@raishin/vanguard-frontier-agentic 2.3.0 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +1 -1
- package/.claude-plugin/plugin.json +31 -1
- package/.cursor-plugin/plugin.json +31 -1
- package/.github/plugin/marketplace.json +1 -1
- package/README.md +15 -12
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/AGENT.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/claude-code.agent.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/copilot.agent.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/cursor.agent.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/gemini.agent.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/kiro-ide.agent.md +1 -1
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/AGENT.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/claude-code.agent.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/copilot.agent.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/cursor.agent.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/gemini.agent.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/kiro-ide.agent.md +2 -2
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/AGENT.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/claude-code.agent.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/copilot.agent.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/cursor.agent.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/gemini.agent.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/kiro-ide.agent.md +3 -3
- package/agents/hetzner/README.md +1 -1
- package/agents/oci/oci-devops-container-platform-engineer-agent/AGENT.md +1 -1
- package/agents/oci/oci-exadata-platform-architect-agent/AGENT.md +1 -1
- package/agents/oci/oci-multi-cloud-architect-agent/AGENT.md +1 -1
- package/agents/prometheus/README.md +1 -1
- package/agents/qa/playwright-e2e-suite-review-agent/AGENT.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/claude-code.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/copilot.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/cursor.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/gemini.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/kiro-ide.agent.md +3 -3
- package/agents/salesforce/AGENTS.md +31 -0
- package/agents/salesforce/README.md +135 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/AGENT.md +117 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/LEAST-PRIVILEGES.md +91 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/claude-code.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/copilot.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/cursor.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/gemini.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-ide.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/AGENT.md +126 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/LEAST-PRIVILEGES.md +92 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/claude-code.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/copilot.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/cursor.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/gemini.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/AGENT.md +119 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/LEAST-PRIVILEGES.md +81 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/claude-code.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/copilot.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/cursor.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/gemini.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-ide.agent.md +45 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/AGENT.md +112 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/LEAST-PRIVILEGES.md +86 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-business-analyst-agent/AGENT.md +110 -0
- package/agents/salesforce/salesforce-business-analyst-agent/LEAST-PRIVILEGES.md +89 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/claude-code.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/copilot.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/cursor.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/gemini.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/AGENT.md +112 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/LEAST-PRIVILEGES.md +81 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/claude-code.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/copilot.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/cursor.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/gemini.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-ide.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/AGENT.md +121 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/LEAST-PRIVILEGES.md +87 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/claude-code.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/copilot.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/cursor.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/gemini.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-ide.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/AGENT.md +119 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/LEAST-PRIVILEGES.md +88 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/claude-code.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/copilot.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/cursor.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/gemini.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-ide.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/metadata.json +31 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/AGENT.md +130 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/LEAST-PRIVILEGES.md +85 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/claude-code.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/copilot.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/cursor.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/gemini.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/LEAST-PRIVILEGES.md +90 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/claude-code.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/copilot.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/cursor.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/gemini.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-ide.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/metadata.json +31 -0
- package/agents/salesforce/salesforce-data-architecture-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-data-architecture-agent/LEAST-PRIVILEGES.md +92 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/claude-code.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/copilot.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/cursor.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/gemini.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-development-agent/AGENT.md +114 -0
- package/agents/salesforce/salesforce-development-agent/LEAST-PRIVILEGES.md +89 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-devops-release-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-devops-release-agent/LEAST-PRIVILEGES.md +90 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/claude-code.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/copilot.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/cursor.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/gemini.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-ide.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/AGENT.md +128 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/LEAST-PRIVILEGES.md +92 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/claude-code.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/copilot.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/cursor.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/gemini.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/AGENT.md +124 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/LEAST-PRIVILEGES.md +80 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/claude-code.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/copilot.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/cursor.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/gemini.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-ide.agent.md +59 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/LEAST-PRIVILEGES.md +80 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/claude-code.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/copilot.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/cursor.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/gemini.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-ide.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/AGENT.md +125 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/LEAST-PRIVILEGES.md +88 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/claude-code.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/codex.toml +41 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/copilot.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/cursor.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/gemini.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/metadata.json +42 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/LEAST-PRIVILEGES.md +91 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-live-guard-agent/AGENT.md +126 -0
- package/agents/salesforce/salesforce-live-guard-agent/LEAST-PRIVILEGES.md +100 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/claude-code.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/codex.toml +50 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/copilot.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/cursor.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/gemini.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-ide.agent.md +58 -0
- package/agents/salesforce/salesforce-live-guard-agent/metadata.json +39 -0
- package/agents/salesforce/salesforce-maestro-agent/AGENT.md +77 -0
- package/agents/salesforce/salesforce-maestro-agent/LEAST-PRIVILEGES.md +93 -0
- package/agents/salesforce/salesforce-maestro-agent/README.md +593 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/claude-code.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/codex.toml +66 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/copilot.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/cursor.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/gemini.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-ide.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/metadata.json +38 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/AGENT.md +124 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/LEAST-PRIVILEGES.md +86 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/claude-code.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/codex.toml +34 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/copilot.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/cursor.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/gemini.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/LEAST-PRIVILEGES.md +87 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/claude-code.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/copilot.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/cursor.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/gemini.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-ide.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/metadata.json +31 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/LEAST-PRIVILEGES.md +88 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/claude-code.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/copilot.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/cursor.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/gemini.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/LEAST-PRIVILEGES.md +83 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/AGENT.md +120 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/LEAST-PRIVILEGES.md +80 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/claude-code.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/copilot.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/cursor.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/gemini.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-ide.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/LEAST-PRIVILEGES.md +90 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/claude-code.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/copilot.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/cursor.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/gemini.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-ide.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/AGENT.md +118 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/LEAST-PRIVILEGES.md +85 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/claude-code.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/copilot.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/cursor.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/gemini.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-ide.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-service-field-service-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-service-field-service-agent/LEAST-PRIVILEGES.md +82 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-session-governance-agent/AGENT.md +116 -0
