@raishin/vanguard-frontier-agentic 2.3.0 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/tasks/task-dynamic-kiro-powers/2025-01-24-120000-review.md +92 -0
- package/.agents/tasks/task-dynamic-kiro-powers/context.json +22 -0
- package/.agents/tasks/task-dynamic-kiro-powers/features/FEAT-001.json +34 -0
- package/.agents/tasks/task-dynamic-kiro-powers/task.json +14 -0
- package/.claude-plugin/marketplace.json +1 -1
- package/.claude-plugin/plugin.json +31 -1
- package/.cursor-plugin/plugin.json +31 -1
- package/.github/plugin/marketplace.json +1 -1
- package/README.md +17 -12
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/AGENT.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/claude-code.agent.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/copilot.agent.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/cursor.agent.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/gemini.agent.md +1 -1
- package/agents/dotnet/dotnet-aspnetcore-api-review-agent/harnesses/kiro-ide.agent.md +1 -1
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/AGENT.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/claude-code.agent.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/copilot.agent.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/cursor.agent.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/gemini.agent.md +2 -2
- package/agents/dotnet/dotnet-csharp-runtime-review-agent/harnesses/kiro-ide.agent.md +2 -2
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/AGENT.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/claude-code.agent.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/copilot.agent.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/cursor.agent.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/gemini.agent.md +3 -3
- package/agents/dotnet/dotnet-efcore-data-access-review-agent/harnesses/kiro-ide.agent.md +3 -3
- package/agents/hetzner/README.md +1 -1
- package/agents/oci/oci-devops-container-platform-engineer-agent/AGENT.md +1 -1
- package/agents/oci/oci-exadata-platform-architect-agent/AGENT.md +1 -1
- package/agents/oci/oci-multi-cloud-architect-agent/AGENT.md +1 -1
- package/agents/prometheus/README.md +1 -1
- package/agents/qa/playwright-e2e-suite-review-agent/AGENT.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/claude-code.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/copilot.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/cursor.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/gemini.agent.md +3 -3
- package/agents/qa/playwright-e2e-suite-review-agent/harnesses/kiro-ide.agent.md +3 -3
- package/agents/salesforce/AGENTS.md +31 -0
- package/agents/salesforce/README.md +135 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/AGENT.md +117 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/LEAST-PRIVILEGES.md +91 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/claude-code.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/copilot.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/cursor.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/gemini.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-ide.agent.md +69 -0
- package/agents/salesforce/salesforce-adaptive-access-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/AGENT.md +126 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/LEAST-PRIVILEGES.md +92 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/claude-code.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/copilot.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/cursor.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/gemini.agent.md +81 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-agentforce-ai-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/AGENT.md +119 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/LEAST-PRIVILEGES.md +81 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/claude-code.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/copilot.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/cursor.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/gemini.agent.md +75 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-ide.agent.md +45 -0
- package/agents/salesforce/salesforce-analytics-tableau-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/AGENT.md +112 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/LEAST-PRIVILEGES.md +86 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-app-builder-automation-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-business-analyst-agent/AGENT.md +110 -0
- package/agents/salesforce/salesforce-business-analyst-agent/LEAST-PRIVILEGES.md +89 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/claude-code.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/copilot.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/cursor.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/gemini.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-business-analyst-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/AGENT.md +112 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/LEAST-PRIVILEGES.md +81 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/claude-code.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/copilot.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/cursor.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/gemini.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-ide.agent.md +66 -0
- package/agents/salesforce/salesforce-certificate-lifecycle-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/AGENT.md +121 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/LEAST-PRIVILEGES.md +87 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/claude-code.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/copilot.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/cursor.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/gemini.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-ide.agent.md +74 -0
- package/agents/salesforce/salesforce-change-impact-analyst-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/AGENT.md +119 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/LEAST-PRIVILEGES.md +88 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/claude-code.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/copilot.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/cursor.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/gemini.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-ide.agent.md +67 -0
- package/agents/salesforce/salesforce-code-analyzer-orchestrator-agent/metadata.json +31 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/AGENT.md +130 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/LEAST-PRIVILEGES.md +85 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/claude-code.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/copilot.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/cursor.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/gemini.agent.md +84 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-compliance-privacy-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/LEAST-PRIVILEGES.md +90 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/claude-code.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/copilot.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/cursor.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/gemini.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-ide.agent.md +64 -0
- package/agents/salesforce/salesforce-continuous-verification-agent/metadata.json +31 -0
- package/agents/salesforce/salesforce-data-architecture-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-data-architecture-agent/LEAST-PRIVILEGES.md +92 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/claude-code.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/copilot.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/cursor.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/gemini.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-data-architecture-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-development-agent/AGENT.md +114 -0
