@raishin/vanguard-frontier-agentic 2.3.0 → 2.5.0

package/skills/oci/oci-devops-container-platform-engineer/SKILL.md

@@ -91,8 +91,6 @@ machine-local paths. Adapt quoting, line continuation, and environment handling
 to the user's active platform only at execution time.
 
 
-
-
 ## References
 
 Load these only when needed, following progressive disclosure:

package/skills/oci/oci-identity-access-governor/SKILL.md

@@ -92,8 +92,6 @@ machine-local paths. Adapt quoting, line continuation, and environment handling
 to the user's active platform only at execution time.
 
 
-
-
 ## References
 
 Load these only when needed, following progressive disclosure:

package/skills/oci/oci-multi-cloud-architect/SKILL.md

@@ -109,8 +109,6 @@ machine-local paths. Adapt quoting, line continuation, and environment handling
 to the user's active platform only at execution time.
 
 
-
-
 ## References
 
 Load these only when needed, following progressive disclosure:

package/skills/oci/oci-network-architect/SKILL.md

@@ -92,8 +92,6 @@ machine-local paths. Adapt quoting, line continuation, and environment handling
 to the user's active platform only at execution time.
 
 
-
-
 ## References
 
 Load these only when needed, following progressive disclosure:

package/skills/oci/oci-observability-incident-responder/SKILL.md

@@ -87,8 +87,6 @@ machine-local paths. Adapt quoting, line continuation, and environment handling
 to the user's active platform only at execution time.
 
 
-
-
 ## References
 
 Load these only when needed, following progressive disclosure:

package/skills/oci/oci-security-compliance-reviewer/SKILL.md

@@ -90,8 +90,6 @@ machine-local paths. Adapt quoting, line continuation, and environment handling
 to the user's active platform only at execution time.
 
 
-
-
 ## References
 
 Load these only when needed, following progressive disclosure:

package/skills/oci/oci-solution-architect/SKILL.md

@@ -106,8 +106,6 @@ machine-local paths. Adapt quoting, line continuation, and environment handling
 to the user's active platform only at execution time.
 
 
-
-
 ## References
 
 Load these only when needed, following progressive disclosure:
@@ -229,7 +227,7 @@ oci monitoring alarm list --compartment-id <compartment_id> --all
 3.
 
 ## Open questions
-- 
+-
 ```
 
 ## Red Flags

package/skills/oci/oci-storage-backup-steward/SKILL.md

@@ -86,8 +86,6 @@ machine-local paths. Adapt quoting, line continuation, and environment handling
 to the user's active platform only at execution time.
 
 
-
-
 ## References
 
 Load these only when needed, following progressive disclosure:

package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md

@@ -33,7 +33,7 @@ Load these only when needed:
 ## Response minimum
 Return, at minimum:
 - Cardinality risk assessment (label audit findings)
-- Alert expression correctness findings (for: duration, absent() misuse, MWMB posture)
+- Alert expression correctness findings (for: duration, absent misuse, MWMB posture)
 - AlertManager routing and inhibition findings
 - Scrape config security findings
 - Retention and remote_write findings

package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md

@@ -21,7 +21,7 @@ Check for:
 - Labels sourced from high-cardinality application dimensions:
   - `user_id`, `request_id`, `session_id`, `transaction_id`, `trace_id`
   - `url_path`, `uri`, `endpoint` (unless aggressively normalized)
-  - `pod` or `container` labels used as primary grouping in `sum by()` without aggregation
+  - `pod` or `container` labels used as primary grouping in `sum by` without aggregation
 - Use of `__` internal labels in user-facing metric names
 
 Example cardinality risk:
@@ -43,7 +43,7 @@ Note the `prometheus_tsdb_head_series` threshold: above 5 million series, TSDB m
 Check whether recording rules exist for:
 - SLO error-rate expressions that appear in alerting rules
 - High-cardinality aggregation queries used in Grafana dashboards
-- Any `rate()` or `increase()` expression over a window longer than 5 minutes that is queried at sub-minute dashboard refresh
+- Any `rate` or `increase` expression over a window longer than 5 minutes that is queried at sub-minute dashboard refresh
 
 Flag absence of recording rules for any expression that appears more than once across rules files as MEDIUM.
 
@@ -76,9 +76,9 @@ For every `alert:` rule, check:
   for: 5m
 ```
 
