@raishin/vanguard-frontier-agentic 2.3.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (607) hide show
  1. package/.claude-plugin/marketplace.json +1 -1
  2. package/.claude-plugin/plugin.json +31 -1
  3. package/.cursor-plugin/plugin.json +31 -1
  4. package/.github/plugin/marketplace.json +1 -1
  5. package/README.md +15 -12
  6. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/AGENT.md +1 -1
  7. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/claude-code.agent.md +1 -1
  8. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/copilot.agent.md +1 -1
  9. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/cursor.agent.md +1 -1
  10. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/gemini.agent.md +1 -1
  11. package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/kiro-ide.agent.md +1 -1
  12. package/agents/dotnet/dotnet-csharp-runtime-review-agent/AGENT.md +2 -2
  13. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/claude-code.agent.md +2 -2
  14. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/copilot.agent.md +2 -2
  15. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/cursor.agent.md +2 -2
  16. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/gemini.agent.md +2 -2
  17. package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/kiro-ide.agent.md +2 -2
  18. package/agents/dotnet/dotnet-efcore-data-access-review-agent/AGENT.md +3 -3
  19. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/claude-code.agent.md +3 -3
  20. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/copilot.agent.md +3 -3
  21. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/cursor.agent.md +3 -3
  22. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/gemini.agent.md +3 -3
  23. package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/kiro-ide.agent.md +3 -3
  24. package/agents/hetzner/README.md +1 -1
  25. package/agents/oci/oci-devops-container-platform-engineer-agent/AGENT.md +1 -1
  26. package/agents/oci/oci-exadata-platform-architect-agent/AGENT.md +1 -1
  27. package/agents/oci/oci-multi-cloud-architect-agent/AGENT.md +1 -1
  28. package/agents/prometheus/README.md +1 -1
  29. package/agents/qa/playwright-e2e-suite-review-agent/AGENT.md +3 -3
  30. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/claude-code.agent.md +3 -3
  31. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/copilot.agent.md +3 -3
  32. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/cursor.agent.md +3 -3
  33. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/gemini.agent.md +3 -3
  34. package/agents/qa/playwright-e2e-suite-review-agent/harnesses/kiro-ide.agent.md +3 -3
  35. package/agents/salesforce/AGENTS.md +31 -0
  36. package/agents/salesforce/README.md +135 -0
  37. package/agents/salesforce/salesforce-adaptive-access-agent/AGENT.md +117 -0
  38. package/agents/salesforce/salesforce-adaptive-access-agent/LEAST-PRIVILEGES.md +91 -0
  39. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/claude-code.agent.md +69 -0
  40. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/codex.toml +30 -0
  41. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/copilot.agent.md +69 -0
  42. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/cursor.agent.md +69 -0
  43. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/gemini.agent.md +69 -0
  44. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-cli.agent.json +5 -0
  45. package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-ide.agent.md +69 -0
  46. package/agents/salesforce/salesforce-adaptive-access-agent/metadata.json +30 -0
  47. package/agents/salesforce/salesforce-agentforce-ai-agent/AGENT.md +126 -0
  48. package/agents/salesforce/salesforce-agentforce-ai-agent/LEAST-PRIVILEGES.md +92 -0
  49. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/claude-code.agent.md +81 -0
  50. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/codex.toml +36 -0
  51. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/copilot.agent.md +81 -0
  52. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/cursor.agent.md +81 -0
  53. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/gemini.agent.md +81 -0
  54. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-cli.agent.json +5 -0
  55. package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-ide.agent.md +49 -0
  56. package/agents/salesforce/salesforce-agentforce-ai-agent/metadata.json +41 -0
  57. package/agents/salesforce/salesforce-analytics-tableau-agent/AGENT.md +119 -0
  58. package/agents/salesforce/salesforce-analytics-tableau-agent/LEAST-PRIVILEGES.md +81 -0
  59. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/claude-code.agent.md +75 -0
  60. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/codex.toml +35 -0
  61. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/copilot.agent.md +75 -0
  62. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/cursor.agent.md +75 -0
  63. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/gemini.agent.md +75 -0
  64. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-cli.agent.json +5 -0
  65. package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-ide.agent.md +45 -0
  66. package/agents/salesforce/salesforce-analytics-tableau-agent/metadata.json +41 -0
  67. package/agents/salesforce/salesforce-app-builder-automation-agent/AGENT.md +112 -0
  68. package/agents/salesforce/salesforce-app-builder-automation-agent/LEAST-PRIVILEGES.md +86 -0
  69. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/claude-code.agent.md +50 -0
  70. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/codex.toml +35 -0
  71. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/copilot.agent.md +50 -0
  72. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/cursor.agent.md +50 -0
  73. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/gemini.agent.md +50 -0
  74. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-cli.agent.json +5 -0
  75. package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-ide.agent.md +50 -0
  76. package/agents/salesforce/salesforce-app-builder-automation-agent/metadata.json +40 -0
  77. package/agents/salesforce/salesforce-business-analyst-agent/AGENT.md +110 -0
  78. package/agents/salesforce/salesforce-business-analyst-agent/LEAST-PRIVILEGES.md +89 -0
  79. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/claude-code.agent.md +48 -0
  80. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/codex.toml +35 -0
  81. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/copilot.agent.md +48 -0
  82. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/cursor.agent.md +48 -0
  83. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/gemini.agent.md +48 -0
  84. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
  85. package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-ide.agent.md +48 -0
  86. package/agents/salesforce/salesforce-business-analyst-agent/metadata.json +40 -0
  87. package/agents/salesforce/salesforce-certificate-lifecycle-agent/AGENT.md +112 -0
  88. package/agents/salesforce/salesforce-certificate-lifecycle-agent/LEAST-PRIVILEGES.md +81 -0
  89. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/claude-code.agent.md +66 -0
  90. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/codex.toml +30 -0
  91. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/copilot.agent.md +66 -0
  92. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/cursor.agent.md +66 -0
  93. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/gemini.agent.md +66 -0
  94. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-cli.agent.json +5 -0
  95. package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-ide.agent.md +66 -0
  96. package/agents/salesforce/salesforce-certificate-lifecycle-agent/metadata.json +30 -0
  97. package/agents/salesforce/salesforce-change-impact-analyst-agent/AGENT.md +121 -0
  98. package/agents/salesforce/salesforce-change-impact-analyst-agent/LEAST-PRIVILEGES.md +87 -0
  99. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/claude-code.agent.md +74 -0
  100. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/codex.toml +30 -0
  101. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/copilot.agent.md +74 -0
  102. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/cursor.agent.md +74 -0
  103. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/gemini.agent.md +74 -0
  104. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
  105. package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-ide.agent.md +74 -0
  106. package/agents/salesforce/salesforce-change-impact-analyst-agent/metadata.json +30 -0
  107. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/AGENT.md +119 -0
  108. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/LEAST-PRIVILEGES.md +88 -0
  109. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/claude-code.agent.md +67 -0
  110. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/codex.toml +30 -0
  111. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/copilot.agent.md +67 -0
  112. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/cursor.agent.md +67 -0
  113. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/gemini.agent.md +67 -0
  114. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-cli.agent.json +5 -0
  115. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-ide.agent.md +67 -0
  116. package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/metadata.json +31 -0
  117. package/agents/salesforce/salesforce-compliance-privacy-agent/AGENT.md +130 -0
  118. package/agents/salesforce/salesforce-compliance-privacy-agent/LEAST-PRIVILEGES.md +85 -0
  119. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/claude-code.agent.md +84 -0
  120. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/codex.toml +36 -0
  121. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/copilot.agent.md +84 -0
  122. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/cursor.agent.md +84 -0
  123. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/gemini.agent.md +84 -0
  124. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-cli.agent.json +5 -0
  125. package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-ide.agent.md +49 -0
  126. package/agents/salesforce/salesforce-compliance-privacy-agent/metadata.json +41 -0
  127. package/agents/salesforce/salesforce-continuous-verification-agent/AGENT.md +113 -0
  128. package/agents/salesforce/salesforce-continuous-verification-agent/LEAST-PRIVILEGES.md +90 -0
  129. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/claude-code.agent.md +64 -0
  130. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/codex.toml +30 -0
  131. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/copilot.agent.md +64 -0
  132. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/cursor.agent.md +64 -0
  133. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/gemini.agent.md +64 -0
  134. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-cli.agent.json +5 -0
  135. package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-ide.agent.md +64 -0
  136. package/agents/salesforce/salesforce-continuous-verification-agent/metadata.json +31 -0
  137. package/agents/salesforce/salesforce-data-architecture-agent/AGENT.md +113 -0
  138. package/agents/salesforce/salesforce-data-architecture-agent/LEAST-PRIVILEGES.md +92 -0
  139. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/claude-code.agent.md +49 -0