- package/agents/salesforce/salesforce-development-agent/LEAST-PRIVILEGES.md +89 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-development-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-development-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-devops-release-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-devops-release-agent/LEAST-PRIVILEGES.md +90 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/claude-code.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/copilot.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/cursor.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/gemini.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-ide.agent.md +51 -0
- package/agents/salesforce/salesforce-devops-release-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/AGENT.md +128 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/LEAST-PRIVILEGES.md +92 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/claude-code.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/copilot.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/cursor.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/gemini.agent.md +81 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-enterprise-architect-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/AGENT.md +124 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/LEAST-PRIVILEGES.md +80 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/claude-code.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/copilot.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/cursor.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/gemini.agent.md +79 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-ide.agent.md +59 -0
- package/agents/salesforce/salesforce-experience-cloud-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/LEAST-PRIVILEGES.md +80 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/claude-code.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/copilot.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/cursor.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/gemini.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-ide.agent.md +72 -0
- package/agents/salesforce/salesforce-hyperforce-security-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/AGENT.md +125 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/LEAST-PRIVILEGES.md +88 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/claude-code.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/codex.toml +41 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/copilot.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/cursor.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/gemini.agent.md +80 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-industry-cloud-agent/metadata.json +42 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/LEAST-PRIVILEGES.md +91 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-integration-mulesoft-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-live-guard-agent/AGENT.md +126 -0
- package/agents/salesforce/salesforce-live-guard-agent/LEAST-PRIVILEGES.md +100 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/claude-code.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/codex.toml +50 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/copilot.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/cursor.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/gemini.agent.md +85 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-ide.agent.md +58 -0
- package/agents/salesforce/salesforce-live-guard-agent/metadata.json +39 -0
- package/agents/salesforce/salesforce-maestro-agent/AGENT.md +77 -0
- package/agents/salesforce/salesforce-maestro-agent/LEAST-PRIVILEGES.md +93 -0
- package/agents/salesforce/salesforce-maestro-agent/README.md +593 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/claude-code.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/codex.toml +66 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/copilot.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/cursor.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/gemini.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-maestro-agent/harnesses/kiro-ide.agent.md +65 -0
- package/agents/salesforce/salesforce-maestro-agent/metadata.json +38 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/AGENT.md +124 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/LEAST-PRIVILEGES.md +86 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/claude-code.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/codex.toml +34 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/copilot.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/cursor.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/gemini.agent.md +78 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-marketing-cloud-agent/metadata.json +41 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/LEAST-PRIVILEGES.md +87 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/claude-code.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/copilot.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/cursor.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/gemini.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-ide.agent.md +72 -0
- package/agents/salesforce/salesforce-network-policy-architect-agent/metadata.json +31 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/LEAST-PRIVILEGES.md +88 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/claude-code.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/copilot.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/cursor.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/gemini.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-ide.agent.md +49 -0
- package/agents/salesforce/salesforce-platform-admin-review-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/LEAST-PRIVILEGES.md +83 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-sales-cloud-revenue-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/AGENT.md +120 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/LEAST-PRIVILEGES.md +80 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/claude-code.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/codex.toml +30 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/copilot.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/cursor.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/gemini.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-ide.agent.md +72 -0
- package/agents/salesforce/salesforce-sandbox-governance-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/AGENT.md +113 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/LEAST-PRIVILEGES.md +90 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/claude-code.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/copilot.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/cursor.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/gemini.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-ide.agent.md +71 -0
- package/agents/salesforce/salesforce-sandbox-isolation-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/AGENT.md +118 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/LEAST-PRIVILEGES.md +85 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/claude-code.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/codex.toml +36 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/copilot.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/cursor.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/gemini.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-ide.agent.md +52 -0
- package/agents/salesforce/salesforce-security-identity-access-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-service-field-service-agent/AGENT.md +115 -0
- package/agents/salesforce/salesforce-service-field-service-agent/LEAST-PRIVILEGES.md +82 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/claude-code.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/copilot.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/cursor.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/gemini.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-ide.agent.md +50 -0
- package/agents/salesforce/salesforce-service-field-service-agent/metadata.json +40 -0
- package/agents/salesforce/salesforce-session-governance-agent/AGENT.md +116 -0