-**4b. `absent()` usage**
+**4b. `absent` usage**
 - `absent(some_metric)` fires if `some_metric` was never scraped — review whether the metric is always expected to exist
-- If the metric only appears when the condition is active (e.g., an error counter), `absent()` fires in the absence of errors, which is a false positive
+- If the metric only appears when the condition is active (e.g., an error counter), `absent` fires in the absence of errors, which is a false positive
 
 **4c. SLO alerting pattern**
 - MWMB (multi-window multi-burn-rate) is the Google SRE-recommended SLO alerting pattern

package/skills/qa/ci-test-pipeline-review/references/workflow-and-output.md

@@ -59,7 +59,7 @@ steps:
 
 - No upload of test results (JUnit XML) and failure artifacts (traces, screenshots, videos, logs) → HIGH. A CI-only failure is then undebuggable; engineers re-run blindly hoping for green.
 - Artifacts uploaded only on success, or retention too short to investigate → MEDIUM.
-- Recommended: upload JUnit XML always, and traces/screenshots/logs `if: failure()`.
+- Recommended: upload JUnit XML always, and traces/screenshots/logs `if: failure`.
 
 ### Step 7 — Quarantine-lane audit
 

package/skills/qa/llm-ai-pipeline-test-review/references/workflow-and-output.md

@@ -114,7 +114,7 @@ For pipelines that include LLM agents, confirm the eval measures agent behavior,
 # missing TaskCompletionMetric
 
 # Correct — both agent metrics present
-tool_correctness = ToolCorrectnessMetric()
+tool_correctness = ToolCorrectnessMetric
 task_completion = TaskCompletionMetric(threshold=0.8)
 agent_test_case = LLMTestCase(
     input=user_request,

package/skills/qa/playwright-e2e-suite-review/SKILL.md

@@ -16,17 +16,17 @@ metadata:
 This skill reviews a Playwright end-to-end test suite for the defects that destroy CI trust at scale: flakiness, brittle selectors, broken test isolation, and unreliable CI configuration. A flaky E2E suite is worse than no suite — engineers learn to re-run failures instead of reading them, real regressions ship behind a green-after-retry checkmark, and the suite stops gating anything. The review catches hard waits, manual non-retrying assertions, implementation-coupled selectors, shared mutable state across tests, and retry/sharding misconfiguration before they erode confidence in the deploy pipeline.
 
 ## Lean operating rules
-- Treat any use of `page.waitForTimeout()` / `waitForTimeout` in a spec (not a debugging branch) as HIGH — fixed sleeps are the single largest source of Playwright flakiness; they either race the app or pad every run.
-- Treat manual non-retrying assertions (`expect(await locator.isVisible()).toBe(true)`, `expect(await locator.textContent()).toBe(...)`) as HIGH — they snapshot a single instant and lose Playwright's auto-retry; use web-first assertions (`await expect(locator).toBeVisible()`).
+- Treat any use of `page.waitForTimeout` / `waitForTimeout` in a spec (not a debugging branch) as HIGH — fixed sleeps are the single largest source of Playwright flakiness; they either race the app or pad every run.
+- Treat manual non-retrying assertions (`expect(await locator.isVisible).toBe(true)`, `expect(await locator.textContent).toBe(...)`) as HIGH — they snapshot a single instant and lose Playwright's auto-retry; use web-first assertions (`await expect(locator).toBeVisible`).
 - Treat selectors bound to implementation detail — deep CSS chains, nth-child indexes, generated/hashed class names, raw XPath — as HIGH for brittleness; prefer role-, label-, text-, or `data-testid`-based locators.
-- Treat tests that depend on ordering or share mutable state (module-level variables mutated across `test()` blocks, a record created in test A read in test B) as HIGH — they break under parallelism, sharding, and `--shuffle`, and produce non-reproducible failures.
+- Treat tests that depend on ordering or share mutable state (module-level variables mutated across `test` blocks, a record created in test A read in test B) as HIGH — they break under parallelism, sharding, and `--shuffle`, and produce non-reproducible failures.
 - Treat `retries` set greater than 0 in CI with no flaky-test surfacing (no trace-on-retry, no flaky reporter, no quarantine) as HIGH — retries then silently mask real flakiness instead of buying time to fix it.
 - Treat `trace`/`screenshot`/`video` all disabled in the CI project as HIGH — a CI-only failure with no trace is undebuggable and forces blind re-runs.
 - Treat absolute waits on network (`waitForLoadState('networkidle')`) used as a general synchronization crutch as MEDIUM — it is fragile under analytics/polling; wait on the specific element or response instead.
 - Treat shared `storageState` / auth fixtures mutated by tests, or login performed inside every test instead of via a setup project, as MEDIUM — slow and a cross-test contamination risk.
 - Treat a single un-sharded CI job for a large suite, or `fullyParallel: false` without a stated reason, as MEDIUM — wall-clock time blocks every deploy.
 - Treat `expect` timeouts or global `timeout` raised well above default to make a suite "pass" as MEDIUM — masks a real slow path or race.
-- Do not recommend deleting or `.skip()`-ing a flaky test as the fix without a root-cause category and a quarantine/tracking path.
+- Do not recommend deleting or `.skip`-ing a flaky test as the fix without a root-cause category and a quarantine/tracking path.
 - Label every finding with evidence basis: spec/config text provided, documentation-based, or inference from absent configuration.
 