- package/agents/salesforce/salesforce-session-governance-agent/LEAST-PRIVILEGES.md +91 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/claude-code.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/copilot.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/cursor.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/gemini.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-ide.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/AGENT.md +123 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/LEAST-PRIVILEGES.md +86 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/claude-code.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/copilot.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/cursor.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/gemini.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/metadata.json +41 -0
- package/assets/logos/cloud/salesforce/salesforce.svg +34 -0
- package/catalog/agents.json +1451 -283
- package/catalog/asset-integrity.json +2152 -327
- package/catalog/install-roles.json +68 -0
- package/catalog/skill-manifest.json +1040 -155
- package/catalog/skills.json +1242 -262
- package/package.json +3 -2
- package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +1 -1
- package/powers/vanguard-salesforce/POWER.md +42 -0
- package/schemas/agent.schema.json +2 -1
- package/schemas/skill.frontmatter.schema.json +33 -3
- package/schemas/skill.schema.json +2 -1
- package/scripts/export-marketplace-agents.mjs +17 -1
- package/scripts/generate-kiro-powers.mjs +12 -0
- package/scripts/release-prepare.mjs +35 -0
- package/skills/aws/aws-agentcore/references/official-sources.md +19 -19
- package/skills/aws/aws-generative-ai-developer/references/official-sources.md +10 -10
- package/skills/azure/azure-ai-foundry-ops-governor/references/workflow-and-output.md +2 -2
- package/skills/azure/azure-aks-platform-operator/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-app-service-production-readiness/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-cosmosdb-application-developer/references/official-sources.md +11 -11
- package/skills/azure/azure-cosmosdb-performance-investigator/references/official-sources.md +11 -11
- package/skills/azure/azure-cosmosdb-platform-operator/references/official-sources.md +10 -10
- package/skills/azure/azure-cost-estimation-review/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-cost-optimization-governor/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-entra-id-specialist/references/official-sources.md +28 -28
- package/skills/azure/azure-identity-governance-review/references/official-sources.md +11 -11
- package/skills/azure/azure-identity-governance-review/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-key-vault-secret-lifecycle-auditor/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-migrate-landing-zone-cutover/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-platform-automation-devops/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-private-endpoint-adoption-planner/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-resource-health-incident-triage/references/workflow-and-output.md +6 -6
- package/skills/azure/azure-subscription-resource-organization/references/workflow-and-output.md +1 -1
- package/skills/cross-functional/salesforce-case-capsule/SKILL.md +164 -0
- package/skills/cross-functional/salesforce-case-capsule/metadata.json +19 -0
- package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/SKILL.md +165 -0
- package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/metadata.json +19 -0
- package/skills/cross-functional/salesforce-live-change-approval-protocol/SKILL.md +118 -0
- package/skills/cross-functional/salesforce-live-change-approval-protocol/metadata.json +19 -0
- package/skills/cross-functional/salesforce-risk-taxonomy/SKILL.md +162 -0
- package/skills/cross-functional/salesforce-risk-taxonomy/metadata.json +19 -0
- package/skills/cross-functional/salesforce-routing-protocol/SKILL.md +159 -0
- package/skills/cross-functional/salesforce-routing-protocol/metadata.json +19 -0
- package/skills/dotnet/dotnet-aspnetcore-api-review/SKILL.md +1 -1
- package/skills/dotnet/dotnet-aspnetcore-api-review/references/workflow-and-output.md +2 -2
- package/skills/dotnet/dotnet-csharp-runtime-review/SKILL.md +2 -2
- package/skills/dotnet/dotnet-csharp-runtime-review/references/workflow-and-output.md +7 -7
- package/skills/dotnet/dotnet-efcore-data-access-review/SKILL.md +4 -4
- package/skills/dotnet/dotnet-efcore-data-access-review/references/workflow-and-output.md +3 -3
- package/skills/dotnet/dotnet-performance-aot-review/references/workflow-and-output.md +1 -1
- package/skills/dotnet/dotnet-testing-quality-review/SKILL.md +1 -1
- package/skills/dotnet/dotnet-testing-quality-review/references/workflow-and-output.md +2 -2
- package/skills/finops/focus-spec-normalizer/references/focus-columns.md +2 -2
- package/skills/gcp/gcp-alloydb-ai-developer/SKILL.md +1 -1
- package/skills/gcp/gcp-gemini-api-developer/SKILL.md +2 -2
- package/skills/nvidia/nvidia-model-promotion-gatekeeper/SKILL.md +1 -1
- package/skills/nvidia/nvidia-model-promotion-gatekeeper/references/allowlist-commands.md +1 -1
- package/skills/oci/oci-compute-platform-operator/SKILL.md +0 -2
- package/skills/oci/oci-cost-finops-analyst/SKILL.md +0 -2
- package/skills/oci/oci-database-platform-dba/SKILL.md +0 -2
- package/skills/oci/oci-devops-container-platform-engineer/SKILL.md +0 -2
- package/skills/oci/oci-identity-access-governor/SKILL.md +0 -2
- package/skills/oci/oci-multi-cloud-architect/SKILL.md +0 -2
- package/skills/oci/oci-network-architect/SKILL.md +0 -2
- package/skills/oci/oci-observability-incident-responder/SKILL.md +0 -2
- package/skills/oci/oci-security-compliance-reviewer/SKILL.md +0 -2
- package/skills/oci/oci-solution-architect/SKILL.md +1 -3
- package/skills/oci/oci-storage-backup-steward/SKILL.md +0 -2
- package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +1 -1
- package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +4 -4
- package/skills/qa/ci-test-pipeline-review/references/workflow-and-output.md +1 -1
- package/skills/qa/llm-ai-pipeline-test-review/references/workflow-and-output.md +1 -1
- package/skills/qa/playwright-e2e-suite-review/SKILL.md +4 -4
- package/skills/qa/playwright-e2e-suite-review/references/workflow-and-output.md +12 -12
- package/skills/qa/plc-control-logic-safety-review/references/workflow-and-output.md +2 -2
- package/skills/qa/test-coverage-quality-review/SKILL.md +1 -1
- package/skills/qa/test-coverage-quality-review/references/workflow-and-output.md +8 -8
- package/skills/qa/test-flakiness-triage/SKILL.md +1 -1
- package/skills/qa/test-flakiness-triage/references/workflow-and-output.md +1 -1
- package/skills/salesforce/README.md +117 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/SKILL.md +206 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/action-safety-matrix.md +160 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/agentforce-anti-patterns.md +193 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/grounding-source-evaluation.md +162 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/SKILL.md +557 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/metadata.json +41 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/observability-rubric.md +219 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/privacy-redaction.md +240 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/stdm-queries.md +436 -0
- package/skills/salesforce/salesforce-apex-generator-skill/SKILL.md +307 -0
- package/skills/salesforce/salesforce-apex-generator-skill/metadata.json +30 -0
- package/skills/salesforce/salesforce-apex-generator-skill/references/apex-patterns.md +224 -0
- package/skills/salesforce/salesforce-apex-generator-skill/references/governor-limits.md +175 -0
- package/skills/salesforce/salesforce-apex-generator-skill/references/security-defaults.md +155 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/SKILL.md +360 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/metadata.json +38 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/governor-limit-signatures.md +174 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/log-format-reference.md +154 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/redaction-rules.md +178 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/SKILL.md +195 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/apex-anti-patterns.md +270 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/governor-limits-reference.md +198 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/lwc-security.md +206 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/SKILL.md +274 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/metadata.json +29 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/references/assertion-patterns.md +174 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/references/async-testing.md +217 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/references/test-data-factory.md +174 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/SKILL.md +344 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/metadata.json +37 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/references/cli-commands.md +162 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/references/coverage-analysis.md +107 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/references/failure-diagnosis.md +187 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/SKILL.md +356 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/metadata.json +29 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/references/anonymous-apex-patterns.md +380 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/references/data-loader-templates.md +209 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/references/rollback-strategy.md +209 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/SKILL.md +380 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/metadata.json +37 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/references/cli-commands.md +264 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/references/production-refusal-rules.md +243 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/references/test-selection-strategy.md +250 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/SKILL.md +195 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/metadata.json +19 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/change-impact-categories.md +216 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sandbox-masking-strategy.md +193 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sca-rule-catalog.md +226 -0