- package/agents/salesforce/salesforce-session-governance-agent/LEAST-PRIVILEGES.md +91 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/claude-code.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/codex.toml +28 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/copilot.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/cursor.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/gemini.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-ide.agent.md +74 -0
- package/agents/salesforce/salesforce-session-governance-agent/metadata.json +30 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/AGENT.md +123 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/LEAST-PRIVILEGES.md +86 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/claude-code.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/codex.toml +35 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/copilot.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/cursor.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/gemini.agent.md +79 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-ide.agent.md +48 -0
- package/agents/salesforce/salesforce-slack-collaboration-agent/metadata.json +41 -0
- package/assets/logos/cloud/salesforce/salesforce.svg +34 -0
- package/catalog/agents.json +1451 -283
- package/catalog/asset-integrity.json +2257 -332
- package/catalog/install-roles.json +68 -0
- package/catalog/skill-manifest.json +1040 -155
- package/catalog/skills.json +1242 -262
- package/package.json +5 -2
- package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +3 -2
- package/plugins/vanguard-frontier-agentic/skills/vanguard-frontier-agentic-install/SKILL.md +37 -0
- package/powers/README.md +28 -10
- package/powers/vanguard-argocd/POWER.md +40 -0
- package/powers/vanguard-backstage/POWER.md +40 -0
- package/powers/vanguard-cert-manager/POWER.md +40 -0
- package/powers/vanguard-cilium/POWER.md +40 -0
- package/powers/vanguard-dotnet/POWER.md +41 -0
- package/powers/vanguard-falco/POWER.md +40 -0
- package/powers/vanguard-fluxcd/POWER.md +40 -0
- package/powers/vanguard-generic/POWER.md +40 -0
- package/powers/vanguard-hr/POWER.md +41 -0
- package/powers/vanguard-istio/POWER.md +40 -0
- package/powers/vanguard-kyverno/POWER.md +40 -0
- package/powers/vanguard-legal/POWER.md +41 -0
- package/powers/vanguard-marketing/POWER.md +41 -0
- package/powers/vanguard-multi-cloud/POWER.md +41 -0
- package/powers/vanguard-opentelemetry/POWER.md +40 -0
- package/powers/vanguard-prometheus/POWER.md +40 -0
- package/powers/vanguard-salesforce/POWER.md +42 -0
- package/powers/vanguard-sigstore/POWER.md +40 -0
- package/schemas/agent.schema.json +2 -1
- package/schemas/skill.frontmatter.schema.json +33 -3
- package/schemas/skill.schema.json +2 -1
- package/scripts/export-marketplace-agents.mjs +43 -1
- package/scripts/generate-kiro-powers.mjs +372 -5
- package/scripts/install-codex-home.mjs +95 -0
- package/scripts/release-prepare.mjs +35 -0
- package/skills/aws/aws-agentcore/references/official-sources.md +19 -19
- package/skills/aws/aws-generative-ai-developer/references/official-sources.md +10 -10
- package/skills/azure/azure-ai-foundry-ops-governor/references/workflow-and-output.md +2 -2
- package/skills/azure/azure-aks-platform-operator/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-app-service-production-readiness/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-cosmosdb-application-developer/references/official-sources.md +11 -11
- package/skills/azure/azure-cosmosdb-performance-investigator/references/official-sources.md +11 -11
- package/skills/azure/azure-cosmosdb-platform-operator/references/official-sources.md +10 -10
- package/skills/azure/azure-cost-estimation-review/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-cost-optimization-governor/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-entra-id-specialist/references/official-sources.md +28 -28
- package/skills/azure/azure-identity-governance-review/references/official-sources.md +11 -11
- package/skills/azure/azure-identity-governance-review/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-key-vault-secret-lifecycle-auditor/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-migrate-landing-zone-cutover/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-platform-automation-devops/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-private-endpoint-adoption-planner/references/workflow-and-output.md +1 -1
- package/skills/azure/azure-resource-health-incident-triage/references/workflow-and-output.md +6 -6
- package/skills/azure/azure-subscription-resource-organization/references/workflow-and-output.md +1 -1
- package/skills/cross-functional/salesforce-case-capsule/SKILL.md +164 -0
- package/skills/cross-functional/salesforce-case-capsule/metadata.json +19 -0
- package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/SKILL.md +165 -0
- package/skills/cross-functional/salesforce-data-exposure-escalation-protocol/metadata.json +19 -0
- package/skills/cross-functional/salesforce-live-change-approval-protocol/SKILL.md +118 -0
- package/skills/cross-functional/salesforce-live-change-approval-protocol/metadata.json +19 -0
- package/skills/cross-functional/salesforce-risk-taxonomy/SKILL.md +162 -0
- package/skills/cross-functional/salesforce-risk-taxonomy/metadata.json +19 -0
- package/skills/cross-functional/salesforce-routing-protocol/SKILL.md +159 -0
- package/skills/cross-functional/salesforce-routing-protocol/metadata.json +19 -0
- package/skills/dotnet/dotnet-aspnetcore-api-review/SKILL.md +1 -1
- package/skills/dotnet/dotnet-aspnetcore-api-review/references/workflow-and-output.md +2 -2
- package/skills/dotnet/dotnet-csharp-runtime-review/SKILL.md +2 -2
- package/skills/dotnet/dotnet-csharp-runtime-review/references/workflow-and-output.md +7 -7
- package/skills/dotnet/dotnet-efcore-data-access-review/SKILL.md +4 -4
- package/skills/dotnet/dotnet-efcore-data-access-review/references/workflow-and-output.md +3 -3
- package/skills/dotnet/dotnet-performance-aot-review/references/workflow-and-output.md +1 -1
- package/skills/dotnet/dotnet-testing-quality-review/SKILL.md +1 -1
- package/skills/dotnet/dotnet-testing-quality-review/references/workflow-and-output.md +2 -2
- package/skills/finops/focus-spec-normalizer/references/focus-columns.md +2 -2
- package/skills/gcp/gcp-alloydb-ai-developer/SKILL.md +1 -1
- package/skills/gcp/gcp-gemini-api-developer/SKILL.md +2 -2
- package/skills/nvidia/nvidia-model-promotion-gatekeeper/SKILL.md +1 -1
- package/skills/nvidia/nvidia-model-promotion-gatekeeper/references/allowlist-commands.md +1 -1
- package/skills/oci/oci-compute-platform-operator/SKILL.md +0 -2
- package/skills/oci/oci-cost-finops-analyst/SKILL.md +0 -2
- package/skills/oci/oci-database-platform-dba/SKILL.md +0 -2
- package/skills/oci/oci-devops-container-platform-engineer/SKILL.md +0 -2
- package/skills/oci/oci-identity-access-governor/SKILL.md +0 -2
- package/skills/oci/oci-multi-cloud-architect/SKILL.md +0 -2
- package/skills/oci/oci-network-architect/SKILL.md +0 -2
- package/skills/oci/oci-observability-incident-responder/SKILL.md +0 -2
- package/skills/oci/oci-security-compliance-reviewer/SKILL.md +0 -2
- package/skills/oci/oci-solution-architect/SKILL.md +1 -3
- package/skills/oci/oci-storage-backup-steward/SKILL.md +0 -2
- package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +1 -1
- package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +4 -4
- package/skills/qa/ci-test-pipeline-review/references/workflow-and-output.md +1 -1
- package/skills/qa/llm-ai-pipeline-test-review/references/workflow-and-output.md +1 -1
- package/skills/qa/playwright-e2e-suite-review/SKILL.md +4 -4
- package/skills/qa/playwright-e2e-suite-review/references/workflow-and-output.md +12 -12
- package/skills/qa/plc-control-logic-safety-review/references/workflow-and-output.md +2 -2
- package/skills/qa/test-coverage-quality-review/SKILL.md +1 -1
- package/skills/qa/test-coverage-quality-review/references/workflow-and-output.md +8 -8
- package/skills/qa/test-flakiness-triage/SKILL.md +1 -1
- package/skills/qa/test-flakiness-triage/references/workflow-and-output.md +1 -1
- package/skills/salesforce/README.md +117 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/SKILL.md +206 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/action-safety-matrix.md +160 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/agentforce-anti-patterns.md +193 -0