 ## References

package/skills/qa/playwright-e2e-suite-review/references/workflow-and-output.md

@@ -26,20 +26,20 @@ await page.click('#submit');
 `waitForTimeout` is for debugging only. It either fires before the app is ready (flake) or pads every run (slow). Replace with an action or web-first assertion that auto-waits:
 ```ts
 // CORRECT — auto-waits for the element to be actionable
-await page.getByRole('button', { name: 'Submit' }).click();
+await page.getByRole('button', { name: 'Submit' }).click;
 ```
 
 **2b. Manual non-retrying assertions**
 ```ts
 // HIGH — snapshots one instant, no auto-retry
-expect(await page.getByText('welcome').isVisible()).toBe(true);
+expect(await page.getByText('welcome').isVisible).toBe(true);
 ```
 Web-first assertions retry until the condition holds or the timeout expires:
 ```ts
 // CORRECT
-await expect(page.getByText('welcome')).toBeVisible();
+await expect(page.getByText('welcome')).toBeVisible;
 ```
-Flag any `expect(await ...)` wrapping `isVisible()`, `textContent()`, `innerText()`, `count()`, `getAttribute()` as HIGH.
+Flag any `expect(await ...)` wrapping `isVisible`, `textContent`, `innerText`, `count`, `getAttribute` as HIGH.
 
 **2c. Network-idle as a synchronization crutch**
 ```ts
@@ -48,9 +48,9 @@ await page.waitForLoadState('networkidle');
 ```
 `networkidle` is discouraged for general synchronization. Wait on the specific signal instead:
 ```ts
-await expect(page.getByRole('heading', { name: 'Dashboard' })).toBeVisible();
+await expect(page.getByRole('heading', { name: 'Dashboard' })).toBeVisible;
 // or
-await page.waitForResponse(r => r.url().includes('/api/orders') && r.ok());
+await page.waitForResponse(r => r.url.includes('/api/orders') && r.ok);
 ```
 
 ### Step 3 — Selector brittleness audit
@@ -64,7 +64,7 @@ Review the locator strategy in every spec and page object.
 | deep CSS chain (`div > div:nth-child(3) .btn`) | HIGH | breaks on any layout change |
 | hashed/generated class (`.css-1a2b3c`, `.MuiBox-root`) | HIGH | regenerated on every build |
 | raw XPath (`//div[2]/span`) | HIGH | brittle, hard to read |
-| `nth()` / index-based selection on dynamic lists | MEDIUM | breaks when list order or length changes |
+| `nth` / index-based selection on dynamic lists | MEDIUM | breaks when list order or length changes |
 
 Flag each HIGH locator with the spec file and the recommended role/label/test-id replacement.
 
@@ -73,17 +73,17 @@ Flag each HIGH locator with the spec file and the recommended role/label/test-id
 Verify each test is independent and order-free.
 