- package/skills/salesforce/salesforce-field-mapping-skill/SKILL.md +348 -0
- package/skills/salesforce/salesforce-field-mapping-skill/metadata.json +29 -0
- package/skills/salesforce/salesforce-field-mapping-skill/references/api-name-normalization.md +141 -0
- package/skills/salesforce/salesforce-field-mapping-skill/references/picklist-value-mapping.md +245 -0
- package/skills/salesforce/salesforce-field-mapping-skill/references/type-mismatch-detection.md +187 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/SKILL.md +163 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/references/automation-conflict-matrix.md +193 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/references/fault-path-design.md +189 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/references/flow-anti-patterns.md +211 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/SKILL.md +355 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/metadata.json +35 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/references/fault-path-design.md +175 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/references/flow-error-patterns.md +247 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/references/interview-log-redaction.md +171 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/SKILL.md +137 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/metadata.json +19 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/references/hyperforce-deployment-controls.md +181 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/references/network-policy-reference.md +200 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/references/session-policy-reference.md +219 -0
- package/skills/salesforce/salesforce-integration-review-skill/SKILL.md +186 -0
- package/skills/salesforce/salesforce-integration-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-integration-review-skill/references/integration-anti-patterns.md +280 -0
- package/skills/salesforce/salesforce-integration-review-skill/references/integration-pattern-reference.md +239 -0
- package/skills/salesforce/salesforce-integration-review-skill/references/named-credential-design.md +211 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/SKILL.md +204 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-anti-patterns.md +247 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-model-reference.md +205 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/references/regulatory-mapping.md +192 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/SKILL.md +418 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/metadata.json +50 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/references/cli-commands.md +347 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/references/delegation-routing.md +416 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/references/sanitization-rules.md +392 -0
- package/skills/salesforce/salesforce-metadata-review-skill/SKILL.md +148 -0
- package/skills/salesforce/salesforce-metadata-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-metadata-review-skill/references/deprecated-metadata.md +217 -0
- package/skills/salesforce/salesforce-metadata-review-skill/references/field-hygiene-rules.md +182 -0
- package/skills/salesforce/salesforce-metadata-review-skill/references/object-design-patterns.md +187 -0
- package/skills/salesforce/salesforce-org-assessment-skill/SKILL.md +137 -0
- package/skills/salesforce/salesforce-org-assessment-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-org-assessment-skill/references/assessment-rubric.md +228 -0
- package/skills/salesforce/salesforce-org-assessment-skill/references/risk-register-template.md +211 -0
- package/skills/salesforce/salesforce-org-assessment-skill/references/tech-debt-indicators.md +252 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/SKILL.md +165 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/references/fls-review-patterns.md +235 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/references/permission-set-strategy.md +203 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/references/toxic-combinations.md +228 -0
- package/skills/salesforce/salesforce-release-readiness-skill/SKILL.md +185 -0
- package/skills/salesforce/salesforce-release-readiness-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-release-readiness-skill/references/release-checklist.md +191 -0
- package/skills/salesforce/salesforce-release-readiness-skill/references/rollback-strategy.md +234 -0
- package/skills/salesforce/salesforce-release-readiness-skill/references/test-coverage-strategy.md +314 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/SKILL.md +391 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/metadata.json +35 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/references/cli-commands.md +266 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/references/least-privilege-scope.md +224 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/references/safe-query-patterns.md +317 -0
- package/skills/salesforce/salesforce-soql-generator-skill/SKILL.md +305 -0
- package/skills/salesforce/salesforce-soql-generator-skill/metadata.json +25 -0
- package/skills/salesforce/salesforce-soql-generator-skill/references/common-patterns.md +293 -0
- package/skills/salesforce/salesforce-soql-generator-skill/references/governor-limits.md +171 -0
- package/skills/salesforce/salesforce-soql-generator-skill/references/soql-syntax-quickref.md +255 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/SKILL.md +329 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/metadata.json +28 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/references/error-message-style.md +132 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/references/formula-syntax-quickref.md +182 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/references/validation-patterns.md +214 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/SKILL.md +164 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/metadata.json +19 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/continuous-verification-patterns.md +209 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/maturity-scoring-rubric.md +179 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/nist-zta-pillars.md +194 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/001-happy-platform-admin-review.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/002-happy-business-analyst.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/003-happy-app-builder-automation.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/004-happy-development.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/005-happy-devops-release.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/006-happy-security-identity-access.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/007-happy-data-architecture.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/008-happy-integration-mulesoft.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/009-happy-sales-cloud-revenue.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/010-happy-marketing-cloud.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/011-happy-agentforce-ai.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/012-happy-analytics-tableau.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/013-happy-compliance-privacy.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/014-happy-network-policy-architect.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/015-happy-hyperforce-security.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/016-happy-sandbox-isolation.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/017-happy-session-governance.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/018-happy-continuous-verification.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/019-happy-certificate-lifecycle.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/020-happy-adaptive-access.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/021-happy-code-analyzer-orchestrator.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/022-happy-sandbox-governance.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/023-happy-change-impact-analyst.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-ambiguous.json +4 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-instruction-injection.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-01-live-org-deploy-guard.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-02-live-mass-delete-guard.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-03-live-release-to-prod-guard.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-persona-replacement.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-secrets-bait.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/001-happy-platform-admin-review.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/002-happy-business-analyst.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/003-happy-app-builder-automation.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/004-happy-development.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/005-happy-devops-release.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/006-happy-security-identity-access.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/007-happy-data-architecture.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/008-happy-integration-mulesoft.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/009-happy-sales-cloud-revenue.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/010-happy-marketing-cloud.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/011-happy-agentforce-ai.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/012-happy-analytics-tableau.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/013-happy-compliance-privacy.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/014-happy-network-policy-architect.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/015-happy-hyperforce-security.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/016-happy-sandbox-isolation.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/017-happy-session-governance.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/018-happy-continuous-verification.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/019-happy-certificate-lifecycle.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/020-happy-adaptive-access.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/021-happy-code-analyzer-orchestrator.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/022-happy-sandbox-governance.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/023-happy-change-impact-analyst.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-ambiguous.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-instruction-injection.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-01-live-org-deploy-guard.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-02-live-mass-delete-guard.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-03-live-release-to-prod-guard.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-persona-replacement.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-secrets-bait.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/taxonomy.json +371 -0
- package/tests/test-vfa-export-coverage.test.mjs +8 -4
- package/tests/validate-catalog.py +12 -1
- package/tests/validate-plugin-manifest.py +11 -1
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
# Hyperforce Deployment Controls Reference
|
|
2
|
+
|
|
3
|
+
Reference for Salesforce Hyperforce
|
|
4
|
+
deployment controls covering
|
|
5
|
+
region selection, data residency commitments, and Infrastructure Access boundary
|
|
6
|
+
management.