- package/skills/salesforce/salesforce-agentforce-risk-review-skill/references/grounding-source-evaluation.md +162 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/SKILL.md +557 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/metadata.json +41 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/observability-rubric.md +219 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/privacy-redaction.md +240 -0
- package/skills/salesforce/salesforce-agentforce-stdm-observer-skill/references/stdm-queries.md +436 -0
- package/skills/salesforce/salesforce-apex-generator-skill/SKILL.md +307 -0
- package/skills/salesforce/salesforce-apex-generator-skill/metadata.json +30 -0
- package/skills/salesforce/salesforce-apex-generator-skill/references/apex-patterns.md +224 -0
- package/skills/salesforce/salesforce-apex-generator-skill/references/governor-limits.md +175 -0
- package/skills/salesforce/salesforce-apex-generator-skill/references/security-defaults.md +155 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/SKILL.md +360 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/metadata.json +38 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/governor-limit-signatures.md +174 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/log-format-reference.md +154 -0
- package/skills/salesforce/salesforce-apex-log-analyzer-skill/references/redaction-rules.md +178 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/SKILL.md +195 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/apex-anti-patterns.md +270 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/governor-limits-reference.md +198 -0
- package/skills/salesforce/salesforce-apex-lwc-code-review-skill/references/lwc-security.md +206 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/SKILL.md +274 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/metadata.json +29 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/references/assertion-patterns.md +174 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/references/async-testing.md +217 -0
- package/skills/salesforce/salesforce-apex-test-generator-skill/references/test-data-factory.md +174 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/SKILL.md +344 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/metadata.json +37 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/references/cli-commands.md +162 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/references/coverage-analysis.md +107 -0
- package/skills/salesforce/salesforce-apex-test-runner-skill/references/failure-diagnosis.md +187 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/SKILL.md +356 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/metadata.json +29 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/references/anonymous-apex-patterns.md +380 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/references/data-loader-templates.md +209 -0
- package/skills/salesforce/salesforce-bulk-data-ops-skill/references/rollback-strategy.md +209 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/SKILL.md +380 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/metadata.json +37 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/references/cli-commands.md +264 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/references/production-refusal-rules.md +243 -0
- package/skills/salesforce/salesforce-deployment-validator-skill/references/test-selection-strategy.md +250 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/SKILL.md +195 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/metadata.json +19 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/change-impact-categories.md +216 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sandbox-masking-strategy.md +193 -0
- package/skills/salesforce/salesforce-devsecops-pipeline-skill/references/sca-rule-catalog.md +226 -0
- package/skills/salesforce/salesforce-field-mapping-skill/SKILL.md +348 -0
- package/skills/salesforce/salesforce-field-mapping-skill/metadata.json +29 -0
- package/skills/salesforce/salesforce-field-mapping-skill/references/api-name-normalization.md +141 -0
- package/skills/salesforce/salesforce-field-mapping-skill/references/picklist-value-mapping.md +245 -0
- package/skills/salesforce/salesforce-field-mapping-skill/references/type-mismatch-detection.md +187 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/SKILL.md +163 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/references/automation-conflict-matrix.md +193 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/references/fault-path-design.md +189 -0
- package/skills/salesforce/salesforce-flow-automation-review-skill/references/flow-anti-patterns.md +211 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/SKILL.md +355 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/metadata.json +35 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/references/fault-path-design.md +175 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/references/flow-error-patterns.md +247 -0
- package/skills/salesforce/salesforce-flow-debugger-skill/references/interview-log-redaction.md +171 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/SKILL.md +137 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/metadata.json +19 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/references/hyperforce-deployment-controls.md +181 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/references/network-policy-reference.md +200 -0
- package/skills/salesforce/salesforce-infrastructure-audit-skill/references/session-policy-reference.md +219 -0
- package/skills/salesforce/salesforce-integration-review-skill/SKILL.md +186 -0
- package/skills/salesforce/salesforce-integration-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-integration-review-skill/references/integration-anti-patterns.md +280 -0
- package/skills/salesforce/salesforce-integration-review-skill/references/integration-pattern-reference.md +239 -0
- package/skills/salesforce/salesforce-integration-review-skill/references/named-credential-design.md +211 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/SKILL.md +204 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-anti-patterns.md +247 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/references/consent-model-reference.md +205 -0
- package/skills/salesforce/salesforce-marketing-consent-review-skill/references/regulatory-mapping.md +192 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/SKILL.md +418 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/metadata.json +50 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/references/cli-commands.md +347 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/references/delegation-routing.md +416 -0
- package/skills/salesforce/salesforce-metadata-fetcher-skill/references/sanitization-rules.md +392 -0
- package/skills/salesforce/salesforce-metadata-review-skill/SKILL.md +148 -0
- package/skills/salesforce/salesforce-metadata-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-metadata-review-skill/references/deprecated-metadata.md +217 -0
- package/skills/salesforce/salesforce-metadata-review-skill/references/field-hygiene-rules.md +182 -0
- package/skills/salesforce/salesforce-metadata-review-skill/references/object-design-patterns.md +187 -0
- package/skills/salesforce/salesforce-org-assessment-skill/SKILL.md +137 -0
- package/skills/salesforce/salesforce-org-assessment-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-org-assessment-skill/references/assessment-rubric.md +228 -0
- package/skills/salesforce/salesforce-org-assessment-skill/references/risk-register-template.md +211 -0
- package/skills/salesforce/salesforce-org-assessment-skill/references/tech-debt-indicators.md +252 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/SKILL.md +165 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/references/fls-review-patterns.md +235 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/references/permission-set-strategy.md +203 -0
- package/skills/salesforce/salesforce-permission-model-review-skill/references/toxic-combinations.md +228 -0
- package/skills/salesforce/salesforce-release-readiness-skill/SKILL.md +185 -0
- package/skills/salesforce/salesforce-release-readiness-skill/metadata.json +18 -0
- package/skills/salesforce/salesforce-release-readiness-skill/references/release-checklist.md +191 -0
- package/skills/salesforce/salesforce-release-readiness-skill/references/rollback-strategy.md +234 -0