  140. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/codex.toml +35 -0
  141. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/copilot.agent.md +49 -0
  142. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/cursor.agent.md +49 -0
  143. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/gemini.agent.md +49 -0
  144. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-cli.agent.json +5 -0
  145. package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-ide.agent.md +49 -0
  146. package/agents/salesforce/salesforce-data-architecture-agent/metadata.json +40 -0
  147. package/agents/salesforce/salesforce-development-agent/AGENT.md +114 -0
  148. package/agents/salesforce/salesforce-development-agent/LEAST-PRIVILEGES.md +89 -0
  149. package/agents/salesforce/salesforce-development-agent/harnesses/claude-code.agent.md +50 -0
  150. package/agents/salesforce/salesforce-development-agent/harnesses/codex.toml +36 -0
  151. package/agents/salesforce/salesforce-development-agent/harnesses/copilot.agent.md +50 -0
  152. package/agents/salesforce/salesforce-development-agent/harnesses/cursor.agent.md +50 -0
  153. package/agents/salesforce/salesforce-development-agent/harnesses/gemini.agent.md +50 -0
  154. package/agents/salesforce/salesforce-development-agent/harnesses/kiro-cli.agent.json +5 -0
  155. package/agents/salesforce/salesforce-development-agent/harnesses/kiro-ide.agent.md +50 -0
  156. package/agents/salesforce/salesforce-development-agent/metadata.json +40 -0
  157. package/agents/salesforce/salesforce-devops-release-agent/AGENT.md +115 -0
  158. package/agents/salesforce/salesforce-devops-release-agent/LEAST-PRIVILEGES.md +90 -0
  159. package/agents/salesforce/salesforce-devops-release-agent/harnesses/claude-code.agent.md +51 -0
  160. package/agents/salesforce/salesforce-devops-release-agent/harnesses/codex.toml +35 -0
  161. package/agents/salesforce/salesforce-devops-release-agent/harnesses/copilot.agent.md +51 -0
  162. package/agents/salesforce/salesforce-devops-release-agent/harnesses/cursor.agent.md +51 -0
  163. package/agents/salesforce/salesforce-devops-release-agent/harnesses/gemini.agent.md +51 -0
  164. package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-cli.agent.json +5 -0
  165. package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-ide.agent.md +51 -0
  166. package/agents/salesforce/salesforce-devops-release-agent/metadata.json +40 -0
  167. package/agents/salesforce/salesforce-enterprise-architect-agent/AGENT.md +128 -0
  168. package/agents/salesforce/salesforce-enterprise-architect-agent/LEAST-PRIVILEGES.md +92 -0
  169. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/claude-code.agent.md +81 -0
  170. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/codex.toml +36 -0
  171. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/copilot.agent.md +81 -0
  172. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/cursor.agent.md +81 -0
  173. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/gemini.agent.md +81 -0
  174. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-cli.agent.json +5 -0
  175. package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-ide.agent.md +49 -0
  176. package/agents/salesforce/salesforce-enterprise-architect-agent/metadata.json +41 -0
  177. package/agents/salesforce/salesforce-experience-cloud-agent/AGENT.md +124 -0
  178. package/agents/salesforce/salesforce-experience-cloud-agent/LEAST-PRIVILEGES.md +80 -0
  179. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/claude-code.agent.md +79 -0
  180. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/codex.toml +35 -0
  181. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/copilot.agent.md +79 -0
  182. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/cursor.agent.md +79 -0
  183. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/gemini.agent.md +79 -0
  184. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
  185. package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-ide.agent.md +59 -0
  186. package/agents/salesforce/salesforce-experience-cloud-agent/metadata.json +40 -0
  187. package/agents/salesforce/salesforce-hyperforce-security-agent/AGENT.md +113 -0
  188. package/agents/salesforce/salesforce-hyperforce-security-agent/LEAST-PRIVILEGES.md +80 -0
  189. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/claude-code.agent.md +72 -0
  190. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/codex.toml +28 -0
  191. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/copilot.agent.md +72 -0
  192. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/cursor.agent.md +72 -0
  193. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/gemini.agent.md +72 -0
  194. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-cli.agent.json +5 -0
  195. package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-ide.agent.md +72 -0
  196. package/agents/salesforce/salesforce-hyperforce-security-agent/metadata.json +30 -0
  197. package/agents/salesforce/salesforce-industry-cloud-agent/AGENT.md +125 -0
  198. package/agents/salesforce/salesforce-industry-cloud-agent/LEAST-PRIVILEGES.md +88 -0
  199. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/claude-code.agent.md +80 -0
  200. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/codex.toml +41 -0
  201. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/copilot.agent.md +80 -0
  202. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/cursor.agent.md +80 -0
  203. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/gemini.agent.md +80 -0
  204. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
  205. package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
  206. package/agents/salesforce/salesforce-industry-cloud-agent/metadata.json +42 -0
  207. package/agents/salesforce/salesforce-integration-mulesoft-agent/AGENT.md +115 -0
  208. package/agents/salesforce/salesforce-integration-mulesoft-agent/LEAST-PRIVILEGES.md +91 -0
  209. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/claude-code.agent.md +50 -0
  210. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/codex.toml +35 -0
  211. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/copilot.agent.md +50 -0
  212. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/cursor.agent.md +50 -0
  213. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/gemini.agent.md +50 -0
  214. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-cli.agent.json +5 -0
  215. package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-ide.agent.md +50 -0
  216. package/agents/salesforce/salesforce-integration-mulesoft-agent/metadata.json +40 -0
  217. package/agents/salesforce/salesforce-live-guard-agent/AGENT.md +126 -0
  218. package/agents/salesforce/salesforce-live-guard-agent/LEAST-PRIVILEGES.md +100 -0
  219. package/agents/salesforce/salesforce-live-guard-agent/harnesses/claude-code.agent.md +85 -0
  220. package/agents/salesforce/salesforce-live-guard-agent/harnesses/codex.toml +50 -0
  221. package/agents/salesforce/salesforce-live-guard-agent/harnesses/copilot.agent.md +85 -0
  222. package/agents/salesforce/salesforce-live-guard-agent/harnesses/cursor.agent.md +85 -0
  223. package/agents/salesforce/salesforce-live-guard-agent/harnesses/gemini.agent.md +85 -0
  224. package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  225. package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-ide.agent.md +58 -0
  226. package/agents/salesforce/salesforce-live-guard-agent/metadata.json +39 -0
  227. package/agents/salesforce/salesforce-maestro-agent/AGENT.md +77 -0
  228. package/agents/salesforce/salesforce-maestro-agent/LEAST-PRIVILEGES.md +93 -0
  229. package/agents/salesforce/salesforce-maestro-agent/README.md +593 -0
  230. package/agents/salesforce/salesforce-maestro-agent/harnesses/claude-code.agent.md +65 -0
  231. package/agents/salesforce/salesforce-maestro-agent/harnesses/codex.toml +66 -0
  232. package/agents/salesforce/salesforce-maestro-agent/harnesses/copilot.agent.md +65 -0
  233. package/agents/salesforce/salesforce-maestro-agent/harnesses/cursor.agent.md +65 -0
  234. package/agents/salesforce/salesforce-maestro-agent/harnesses/gemini.agent.md +65 -0
  235. package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  236. package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-ide.agent.md +65 -0
  237. package/agents/salesforce/salesforce-maestro-agent/metadata.json +38 -0
  238. package/agents/salesforce/salesforce-marketing-cloud-agent/AGENT.md +124 -0
  239. package/agents/salesforce/salesforce-marketing-cloud-agent/LEAST-PRIVILEGES.md +86 -0
  240. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/claude-code.agent.md +78 -0
  241. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/codex.toml +34 -0
  242. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/copilot.agent.md +78 -0
  243. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/cursor.agent.md +78 -0
  244. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/gemini.agent.md +78 -0
  245. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
  246. package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
  247. package/agents/salesforce/salesforce-marketing-cloud-agent/metadata.json +41 -0
  248. package/agents/salesforce/salesforce-network-policy-architect-agent/AGENT.md +113 -0
  249. package/agents/salesforce/salesforce-network-policy-architect-agent/LEAST-PRIVILEGES.md +87 -0
  250. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/claude-code.agent.md +72 -0
  251. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/codex.toml +28 -0
  252. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/copilot.agent.md +72 -0
  253. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/cursor.agent.md +72 -0
  254. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/gemini.agent.md +72 -0
  255. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-cli.agent.json +5 -0
  256. package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-ide.agent.md +72 -0
  257. package/agents/salesforce/salesforce-network-policy-architect-agent/metadata.json +31 -0
  258. package/agents/salesforce/salesforce-platform-admin-review-agent/AGENT.md +113 -0
  259. package/agents/salesforce/salesforce-platform-admin-review-agent/LEAST-PRIVILEGES.md +88 -0
  260. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/claude-code.agent.md +49 -0
  261. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/codex.toml +36 -0
  262. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/copilot.agent.md +49 -0
  263. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/cursor.agent.md +49 -0
  264. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/gemini.agent.md +49 -0
  265. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-cli.agent.json +5 -0
  266. package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-ide.agent.md +49 -0
  267. package/agents/salesforce/salesforce-platform-admin-review-agent/metadata.json +40 -0
  268. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/AGENT.md +115 -0
  269. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/LEAST-PRIVILEGES.md +83 -0
  270. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/claude-code.agent.md +50 -0
  271. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/codex.toml +35 -0
  272. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/copilot.agent.md +50 -0
  273. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/cursor.agent.md +50 -0