|
|
7
|
+
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
## What Hyperforce Is
|
|
11
|
+
|
|
12
|
+
Hyperforce is Salesforce's public cloud-based infrastructure built on top of
|
|
13
|
+
major cloud providers (AWS, Azure, GCP, Alibaba Cloud — varies by region).
|
|
14
|
+
|
|
15
|
+
Hyperforce is distinct from legacy Salesforce infrastructure ("Classic") in
|
|
16
|
+
that:
|
|
17
|
+
- Customer data is hosted within defined cloud regions with contractual data
|
|
18
|
+
residency boundaries.
|
|
19
|
+
- Compute and storage are on public cloud infrastructure with Salesforce's
|
|
20
|
+
security controls applied on top.
|
|
21
|
+
- Upgrades and scaling occur at the public cloud layer.
|
|
22
|
+
|
|
23
|
+
---
|
|
24
|
+
|
|
25
|
+
## Region Selection
|
|
26
|
+
|
|
27
|
+
### Available Hyperforce Regions
|
|
28
|
+
|
|
29
|
+
Region availability changes as Hyperforce expands.
|
|
30
|
+
Verify current available regions with Salesforce documentation or account team.
|
|
31
|
+
|
|
32
|
+
As of the last validated date, Hyperforce regions include (not exhaustive):
|
|
33
|
+
|
|
34
|
+
| Region | Cloud Provider | Data Residency Boundary |
|
|
35
|
+
|--------|---------------|------------------------|
|
|
36
|
+
| US East | AWS | United States |
|
|
37
|
+
| US West | AWS | United States |
|
|
38
|
+
| EU (Frankfurt) | AWS | European Union (Germany) |
|
|
39
|
+
| EU (London) | AWS | United Kingdom |
|
|
40
|
+
| APAC (Tokyo) | AWS | Japan |
|
|
41
|
+
| APAC (Singapore) | AWS | Singapore/ASEAN |
|
|
42
|
+
| India | AWS | India |
|
|
43
|
+
| Australia | AWS | Australia |
|
|
44
|
+
|
|
45
|
+
### Region Selection Criteria
|
|
46
|
+
|
|
47
|
+
1. **Regulatory requirement:** GDPR requires EU personal data to remain in EEA
|
|
48
|
+
or countries with adequacy decisions. Select an EU region for EU-resident data.
|
|
49
|
+
2. **Data sovereignty:** Government and financial regulators in some countries
|
|
50
|
+
require in-country data storage. Verify with legal counsel.
|
|
51
|
+
3. **Latency:** Select the region closest to the majority of end users.
|
|
52
|
+
4. **Availability:** Not all Salesforce products are available in all Hyperforce
|
|
53
|
+
regions on the same timeline.
|
|
54
|
+
|
|
55
|
+
### How to Identify Your Org's Hyperforce Region
|
|
56
|
+
|
|
57
|
+
```bash
|
|
58
|
+
# Check the org's instance name and location
|
|
59
|
+
sf org display -o your-org-alias --json | jq '.result.instanceUrl'
|
|
60
|
+
# e.g., https://mycompany.my.salesforce.com
|
|
61
|
+
|
|
62
|
+
# Cross-reference instance name with Salesforce Trust status page instance list
|
|
63
|
+
# to identify the hosting region
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Salesforce Trust (trust.salesforce.com) lists all instances with region labels.
|
|
67
|
+
Hyperforce instances are typically labeled with their cloud region
|
|
68
|
+
(e.g., `CS102` for a US instance, `EU64` for an EU instance).
|
|
69
|
+
|
|
70
|
+
---
|
|
71
|
+
|
|
72
|
+
## Data Residency Controls
|
|
73
|
+
|
|
74
|
+
### What Hyperforce Guarantees
|
|
75
|
+
|
|
76
|
+
Hyperforce provides:
|
|
77
|
+
- Data-at-rest encrypted and stored within the contracted region.
|
|
78
|
+
- Metadata (configuration, schema) may also be region-bound depending on the
|
|
79
|
+
product and contract.
|
|
80
|
+
- Salesforce support access controls via the Customer Trust Access Management
|
|
81
|
+
feature.
|
|
82
|
+
|
|
83
|
+
### What Hyperforce Does NOT Guarantee by Default
|
|
84
|
+
|
|
85
|
+
- Prevention of data flowing to Salesforce support systems outside the region
|
|
86
|
+
during incident investigation (unless Customer Trust Access Management is enabled).
|
|
87
|
+
- Restricting CDN edge nodes to a specific region (traffic routing optimizations
|
|
88
|
+
may traverse geographic boundaries at the network layer).
|
|
89
|
+
|
|
90
|
+
### Verifying Data Residency via Contract
|
|
91
|
+
|
|
92
|
+
Data residency is a contractual commitment, not purely a technical one. Review:
|
|
93
|
+
- Order Form for the "Data Residency Option" or "Hyperforce region" specification.
|
|
94
|
+
- Data Processing Addendum (DPA) for region binding commitments.
|
|
95
|
+
- Business Associate Agreement (BAA) if HIPAA-regulated data is processed.
|
|
96
|
+
|
|
97
|
+
---
|
|
98
|
+
|
|
99
|
+
## Infrastructure Access Controls
|
|
100
|
+
|
|
101
|
+
### What Infrastructure Access Means
|
|
102
|
+
|
|
103
|
+
Infrastructure Access refers to whether Salesforce support engineers and
|
|
104
|
+
infrastructure teams can access customer org data for troubleshooting.
|
|
105
|
+
|
|
106
|
+
By default, Salesforce support has time-limited access to org data for support
|
|
107
|
+
purposes. This is detailed in the Salesforce Privacy and Security Documentation.
|
|
108
|
+
|
|
109
|
+
### Customer Trust Access Management
|
|
110
|
+
|
|
111
|
+
Hyperforce customers can enable Customer Trust Access Management to require
|
|
112
|
+
explicit customer approval before Salesforce support personnel access production
|
|
113
|
+
org data.
|
|
114
|
+
|
|
115
|
+
Controls available (subject to contract and product tier):
|
|
116
|
+
- Require customer approval for all Salesforce support access to production data.
|
|
117
|
+
- Access requests expire after a defined time window (e.g., 4 hours).
|
|
118
|
+
- Access events are logged and visible to the customer.
