+  "security_notes": "Hard escalation protocol — never determines regulatory notification obligations (legal determination only); never authorizes self-remediation; always requires human authorization. Evidence must be preserved and not deleted. Sanitized inputs only; never accepts real credentials, PII, or customer data.",
+  "last_verified": "2026-05-20",
+  "path": "skills/cross-functional/salesforce-data-exposure-escalation-protocol",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}

package/skills/cross-functional/salesforce-live-change-approval-protocol/SKILL.md

@@ -0,0 +1,118 @@
+---
+name: salesforce-live-change-approval-protocol
+description: Use this skill when any proposed mutation to a live Salesforce production org must be evaluated before execution. This is a refusal-by-default gate: if any required precondition is missing, the skill stops and refuses. Required preconditions are target_org_identity, environment_type, user_identity, permission_scope, change_ticket, approval_state, dry_run_or_deployment_preview, backup_rollback_plan, test_evidence, and post_change_verification_plan. Trigger phrases: "approve this Salesforce change", "can we deploy to production", "review this org mutation", "is this change safe to push live", "run this in production". Do not use for sandbox or scratch-org changes that have no production impact, for read-only reviews of exported metadata (use domain review skills), or for classifying matter types (use salesforce-risk-taxonomy). Note: this repo is a markdown marketplace; this protocol governs advisory checklists only, not real org executions. All live mutation decisions require human authorization.
+allowed-tools: Read Grep Glob
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+  updated: "2026-05-20"
+  category: delivery
+  lifecycle: experimental
+---
+
+# Salesforce Live Change Approval Protocol
+
+## Purpose
+This skill is a refusal-by-default gate for any proposed mutation to a live
+Salesforce production org. It exists because production org changes carry
+irreversible risk — data exposure, broken automation, permission widening,
+and revenue-logic corruption can all result from unreviewed deployments.
+No live-mutation advisory may proceed until all ten required preconditions
+are confirmed present and documented.
+
+**Important:** This repository is a markdown marketplace for advisory
+workflows. This protocol governs checklist-based advisory review, not real
+org executions. Live org mutations require human authorization through your
+organization's actual change management process.
+
+## When to use
+- Any proposed change to a Salesforce production org is under discussion.
+- A deployment is being planned and must be evaluated for approval-readiness.
+- A change request has been submitted and needs precondition verification.
+- An escalation gate (`live-mutation` from salesforce-risk-taxonomy) has fired.
+
+## When not to use
+- The change targets only sandboxes or scratch orgs with no production impact.
+- You need read-only review of exported metadata — use the appropriate domain
+  review skill (salesforce-metadata-review-skill, salesforce-flow-automation-review-skill, etc.).
+- You need to classify matter types — use `salesforce-risk-taxonomy`.
+- You need a structured handoff — use `salesforce-case-capsule`.
+
+## Minimum payload (required inputs)
+The following ten preconditions must ALL be present. If any is missing, the
+skill outputs STOP and lists the missing items.
+
+1. **target_org_identity** — A placeholder identifier for the target org (never a real org ID or credentials). Environment type must be confirmed as production.
+2. **environment_type** — Must be `production`. If sandbox or scratch, this protocol does not apply.
+3. **user_identity** — The role or placeholder identity of the person authorizing the change (never a real username, email, or SSO ID).
+4. **permission_scope** — The permissions held by the deploying identity. Must be documented; "admin" alone is insufficient.
+5. **change_ticket** — A reference to an approved change management ticket (e.g., Jira, ServiceNow, Salesforce Cases). Must exist and be in approved state.
+6. **approval_state** — The formal approval status. Must be `approved` by a named human owner. `pending` or `draft` → STOP.
+7. **dry_run_or_deployment_preview** — Evidence that the change was previewed in a comparable environment (check-only deploy output, sandbox result, or equivalent). Must be present.
+8. **backup_rollback_plan** — A documented plan for reversing the change if it fails. Must name the rollback mechanism and estimated recovery time.
+9. **test_evidence** — Test results demonstrating the change is safe. Must include test class coverage (Apex) or equivalent automated evidence. Must meet org threshold.
+10. **post_change_verification_plan** — Steps to verify the change is working correctly after deployment. Must be documented before deployment begins.
+
+## Workflow
+1. Receive the proposed change description (sanitized, no credentials or PII).
+2. Check each precondition in order.