- package/skills/salesforce/salesforce-release-readiness-skill/references/test-coverage-strategy.md +314 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/SKILL.md +391 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/metadata.json +35 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/references/cli-commands.md +266 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/references/least-privilege-scope.md +224 -0
- package/skills/salesforce/salesforce-soql-explorer-skill/references/safe-query-patterns.md +317 -0
- package/skills/salesforce/salesforce-soql-generator-skill/SKILL.md +305 -0
- package/skills/salesforce/salesforce-soql-generator-skill/metadata.json +25 -0
- package/skills/salesforce/salesforce-soql-generator-skill/references/common-patterns.md +293 -0
- package/skills/salesforce/salesforce-soql-generator-skill/references/governor-limits.md +171 -0
- package/skills/salesforce/salesforce-soql-generator-skill/references/soql-syntax-quickref.md +255 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/SKILL.md +329 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/metadata.json +28 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/references/error-message-style.md +132 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/references/formula-syntax-quickref.md +182 -0
- package/skills/salesforce/salesforce-validation-rule-writer-skill/references/validation-patterns.md +214 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/SKILL.md +164 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/metadata.json +19 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/continuous-verification-patterns.md +209 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/maturity-scoring-rubric.md +179 -0
- package/skills/salesforce/salesforce-zero-trust-maturity-skill/references/nist-zta-pillars.md +194 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/001-happy-platform-admin-review.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/002-happy-business-analyst.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/003-happy-app-builder-automation.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/004-happy-development.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/005-happy-devops-release.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/006-happy-security-identity-access.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/007-happy-data-architecture.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/008-happy-integration-mulesoft.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/009-happy-sales-cloud-revenue.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/010-happy-marketing-cloud.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/011-happy-agentforce-ai.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/012-happy-analytics-tableau.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/013-happy-compliance-privacy.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/014-happy-network-policy-architect.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/015-happy-hyperforce-security.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/016-happy-sandbox-isolation.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/017-happy-session-governance.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/018-happy-continuous-verification.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/019-happy-certificate-lifecycle.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/020-happy-adaptive-access.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/021-happy-code-analyzer-orchestrator.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/022-happy-sandbox-governance.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/023-happy-change-impact-analyst.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-ambiguous.json +4 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-instruction-injection.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-01-live-org-deploy-guard.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-02-live-mass-delete-guard.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-liveguard-03-live-release-to-prod-guard.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-persona-replacement.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/expected/adv-secrets-bait.json +6 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/001-happy-platform-admin-review.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/002-happy-business-analyst.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/003-happy-app-builder-automation.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/004-happy-development.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/005-happy-devops-release.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/006-happy-security-identity-access.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/007-happy-data-architecture.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/008-happy-integration-mulesoft.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/009-happy-sales-cloud-revenue.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/010-happy-marketing-cloud.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/011-happy-agentforce-ai.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/012-happy-analytics-tableau.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/013-happy-compliance-privacy.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/014-happy-network-policy-architect.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/015-happy-hyperforce-security.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/016-happy-sandbox-isolation.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/017-happy-session-governance.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/018-happy-continuous-verification.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/019-happy-certificate-lifecycle.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/020-happy-adaptive-access.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/021-happy-code-analyzer-orchestrator.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/022-happy-sandbox-governance.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/023-happy-change-impact-analyst.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-ambiguous.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-instruction-injection.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-01-live-org-deploy-guard.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-02-live-mass-delete-guard.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-liveguard-03-live-release-to-prod-guard.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-persona-replacement.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/inputs/adv-secrets-bait.json +7 -0
- package/tests/fixtures/salesforce-maestro-routing/taxonomy.json +371 -0
- package/tests/test-codex-plugin-marketplace-install.test.mjs +132 -0
- package/tests/test-vfa-export-coverage.test.mjs +116 -4
- package/tests/validate-catalog.py +12 -1
- package/tests/validate-codex-marketplace.py +23 -1
- package/tests/validate-plugin-manifest.py +11 -1
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
# Governor Limits Reference
|
|
2
|
+
|
|
3
|
+
Adapted from forcedotcom/sf-skills generating-apex references (Apache-2.0).
|
|
4
|
+
|
|
5
|
+
## Key Per-Transaction Limits
|
|
6
|
+
|
|
7
|
+
| Limit | Synchronous | Asynchronous |
|
|
8
|
+
|---|---|---|
|
|
9
|
+
| SOQL queries | 100 | 200 |
|
|
10
|
+
| SOQL query rows returned | 50,000 | 50,000 |
|
|
11
|
+
| DML statements | 150 | 150 |
|
|
12
|
+
| DML rows processed | 10,000 | 10,000 |
|
|
13
|
+
| CPU time (ms) | 10,000 | 60,000 |
|
|
14
|
+
| Heap size (MB) | 6 | 12 |
|
|
15
|
+
| Callouts (HTTP/SOAP) | 100 | 100 |
|
|
16
|
+
| Queueable jobs enqueued | 50 | 1 (from execute) |
|
|
17
|
+
| Future method calls | 50 | 0 |
|
|
18
|
+
| Batch jobs submitted | 100 | — |
|
|
19
|
+
| Email invocations | 10 | 10 |
|
|
20
|
+
|
|
21
|
+
---
|
|
22
|
+
|
|
23
|
+
## Bulkification Patterns
|
|
24
|
+
|
|
25
|
+
### The Core Pattern: Collect First, Execute Once
|
|
26
|
+
|
|
27
|
+
**Anti-pattern (SOQL in loop):**
|
|
28
|
+
```apex
|
|
29
|
+
// BAD — hits SOQL limit after 100 iterations
|
|
30
|
+
for (Opportunity opp : opportunities) {
|
|
31
|
+
Account acc = [SELECT Id, Name FROM Account WHERE Id = :opp.AccountId];
|
|
32
|
+
// ...