  274. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/gemini.agent.md +50 -0
  275. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-cli.agent.json +5 -0
  276. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-ide.agent.md +50 -0
  277. package/agents/salesforce/salesforce-sales-cloud-revenue-agent/metadata.json +40 -0
  278. package/agents/salesforce/salesforce-sandbox-governance-agent/AGENT.md +120 -0
  279. package/agents/salesforce/salesforce-sandbox-governance-agent/LEAST-PRIVILEGES.md +80 -0
  280. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/claude-code.agent.md +72 -0
  281. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/codex.toml +30 -0
  282. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/copilot.agent.md +72 -0
  283. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/cursor.agent.md +72 -0
  284. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/gemini.agent.md +72 -0
  285. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-cli.agent.json +5 -0
  286. package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-ide.agent.md +72 -0
  287. package/agents/salesforce/salesforce-sandbox-governance-agent/metadata.json +30 -0
  288. package/agents/salesforce/salesforce-sandbox-isolation-agent/AGENT.md +113 -0
  289. package/agents/salesforce/salesforce-sandbox-isolation-agent/LEAST-PRIVILEGES.md +90 -0
  290. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/claude-code.agent.md +71 -0
  291. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/codex.toml +28 -0
  292. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/copilot.agent.md +71 -0
  293. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/cursor.agent.md +71 -0
  294. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/gemini.agent.md +71 -0
  295. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-cli.agent.json +5 -0
  296. package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-ide.agent.md +71 -0
  297. package/agents/salesforce/salesforce-sandbox-isolation-agent/metadata.json +30 -0
  298. package/agents/salesforce/salesforce-security-identity-access-agent/AGENT.md +118 -0
  299. package/agents/salesforce/salesforce-security-identity-access-agent/LEAST-PRIVILEGES.md +85 -0
  300. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/claude-code.agent.md +52 -0
  301. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/codex.toml +36 -0
  302. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/copilot.agent.md +52 -0
  303. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/cursor.agent.md +52 -0
  304. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/gemini.agent.md +52 -0
  305. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-cli.agent.json +5 -0
  306. package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-ide.agent.md +52 -0
  307. package/agents/salesforce/salesforce-security-identity-access-agent/metadata.json +40 -0
  308. package/agents/salesforce/salesforce-service-field-service-agent/AGENT.md +115 -0
  309. package/agents/salesforce/salesforce-service-field-service-agent/LEAST-PRIVILEGES.md +82 -0
  310. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/claude-code.agent.md +50 -0
  311. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/codex.toml +35 -0
  312. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/copilot.agent.md +50 -0
  313. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/cursor.agent.md +50 -0
  314. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/gemini.agent.md +50 -0
  315. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-cli.agent.json +5 -0
  316. package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-ide.agent.md +50 -0
  317. package/agents/salesforce/salesforce-service-field-service-agent/metadata.json +40 -0
  318. package/agents/salesforce/salesforce-session-governance-agent/AGENT.md +116 -0
  319. package/agents/salesforce/salesforce-session-governance-agent/LEAST-PRIVILEGES.md +91 -0
  320. package/agents/salesforce/salesforce-session-governance-agent/harnesses/claude-code.agent.md +74 -0
  321. package/agents/salesforce/salesforce-session-governance-agent/harnesses/codex.toml +28 -0
  322. package/agents/salesforce/salesforce-session-governance-agent/harnesses/copilot.agent.md +74 -0
  323. package/agents/salesforce/salesforce-session-governance-agent/harnesses/cursor.agent.md +74 -0
  324. package/agents/salesforce/salesforce-session-governance-agent/harnesses/gemini.agent.md +74 -0
  325. package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-cli.agent.json +5 -0
  326. package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-ide.agent.md +74 -0
  327. package/agents/salesforce/salesforce-session-governance-agent/metadata.json +30 -0
  328. package/agents/salesforce/salesforce-slack-collaboration-agent/AGENT.md +123 -0
  329. package/agents/salesforce/salesforce-slack-collaboration-agent/LEAST-PRIVILEGES.md +86 -0
  330. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/claude-code.agent.md +79 -0
  331. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/codex.toml +35 -0
  332. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/copilot.agent.md +79 -0
  333. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/cursor.agent.md +79 -0
  334. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/gemini.agent.md +79 -0
  335. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-cli.agent.json +5 -0
  336. package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-ide.agent.md +48 -0
  337. package/agents/salesforce/salesforce-slack-collaboration-agent/metadata.json +41 -0
  338. package/assets/logos/cloud/salesforce/salesforce.svg +34 -0
  339. package/catalog/agents.json +1451 -283
  340. package/catalog/asset-integrity.json +2152 -327
  341. package/catalog/install-roles.json +68 -0
  342. package/catalog/skill-manifest.json +1040 -155
  343. package/catalog/skills.json +1242 -262
  344. package/package.json +3 -2
  345. package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +1 -1
  346. package/powers/vanguard-salesforce/POWER.md +42 -0
  347. package/schemas/agent.schema.json +2 -1
  348. package/schemas/skill.frontmatter.schema.json +33 -3
  349. package/schemas/skill.schema.json +2 -1
  350. package/scripts/export-marketplace-agents.mjs +17 -1
  351. package/scripts/generate-kiro-powers.mjs +12 -0
  352. package/scripts/release-prepare.mjs +35 -0
  353. package/skills/aws/aws-agentcore/references/official-sources.md +19 -19
  354. package/skills/aws/aws-generative-ai-developer/references/official-sources.md +10 -10
  355. package/skills/azure/azure-ai-foundry-ops-governor/references/workflow-and-output.md +2 -2
  356. package/skills/azure/azure-aks-platform-operator/references/workflow-and-output.md +1 -1
  357. package/skills/azure/azure-app-service-production-readiness/references/workflow-and-output.md +1 -1
  358. package/skills/azure/azure-cosmosdb-application-developer/references/official-sources.md +11 -11
  359. package/skills/azure/azure-cosmosdb-performance-investigator/references/official-sources.md +11 -11
  360. package/skills/azure/azure-cosmosdb-platform-operator/references/official-sources.md +10 -10
  361. package/skills/azure/azure-cost-estimation-review/references/workflow-and-output.md +1 -1
  362. package/skills/azure/azure-cost-optimization-governor/references/workflow-and-output.md +1 -1
  363. package/skills/azure/azure-entra-id-specialist/references/official-sources.md +28 -28
  364. package/skills/azure/azure-identity-governance-review/references/official-sources.md +11 -11
  365. package/skills/azure/azure-identity-governance-review/references/workflow-and-output.md +1 -1
  366. package/skills/azure/azure-key-vault-secret-lifecycle-auditor/references/workflow-and-output.md +1 -1
  367. package/skills/azure/azure-migrate-landing-zone-cutover/references/workflow-and-output.md +1 -1
  368. package/skills/azure/azure-platform-automation-devops/references/workflow-and-output.md +1 -1
  369. package/skills/azure/azure-private-endpoint-adoption-planner/references/workflow-and-output.md +1 -1
  370. package/skills/azure/azure-resource-health-incident-triage/references/workflow-and-output.md +6 -6
  371. package/skills/azure/azure-subscription-resource-organization/references/workflow-and-output.md +1 -1
  372. package/skills/cross-functional/salesforce-case-capsule/SKILL.md +164 -0
  373. package/skills/cross-functional/salesforce-case-capsule/metadata.json +19 -0
  374. package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/SKILL.md +165 -0
  375. package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/metadata.json +19 -0
  376. package/skills/cross-functional/salesforce-live-change-approval-protocol/SKILL.md +118 -0
  377. package/skills/cross-functional/salesforce-live-change-approval-protocol/metadata.json +19 -0
  378. package/skills/cross-functional/salesforce-risk-taxonomy/SKILL.md +162 -0
  379. package/skills/cross-functional/salesforce-risk-taxonomy/metadata.json +19 -0
  380. package/skills/cross-functional/salesforce-routing-protocol/SKILL.md +159 -0
  381. package/skills/cross-functional/salesforce-routing-protocol/metadata.json +19 -0
  382. package/skills/dotnet/dotnet-aspnetcore-api-review/SKILL.md +1 -1
  383. package/skills/dotnet/dotnet-aspnetcore-api-review/references/workflow-and-output.md +2 -2
  384. package/skills/dotnet/dotnet-csharp-runtime-review/SKILL.md +2 -2
  385. package/skills/dotnet/dotnet-csharp-runtime-review/references/workflow-and-output.md +7 -7
  386. package/skills/dotnet/dotnet-efcore-data-access-review/SKILL.md +4 -4
  387. package/skills/dotnet/dotnet-efcore-data-access-review/references/workflow-and-output.md +3 -3
  388. package/skills/dotnet/dotnet-performance-aot-review/references/workflow-and-output.md +1 -1
  389. package/skills/dotnet/dotnet-testing-quality-review/SKILL.md +1 -1
  390. package/skills/dotnet/dotnet-testing-quality-review/references/workflow-and-output.md +2 -2
  391. package/skills/finops/focus-spec-normalizer/references/focus-columns.md +2 -2
  392. package/skills/gcp/gcp-alloydb-ai-developer/SKILL.md +1 -1
  393. package/skills/gcp/gcp-gemini-api-developer/SKILL.md +2 -2
  394. package/skills/nvidia/nvidia-model-promotion-gatekeeper/SKILL.md +1 -1
  395. package/skills/nvidia/nvidia-model-promotion-gatekeeper/references/allowlist-commands.md +1 -1
  396. package/skills/oci/oci-compute-platform-operator/SKILL.md +0 -2
  397. package/skills/oci/oci-cost-finops-analyst/SKILL.md +0 -2
  398. package/skills/oci/oci-database-platform-dba/SKILL.md +0 -2
  399. package/skills/oci/oci-devops-container-platform-engineer/SKILL.md +0 -2
  400. package/skills/oci/oci-identity-access-governor/SKILL.md +0 -2
  401. package/skills/oci/oci-multi-cloud-architect/SKILL.md +0 -2
  402. package/skills/oci/oci-network-architect/SKILL.md +0 -2
  403. package/skills/oci/oci-observability-incident-responder/SKILL.md +0 -2
  404. package/skills/oci/oci-security-compliance-reviewer/SKILL.md +0 -2
  405. package/skills/oci/oci-solution-architect/SKILL.md +1 -3
  406. package/skills/oci/oci-storage-backup-steward/SKILL.md +0 -2
  407. package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +1 -1
  408. package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +4 -4
  409. package/skills/qa/ci-test-pipeline-review/references/workflow-and-output.md +1 -1
  410. package/skills/qa/llm-ai-pipeline-test-review/references/workflow-and-output.md +1 -1