|
|
119
|
+
|
|
120
|
+
To review access logs (if enabled):
|
|
121
|
+
```sql
|
|
122
|
+
SELECT Id, Action, ActorName, ActorType, EventDate, Summary
|
|
123
|
+
FROM SetupAuditTrail
|
|
124
|
+
WHERE Action LIKE '%Access%' OR Action LIKE '%Support%'
|
|
125
|
+
ORDER BY EventDate DESC
|
|
126
|
+
LIMIT 200
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
### Admin Lockout Controls
|
|
130
|
+
|
|
131
|
+
Hyperforce includes the ability to restrict Salesforce admin-level access to
|
|
132
|
+
specific named individuals. This is part of the Enterprise Key Management and
|
|
133
|
+
Infrastructure Access offering.
|
|
134
|
+
|
|
135
|
+
---
|
|
136
|
+
|
|
137
|
+
## Shield Encryption and Key Management
|
|
138
|
+
|
|
139
|
+
Salesforce Shield Platform Encryption
|
|
140
|
+
provides encryption
|
|
141
|
+
at-rest for selected fields and files. On Hyperforce, encryption key management
|
|
142
|
+
options include:
|
|
143
|
+
|
|
144
|
+
| Option | Description | Key Custody |
|
|
145
|
+
|--------|-------------|------------|
|
|
146
|
+
| Salesforce-managed keys | Default; Salesforce manages key lifecycle | Salesforce |
|
|
147
|
+
| Customer-managed keys (Bring Your Own Key) | Customer uploads and rotates keys | Customer |
|
|
148
|
+
| External Key Management (EKM) | Keys stored in customer's external HSM or KMS | Customer HSM/KMS |
|
|
149
|
+
|
|
150
|
+
### Key Management Audit Points
|
|
151
|
+
|
|
152
|
+
- [ ] Verify encryption tenant secret rotation schedule (recommended: 90 days).
|
|
153
|
+
- [ ] Confirm key derivation history shows at least one manual rotation in the
|
|
154
|
+
last 12 months.
|
|
155
|
+
- [ ] If using BYOK, confirm the master HSM/KMS is geographically co-located
|
|
156
|
+
with the Hyperforce region.
|
|
157
|
+
- [ ] Verify Shield encryption covers all regulated field types (PII, PHI, financial).
|
|
158
|
+
|
|
159
|
+
```sql
|
|
160
|
+
// Query encrypted field configuration (requires Shield)
|
|
161
|
+
SELECT EntityDefinition.QualifiedApiName, QualifiedApiName, Label,
|
|
162
|
+
IsEncrypted
|
|
163
|
+
FROM FieldDefinition
|
|
164
|
+
WHERE IsEncrypted = true
|
|
165
|
+
ORDER BY EntityDefinition.QualifiedApiName, QualifiedApiName
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
---
|
|
169
|
+
|
|
170
|
+
## Hyperforce Deployment Readiness Checklist
|
|
171
|
+
|
|
172
|
+
- [ ] Org instance confirmed as Hyperforce (not legacy Classic infrastructure).
|
|
173
|
+
- [ ] Hyperforce region documented and matches regulatory data residency requirement.
|
|
174
|
+
- [ ] Contract includes Data Residency Option for the required region.
|
|
175
|
+
- [ ] Data Processing Addendum (DPA) executed with correct region binding.
|
|
176
|
+
- [ ] Customer Trust Access Management evaluated and configured if required.
|
|
177
|
+
- [ ] Salesforce Shield Platform Encryption coverage reviewed for regulated fields.
|
|
178
|
+
- [ ] Encryption key rotation schedule documented and tested.
|
|
179
|
+
- [ ] BYOK/EKM configured if customer-controlled keys are contractually required.
|
|
180
|
+
- [ ] Salesforce Trust status subscriptions configured for the org's specific instance.
|
|
181
|
+
- [ ] Incident response plan includes Hyperforce region-specific escalation contacts.
|
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
# Network Policy Reference
|
|
2
|
+
|
|
3
|
+
Reference for Salesforce network access controls including IP allowlists,
|
|
4
|
+
login IP ranges, CSP Trusted Sites, and connected app network policies.
|
|
5
|
+
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
## IP Restriction Layers in Salesforce
|
|
9
|
+
|
|
10
|
+
Salesforce provides multiple independently configurable IP restriction layers.
|
|
11
|
+
They are not equivalent and must all be reviewed.
|
|
12
|
+
|
|
13
|
+
| Layer | Where Configured | Scope | Enforcement Point |
|
|
14
|
+
|-------|-----------------|-------|------------------|
|
|
15
|
+
| Org-wide trusted IP ranges | Setup > Network Access | All users | Login block if not in range |
|
|
16
|
+
| Profile login IP ranges | Setup > Profiles > Login IP Ranges | Users on that profile | Login block |
|
|
17
|
+
| Connected App IP restrictions | Setup > Connected Apps > [App] > IP Ranges | OAuth API sessions for that app | API call block |
|
|
18
|
+
| Named Credential IP | Not configurable at Named Credential level | N/A | Controlled by callout destination |
|
|
19
|
+
|
|
20
|
+
---
|
|
21
|
+
|
|
22
|
+
## Org-Wide Trusted IP Ranges
|
|
23
|
+
|
|
24
|
+
Path: Setup > Security > Network Access
|
|
25
|
+
|
|
26
|
+
Trusted IP ranges affect the SMS/email verification challenge. If a user logs
|
|
27
|
+
in from a non-trusted IP, Salesforce sends a verification challenge. Trusted
|
|
28
|
+
ranges bypass this challenge.
|
|
29
|
+
|
|
30
|
+
```
|
|
31
|
+
Recommended: Do NOT add overly broad ranges such as 0.0.0.0-255.255.255.255
|
|
32
|
+
This disables the verification challenge for all users globally.
|
|
33
|
+
|
|
34
|
+
Acceptable: Office IP ranges, VPN egress IPs, CI/CD pipeline IPs.
|
|
35
|
+
Review: Any entry covering a /8 or /16 subnet needs justification.