|
|
33
|
+
}
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
**Correct pattern:**
|
|
37
|
+
```apex
|
|
38
|
+
// GOOD — single SOQL regardless of collection size
|
|
39
|
+
Set<Id> accountIds = new Set<Id>;
|
|
40
|
+
for (Opportunity opp : opportunities) {
|
|
41
|
+
accountIds.add(opp.AccountId);
|
|
42
|
+
}
|
|
43
|
+
Map<Id, Account> accountMap = new Map<Id, Account>([
|
|
44
|
+
SELECT Id, Name FROM Account WHERE Id IN :accountIds
|
|
45
|
+
]);
|
|
46
|
+
for (Opportunity opp : opportunities) {
|
|
47
|
+
Account acc = accountMap.get(opp.AccountId);
|
|
48
|
+
// ...
|
|
49
|
+
}
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
### DML Outside Loops
|
|
53
|
+
|
|
54
|
+
**Anti-pattern:**
|
|
55
|
+
```apex
|
|
56
|
+
// BAD — each insert is a separate DML statement
|
|
57
|
+
for (Contact c : contacts) {
|
|
58
|
+
insert c; // hits DML limit after 150
|
|
59
|
+
}
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
**Correct pattern:**
|
|
63
|
+
```apex
|
|
64
|
+
// GOOD — one DML statement for all records
|
|
65
|
+
List<Contact> toInsert = new List<Contact>;
|
|
66
|
+
for (Account acc : accounts) {
|
|
67
|
+
toInsert.add(new Contact(LastName = 'Test', AccountId = acc.Id));
|
|
68
|
+
}
|
|
69
|
+
insert toInsert;
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
---
|
|
73
|
+
|
|
74
|
+
## Async Fallback Strategies
|
|
75
|
+
|
|
76
|
+
When a synchronous operation would exceed governor limits, use async patterns:
|
|
77
|
+
|
|
78
|
+
### Pattern 1: Queueable for single async unit
|
|
79
|
+
|
|
80
|
+
```apex
|
|
81
|
+
// In trigger/service: enqueue instead of executing inline
|
|
82
|
+
if (Limits.getQueueableJobs < Limits.getLimitQueueableJobs) {
|
|
83
|
+
System.enqueueJob(new ProcessLargeDataSetQueueable(recordIds));
|
|
84
|
+
}
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
### Pattern 2: Batch for large-volume processing
|
|
88
|
+
|
|
89
|
+
Threshold: use Batch when processing > 10,000 records or when multiple related
|
|
90
|
+
SOQL/DML operations per record would compound limit usage.
|
|
91
|
+
|
|
92
|
+
```apex
|
|
93
|
+
Database.executeBatch(new MyDataProcessingBatch, 200);
|
|
94
|
+
// batch size 200 is the default trigger batch size
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
### Pattern 3: Chunking with chunked Queueables
|
|
98
|
+
|
|
99
|
+
For recursive or chained processing:
|
|
100
|
+
|
|
101
|
+
```apex
|
|
102
|
+
public class ChunkedProcessorQueueable implements Queueable {
|
|
103
|
+
private final List<Id> remaining;
|
|
104
|
+
private static final Integer CHUNK_SIZE = 100;
|
|
105
|
+
|
|
106
|
+
public ChunkedProcessorQueueable(List<Id> ids) {
|
|
107
|
+
this.remaining = ids;
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
public void execute(QueueableContext ctx) {
|
|
111
|
+
List<Id> chunk = new List<Id>;
|
|
112
|
+
for (Integer i = 0; i < Math.min(CHUNK_SIZE, remaining.size); i++) {
|
|
113
|
+
chunk.add(remaining[i]);
|
|
114
|
+
}
|
|
115
|
+
// process chunk
|
|
116
|
+
List<Id> next = remaining.subList(chunk.size, remaining.size);
|
|
117
|
+
if (!next.isEmpty) {
|
|
118
|
+
System.enqueueJob(new ChunkedProcessorQueueable(next));
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
---
|
|
125
|
+
|
|
126
|
+
## Limit Awareness in Code
|
|
127
|
+
|
|
128
|
+
Always check limits before triggering async or bulk operations in high-frequency paths:
|
|
129
|
+
|
|
130
|
+
```apex
|
|
131
|
+
// Check remaining SOQL before proceeding
|
|
132
|
+
if (Limits.getQueries >= 95) {
|
|
133
|
+
// near limit — log and enqueue for async processing
|
|
134
|
+
System.enqueueJob(new DeferredProcessingQueueable(ids));
|
|
135
|
+
return;
|
|
136
|
+
}
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
Use `Limits` class methods: `Limits.getQueries`, `Limits.getDMLStatements`,
|
|
140
|
+
`Limits.getCpuTime`, `Limits.getHeapSize` for runtime limit introspection.