  411. package/skills/qa/playwright-e2e-suite-review/SKILL.md +4 -4
  412. package/skills/qa/playwright-e2e-suite-review/references/workflow-and-output.md +12 -12
  413. package/skills/qa/plc-control-logic-safety-review/references/workflow-and-output.md +2 -2
  414. package/skills/qa/test-coverage-quality-review/SKILL.md +1 -1
  415. package/skills/qa/test-coverage-quality-review/references/workflow-and-output.md +8 -8
  416. package/skills/qa/test-flakiness-triage/SKILL.md +1 -1
  417. package/skills/qa/test-flakiness-triage/references/workflow-and-output.md +1 -1
  418. package/skills/salesforce/README.md +117 -0
  419. package/skills/salesforce/salesforce-agentforce-risk-review-skill/SKILL.md +206 -0
  420. package/skills/salesforce/salesforce-agentforce-risk-review-skill/metadata.json +18 -0
  421. package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/action-safety-matrix.md +160 -0
  422. package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/agentforce-anti-patterns.md +193 -0
  423. package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/grounding-source-evaluation.md +162 -0
  424. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/SKILL.md +557 -0
  425. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/metadata.json +41 -0
  426. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/observability-rubric.md +219 -0
  427. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/privacy-redaction.md +240 -0
  428. package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/stdm-queries.md +436 -0
  429. package/skills/salesforce/salesforce-apex-generator-skill/SKILL.md +307 -0
  430. package/skills/salesforce/salesforce-apex-generator-skill/metadata.json +30 -0
  431. package/skills/salesforce/salesforce-apex-generator-skill/references/apex-patterns.md +224 -0
  432. package/skills/salesforce/salesforce-apex-generator-skill/references/governor-limits.md +175 -0
  433. package/skills/salesforce/salesforce-apex-generator-skill/references/security-defaults.md +155 -0
  434. package/skills/salesforce/salesforce-apex-log-analyzer-skill/SKILL.md +360 -0
  435. package/skills/salesforce/salesforce-apex-log-analyzer-skill/metadata.json +38 -0
  436. package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/governor-limit-signatures.md +174 -0
  437. package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/log-format-reference.md +154 -0
  438. package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/redaction-rules.md +178 -0
  439. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/SKILL.md +195 -0
  440. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/metadata.json +18 -0
  441. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/apex-anti-patterns.md +270 -0
  442. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/governor-limits-reference.md +198 -0
  443. package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/lwc-security.md +206 -0
  444. package/skills/salesforce/salesforce-apex-test-generator-skill/SKILL.md +274 -0
  445. package/skills/salesforce/salesforce-apex-test-generator-skill/metadata.json +29 -0
  446. package/skills/salesforce/salesforce-apex-test-generator-skill/references/assertion-patterns.md +174 -0
  447. package/skills/salesforce/salesforce-apex-test-generator-skill/references/async-testing.md +217 -0
  448. package/skills/salesforce/salesforce-apex-test-generator-skill/references/test-data-factory.md +174 -0
  449. package/skills/salesforce/salesforce-apex-test-runner-skill/SKILL.md +344 -0
  450. package/skills/salesforce/salesforce-apex-test-runner-skill/metadata.json +37 -0
  451. package/skills/salesforce/salesforce-apex-test-runner-skill/references/cli-commands.md +162 -0
  452. package/skills/salesforce/salesforce-apex-test-runner-skill/references/coverage-analysis.md +107 -0
  453. package/skills/salesforce/salesforce-apex-test-runner-skill/references/failure-diagnosis.md +187 -0
  454. package/skills/salesforce/salesforce-bulk-data-ops-skill/SKILL.md +356 -0
  455. package/skills/salesforce/salesforce-bulk-data-ops-skill/metadata.json +29 -0
  456. package/skills/salesforce/salesforce-bulk-data-ops-skill/references/anonymous-apex-patterns.md +380 -0
  457. package/skills/salesforce/salesforce-bulk-data-ops-skill/references/data-loader-templates.md +209 -0
  458. package/skills/salesforce/salesforce-bulk-data-ops-skill/references/rollback-strategy.md +209 -0
  459. package/skills/salesforce/salesforce-deployment-validator-skill/SKILL.md +380 -0
  460. package/skills/salesforce/salesforce-deployment-validator-skill/metadata.json +37 -0
  461. package/skills/salesforce/salesforce-deployment-validator-skill/references/cli-commands.md +264 -0
  462. package/skills/salesforce/salesforce-deployment-validator-skill/references/production-refusal-rules.md +243 -0
  463. package/skills/salesforce/salesforce-deployment-validator-skill/references/test-selection-strategy.md +250 -0
  464. package/skills/salesforce/salesforce-devsecops-pipeline-skill/SKILL.md +195 -0
  465. package/skills/salesforce/salesforce-devsecops-pipeline-skill/metadata.json +19 -0
  466. package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/change-impact-categories.md +216 -0
  467. package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sandbox-masking-strategy.md +193 -0
  468. package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sca-rule-catalog.md +226 -0
  469. package/skills/salesforce/salesforce-field-mapping-skill/SKILL.md +348 -0
  470. package/skills/salesforce/salesforce-field-mapping-skill/metadata.json +29 -0
  471. package/skills/salesforce/salesforce-field-mapping-skill/references/api-name-normalization.md +141 -0
  472. package/skills/salesforce/salesforce-field-mapping-skill/references/picklist-value-mapping.md +245 -0
  473. package/skills/salesforce/salesforce-field-mapping-skill/references/type-mismatch-detection.md +187 -0
  474. package/skills/salesforce/salesforce-flow-automation-review-skill/SKILL.md +163 -0
  475. package/skills/salesforce/salesforce-flow-automation-review-skill/metadata.json +18 -0
  476. package/skills/salesforce/salesforce-flow-automation-review-skill/references/automation-conflict-matrix.md +193 -0
  477. package/skills/salesforce/salesforce-flow-automation-review-skill/references/fault-path-design.md +189 -0
  478. package/skills/salesforce/salesforce-flow-automation-review-skill/references/flow-anti-patterns.md +211 -0
  479. package/skills/salesforce/salesforce-flow-debugger-skill/SKILL.md +355 -0
  480. package/skills/salesforce/salesforce-flow-debugger-skill/metadata.json +35 -0
  481. package/skills/salesforce/salesforce-flow-debugger-skill/references/fault-path-design.md +175 -0
  482. package/skills/salesforce/salesforce-flow-debugger-skill/references/flow-error-patterns.md +247 -0
  483. package/skills/salesforce/salesforce-flow-debugger-skill/references/interview-log-redaction.md +171 -0
  484. package/skills/salesforce/salesforce-infrastructure-audit-skill/SKILL.md +137 -0
  485. package/skills/salesforce/salesforce-infrastructure-audit-skill/metadata.json +19 -0
  486. package/skills/salesforce/salesforce-infrastructure-audit-skill/references/hyperforce-deployment-controls.md +181 -0
  487. package/skills/salesforce/salesforce-infrastructure-audit-skill/references/network-policy-reference.md +200 -0
  488. package/skills/salesforce/salesforce-infrastructure-audit-skill/references/session-policy-reference.md +219 -0
  489. package/skills/salesforce/salesforce-integration-review-skill/SKILL.md +186 -0
  490. package/skills/salesforce/salesforce-integration-review-skill/metadata.json +18 -0
  491. package/skills/salesforce/salesforce-integration-review-skill/references/integration-anti-patterns.md +280 -0
  492. package/skills/salesforce/salesforce-integration-review-skill/references/integration-pattern-reference.md +239 -0
  493. package/skills/salesforce/salesforce-integration-review-skill/references/named-credential-design.md +211 -0
  494. package/skills/salesforce/salesforce-marketing-consent-review-skill/SKILL.md +204 -0
  495. package/skills/salesforce/salesforce-marketing-consent-review-skill/metadata.json +18 -0
  496. package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-anti-patterns.md +247 -0
  497. package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-model-reference.md +205 -0
  498. package/skills/salesforce/salesforce-marketing-consent-review-skill/references/regulatory-mapping.md +192 -0
  499. package/skills/salesforce/salesforce-metadata-fetcher-skill/SKILL.md +418 -0
  500. package/skills/salesforce/salesforce-metadata-fetcher-skill/metadata.json +50 -0
  501. package/skills/salesforce/salesforce-metadata-fetcher-skill/references/cli-commands.md +347 -0
  502. package/skills/salesforce/salesforce-metadata-fetcher-skill/references/delegation-routing.md +416 -0
  503. package/skills/salesforce/salesforce-metadata-fetcher-skill/references/sanitization-rules.md +392 -0
  504. package/skills/salesforce/salesforce-metadata-review-skill/SKILL.md +148 -0
  505. package/skills/salesforce/salesforce-metadata-review-skill/metadata.json +18 -0
  506. package/skills/salesforce/salesforce-metadata-review-skill/references/deprecated-metadata.md +217 -0
  507. package/skills/salesforce/salesforce-metadata-review-skill/references/field-hygiene-rules.md +182 -0
  508. package/skills/salesforce/salesforce-metadata-review-skill/references/object-design-patterns.md +187 -0
  509. package/skills/salesforce/salesforce-org-assessment-skill/SKILL.md +137 -0
  510. package/skills/salesforce/salesforce-org-assessment-skill/metadata.json +18 -0
  511. package/skills/salesforce/salesforce-org-assessment-skill/references/assessment-rubric.md +228 -0
  512. package/skills/salesforce/salesforce-org-assessment-skill/references/risk-register-template.md +211 -0
  513. package/skills/salesforce/salesforce-org-assessment-skill/references/tech-debt-indicators.md +252 -0
  514. package/skills/salesforce/salesforce-permission-model-review-skill/SKILL.md +165 -0
  515. package/skills/salesforce/salesforce-permission-model-review-skill/metadata.json +18 -0
  516. package/skills/salesforce/salesforce-permission-model-review-skill/references/fls-review-patterns.md +235 -0
  517. package/skills/salesforce/salesforce-permission-model-review-skill/references/permission-set-strategy.md +203 -0
  518. package/skills/salesforce/salesforce-permission-model-review-skill/references/toxic-combinations.md +228 -0
  519. package/skills/salesforce/salesforce-release-readiness-skill/SKILL.md +185 -0
  520. package/skills/salesforce/salesforce-release-readiness-skill/metadata.json +18 -0
  521. package/skills/salesforce/salesforce-release-readiness-skill/references/release-checklist.md +191 -0
  522. package/skills/salesforce/salesforce-release-readiness-skill/references/rollback-strategy.md +234 -0
  523. package/skills/salesforce/salesforce-release-readiness-skill/references/test-coverage-strategy.md +314 -0
  524. package/skills/salesforce/salesforce-soql-explorer-skill/SKILL.md +391 -0
  525. package/skills/salesforce/salesforce-soql-explorer-skill/metadata.json +35 -0
  526. package/skills/salesforce/salesforce-soql-explorer-skill/references/cli-commands.md +266 -0
  527. package/skills/salesforce/salesforce-soql-explorer-skill/references/least-privilege-scope.md +224 -0
  528. package/skills/salesforce/salesforce-soql-explorer-skill/references/safe-query-patterns.md +317 -0