 Check for:
-- Module-level mutable variables written by one `test()` and read by another → HIGH
+- Module-level mutable variables written by one `test` and read by another → HIGH
 - A test that creates a record (user, order) consumed by a later test → HIGH (breaks under sharding and `--shuffle`)
-- `test.describe.serial()` used to paper over a shared-state dependency rather than for a genuine sequential flow → HIGH
+- `test.describe.serial` used to paper over a shared-state dependency rather than for a genuine sequential flow → HIGH
 - `beforeAll` performing mutable setup that tests then modify without reset → MEDIUM
 - Shared `storageState` file written to by tests → MEDIUM (cross-test auth contamination)
 
 ```ts
 // HIGH — test B depends on test A's side effect
 let createdOrderId;
-test('creates order', async () => { createdOrderId = await createOrder(); });
-test('views order', async () => { await page.goto(`/orders/${createdOrderId}`); });
+test('creates order', async  => { createdOrderId = await createOrder; });
+test('views order', async  => { await page.goto(`/orders/${createdOrderId}`); });
 
 // CORRECT — each test owns its data via a fixture
 test('views order', async ({ orderFixture }) => {
@@ -172,5 +172,5 @@ Return findings in this structure:
 
 - Never request or accept live application URLs with embedded credentials, bearer tokens, real `storageState.json`, or `.env` contents. Ask for sanitized snippets.
 - This is a static review: do not run `npx playwright test`, launch browsers, or contact the application under test.
-- Do not recommend `.skip()` or deleting a flaky test as the fix — every flaky test needs a root-cause category (race, hard wait, shared state, brittle selector) and a quarantine/tracking path so it is fixed, not buried.
+- Do not recommend `.skip` or deleting a flaky test as the fix — every flaky test needs a root-cause category (race, hard wait, shared state, brittle selector) and a quarantine/tracking path so it is fixed, not buried.
 - Do not recommend raising timeouts or adding retries to make a suite "go green" — both mask defects the review exists to surface.

package/skills/qa/plc-control-logic-safety-review/references/workflow-and-output.md

@@ -142,7 +142,7 @@ Flag any timer pattern that increments a counter every scan and compares to a li
 ScanCounter := ScanCounter + 1;
 IF ScanCounter >= 500 THEN  (* intended: 500 scans * assumed 10ms = 5s *)
     ScanCounter := 0;
-    TimeoutAction();
+    TimeoutAction;
 END_IF;
 ```
 
@@ -152,7 +152,7 @@ Correct pattern:
 (* Real-time timer — deterministic regardless of scan load *)
 DelayTimer(IN := TriggerCondition, PT := T#5s);
 IF DelayTimer.Q THEN
-    TimeoutAction();
+    TimeoutAction;
 END_IF;
 ```
 

package/skills/qa/test-coverage-quality-review/SKILL.md

@@ -18,7 +18,7 @@ This skill reviews a test suite for whether its tests would actually catch a reg
 ## Lean operating rules
 - Treat a test with no assertion — it calls the code, no error is thrown, the test passes — as HIGH. Line coverage counts it; it verifies nothing.
 - Treat tautological assertions (`expect(true).toBe(true)`, `expect(result).toBe(result)`, snapshot tests auto-updated on every change without review) as HIGH — they cannot fail when behavior changes.
-- Treat assertions that only check shape, not value (`expect(result).toBeDefined()`, `expect(res.status).toBeTruthy()`, `expect(arr.length).toBeGreaterThan(0)`) where an exact value is knowable as MEDIUM — they pass for wrong values.
+- Treat assertions that only check shape, not value (`expect(result).toBeDefined`, `expect(res.status).toBeTruthy`, `expect(arr.length).toBeGreaterThan(0)`) where an exact value is knowable as MEDIUM — they pass for wrong values.
 - Treat tests that assert the mock was called but never assert the result computed from it as HIGH — they test the wiring, not the behavior.
 - Treat over-mocked unit tests where every collaborator is mocked and the assertions only restate the mock setup as HIGH — the test is a mirror of itself and proves nothing about integration.
 - Treat the absence of error-path, empty-input, and boundary tests for code that has those branches as HIGH — the happy path inflates the coverage number while real failure modes are untested.

package/skills/qa/test-coverage-quality-review/references/workflow-and-output.md

@@ -18,12 +18,12 @@ For every test, confirm it makes at least one assertion that can fail.
 
 ```js
 // HIGH — no assertion; passes as long as nothing throws
-test('processes the order', async () => {
+test('processes the order', async  => {
   await processOrder(sampleOrder);
 });
 