|
|
141
|
+
|
|
142
|
+
---
|
|
143
|
+
|
|
144
|
+
## Large Collection Anti-Patterns
|
|
145
|
+
|
|
146
|
+
### Avoid Map-of-Lists when Map is sufficient
|
|
147
|
+
|
|
148
|
+
```apex
|
|
149
|
+
// Wasteful: Map<Id, List<Contact>> when only one Contact per Account expected
|
|
150
|
+
// Better: Map<Id, Contact> with null-check on duplicate
|
|
151
|
+
```
|
|
152
|
+
|
|
153
|
+
### Avoid SOQL aggregates when a Map covers the use case
|
|
154
|
+
|
|
155
|
+
```apex
|
|
156
|
+
// Expensive: COUNT SOQL for simple existence checks
|
|
157
|
+
// Better: check map.containsKey(id) after a single IN-query
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
### Avoid String concatenation in loops (CPU + heap pressure)
|
|
161
|
+
|
|
162
|
+
```apex
|
|
163
|
+
// BAD
|
|
164
|
+
String result = '';
|
|
165
|
+
for (String s : items) {
|
|
166
|
+
result += s + ','; // O(n²) string allocation
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
// GOOD
|
|
170
|
+
List<String> parts = new List<String>;
|
|
171
|
+
for (String s : items) {
|
|
172
|
+
parts.add(s);
|
|
173
|
+
}
|
|
174
|
+
String result = String.join(parts, ',');
|
|
175
|
+
```
|
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
# Apex Security Defaults Reference
|
|
2
|
+
|
|
3
|
+
Adapted from forcedotcom/sf-skills generating-apex references (Apache-2.0).
|
|
4
|
+
|
|
5
|
+
## WITH SHARING Default Policy
|
|
6
|
+
|
|
7
|
+
Every Apex class must declare an explicit sharing model. The default when no keyword is
|
|
8
|
+
present is `without sharing`, which bypasses record-level access — this is a security risk.
|
|
9
|
+
|
|
10
|
+
**Rule:** Always declare `with sharing` unless there is a documented system-operation
|
|
11
|
+
reason to bypass sharing rules. Never rely on the implicit default.
|
|
12
|
+
|
|
13
|
+
```apex
|
|
14
|
+
// CORRECT
|
|
15
|
+
public with sharing class AccountService { ... }
|
|
16
|
+
|
|
17
|
+
// WRONG — implicit without sharing, data exposure risk
|
|
18
|
+
public class AccountService { ... }
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
---
|
|
22
|
+
|
|
23
|
+
## USER_MODE for SOQL
|
|
24
|
+
|
|
25
|
+
`WITH USER_MODE` enforces FLS (Field-Level Security) and CRUD permissions at query time.
|
|
26
|
+
Apply to all SOQL in classes that operate in a user-facing context.
|
|
27
|
+
|
|
28
|
+
```apex
|
|
29
|
+
// Enforces FLS — user cannot see fields they lack access to
|
|
30
|
+
List<Account> accounts = [
|
|
31
|
+
SELECT Id, Name, AnnualRevenue
|
|
32
|
+
FROM Account
|
|
33
|
+
WHERE OwnerId = :userId
|
|
34
|
+
WITH USER_MODE
|
|
35
|
+
];
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
`WITH SYSTEM_MODE` bypasses FLS — only use when the class intentionally operates with
|
|
39
|
+
elevated system privileges (e.g., a background sync class that must read all fields
|
|
40
|
+
regardless of the running user's FLS settings). Document the reason.
|
|
41
|
+
|
|
42
|
+
---
|
|
43
|
+
|
|
44
|
+
## Security.stripInaccessible
|
|
45
|
+
|
|
46
|
+
Use `Security.stripInaccessible` when constructing SObjects from user-supplied data
|
|
47
|
+
or when returning records to untrusted callers. Strips fields the running user cannot
|
|
48
|
+
access according to their profile/permission sets.
|
|
49
|
+
|
|
50
|
+
```apex
|
|
51
|
+
// Strip inaccessible fields from a user-constructed SObject before DML
|
|
52
|
+
SObjectAccessDecision decision = Security.stripInaccessible(
|
|
53
|
+
AccessType.CREATABLE,
|
|
54
|
+
recordsFromUserInput
|
|
55
|
+
);
|
|
56
|
+
insert decision.getRecords;
|
|
57
|
+
|
|
58
|
+
// Strip on query results before returning to caller
|
|
59
|
+
List<Account> rawAccounts = [SELECT Id, Name, SSN__c FROM Account WITH USER_MODE];
|
|
60
|
+
SObjectAccessDecision readDecision = Security.stripInaccessible(
|
|
61
|
+
AccessType.READABLE,
|
|
62
|
+
rawAccounts
|
|
63
|
+
);
|
|
64
|
+
return readDecision.getRecords;
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
`AccessType` values: `READABLE`, `CREATABLE`, `UPDATABLE`, `UPSERTABLE`.
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## SOQL Injection Prevention
|
|
72
|
+
|
|
73
|
+
Never concatenate user input directly into a SOQL string. Always use bind variables.
|
|
74
|
+
|
|
75
|
+
```apex
|
|
76
|
+
// VULNERABLE
|
|
77
|
+
String query = 'SELECT Id FROM Account WHERE Name = \'' + userInput + '\'';
|
|
78
|
+
List<SObject> results = Database.query(query);
|
|
79
|
+
|
|
80
|
+
// SAFE — bind variable
|
|
81
|
+
String safeName = userInput;
|
|
82
|
+
List<Account> results = [SELECT Id FROM Account WHERE Name = :safeName];
|
|
83
|
+
|
|
84
|
+
// SAFE — dynamic SOQL with bind
|
|
85
|
+
String fieldName = 'Name'; // must be from an allowlist, not raw user input
|
|
86
|
+
String query = 'SELECT Id FROM Account WHERE ' + fieldName + ' = :safeName';
|
|
87
|
+
List<SObject> results = Database.query(query, AccessLevel.USER_MODE);
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
For dynamic SOQL where field/object names come from user input:
|
|
91
|
+
1. Validate against a Schema.getGlobalDescribe allowlist — never trust raw strings
|
|
92
|
+
2. Use `Database.query(query, AccessLevel.USER_MODE)` for FLS enforcement in dynamic SOQL
|
|
93
|
+
|
|
94
|
+
---
|
|
95
|
+
|
|
96
|
+
## No Hardcoded IDs or Credentials
|
|
97
|
+
|
|
98
|
+
Never hardcode Salesforce record IDs, profile IDs, permission set IDs, or credentials
|
|
99
|
+
in Apex code. They break cross-org portability and create maintenance nightmares.