  529. package/skills/salesforce/salesforce-soql-generator-skill/SKILL.md +305 -0
  530. package/skills/salesforce/salesforce-soql-generator-skill/metadata.json +25 -0
  531. package/skills/salesforce/salesforce-soql-generator-skill/references/common-patterns.md +293 -0
  532. package/skills/salesforce/salesforce-soql-generator-skill/references/governor-limits.md +171 -0
  533. package/skills/salesforce/salesforce-soql-generator-skill/references/soql-syntax-quickref.md +255 -0
  534. package/skills/salesforce/salesforce-validation-rule-writer-skill/SKILL.md +329 -0
  535. package/skills/salesforce/salesforce-validation-rule-writer-skill/metadata.json +28 -0
  536. package/skills/salesforce/salesforce-validation-rule-writer-skill/references/error-message-style.md +132 -0
  537. package/skills/salesforce/salesforce-validation-rule-writer-skill/references/formula-syntax-quickref.md +182 -0
  538. package/skills/salesforce/salesforce-validation-rule-writer-skill/references/validation-patterns.md +214 -0
  539. package/skills/salesforce/salesforce-zero-trust-maturity-skill/SKILL.md +164 -0
  540. package/skills/salesforce/salesforce-zero-trust-maturity-skill/metadata.json +19 -0
  541. package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/continuous-verification-patterns.md +209 -0
  542. package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/maturity-scoring-rubric.md +179 -0
  543. package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/nist-zta-pillars.md +194 -0
  544. package/tests/fixtures/salesforce-maestro-routing/expected/001-happy-platform-admin-review.json +6 -0
  545. package/tests/fixtures/salesforce-maestro-routing/expected/002-happy-business-analyst.json +6 -0
  546. package/tests/fixtures/salesforce-maestro-routing/expected/003-happy-app-builder-automation.json +6 -0
  547. package/tests/fixtures/salesforce-maestro-routing/expected/004-happy-development.json +6 -0
  548. package/tests/fixtures/salesforce-maestro-routing/expected/005-happy-devops-release.json +6 -0
  549. package/tests/fixtures/salesforce-maestro-routing/expected/006-happy-security-identity-access.json +6 -0
  550. package/tests/fixtures/salesforce-maestro-routing/expected/007-happy-data-architecture.json +6 -0
  551. package/tests/fixtures/salesforce-maestro-routing/expected/008-happy-integration-mulesoft.json +6 -0
  552. package/tests/fixtures/salesforce-maestro-routing/expected/009-happy-sales-cloud-revenue.json +6 -0
  553. package/tests/fixtures/salesforce-maestro-routing/expected/010-happy-marketing-cloud.json +6 -0
  554. package/tests/fixtures/salesforce-maestro-routing/expected/011-happy-agentforce-ai.json +6 -0
  555. package/tests/fixtures/salesforce-maestro-routing/expected/012-happy-analytics-tableau.json +6 -0
  556. package/tests/fixtures/salesforce-maestro-routing/expected/013-happy-compliance-privacy.json +6 -0
  557. package/tests/fixtures/salesforce-maestro-routing/expected/014-happy-network-policy-architect.json +6 -0
  558. package/tests/fixtures/salesforce-maestro-routing/expected/015-happy-hyperforce-security.json +6 -0
  559. package/tests/fixtures/salesforce-maestro-routing/expected/016-happy-sandbox-isolation.json +6 -0
  560. package/tests/fixtures/salesforce-maestro-routing/expected/017-happy-session-governance.json +6 -0
  561. package/tests/fixtures/salesforce-maestro-routing/expected/018-happy-continuous-verification.json +6 -0
  562. package/tests/fixtures/salesforce-maestro-routing/expected/019-happy-certificate-lifecycle.json +6 -0
  563. package/tests/fixtures/salesforce-maestro-routing/expected/020-happy-adaptive-access.json +6 -0
  564. package/tests/fixtures/salesforce-maestro-routing/expected/021-happy-code-analyzer-orchestrator.json +6 -0
  565. package/tests/fixtures/salesforce-maestro-routing/expected/022-happy-sandbox-governance.json +6 -0
  566. package/tests/fixtures/salesforce-maestro-routing/expected/023-happy-change-impact-analyst.json +6 -0
  567. package/tests/fixtures/salesforce-maestro-routing/expected/adv-ambiguous.json +4 -0
  568. package/tests/fixtures/salesforce-maestro-routing/expected/adv-instruction-injection.json +6 -0
  569. package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-01-live-org-deploy-guard.json +6 -0
  570. package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-02-live-mass-delete-guard.json +6 -0
  571. package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-03-live-release-to-prod-guard.json +6 -0
  572. package/tests/fixtures/salesforce-maestro-routing/expected/adv-persona-replacement.json +6 -0
  573. package/tests/fixtures/salesforce-maestro-routing/expected/adv-secrets-bait.json +6 -0
  574. package/tests/fixtures/salesforce-maestro-routing/inputs/001-happy-platform-admin-review.json +7 -0
  575. package/tests/fixtures/salesforce-maestro-routing/inputs/002-happy-business-analyst.json +7 -0
  576. package/tests/fixtures/salesforce-maestro-routing/inputs/003-happy-app-builder-automation.json +7 -0
  577. package/tests/fixtures/salesforce-maestro-routing/inputs/004-happy-development.json +7 -0
  578. package/tests/fixtures/salesforce-maestro-routing/inputs/005-happy-devops-release.json +7 -0
  579. package/tests/fixtures/salesforce-maestro-routing/inputs/006-happy-security-identity-access.json +7 -0
  580. package/tests/fixtures/salesforce-maestro-routing/inputs/007-happy-data-architecture.json +7 -0
  581. package/tests/fixtures/salesforce-maestro-routing/inputs/008-happy-integration-mulesoft.json +7 -0
  582. package/tests/fixtures/salesforce-maestro-routing/inputs/009-happy-sales-cloud-revenue.json +7 -0
  583. package/tests/fixtures/salesforce-maestro-routing/inputs/010-happy-marketing-cloud.json +7 -0
  584. package/tests/fixtures/salesforce-maestro-routing/inputs/011-happy-agentforce-ai.json +7 -0
  585. package/tests/fixtures/salesforce-maestro-routing/inputs/012-happy-analytics-tableau.json +7 -0
  586. package/tests/fixtures/salesforce-maestro-routing/inputs/013-happy-compliance-privacy.json +7 -0
  587. package/tests/fixtures/salesforce-maestro-routing/inputs/014-happy-network-policy-architect.json +7 -0
  588. package/tests/fixtures/salesforce-maestro-routing/inputs/015-happy-hyperforce-security.json +7 -0
  589. package/tests/fixtures/salesforce-maestro-routing/inputs/016-happy-sandbox-isolation.json +7 -0
  590. package/tests/fixtures/salesforce-maestro-routing/inputs/017-happy-session-governance.json +7 -0
  591. package/tests/fixtures/salesforce-maestro-routing/inputs/018-happy-continuous-verification.json +7 -0
  592. package/tests/fixtures/salesforce-maestro-routing/inputs/019-happy-certificate-lifecycle.json +7 -0
  593. package/tests/fixtures/salesforce-maestro-routing/inputs/020-happy-adaptive-access.json +7 -0
  594. package/tests/fixtures/salesforce-maestro-routing/inputs/021-happy-code-analyzer-orchestrator.json +7 -0
  595. package/tests/fixtures/salesforce-maestro-routing/inputs/022-happy-sandbox-governance.json +7 -0
  596. package/tests/fixtures/salesforce-maestro-routing/inputs/023-happy-change-impact-analyst.json +7 -0
  597. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-ambiguous.json +7 -0
  598. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-instruction-injection.json +7 -0
  599. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-01-live-org-deploy-guard.json +7 -0
  600. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-02-live-mass-delete-guard.json +7 -0
  601. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-03-live-release-to-prod-guard.json +7 -0
  602. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-persona-replacement.json +7 -0
  603. package/tests/fixtures/salesforce-maestro-routing/inputs/adv-secrets-bait.json +7 -0
  604. package/tests/fixtures/salesforce-maestro-routing/taxonomy.json +371 -0
  605. package/tests/test-vfa-export-coverage.test.mjs +8 -4
  606. package/tests/validate-catalog.py +12 -1
  607. package/tests/validate-plugin-manifest.py +11 -1
package/skills/salesforce/salesforce-deployment-validator-skill/references/test-selection-strategy.md ADDED
@@ -0,0 +1,250 @@
1
+ # Test Selection Strategy
2
+
3
+ Reference for choosing the correct Apex test level for deployment validation
4
+ and constructing an accurate test class list.
5
+
6
+ ---
7
+
8
+ ## Test Level Options
9
+
10
+ | Test Level | When to Use | Coverage Source |
11
+ |---|---|---|
12
+ | `RunSpecifiedTests` | Preferred for scoped changes — Apex classes or triggers changed | Specified test classes only |
13
+ | `RunLocalTests` | When broader confidence is needed — profile, permission set, or cross-class changes | All local (non-managed) test classes in the org |
14
+ | `RunAllTestsInOrg` | Only for major releases — full org regression | All test classes including managed packages |
15
+ | `NoTestRun` | Metadata-only changes with NO Apex content (labels, static resources, custom fields without triggers) | Not applicable — no coverage check |
16
+
17
+ **Default for this skill:** `RunSpecifiedTests`. Always prefer the narrowest
18
+ scope that still satisfies the 75% coverage requirement.
19
+
20
+ ---
21
+
22
+ ## 75% Coverage Requirement
23
+
24
+ Salesforce requires that each Apex class and trigger included in the
25
+ deployment has at least **75% code coverage** as measured by the tests
26
+ run during validation. This is an absolute requirement — deployments fail
27
+ if any component falls below this threshold.
28
+
29
+ **Coverage is per-class, not aggregate** for the purposes of deployment
30
+ validation. An org-wide aggregate of 75% does not override a single class
31
+ at 40%.
32
+
33
+ **Exception:** Classes with `@isTest` annotation are exempt — they are test
34
+ classes themselves and do not require coverage.
35
+
36
+ ---
37
+
38
+ ## RunSpecifiedTests — When and How
39
+
40
+ ### When to use
41
+
42
+ Use `RunSpecifiedTests` when:
43
+ - The deployment touches specific Apex classes or triggers
44
+ - The test classes that cover those specific classes are known
45
+ - You want to minimize validation time and test org impact
46
+
47
+ ### How to construct the test list
48
+
49
+ For each Apex class or trigger in the deployment manifest, identify the
50
+ test classes that cover it. The mapping can be derived from:
51
+
52
+ 1. **Source code inspection** — search the test classes for methods that
53
+ instantiate or call the production class:
54
+
55
+ ```bash
56
+ grep -r "MyProductionClass" force-app/main/default/classes/*Test*.cls
57
+ grep -r "MyProductionClass" force-app/main/default/classes/*_Test.cls
58
+ ```
59
+
60
+ 2. **sf CLI coverage report** — run `sf apex run test --code-coverage` against
61
+ the sandbox to see which test classes cover which production classes:
62
+
63
+ ```bash
64
+ sf apex run test \
65
+ --class-names MyTest1 MyTest2 \
66
+ --code-coverage \
67
+ --result-format json \
68
+ --target-org <sandbox_alias>
69
+ ```
70
+
71
+ 3. **Naming convention regex** — common patterns for test class names:
72
+
73
+ ```
74
+ # Convention 1: <ClassName>Test
75
+ ^<ClassName>Test$
76
+
77
+ # Convention 2: <ClassName>_Test
78
+ ^<ClassName>_Test$
79
+
80
+ # Convention 3: Test<ClassName>
81
+ ^Test<ClassName>$
82
+
83
+ # Convention 4: <ClassName>Tests (plural)
84
+ ^<ClassName>Tests$
85
+ ```
86
+
87
+ Apply all four patterns to the available test class list to identify
88
+ candidates, then verify coverage via `sf apex run test --code-coverage`.