 // CORRECT — asserts the observable outcome
-test('processes the order', async () => {
+test('processes the order', async  => {
   const result = await processOrder(sampleOrder);
   expect(result.status).toBe('confirmed');
   expect(result.total).toBe(149.97);
@@ -38,7 +38,7 @@ Grade each assertion.
 | Assertion pattern | Grade | Note |
 |---|---|---|
 | exact value (`toBe(149.97)`, `toEqual({...})`) | strong | fails on any wrong value |
-| `toBeDefined()`, `not.toBeNull()`, `toBeTruthy()` | weak (MEDIUM) | passes for wrong values; use when an exact value is unknowable only |
+| `toBeDefined`, `not.toBeNull`, `toBeTruthy` | weak (MEDIUM) | passes for wrong values; use when an exact value is unknowable only |
 | `toBeGreaterThan(0)`, `length > 0` | weak (MEDIUM) | passes for `[wrong, wrong]` |
 | `expect(true).toBe(true)`, `expect(x).toBe(x)` | tautological (HIGH) | cannot fail |
 | auto-updated snapshot of logic output | weak (MEDIUM) | detects change, not correctness |
@@ -52,9 +52,9 @@ Review tests that use mocks, stubs, or spies.
 **4a. Call-assertion-only**
 ```js
 // HIGH — asserts the mock was called, never the behavior
-test('sends the email', async () => {
+test('sends the email', async  => {
   await notifyUser(user);
-  expect(emailService.send).toHaveBeenCalled();
+  expect(emailService.send).toHaveBeenCalled;
 });
 ```
 This verifies wiring, not outcome. It should also assert *what* was sent and the result the caller depends on.
@@ -62,9 +62,9 @@ This verifies wiring, not outcome. It should also assert *what* was sent and the
 **4b. Over-mocking**
 ```js
 // HIGH — every collaborator mocked; assertions restate the setup
-const repo = { find: jest.fn().mockReturnValue({ id: 1, price: 10 }) };
-const tax = { calc: jest.fn().mockReturnValue(2) };
-test('total', () => {
+const repo = { find: jest.fn.mockReturnValue({ id: 1, price: 10 }) };
+const tax = { calc: jest.fn.mockReturnValue(2) };
+test('total',  => {
   const t = new Cart(repo, tax).total(1);
   expect(t).toBe(12); // 10 + 2 — but both came from mocks
 });

package/skills/qa/test-flakiness-triage/SKILL.md

@@ -21,7 +21,7 @@ This skill triages flaky tests — tests that pass and fail without a code chang
 - Treat "re-run until green" CI configuration (automatic unlimited retries, `|| true`, retry-the-whole-job) with no flaky tracking as HIGH — it converts flakiness from visible to invisible and unbounded.
 - Treat a flaky test "fixed" only by adding a sleep, raising a timeout, or adding a retry as HIGH — the root cause is still present and will resurface.
 - Treat tests sharing a mutable fixture, database row, file, or port without per-test isolation as HIGH for interdependence flakiness.
-- Treat assertions on wall-clock time, `Date.now()`, timezone, or locale without injection/freezing as HIGH for environment coupling.
+- Treat assertions on wall-clock time, `Date.now`, timezone, or locale without injection/freezing as HIGH for environment coupling.
 - Treat un-mocked calls to third-party services in a unit or component test as HIGH — network and rate limits make them flaky by construction.
 - Treat a quarantine with no expiry, no owner, and no tracking issue as MEDIUM — quarantine is a holding cell, not a graveyard; without an exit it becomes permanent coverage loss.
 - Treat the absence of any flaky-detection mechanism (no rerun-diff, no flaky reporter, no quarantine list) as MEDIUM — flakiness is then discovered only by frustrated engineers.

package/skills/qa/test-flakiness-triage/references/workflow-and-output.md

@@ -21,7 +21,7 @@ Place every flaky test into exactly one **primary** category. Note secondary con
 |---|---|---|
 | Async / timing race | fails under load or on slower CI runners; passes locally; "element not found", "undefined" | wait on a deterministic signal, not a sleep; await the actual condition |
 | Test interdependence | fails only in a specific order; passes when run alone; passes with `--shuffle` off | per-test fixtures; isolate DB rows / files / state; remove cross-test writes |
-| Environment coupling | fails at certain times of day, in CI timezone, or on a different locale | inject and freeze the clock; pin timezone and locale; no real `Date.now()` in assertions |
+| Environment coupling | fails at certain times of day, in CI timezone, or on a different locale | inject and freeze the clock; pin timezone and locale; no real `Date.now` in assertions |
 | Non-deterministic data | fails when random/seeded data hits an edge; date-dependent assertions | seed RNG; use fixed fixtures; freeze "today" |