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
### Query trusted IP ranges via Metadata API
|
|
39
|
+
```bash
|
|
40
|
+
sf org retrieve metadata \
|
|
41
|
+
--metadata NetworkAccess \
|
|
42
|
+
-o my-org \
|
|
43
|
+
--target-dir /tmp/network-policy/
|
|
44
|
+
cat /tmp/network-policy/force-app/main/default/networkAccess/NetworkAccess.networkAccess-meta.xml
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
### Audit script (anonymous Apex)
|
|
48
|
+
```apex
|
|
49
|
+
// Network access ranges cannot be queried via Apex — use Metadata API
|
|
50
|
+
// as shown above or review via Setup UI.
|
|
51
|
+
// However, you can inspect Profile-level login IP ranges:
|
|
52
|
+
for (Profile p : [SELECT Id, Name FROM Profile WHERE UserLicense.Name != 'Guest']) {
|
|
53
|
+
System.debug('Profile: ' + p.Name + ' | Id: ' + p.Id);
|
|
54
|
+
}
|
|
55
|
+
// Then use Metadata API to extract LoginIpRanges per profile
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
---
|
|
59
|
+
|
|
60
|
+
## Profile Login IP Ranges
|
|
61
|
+
|
|
62
|
+
Path: Setup > Profiles > [Profile Name] > Login IP Ranges
|
|
63
|
+
|
|
64
|
+
Login IP ranges restrict which IPs a user on that profile can log in from.
|
|
65
|
+
Profiles with no login IP ranges configured allow login from any IP (subject
|
|
66
|
+
to trusted IP challenge for untrusted IPs).
|
|
67
|
+
|
|
68
|
+
### High-Risk Profile Findings
|
|
69
|
+
|
|
70
|
+
| Finding | Risk Level |
|
|
71
|
+
|---------|-----------|
|
|
72
|
+
| System Administrator profile with no login IP range | HIGH |
|
|
73
|
+
| Integration user profile with no login IP range | HIGH |
|
|
74
|
+
| Integration user profile with IP range 0.0.0.0/0 | CRITICAL |
|
|
75
|
+
| Guest User profile with login IP range (misconfigured — Guest login not IP restricted at profile level) | MEDIUM |
|
|
76
|
+
|
|
77
|
+
### Recommended Login IP Ranges by Profile Type
|
|
78
|
+
|
|
79
|
+
| Profile Type | Recommended Range |
|
|
80
|
+
|-------------|------------------|
|
|
81
|
+
| System Administrator | Specific corporate IPs + VPN egress only |
|
|
82
|
+
| Integration User | Middleware server IPs only (no user interactive login) |
|
|
83
|
+
| Standard internal user | Corporate VPN range acceptable |
|
|
84
|
+
| External Community user | No restriction (users are globally distributed) |
|
|
85
|
+
| Guest User | No effective restriction via login IP ranges |
|
|
86
|
+
|
|
87
|
+
---
|
|
88
|
+
|
|
89
|
+
## CSP Trusted Sites
|
|
90
|
+
|
|
91
|
+
Path: Setup > Security > CSP Trusted Sites
|
|
92
|
+
|
|
93
|
+
Salesforce enforces a Content Security Policy on all Lightning pages. External
|
|
94
|
+
resources (images, scripts, fonts, API endpoints, WebSockets) must be listed
|
|
95
|
+
in CSP Trusted Sites or the browser will block them.
|
|
96
|
+
|
|
97
|
+
### CSP Directive Mapping in Salesforce
|
|
98
|
+
|
|
99
|
+
| CSP Directive | Controls |
|
|
100
|
+
|---------------|----------|
|
|
101
|
+
| `connect-src` | XHR/fetch API calls, WebSocket connections |
|
|
102
|
+
| `img-src` | Images loaded from external URLs |
|
|
103
|
+
| `style-src` | External stylesheets |
|
|
104
|
+
| `font-src` | External fonts |
|
|
105
|
+
| `frame-src` | Embedded iframes |
|
|
106
|
+
| `script-src` | External scripts (Salesforce blocks most external scripts by default) |
|
|
107
|
+
|
|
108
|
+
### CSP Trusted Site Audit Checklist
|
|
109
|
+
|
|
110
|
+
- [ ] No wildcard domains (`*.example.com` acceptable; `*` or `*.com` is a finding).
|
|
111
|
+
- [ ] HTTPS enforced for all entries (no `http://` in CSP Trusted Sites).
|
|
112
|
+
- [ ] Entries for localhost or internal staging domains removed before production.
|
|
113
|
+
- [ ] `frame-src` includes only explicitly required embedding origins.
|
|
114
|
+
- [ ] Review annually; remove origins for decommissioned integrations.
|
|
115
|
+
|
|
116
|
+
### Retrieve CSP Trusted Sites via SOQL
|
|
117
|
+
```sql
|
|
118
|
+
SELECT Id, EndpointUrl, IsActive, Context, Description
|
|
119
|
+
FROM CspTrustedSite
|
|
120
|
+
WHERE IsActive = true
|
|
121
|
+
ORDER BY EndpointUrl
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
---
|
|
125
|
+
|
|
126
|
+
## Session Security Settings
|
|
127
|
+
|
|
128
|
+
Path: Setup > Security > Session Settings
|
|
129
|
+
|
|
130
|
+
### Critical Settings to Review
|
|
131
|
+
|
|
132
|
+
| Setting | Secure Configuration | Risk if Misconfigured |
|
|
133
|
+
|---------|---------------------|----------------------|
|
|
134
|
+
| Session Timeout | 15 min (admin), 2-8 hours (standard) | Longer = session hijacking risk |
|
|
135
|
+
| Lock sessions to IP | Enabled | Prevents session token reuse from different IP |
|
|
136
|
+
| Lock sessions to domain | Enabled | Prevents cookie leakage across subdomains |
|
|
137
|
+
| Force logout on session timeout | Enabled | Ensures clean session termination |
|
|
138
|
+
| Clickjack Protection | Enabled for all pages | Prevents UI redress attacks |
|
|
139
|
+
| Content Sniff Protection | Enabled | Prevents MIME-type sniffing |
|
|
140
|
+
| HSTS | Enabled | Prevents SSL-stripping attacks |
|
|
141
|
+
| XSS Protection | Enabled | Browser-level XSS mitigation |
|
|
142
|
+
| Require HTTPS | Enabled | Prevents plaintext session cookies |
|
|
143
|
+
|
|
144
|
+
### High Assurance Session Requirements
|
|
145
|
+
|
|
146
|
+
High Assurance sessions are required before accessing certain sensitive areas
|
|
147
|
+
(certificates, Auth. Providers configuration, Connected App settings).
|
|
148
|
+
|
|
149
|
+
Configure which operations require High Assurance:
|
|
150
|
+
Path: Setup > Security > Session Settings > Session Security Levels
|
|
151
|
+
|
|
152
|
+
Recommended High Assurance operations:
|
|
153
|
+
- Manage Users
|
|
154
|
+
- Manage Connected Apps
|
|
155
|
+
- Manage Auth. Providers
|
|
156
|
+
- Manage Remote Sites
|
|
157
|
+
- Manage Certificates
|
|
158
|
+
|
|
159
|
+
---
|
|
160
|
+
|
|
161
|
+
## Connected App Network Controls
|
|
162
|
+
|
|
163
|
+
For each Connected App:
|
|
164
|
+
- Set IP Relaxation to "Enforce IP restrictions" (not "Relax IP restrictions").
|
|
165
|
+
- OAuth Token Timeout: set to minimum required for the integration use case.
|
|
166
|
+
- Review Callback URL — should be HTTPS only.