89
+
90
+ ### Constructing the --tests flag
91
+
92
+ ```bash
93
+ sf project deploy validate \
94
+ --manifest package.xml \
95
+ --target-org <sandbox_alias> \
96
+ --test-level RunSpecifiedTests \
97
+ --tests MyClass_Test AnotherClass_Test ThirdClass_Test \
98
+ --wait 30 \
99
+ --json
100
+ ```
101
+
102
+ Space-separate multiple test class API names. Do not use commas.
103
+
104
+ ---
105
+
106
+ ## RunLocalTests — When and How
107
+
108
+ ### When to use
109
+
110
+ Use `RunLocalTests` when:
111
+ - The deployment includes profile changes, permission set changes, or
112
+ custom object changes that could affect multiple classes
113
+ - The specific test classes covering changed components are unknown
114
+ - The deployment is a significant refactor touching many classes
115
+ - `RunSpecifiedTests` produced coverage warnings despite adding all known
116
+ test classes (RunLocalTests may reveal additional covering tests)
117
+
118
+ ### Caveats
119
+
120
+ - `RunLocalTests` runs ALL non-managed test classes in the org. For large
121
+ orgs with extensive test suites, this can take 30–60+ minutes.
122
+ - Adjust `--wait` accordingly:
123
+
124
+ ```bash
125
+ sf project deploy validate \
126
+ --manifest package.xml \
127
+ --target-org <sandbox_alias> \
128
+ --test-level RunLocalTests \
129
+ --wait 60 \
130
+ --json
131
+ ```
132
+
133
+ - Failures in unrelated test classes will cause the validation to fail even
134
+ if the deployment components themselves are correct. Investigate whether
135
+ pre-existing test failures exist in the sandbox before running RunLocalTests.
136
+
137
+ ---
138
+
139
+ ## RunAllTestsInOrg — When and How
140
+
141
+ ### When to use
142
+
143
+ Use `RunAllTestsInOrg` only when:
144
+ - Preparing for a major release that touches core shared utilities
145
+ - The org has managed packages with test classes that must be included
146
+ - Compliance or audit requirements mandate full-suite regression
147
+
148
+ ### Caveats
149
+
150
+ - This is the slowest option — expect 60–120+ minutes in large orgs.
151
+ - Managed package test failures can block validation even when unrelated
152
+ to the deployment. Document known pre-existing managed package test
153
+ failures before running.
154
+ - Set `--wait` to at least 120 minutes:
155
+
156
+ ```bash
157
+ sf project deploy validate \
158
+ --manifest package.xml \
159
+ --target-org <sandbox_alias> \
160
+ --test-level RunAllTestsInOrg \
161
+ --wait 120 \
162
+ --json
163
+ ```
164
+
165
+ ---
166
+
167
+ ## NoTestRun — Metadata-Only Changes
168
+
169
+ Use `NoTestRun` only when the deployment manifest contains NO Apex classes
170
+ or triggers — for example:
171
+
172
+ - Custom labels, custom metadata records
173
+ - Static resources, documents
174
+ - Custom fields without associated triggers
175
+ - Page layouts, list views
176
+ - Email templates, dashboards, reports (when no Apex is involved)
177
+
178
+ **Do not use `NoTestRun` if there is any doubt about whether the changed
179
+ metadata triggers Apex.** Flows that invoke Apex actions, validation rules
180
+ with custom formula references, and workflow rules can indirectly involve
181
+ Apex — use `RunLocalTests` when uncertain.
182
+
183
+ ---
184
+
185
+ ## Coverage Delta Analysis
186
+
187
+ After a validation run, compare the coverage result against the baseline
188
+ to identify regressions.
189
+
190
+ ### Extracting coverage from validation output
191
+
192
+ ```bash
193
+ sf project deploy validate --manifest package.xml --target-org <alias> --json \
194
+ | jq '.result.runTestResult.codeCoverageWarnings[] | {class: .name, warning: .message}'
195
+ ```
196
+
197
+ ### Coverage delta calculation
198
+
199
+ 1. **Baseline:** The most recent successful RunLocalTests or RunAllTestsInOrg
200
+ result in the sandbox (stored as a JSON file in your CI pipeline).
201
+ 2. **Current:** The coverage percentages from this validation run.
202
+ 3. **Delta:** Current − Baseline per class.
203
+
204
+ Flag any class where:
205
+ - Coverage drops below 75% (deployment blocker)
206
+ - Coverage drops by more than 10 percentage points (regression risk)
207
+ - A previously-100%-covered class drops below 90% (regression signal)
208
+
209
+ Include this analysis in the `coverage_delta` field of the skill output.
210
+
211
+ ### Coverage formula
212
+
213
+ ```
214
+ coverage_percent = (total_lines - uncovered_lines) / total_lines * 100
215
+ ```
216
+
217
+ Salesforce reports this per class in the `codeCoverageResult` array within
218
+ the test run output.
219
+
220
+ ---
221
+
222
+ ## Test Class List Construction Checklist
223
+
224
+ Before running `RunSpecifiedTests`, verify:
225
+
226
+ - [ ] All Apex classes in the deployment manifest have at least one test class
227
+ mapped to them
228
+ - [ ] All Apex triggers in the manifest have at least one test class mapped
229
+ - [ ] The test classes mapped actually cover the production classes (verify
230
+ via `sf apex run test --code-coverage` if uncertain)
231
+ - [ ] Test class API names are correct (case-sensitive match to the class
232
+ name in the org)
233
+ - [ ] No test classes are in the list that are themselves managed packages
234
+ (managed package test classes cannot be run via RunSpecifiedTests in
235
+ most orgs)
236
+
237
+ If any Apex class in the manifest cannot be mapped to a test class, escalate
238
+ to `RunLocalTests` rather than proceeding with incomplete coverage.
239
+
240
+ ---
241
+
242
+ ## Common Coverage Failures and Remediation
243
+
244
+ | Failure | Likely Cause | Remediation |
245
+ |---|---|---|
246
+ | Class at 0% coverage | No test class covers it; test class not included in `--tests` | Add the covering test class to the `--tests` list |
247
+ | Class at 60–74% coverage | Test class exists but doesn't cover all branches | Add more test methods; or use RunLocalTests to find broader coverage |
248
+ | Previously-passing class now at 0% | Test class was deleted or renamed | Identify the replacement test class |
249
+ | Managed package class coverage warning | RunAllTestsInOrg picked up managed test classes | Switch to RunLocalTests to exclude managed tests |
250
+ | Validation timeout | Test suite too large for `--wait` value | Increase `--wait`; switch to RunSpecifiedTests to reduce scope |
package/skills/salesforce/salesforce-devsecops-pipeline-skill/SKILL.md ADDED
@@ -0,0 +1,195 @@
1
+ ---
2
+ name: salesforce-devsecops-pipeline-skill
3
+ description: Use this skill when Salesforce development pipelines must be reviewed for DevSecOps compliance — covering Salesforce Code Analyzer (SCA) finding triage and false positive review, sandbox data governance and PII masking strategy, change impact analysis across metadata dependencies and downstream automation, CI/CD security gate requirements, and DevOps Center deployment governance. Trigger phrases: "review SCA findings", "triage code analyzer results", "assess sandbox data masking", "review change impact", "audit DevSecOps pipeline", "check CI/CD security gates", "review Salesforce DevOps". Do not use when Apex or LWC code patterns are the focus (use salesforce-apex-lwc-code-review-skill), when release readiness approval is needed (use salesforce-release-readiness-skill), when a live deployment is being executed (use salesforce-live-change-approval-protocol), or when permission model changes are under review (use salesforce-permission-model-review-skill). Works from sanitized exports and tool outputs only; never requests live org access.
4
+ allowed-tools: Read Grep Glob
5
+ metadata:
6
+ author: "github: Raishin"
7
+ version: "0.1.0"
8
+ updated: "2026-05-21"
9
+ category: delivery
10
+ lifecycle: experimental
11
+ ---
12
+
13
+ # Salesforce DevSecOps Pipeline Skill
14
+
15
+ ## Purpose
16
+ This skill conducts a structured DevSecOps review of Salesforce development pipelines — including Salesforce Code Analyzer (SCA) finding triage, sandbox data governance and PII masking adequacy, change impact assessment across metadata dependencies and downstream automation, CI/CD security gate compliance, and DevOps Center deployment governance. It produces a prioritized remediation register without accessing live orgs or executing deployments. It is the shared workflow called by DevSecOps and pipeline governance agents in the Salesforce agent catalog.
17
+
18
+ ## When to use
19
+ - SCA or PMD/ESLint/RetireJS findings from a pipeline run require structured triage and severity classification.
20
+ - Sandbox refresh governance and PII masking adequacy must be assessed before data is loaded.
21
+ - A change impact analysis is needed to identify metadata dependencies, downstream automation risk, and destructive change exposure.
22
+ - CI/CD pipeline security gate configuration must be reviewed against a minimum control baseline.
23
+ - DevOps Center deployment governance — work item traceability, approval gates, promotion rules — needs audit.
24
+
25
+ ## When not to use
26
+ - Apex or LWC code pattern review (logic-level code review) — use `salesforce-apex-lwc-code-review-skill`.
27
+ - Release readiness approval gate with sign-off workflow — use `salesforce-release-readiness-skill`.
28
+ - Live deployment execution or change approval — use `salesforce-live-change-approval-protocol`.
29
+ - Permission model or sharing rule changes — use `salesforce-permission-model-review-skill`.
30
+ - Full org posture assessment combining all domains — use `salesforce-org-assessment-skill`.
31
+
32
+ ## Minimum payload (required inputs)
33
+ - SCA output: PMD rule violations, ESLint issues, RetireJS CVEs, tool version, scan scope (full org vs. delta).
34
+ - Sandbox inventory relevant to the pipeline: sandbox type, data masking configuration, last refresh date.
35
+ - Change inventory: metadata types being deployed, destructive change manifest (if any), field type changes.
36
+ - CI/CD pipeline configuration summary: gate names, pass/fail criteria, tool integrations.
37
+ - Context: deployment target environment (sandbox, staging, production), release timeline, regulatory framework.
38
+
39
+ ## Workflow
40
+
41
+ ### 1. SCA findings triage
42
+ - Review all PMD rule violations from the SCA output.