 | Resource contention | fails under parallelism; port/DB/file conflicts; "address in use", deadlock | unique ports/schemas per worker; bound parallelism; isolate resources |
 | External dependency | fails on third-party outage, rate limit, or latency; un-mocked network | mock at the boundary in unit/component tests; contract-test the integration separately |

package/skills/salesforce/README.md

@@ -0,0 +1,117 @@
+# Salesforce Skills
+
+<p align="center">
+  <img src="../../assets/logos/cloud/salesforce/salesforce.svg" alt="Salesforce logo" width="200" />
+</p>
+
+This directory contains **25** Salesforce domain skills curated for this marketplace, spanning four execution tiers and four delivery waves.
+
+Provider: `salesforce`
+Lifecycle: `experimental`
+Author: `github: Raishin`
+
+---
+
+## Execution tiers
+
+Skills in this portfolio are classified by the [execution-tier contract](../../docs/execution-tiers.md):
+
+| Tier | Label | Blast radius |
+|---|---|---|
+| T0 | `static-review` | Zero — no network egress, operates on local files and pasted exports only |
+| T1 | `read-only-runtime` | Bounded — read-only CLI access to a connected org; outputs sanitized |
+| T2 | `sandbox-mutating` | Scoped — mutation allowed only in SANDBOX orgs; production hard-refused |
+| T3 | `production-mutating` | **Prohibited for all agents** — routed through Live Guard and human approval |
+
+---
+
+## Wave 1 — Static review (T0): core advisory skills
+
+Nine foundational review disciplines. No network access; all inputs are sanitized exports or pasted configuration.
+
+| Skill | Tier | Summary |
+|---|---|---|
+| `salesforce-org-assessment-skill` | `static-review` | Org posture baseline from sanitized exports — object model, automation inventory, permission topology, integration map, technical debt |
+| `salesforce-metadata-review-skill` | `static-review` | Reviews metadata (objects, fields, layouts, LWC record pages, profiles, permission sets, sharing rules) for over-customization and deprecated types |
+| `salesforce-permission-model-review-skill` | `static-review` | Audits profiles, permission sets, permission set groups, sharing rules, OWD, role hierarchy, IP restrictions, and session policies; flags toxic combinations |
+| `salesforce-flow-automation-review-skill` | `static-review` | Reviews Flow XML, validation rules, approval processes, and record-triggered automation for recursion, ungoverned bypass, brittle null handling, and governor-limit risk |
+| `salesforce-apex-lwc-code-review-skill` | `static-review` | Reviews Apex classes, triggers, LWC, and async jobs for SOQL/DML in loops, sharing keyword omission, governor-limit risk, LWC XSS surface, and Locker Service issues |
+| `salesforce-release-readiness-skill` | `static-review` | Pre-release checklist covering sandbox refresh strategy, test coverage threshold, destructiveChanges.xml review, rollback plan, and approval matrix |
+| `salesforce-integration-review-skill` | `static-review` | Reviews integration designs for API choice, middleware position, retry/idempotency patterns, secret handling, OAuth scope minimization, and MuleSoft architecture |
+| `salesforce-marketing-consent-review-skill` | `static-review` | Reviews Marketing Cloud, Account Engagement, and Data Cloud flows for consent capture, lawful basis, suppression list integrity, and deliverability authentication |
+| `salesforce-agentforce-risk-review-skill` | `static-review` | Reviews Agentforce and Salesforce AI configurations for grounding quality, action allowlist safety, human handoff design, hallucination containment, and model-risk controls
+|
+
+---
+
+## Wave 2 — Infrastructure and zero-trust review (T0)
+
+Four specialized review disciplines for infrastructure security and DevSecOps posture.
+
+| Skill | Tier | Summary |
+|---|---|---|
+| `salesforce-zero-trust-maturity-skill` | `static-review` | Evaluates Salesforce deployment zero-trust readiness against NIST SP 800-207 — MFA posture, network policies, least-privilege identity, continuous verification |
+| `salesforce-infrastructure-audit-skill` | `static-review` | Structured audit of Salesforce infrastructure security posture including Hyperforce configuration, network policies, certificate management, and sandbox governance
+|
+| `salesforce-devsecops-pipeline-skill` | `static-review` | Reviews Salesforce CI/CD pipeline configurations — SFDX/Salesforce CLI usage, dependency scanning, secrets handling, deployment gating, and branch protection |
+| `salesforce-soql-explorer-skill` | `static-review` | Analyzes SOQL query patterns from pasted query text for bulkification, index usage, LIMIT/OFFSET anti-patterns, and sharing enforcement |