|
|
167
|
+
|
|
168
|
+
```sql
|
|
169
|
+
SELECT Id, Name, OptionsAllowAdminApprovedUsersOnly,
|
|
170
|
+
MobileStartUrl, StartUrl
|
|
171
|
+
FROM ConnectedApplication
|
|
172
|
+
ORDER BY Name
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
Detailed OAuth policy review requires Metadata API retrieval of `ConnectedApp`
|
|
176
|
+
metadata type.
|
|
177
|
+
|
|
178
|
+
---
|
|
179
|
+
|
|
180
|
+
## Remote Site Settings
|
|
181
|
+
|
|
182
|
+
Path: Setup > Security > Remote Site Settings
|
|
183
|
+
|
|
184
|
+
Remote Site Settings control which external URLs Apex code and Visualforce
|
|
185
|
+
can make HTTP callouts to.
|
|
186
|
+
|
|
187
|
+
```sql
|
|
188
|
+
SELECT Id, EndpointUrl, IsActive, Description, DisableProtocolSecurity
|
|
189
|
+
FROM RemoteProxy
|
|
190
|
+
WHERE IsActive = true
|
|
191
|
+
ORDER BY EndpointUrl
|
|
192
|
+
```
|
|
193
|
+
|
|
194
|
+
**HIGH finding:** Any record where `DisableProtocolSecurity = true`.
|
|
195
|
+
This disables SSL certificate verification for that endpoint — equivalent to
|
|
196
|
+
`TrustManager.TRUST_ALL` in Java.
|
|
197
|
+
|
|
198
|
+
**Review:** All HTTP (non-HTTPS) endpoints. All endpoints on the pattern
|
|
199
|
+
`http://localhost` or `http://127.0.0.1` (only acceptable in developer orgs
|
|
200
|
+
for local Salesforce Functions development).
|
|
@@ -0,0 +1,219 @@
|
|
|
1
|
+
# Session Policy Reference
|
|
2
|
+
|
|
3
|
+
Reference for Salesforce session security configuration including timeout values,
|
|
4
|
+
clickjack protection, high-assurance session requirements, and HTTPS enforcement.
|
|
5
|
+
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
## Session Settings Location
|
|
9
|
+
|
|
10
|
+
Path: Setup > Security > Session Settings
|
|
11
|
+
|
|
12
|
+
All settings in this section apply org-wide unless overridden at the connected
|
|
13
|
+
app or profile level.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## Timeout Configuration
|
|
18
|
+
|
|
19
|
+
### Session Timeout Values
|
|
20
|
+
|
|
21
|
+
Salesforce allows timeout values from 15 minutes to 24 hours.
|
|
22
|
+
|
|
23
|
+
| User Type | Recommended Timeout | Maximum Acceptable |
|
|
24
|
+
|-----------|--------------------|--------------------|
|
|
25
|
+
| System Administrator | 15 minutes | 30 minutes |
|
|
26
|
+
| Integration API user | N/A (use server-to-server OAuth, not interactive session) | N/A |
|
|
27
|
+
| Standard internal user | 2 hours | 8 hours |
|
|
28
|
+
| External Community user | 2 hours | 12 hours |
|
|
29
|
+
| Guest User | 15 minutes (read-only context) | 30 minutes |
|
|
30
|
+
|
|
31
|
+
**Finding:** Org-wide session timeout > 8 hours is a MEDIUM finding.
|
|
32
|
+
**Finding:** System Administrator session timeout > 30 minutes is a HIGH finding.
|
|
33
|
+
|
|
34
|
+
### Timeout Behavior Settings
|
|
35
|
+
|
|
36
|
+
| Setting | Recommended Value |
|
|
37
|
+
|---------|------------------|
|
|
38
|
+
| Timeout Action | Lock (not Logout, to preserve user work) |
|
|
39
|
+
| Force Logout on Timeout | Enabled for Admin profiles |
|
|
40
|
+
| Disable Session Timeout Warning Popup | Disabled (users should see warning) |
|
|
41
|
+
|
|
42
|
+
---
|
|
43
|
+
|
|
44
|
+
## Lock Sessions Settings
|
|
45
|
+
|
|
46
|
+
### Lock Sessions to IP Address
|
|
47
|
+
|
|
48
|
+
When enabled, a session token is bound to the IP address used at login. The
|
|
49
|
+
session is invalidated if a request arrives from a different IP with the same
|
|
50
|
+
token.
|
|
51
|
+
|
|
52
|
+
**Recommended:** Enabled for all user types.
|
|
53
|
+
|
|
54
|
+
**Exception:** Mobile users on carrier networks may have rotating IPs. For mobile
|
|
55
|
+
use cases, evaluate the trade-off between security and usability.
|
|
56
|
+
|
|
57
|
+
**Setting location:** Session Settings > Lock sessions to the IP address from
|
|
58
|
+
which they originated.
|
|
59
|
+
|
|
60
|
+
### Lock Sessions to Domain
|
|
61
|
+
|
|
62
|
+
When enabled, session cookies are bound to the specific Salesforce subdomain.
|
|
63
|
+
Cross-subdomain cookie reuse is blocked.
|
|
64
|
+
|
|
65
|
+
**Recommended:** Enabled.
|
|
66
|
+
|
|
67
|
+
---
|
|
68
|
+
|
|
69
|
+
## Clickjack Protection
|
|
70
|
+
|
|
71
|
+
Clickjack (UI Redress) attacks embed Salesforce pages in an iframe on an
|
|
72
|
+
attacker-controlled page and trick users into clicking buttons they cannot see.
|
|
73
|
+
|
|
74
|
+
### Protection Levels
|
|
75
|
+
|
|
76
|
+
|
|
77
|
+
| Setting | Description | Recommendation |
|
|
78
|
+
|---------|-------------|----------------|
|
|
79
|
+
| Allow framing by any page | No protection | Never use in production |
|
|
80
|
+
| Allow framing by the same origin only | Allows same-domain embedding | Minimum |
|
|
81
|
+
| Don't allow framing by any page | Strict X-Frame-Options: DENY | Recommended |
|
|
82
|
+
|
|
83
|
+
Path: Setup > Security > Session Settings > Clickjack Protection Level
|
|
84
|
+
|
|
85
|
+
**Additional settings to enable:**
|
|
86
|
+
- Enable clickjack protection for non-setup Salesforce pages (standard pages)
|
|
87
|
+
- Enable clickjack protection for setup Salesforce pages
|
|
88
|
+
|
|
89
|
+
**Visualforce clickjack protection:**
|
|
90
|
+
Each Visualforce page can override with the `showHeader` attribute interaction
|
|
91
|
+
with `<apex:page>`. Review VF pages that embed external content.