43
+ - Classify findings by severity tier:
44
+ - P1 Critical: security vulnerabilities (SOQL injection, XSS, credential exposure, `without sharing` on PII classes).
45
+ - P2 High: governor-limit risks, missing FLS enforcement, unsafe async patterns.
46
+ - P3 Medium: code quality issues, missing documentation, test coverage gaps.
47
+ - P4 Advisory: style suggestions, minor refactor recommendations.
48
+ - Flag: any P1 Critical finding — these must block deployment until resolved.
49
+ - Review ESLint issues for LWC components: flag any security-relevant rules (no-eval, no-inner-html, no-unsanitized).
50
+ - Review RetireJS CVE list: flag CVEs with CVSS score ≥ 7.0 as P1; flag CVSS 4.0–6.9 as P2.
51
+ - Record total finding count by severity tier and tool source (PMD / ESLint / RetireJS).
52
+
53
+ ### 2. False positive review
54
+ - For each finding flagged for false positive consideration, require:
55
+ - The rule ID and description.
56
+ - The specific code pattern triggering the finding.
57
+ - A documented rationale for why the pattern is not a risk in this context.
58
+ - Flag: false positive claims on security-critical rules (SOQL injection, XSS, credential exposure) — these require security specialist sign-off, not self-service suppression.
59
+ - Flag: blanket suppression annotations (`@SuppressWarnings('all')` or equivalent) without scoped justification.
60
+ - Record false positive claims with rule IDs and rationale for audit trail.
61
+
62
+ ### 3. Sandbox governance check
63
+ - Review sandbox type against the intended test data classification:
64
+ - Developer or Developer Pro sandbox: must not receive masked-production data without explicit governance approval.
65
+ - Partial sandbox: confirm masking rules cover all regulated field types before refresh.
66
+ - Full sandbox: confirm masking configuration is applied before every refresh from production.
67
+ - Flag: Full or Partial sandbox refreshed from production without a data masking configuration present.
68
+ - Flag: sandbox with external vendor or contractor access that lacks network access restrictions.
69
+ - Flag: sandbox refresh policy absent or refresh interval undocumented for sandboxes used in the pipeline.
70
+ - Flag: pipeline configured to deploy directly to Full sandbox without a preceding security gate pass.
71
+ - Record sandbox type, masking status, last refresh date, and external-access flag.
72
+
73
+ ### 4. Change impact assessment
74
+ - Review the metadata deployment inventory for dependency risk:
75
+ - Flag: custom field type changes (e.g., Text → Picklist, Number → Text) — data conversion risk.
76
+ - Flag: destructive changes in the deployment manifest (field deletions, object deletions, class removals) — confirm rollback plan exists.
77
+ - Flag: Apex class changes that affect trigger handlers, batch jobs, or scheduled classes without test coverage update.
78
+ - Flag: Flow or Process Builder metadata changes that affect production-active automations without deactivation plan.
79
+ - Flag: permission set or profile changes included in the deployment — require permission model review handoff.
80
+ - Map downstream automation impact: identify Flows, Process Builders, triggers, or scheduled jobs that reference changed metadata.
81
+ - Flag: changed metadata referenced by active production automations with no stated deactivation or coordination plan.
82
+ - Flag: API version downgrade in any Apex class or LWC component included in the deployment.
83
+ - Record total metadata component count, destructive change count, and downstream automation impact count.
84
+
85
+ ### 5. CI/CD security gate compliance
86
+ - Review the pipeline configuration for the following required security gates:
87
+ - SCA scan with fail threshold on P1 findings (required).
88
+ - Test execution with minimum 75% code coverage gate (required; 85% recommended for regulated orgs).
89
+ - Static analysis for dependency CVEs (RetireJS or equivalent) (required).
90
+ - Destructive change review gate — manual approval required before any destructive change deployment (required).
91
+ - Sandbox deployment verification before production promotion (required).
92
+ - Flag: any required gate absent from the pipeline configuration.
93
+ - Flag: SCA gate configured as advisory-only (no fail threshold) — this does not constitute a security gate.
94
+ - Flag: test coverage gate absent or set below 75%.
95
+ - Flag: production promotion path that bypasses sandbox deployment verification.
96
+ - Record gate presence matrix: gate name → present | absent | advisory-only.
97
+
98
+ ### 6. Risk register assembly
99
+ - Consolidate findings from steps 1–5.
100
+ - Assign risk_tier per finding: Critical | High | Medium | Low.
101
+ - Map each finding to its pipeline domain: sca | false_positive | sandbox | change_impact | cicd_gate.
102
+ - Assign remediation priority: P1 must block deployment; P2 should resolve before promotion; P3 resolve within sprint; P4 advisory.
103
+ - Identify findings that meet escalation gates from salesforce-risk-taxonomy.
104
+
105
+ ## Evidence requirements
106
+ - SCA output with rule IDs and finding counts is required for step 1; absence produces "insufficient evidence — assume all gates unverified".
107
+ - Sandbox inventory with masking configuration is required for step 3.
108
+ - Metadata deployment manifest is required for step 4; absence produces "change impact assessment not possible".
109
+ - CI/CD pipeline configuration or gate summary is required for step 5.
110
+ - Absence of any required input produces an "insufficient evidence" note with conservative (worst-case) rating for that domain.
111
+
112
+ ## Output format
113
+ ```
114
+ devsecops_pipeline_findings:
115
+ sca_findings:
116
+ - tool: PMD | ESLint | RetireJS
117
+ rule_id: [rule identifier]
118
+ severity_tier: P1 | P2 | P3 | P4
119
+ description: [brief]
120
+ false_positive_claim: true | false
121
+ false_positive_rationale: [if applicable]
122
+ recommendation: [brief]
123
+ sandbox_governance_findings:
124
+ - sandbox_name: [sanitized name or type label]
125
+ sandbox_type: Developer | Developer Pro | Partial | Full
126
+ masking_configured: true | false | unknown
127
+ finding: [description]
128
+ severity: Critical | High | Medium | Low
129
+ recommendation: [brief]
130
+ change_impact_findings:
131
+ - metadata_type: [e.g., CustomField, ApexClass, Flow]
132
+ component: [sanitized name]
133
+ finding: [description]
134
+ severity: Critical | High | Medium | Low
135
+ downstream_automation_impact: [list or "none identified"]
136
+ recommendation: [brief]
137
+ cicd_gate_findings:
138
+ - gate: [gate name]
139
+ status: present | absent | advisory-only
140
+ severity: Critical | High | Medium | Low
141
+ recommendation: [brief]
142
+
143
+ sca_summary:
144
+ p1_critical: [count]
145
+ p2_high: [count]
146
+ p3_medium: [count]
147
+ p4_advisory: [count]
148
+ false_positive_claims: [count]
149
+
150
+ cicd_gate_matrix:
151
+ sca_fail_threshold: present | absent | advisory-only
152
+ test_coverage_gate: present | absent | below-minimum
153
+ cve_scan: present | absent | advisory-only
154
+ destructive_change_approval: present | absent
155
+ sandbox_verification: present | absent
156
+
157
+ escalation_gates_fired: [from salesforce-risk-taxonomy, or "none"]
158
+ summary:
159
+ total_findings: [count]
160
+ critical_count: [count]
161
+ high_count: [count]
162
+ deployment_recommendation: block | conditional | proceed
163
+ assumptions: [list]
164
+ missing_evidence: [what would improve the review]
165
+ ```
166
+
167
+ ## Redaction rules
168
+ - Never request secrets, credentials, OAuth tokens, refresh tokens, session IDs, MFA seeds, customer PII.
169
+ - Sanitize org IDs, user IDs, sandbox names before sharing in outputs.
170
+ - SCA output must not include hardcoded credentials or API keys found in code — stop and request sanitized version.
171
+
172
+ ## Privilege / data handling rules
173
+ - Works from SCA tool output, sanitized pipeline configs, and metadata manifests only.
174
+ - Sandbox findings involving unmasked production data must be flagged for compliance specialist review.
175
+ - P1 SCA findings in Apex classes handling PII or financial data must trigger escalation review.
176
+ - Destructive change findings must be escalated to a change advisory board or equivalent human review.
177
+
178
+ ## Handoff rules
179
+ - Hands off to: salesforce-apex-lwc-code-review-skill (if P1 SCA findings require deeper code-level review), salesforce-release-readiness-skill (after pipeline findings are remediated and deployment approval is needed), salesforce-permission-model-review-skill (if permission set or profile changes are in the deployment), salesforce-case-capsule (for any P1 Critical finding or missing required CI/CD gate).
180
+ - Required handoff fields: matter_id, risk_register (summary), escalation_gates_fired, missing_evidence, assumptions.
181
+
182
+ ## Audit log fields
183
+ - matter_id, skill_id, skill_version, invoked_by, input_hash, evidence_quality, output_verdict, escalation_fired, timestamp
184
+
185
+ ## Stop conditions
186
+ - SCA output or pipeline config contains live credentials, session tokens, or unredacted customer PII — stop and request sanitized version.
187
+ - P1 Critical SCA finding confirmed on a production-bound deployment with no remediation plan — stop, output ESCALATE, require human review before continuing.
188
+ - Destructive change manifest confirmed for a production deployment without a documented rollback plan — stop and require change advisory board review.
189
+ - Full sandbox confirmed to contain unmasked production PII feeding a pipeline with no masking gate — stop and require compliance specialist review.
190
+
191
+ ## Security notes
192
+ - Read-only static review; never requests live org access, executes deployments, or triggers pipeline runs.
193
+ - Sanitized inputs only; SCA outputs containing hardcoded credentials must be refused.
194
+ - Risk register is advisory; P1 blocking decisions and destructive change approvals require human authorization.