+
+---
+
+## Wave 3 — Generation skills (T0)
+
+Six code and artifact generation skills. All generate output locally from conversation context; none execute against a live org.
+
+| Skill | Tier | Summary |
+|---|---|---|
+| `salesforce-soql-generator-skill` | `static-review` | Generates SOQL queries from plain-English requirements without executing against an org — includes WITH SECURITY_ENFORCED and field-level security annotations |
+| `salesforce-apex-generator-skill` | `static-review` | Generates production-grade Apex classes with Service-Selector-Domain layering, CRUD/FLS enforcement, and governor-limit patterns |
+| `salesforce-apex-test-generator-skill` | `static-review` | Generates Apex test classes with TestDataFactory patterns, Assert class usage, and bulkification test cases |
+| `salesforce-validation-rule-writer-skill` | `static-review` | Converts plain-English business rules into deployable Salesforce Validation Rule formula syntax |
+| `salesforce-field-mapping-skill` | `static-review` | Maps CSV and spreadsheet column headers to Salesforce field API names and resolves picklist values for data-load preparation |
+| `salesforce-bulk-data-ops-skill` | `static-review` | Generates scripts for bulk Salesforce data operations — mass owner reassignment, archive extraction, and Data Loader job configuration |
+
+---
+
+## Wave 4 — Operational skills (T1 and T2)
+
+Six skills with live connectivity, distinguishing this portfolio from pure static review. T1 skills are read-only; T2 skills require sandbox-only target confirmation and hard-refuse production org targets.
+
+| Skill | Tier | Summary |
+|---|---|---|
+| `salesforce-metadata-fetcher-skill` | `read-only-runtime` | Fetches Salesforce metadata (objects, fields, flows, validation rules) from a connected org via `sf sobject describe` and metadata API reads — read-only |
+| `salesforce-agentforce-stdm-observer-skill` | `read-only-runtime` | Queries Salesforce Telemetry and Data Management (STDM) and Data Cloud
+event streams in read-only mode for Agentforce operational monitoring |
+| `salesforce-apex-test-runner-skill` | `read-only-runtime` | Executes Apex tests against a connected sandbox org via `sf apex run test` — observes results only; does not deploy or modify org state |
+| `salesforce-apex-log-analyzer-skill` | `read-only-runtime` | Retrieves Apex debug logs from a connected Salesforce org and analyzes them for governor-limit breaches, exceptions, and SOQL/DML patterns |
+| `salesforce-flow-debugger-skill` | `read-only-runtime` | Diagnoses Salesforce Flow failures from pasted error messages (T0 mode) or live debug log retrieval (T1 mode) — read-only observation only |
+| `salesforce-deployment-validator-skill` | `sandbox-mutating` | Runs `sf project deploy validate` against a SANDBOX org — validation only, no commit; hard-refuses production targets |
+
+---
+
+## Companion protocol skills
+
+Five cross-functional protocol skills in `skills/cross-functional/` govern how Salesforce matters are classified, routed, and handed off:
+
+| Protocol skill | Purpose |
+|---|---|
+| `salesforce-routing-protocol` | Classification and routing discipline for Salesforce matters |
+| `salesforce-case-capsule` | Standardized cross-agent handoff structure |
+| `salesforce-risk-taxonomy` | Matter types, risk tiers, and escalation gates |
+| `salesforce-live-change-approval-protocol` | Refusal-by-default gate for live org mutations |
+| `salesforce-data-exposure-escalation-protocol` | Immediate escalation path for data exposure events |
+
+---
+
+## Security and operating principles
+
+- T0 skills are read-only, static-review disciplines — no network egress, no credentials.
+- T1 skills require read-only OAuth scopes (`api refresh_token`) against a pre-authorized Connected App; outputs are sanitized before emission.
+- T2 skills hard-refuse production org targets at the skill level; production targets are never agent-callable.
+- No skill requests live org credentials, session IDs, OAuth tokens, or customer data in conversation context.
+- All inputs must be sanitized before submission; org IDs and user IDs must be replaced with placeholders.
+- Advisory findings require human authorization before any remediation action.
+- Regulated-vertical findings (HIPAA, PCI, FINRA) are always escalated to qualified compliance counsel.
+- Escalation gates from `salesforce-risk-taxonomy` are hard stops, not suggestions.
+
+Run `npm run validate` after changing cataloged Salesforce skills.