|
|
92
|
+
|
|
93
|
+
---
|
|
94
|
+
|
|
95
|
+
## HTTPS Enforcement
|
|
96
|
+
|
|
97
|
+
### Require Secure Connections (HTTPS)
|
|
98
|
+
|
|
99
|
+
Path: Setup > Security > Session Settings > Require secure connections (HTTPS)
|
|
100
|
+
|
|
101
|
+
**Recommended:** Enabled. This setting forces all Salesforce traffic over HTTPS.
|
|
102
|
+
|
|
103
|
+
### HTTP Strict Transport Security (HSTS)
|
|
104
|
+
|
|
105
|
+
HSTS instructs browsers to only connect to Salesforce over HTTPS for a defined
|
|
106
|
+
period, preventing SSL-stripping attacks.
|
|
107
|
+
|
|
108
|
+
Salesforce enables HSTS by default on all production orgs. Verify it is not
|
|
109
|
+
disabled in custom domain configurations.
|
|
110
|
+
|
|
111
|
+
**Custom domain HSTS verification:**
|
|
112
|
+
```bash
|
|
113
|
+
curl -I https://yourcustomdomain.my.salesforce.com 2>/dev/null | grep -i strict
|
|
114
|
+
# Expected: strict-transport-security: max-age=31536000; includeSubDomains
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
---
|
|
118
|
+
|
|
119
|
+
## High-Assurance Session Requirements
|
|
120
|
+
|
|
121
|
+
A High Assurance session requires the user to authenticate with a stronger
|
|
122
|
+
method (MFA hardware token, certificate) before accessing sensitive areas.
|
|
123
|
+
|
|
124
|
+
### How High Assurance Works
|
|
125
|
+
|
|
126
|
+
Salesforce defines two session security levels:
|
|
127
|
+
- **Standard:** Regular username/password or SSO.
|
|
128
|
+
- **High Assurance:** MFA required (hardware key, Salesforce Authenticator app,
|
|
129
|
+
TOTP authenticator).
|
|
130
|
+
|
|
131
|
+
### Required High Assurance Operations (Recommended)
|
|
132
|
+
|
|
133
|
+
Path: Setup > Security > Session Settings > Session Security Levels
|
|
134
|
+
|
|
135
|
+
| Operation | Risk If Not High Assurance |
|
|
136
|
+
|-----------|--------------------------|
|
|
137
|
+
| Manage Users | Account takeover via compromised admin session |
|
|
138
|
+
| Manage Connected Apps | OAuth token theft |
|
|
139
|
+
| Manage Auth. Providers | Identity provider tampering |
|
|
140
|
+
| Manage Certificates | PKI compromise |
|
|
141
|
+
| Manage Remote Sites | Add malicious callout targets |
|
|
142
|
+
| View Setup Audit Trail | Audit log access |
|
|
143
|
+
| Manage Encryption | Shield encryption key access |
|
|
144
|
+
|
|
145
|
+
### Assigning High Assurance to Permission Sets
|
|
146
|
+
|
|
147
|
+
You can require High Assurance for any Permission Set:
|
|
148
|
+
```
|
|
149
|
+
Setup > Permission Sets > [Set] > Session Activation Required = High Assurance
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
Users who activate this permission set in a Standard session will be prompted
|
|
153
|
+
to step up to High Assurance.
|
|
154
|
+
|
|
155
|
+
---
|
|
156
|
+
|
|
157
|
+
## OAuth Token Security Settings
|
|
158
|
+
|
|
159
|
+
Path: Setup > Security > OAuth and OpenID Connect Settings
|
|
160
|
+
|
|
161
|
+
| Setting | Secure Value |
|
|
162
|
+
|---------|-------------|
|
|
163
|
+
| Allow OAuth Username-Password Flows | Disabled (deprecated, no MFA support) |
|
|
164
|
+
| Allow OAuth User-Agent Flows | Disabled (implicit flow deprecated in OAuth 2.1) |
|
|
165
|
+
| Token Expiration for web apps | 2 hours maximum |
|
|
166
|
+
| Refresh Token Policy | Expire on first use or set fixed expiry |
|
|
167
|
+
|
|
168
|
+
**HIGH finding:** OAuth Username-Password Flow enabled in production.
|
|
169
|
+
This flow transmits credentials in the request body and bypasses MFA.
|
|
170
|
+
|
|
171
|
+
---
|
|
172
|
+
|
|
173
|
+
## Audit Settings
|
|
174
|
+
|
|
175
|
+
### Login History Retention
|
|
176
|
+
|
|
177
|
+
Salesforce retains login history for 6 months. For compliance requirements
|
|
178
|
+
beyond 6 months, export and store in a SIEM.
|
|
179
|
+
|
|
180
|
+
```sql
|
|
181
|
+
SELECT UserId, LoginTime, LoginType, LoginUrl, SourceIp,
|
|
182
|
+
Status, Application, Browser, Platform
|
|
183
|
+
FROM LoginHistory
|
|
184
|
+
WHERE LoginTime = LAST_N_DAYS:90
|
|
185
|
+
ORDER BY LoginTime DESC
|
|
186
|
+
LIMIT 1000
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
### Setup Audit Trail
|
|
190
|
+
|
|
191
|
+
Path: Setup > Security > View Setup Audit Trail
|
|
192
|
+
|
|
193
|
+
Salesforce retains the Setup Audit Trail for 180 days. For compliance, export
|
|
194
|
+
regularly.
|
|
195
|
+
|
|
196
|
+
```bash
|
|
197
|
+
sf data query \
|
|
198
|
+
--query "SELECT CreatedDate, CreatedByUser, Action, Section, Display \
|
|
199
|
+
FROM SetupAuditTrail \
|
|
200
|
+
ORDER BY CreatedDate DESC \
|
|
201
|
+
LIMIT 2000" \
|
|
202
|
+
-o my-org \
|
|
203
|
+
--result-format csv > audit-trail.csv
|
|
204
|
+
```
|
|
205
|
+
|
|
206
|
+
---
|
|
207
|
+
|
|
208
|
+
## Session Security Review Checklist
|
|
209
|
+
|
|
210
|
+
- [ ] Session timeout <= 8 hours for standard users, <= 30 min for admins.
|
|
211
|
+
- [ ] Lock sessions to IP: Enabled.
|
|
212
|
+
- [ ] Lock sessions to domain: Enabled.
|
|
213
|
+
- [ ] Clickjack protection: Enabled for all pages.
|
|
214
|
+
- [ ] HTTPS required: Enabled.
|
|
215
|
+
- [ ] High Assurance required for: Manage Users, Connected Apps, Auth. Providers.
|
|
216
|
+
- [ ] OAuth Username-Password Flow: Disabled.
|
|
217
|
+
- [ ] OAuth User-Agent Flow (implicit): Disabled.
|
|
218
|
+
- [ ] Login history exported to SIEM if retention > 6 months required.
|
|
219
|
+
- [ ] MFA enforced via profile or org-wide policy.
|