+3. If ANY precondition is missing or incomplete → output STOP with missing items listed.
+4. If all ten preconditions are present → output PROCEED-WITH-HUMAN-AUTHORIZATION, listing each precondition's confirmed state.
+5. Check salesforce-risk-taxonomy escalation gates. If any gate fires → output ESCALATE regardless of precondition state.
+6. Produce the advisory checklist output.
+7. Remind the invoker that human authorization is required before any real deployment.
+
+## Evidence requirements
+- All ten preconditions must be documented by the invoker.
+- Evidence must be sanitized: no real org IDs, no credentials, no customer PII.
+- Dry-run or deployment preview output must be present as text (not a promise to run it later).
+
+## Output format
+```
+advisory_verdict: STOP | PROCEED-WITH-HUMAN-AUTHORIZATION | ESCALATE
+missing_preconditions: [list, or "none"]
+escalation_gates_fired: [list from salesforce-risk-taxonomy, or "none"]
+precondition_check:
+  target_org_identity: confirmed | missing | incomplete
+  environment_type: confirmed | missing | incomplete
+  user_identity: confirmed | missing | incomplete
+  permission_scope: confirmed | missing | incomplete
+  change_ticket: confirmed | missing | incomplete
+  approval_state: confirmed | missing | incomplete
+  dry_run_or_deployment_preview: confirmed | missing | incomplete
+  backup_rollback_plan: confirmed | missing | incomplete
+  test_evidence: confirmed | missing | incomplete
+  post_change_verification_plan: confirmed | missing | incomplete
+advisory_notes: [risk observations, not authorizations]
+human_authorization_reminder: "All live org mutations require human authorization through your organization's change management process. This advisory checklist does not constitute approval."
+```
+
+## Redaction rules
+- Never request secrets, credentials, OAuth tokens, refresh tokens, session IDs, MFA seeds, customer PII.
+- Sanitize org IDs, user IDs (replace with placeholders) before sharing in outputs.
+- If the invoker provides real credentials or org IDs, decline and ask for sanitized placeholders.
+
+## Privilege / data handling rules
+- This skill never stores, logs, or repeats credentials or session tokens.
+- Production org identifiers must be replaced with placeholders in all outputs.
+- Change descriptions must not carry customer data samples.
+
+## Handoff rules
+- STOP verdict: handoff to salesforce-case-capsule with missing preconditions as blockers.
+- ESCALATE verdict: handoff to salesforce-data-exposure-escalation-protocol if data-exposure gate fired; otherwise to salesforce-case-capsule with escalation_required = true.
+- PROCEED-WITH-HUMAN-AUTHORIZATION: advisory output is presented to the human decision owner. No agent takes further action without explicit human authorization.
+
+## Audit log fields
+- matter_id, skill_id, skill_version, invoked_by, input_hash, evidence_quality, output_verdict, escalation_fired, timestamp
+
+## Stop conditions
+- Any of the ten preconditions is missing or incomplete → output STOP immediately.
+- An escalation gate fires → output ESCALATE regardless of precondition state.
+- The invoker provides real credentials or production org IDs → stop and refuse.
+- The proposed change is described as a live production mutation but environment_type is not confirmed → output STOP.
+
+## Security notes
+- Refusal is the default. The burden is on the invoker to supply all ten preconditions.
+- This protocol never issues authorization. The output is advisory only.
+- Production org IDs, credentials, and session tokens must never appear in any field.
+- This repo is a markdown marketplace; no code in this skill executes real Salesforce API calls.

package/skills/cross-functional/salesforce-live-change-approval-protocol/metadata.json

@@ -0,0 +1,19 @@
+{
+  "id": "salesforce-live-change-approval-protocol",
+  "name": "Salesforce Live Change Approval Protocol",
+  "type": "skill",
+  "provider": "generic",
+  "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
+  "summary": "Refusal-by-default advisory gate for proposed live Salesforce production org mutations — verifies ten required preconditions (org identity, environment type, user identity, permission scope, change ticket, approval state, dry-run preview, rollback plan, test evidence, post-change verification) and outputs STOP if any is missing. Advisory only; all live mutations require human authorization.",
+  "source_type": "original",
+  "official_docs": [
+    "https://help.salesforce.com/",
+    "https://trailhead.salesforce.com/",
+    "https://developer.salesforce.com/docs"
+  ],
+  "security_notes": "Refusal-by-default gate; never issues authorization for live org mutations; advisory checklist only. Never accepts or repeats real credentials, session tokens, or production org IDs. All live mutation decisions require human authorization through the organization's change management process.",
+  "last_verified": "2026-05-20",
+  "path": "skills/cross-functional/salesforce-live-change-approval-protocol",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}