195
+ - RetireJS CVE findings reference public CVE records; applicability to the specific Salesforce runtime context requires qualified assessor confirmation.
package/skills/salesforce/salesforce-devsecops-pipeline-skill/metadata.json ADDED
@@ -0,0 +1,19 @@
1
+ {
2
+ "id": "salesforce-devsecops-pipeline-skill",
3
+ "name": "Salesforce DevSecOps Pipeline Skill",
4
+ "type": "skill",
5
+ "provider": "salesforce",
6
+ "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
7
+ "summary": "Structured DevSecOps review workflow for Salesforce pipelines covering SCA finding triage, sandbox data governance and PII masking, change impact analysis across metadata dependencies, CI/CD security gate compliance, and DevOps Center deployment governance.",
8
+ "source_type": "original",
9
+ "official_docs": [
10
+ "https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/index.html",
11
+ "https://help.salesforce.com/s/articleView?id=sf.data_masking_intro.htm",
12
+ "https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_develop.htm"
13
+ ],
14
+ "security_notes": "Read-only static review; sanitized inputs only; never requests live org credentials, session tokens, or API access. Risk register is advisory; remediation requires human authorization.",
15
+ "last_verified": "2026-05-21",
16
+ "path": "skills/salesforce/salesforce-devsecops-pipeline-skill",
17
+ "author": "github: Raishin",
18
+ "version": "0.1.0"
19
+ }
package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/change-impact-categories.md ADDED
@@ -0,0 +1,216 @@
1
+ # Change Impact Categories Reference
2
+
3
+ Classification of Salesforce metadata changes by risk level, dependency
4
+ impact, and rollback complexity.
5
+
6
+ ---
7
+
8
+ ## Category 1: Destructive Changes
9
+
10
+ Destructive changes remove metadata from an org. They are irreversible if no
11
+ backup exists and can silently break dependent components.
12
+
13
+ ### Destructive Change Types
14
+
15
+ | Metadata Type | API Name | Risk Level | Rollback Complexity |
16
+ |---------------|----------|------------|---------------------|
17
+ | Custom Object deletion | `CustomObject` | CRITICAL | High (data loss) |
18
+ | Custom Field deletion | `CustomField` | CRITICAL | High (data loss if not empty) |
19
+ | Apex Class removal | `ApexClass` | HIGH | Medium |
20
+ | Apex Trigger removal | `ApexTrigger` | HIGH | Medium |
21
+ | Flow deactivation | `Flow` | HIGH | Low |
22
+ | Flow version deletion | `Flow` | MEDIUM | Medium |
23
+ | Permission Set deletion | `PermissionSet` | HIGH | Medium |
24
+ | Named Credential deletion | `NamedCredential` | HIGH | Medium |
25
+ | Custom Label deletion | `CustomLabel` | MEDIUM | Low |
26
+ | Static Resource deletion | `StaticResource` | MEDIUM | Low |
27
+
28
+ ### Destructive Change Deployment
29
+
30
+ Destructive changes are deployed via `destructiveChanges.xml` (pre-deployment)
31
+ or `destructiveChangesPost.xml` (post-deployment).
32
+
33
+ ```xml
34
+ <!-- destructiveChangesPost.xml example -->
35
+ <?xml version="1.0" encoding="UTF-8"?>
36
+ <Package xmlns="http://soap.sforce.com/2006/04/metadata">
37
+ <types>
38
+ <members>OldHandler</members>
39
+ <name>ApexClass</name>
40
+ </types>
41
+ <types>
42
+ <members>Account.LegacyStatus__c</members>
43
+ <name>CustomField</name>
44
+ </types>
45
+ <version>59.0</version>
46
+ </Package>
47
+ ```
48
+
49
+ **Pre-deployment gate requirements for destructive changes:**
50
+ - Confirm the field/object is empty (zero records with non-null values).
51
+ - Identify all metadata referencing the removed component (use `sf scanner` or
52
+ `sfdx-project.json` dependency analysis).
53
+ - Get explicit sign-off from org owner before deploying.
54
+
55
+ ---
56
+
57
+ ## Category 2: Dependent Metadata Chains
58
+
59
+ Changes to foundational metadata cascade impact to dependent components.
60
+ Use the Metadata API `listMetadata` and `readMetadata` calls to trace these chains.
61
+
62
+ ### Common Dependency Chains
63
+
64
+ **Custom Object -> Downstream Dependents**
65
+ ```
66
+ CustomObject
67
+ -> CustomField (fields on the object)
68
+ -> ValidationRule
69
+ -> ApexTrigger (trigger on object)
70
+ -> Flow (flows referencing object)
71
+ -> Layout (page layouts)
72
+ -> ListType (list views)
73
+ -> PermissionSet (CRUD/FLS permissions)
74
+ -> Report (reports using the object)
75
+ -> Dashboard (dashboards from reports)
76
+ ```
77
+
78
+ **Custom Field -> Downstream Dependents**
79
+ ```
80
+ CustomField
81
+ -> ValidationRule (references field)
82
+ -> Formula fields (dependent on field value)
83
+ -> Flow (Flow element referencing field)
84
+ -> Apex code (field reference in SOQL/DML)
85
+ -> LWC (getRecord fields, @salesforce/schema imports)
86
+ -> Report columns
87
+ -> PermissionSet (FLS entries)
88
+ ```
89
+
90
+ **Apex Class -> Downstream Dependents**
91
+ ```
92
+ ApexClass
93
+ -> ApexTrigger (if trigger uses class)
94
+ -> Other ApexClass (if class is a dependency)
95
+ -> Flow (Apex action invocation)
96
+ -> VF Page (if class is controller)
97
+ -> PermissionSet (Apex class access)
98
+ ```
99
+
100
+ ### Tracing Dependencies via CLI
101
+
102
+ ```bash
103
+ # List all references to a field in metadata
104
+ sf project retrieve start --metadata ApexClass,Flow,ValidationRule -o my-org
105
+ grep -r "LegacyStatus__c" force-app/ --include="*.{cls,xml,js}" -l
106
+
107
+ # Use Salesforce Dependency API (tooling API)
108
+ curl -s "$SF_INSTANCE_URL/services/data/v59.0/tooling/query/?q=SELECT+\
109
+ MetadataComponentName,MetadataComponentType+FROM+MetadataComponentDependency+\
110
+ WHERE+RefMetadataComponentName='LegacyStatus__c'" \
111
+ -H "Authorization: Bearer $SF_ACCESS_TOKEN"
112
+ ```
113
+
114
+ ---
115
+
116
+ ## Category 3: Automation Chain Ripple Effects
117
+
118
+ Changes to one automation layer can trigger unintended execution in connected
119
+ layers. Understanding the execution order is critical before modifying any
120
+ automation.
121
+
122
+ ### Salesforce Automation Execution Order (per-record)
123
+
124
+ ```
125
+ 1. System validation (required fields, data type checks)
126
+ 2. Before-save flows (Record-Triggered Flows in Before Save mode)
127
+ 3. Before triggers (Apex)
128
+ 4. System validation again (after before triggers)
129
+ 5. Duplicate Rules
130
+ 6. After triggers (Apex)
131
+ 7. Assignment Rules
132
+ 8. Auto-Response Rules
133
+ 9. Workflow Rules (LEGACY - being sunset)
134
+ 10. After-save flows (Record-Triggered Flows in After Save mode)
135
+ -> Escalation Rules
136
+ -> Entitlement Rules
137
+ 11. Processes (Process Builder - LEGACY)
138
+ 12. Chatter notifications
139
+ ```
140
+
141
+ Workflow Rules and Process Builder are on the Salesforce
142
+ end-of-life roadmap. Verify sunset dates before referencing in audit reports.
143
+
144
+ ### Ripple Scenarios to Check
145
+
146
+ | Change | Potential Ripple | Check Before Deploying |
147
+ |--------|-----------------|----------------------|
148
+ | Add Before-Save Flow | Overwrites field before Apex trigger sees it | Review trigger field dependencies |
149
+ | Activate new Apex trigger | Recursive trigger if trigger updates same object | Check for recursion guards |
150
+ | Change field default value | May break validation rules checking for null | Scan all ValidationRule formulas |
151
+ | Add required field | Breaks flows/processes that create records without that field | Search flows for record-create actions |
152
+ | Change picklist value | Breaks flows/processes filtering on old value | Search flows for Equals comparisons on that field |
153
+ | Remove sharing rule | Records may become inaccessible to flows running in user context | Audit flows that use User-context on affected object |
154
+
155
+ ### Recursion Guard Pattern (Apex)
156
+
157
+ ```apex
158
+ // Prevent trigger recursion
159
+ public class AccountTriggerHandler {
160
+ private static Boolean alreadyRunning = false;
161
+
162
+ public static void onAfterUpdate(List<Account> newAccounts, Map<Id, Account> oldMap) {
163
+ if (alreadyRunning) return;
164
+ alreadyRunning = true;
165
+ try {
166
+ // trigger logic that may update Account records
167
+ } finally {
168
+ alreadyRunning = false;
169
+ }
170
+ }
171
+ }
172
+ ```
173
+
174
+ ---
175
+
176
+ ## Change Risk Scoring Matrix
177
+
178
+ Use this matrix during change impact review:
179
+
180
+ | Dimension | Low (1) | Medium (2) | High (3) |
181
+ |-----------|---------|-----------|---------|
182
+ | Component type | Config (picklist value) | Apex/Flow | Schema (object/field) |
183
+ | Data at risk | 0 records | < 10,000 records | > 10,000 records |
184
+ | Dependent components | 0-2 | 3-10 | > 10 |
185
+ | Automation chain length | 0-1 steps | 2-3 steps | > 3 steps |
186
+ | Rollback complexity | Deploy inverse change | Restore from backup | Manual data repair |
187
+ | Business criticality | Low-traffic feature | Daily-use process | Revenue-critical path |
188
+
189
+ **Risk Score = Sum of dimension scores**
190
+ - 6-9: Low risk, standard deployment window acceptable.
191
+ - 10-14: Medium risk, require QA sandbox validation before production deploy.
192
+ - 15-18: High risk, require change freeze approval, staged rollout, and rollback plan.
193
+
194
+ ---
195
+
196
+ ## Rollback Checklist by Component Type
197
+
198
+ ### Schema Changes (fields, objects)
199
+ - [ ] Export data from affected fields before deployment.
200
+ - [ ] Use `destructiveChangesPost.xml` not `destructiveChanges.xml` to delete
201
+ after new components are deployed.
202
+ - [ ] Store data export in secure storage for 30-day recovery window.
203
+
204
+ ### Apex Changes
205
+ - [ ] Previous version retrievable from Version Control.
206
+ - [ ] Test class coverage > 75% on incoming version.
207
+ - [ ] If rollback needed: retrieve previous version and redeploy.
208
+
209
+ ### Flow Changes
210
+ - [ ] Previous active version noted before deactivation.
211
+ - [ ] Rollback: reactivate previous version.
212
+ - [ ] If version deleted: restore from source control and re-deploy.
213
+
214
+ ### Permission Set Changes
215
+ - [ ] Clone permission set before modification for rollback reference.
216
+ - [ ] Document which users had access before change.