|
|
100
|
+
|
|
101
|
+
**Prohibited patterns:**
|
|
102
|
+
```apex
|
|
103
|
+
// WRONG
|
|
104
|
+
if (userId == '0053a00000AbCdEfG') { ... }
|
|
105
|
+
String apiKey = 'sk-abc123';
|
|
106
|
+
Id profileId = '00e3a00000AbCdEfG';
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
**Correct approaches:**
|
|
110
|
+
```apex
|
|
111
|
+
// Custom Metadata Type for config
|
|
112
|
+
My_Config__mdt config = [SELECT API_Key__c FROM My_Config__mdt WHERE Label = 'Integration' LIMIT 1];
|
|
113
|
+
|
|
114
|
+
// Named Credential for external credentials
|
|
115
|
+
HttpRequest req = new HttpRequest;
|
|
116
|
+
req.setEndpoint('callout:My_Named_Credential/api/endpoint');
|
|
117
|
+
|
|
118
|
+
// Schema describe for object/field metadata
|
|
119
|
+
Schema.DescribeFieldResult fieldDesc = Schema.SObjectType.Account.fields.getMap.get('Industry').getDescribe;
|
|
120
|
+
|
|
121
|
+
// Label for user-visible strings
|
|
122
|
+
String message = Label.Account_Updated_Success;
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
---
|
|
126
|
+
|
|
127
|
+
## Sensitive Data Handling
|
|
128
|
+
|
|
129
|
+
- Never log PII (email, phone, SSN, financial data) via `System.debug`.
|
|
130
|
+
- Never store sensitive data in Custom Settings visible to non-admin profiles.
|
|
131
|
+
- Use Named Credentials for external system credentials — never string literals.
|
|
132
|
+
- Use Shield Platform Encryption or Classic Encryption for fields requiring at-rest encryption.
|
|
133
|
+
- Apply `stripInaccessible(AccessType.READABLE)` before returning record collections to
|
|
134
|
+
any method that may pass data to an untrusted layer.
|
|
135
|
+
|
|
136
|
+
---
|
|
137
|
+
|
|
138
|
+
## Permission Checks in Apex
|
|
139
|
+
|
|
140
|
+
For explicit CRUD checks before DML (in classes that cannot rely on WITH USER_MODE):
|
|
141
|
+
|
|
142
|
+
```apex
|
|
143
|
+
// Check before insert
|
|
144
|
+
if (!Schema.SObjectType.Account.isCreateable) {
|
|
145
|
+
throw new AuraHandledException('Insufficient permissions to create Account records.');
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
// Check before update
|
|
149
|
+
if (!Schema.SObjectType.Account.isUpdateable) {
|
|
150
|
+
throw new AuraHandledException('Insufficient permissions to update Account records.');
|
|
151
|
+
}
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
Prefer `WITH USER_MODE` on SOQL and `Security.stripInaccessible` on DML over
|
|
155
|
+
manual permission checks — they are more reliable and less verbose.
|
|
@@ -0,0 +1,360 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: salesforce-apex-log-analyzer-skill
|
|
3
|
+
description: "Retrieves and analyzes Apex debug logs from a connected Salesforce org to identify governor-limit hits, SOQL N+1 patterns, unhandled exceptions, and async job failures. T1 read-only runtime — retrieves logs only, never executes code or mutates data. TRIGGER when: user asks to analyze an Apex log, debug a trigger failure, diagnose a governor limit hit, interpret a stack trace from a Salesforce org, or review a DEBUG log for performance issues. Trigger phrases: analyze apex log, debug this trigger, why is my trigger failing, governor limit hit, DEBUG log analysis, check my log file. DO NOT TRIGGER when: user wants to run live tests (use salesforce-apex-test-runner-skill), static code review without logs (use salesforce-apex-lwc-code-review-skill), generating new Apex code (use salesforce-apex-generator-skill), or Agentforce session telemetry (use salesforce-agentforce-stdm-observer-skill)."
|
|
4
|
+
license: MIT
|
|
5
|
+
allowed-tools: Bash(sf apex get log:*) Bash(sf apex tail log:*) Bash(sf data query:*) Read Grep Glob
|
|
6
|
+
metadata:
|
|
7
|
+
author: "github: Raishin"
|
|
8
|
+
version: "0.1.0"
|
|
9
|
+
updated: "2026-05-21"
|
|
10
|
+
category: operational
|
|
11
|
+
lifecycle: experimental
|
|
12
|
+
execution_tier: read-only-runtime
|
|
13
|
+
mcp_servers: []
|
|
14
|
+
oauth_scopes: ["api", "refresh_token"]
|
|
15
|
+
run_as_permissions:
|
|
16
|
+
required: ["View Setup and Configuration"]
|
|
17
|
+
denied: ["ModifyAllData", "ViewAllData", "ViewEncryptedData", "ModifyMetadata", "AuthorApex", "ManageConnectedApps"]
|
|
18
|
+
---
|
|
19
|
+
|
|
20
|
+
# salesforce-apex-log-analyzer-skill
|
|
21
|
+
|
|
22
|
+
T1 read-only runtime skill for Apex debug log retrieval and analysis. This skill is a
|
|
23
|
+
**diagnostic flashlight** — it retrieves log content, identifies governor-limit hits,
|
|
24
|
+
surfaces SOQL N+1 patterns, traces exceptions, and produces a prioritized finding report.
|
|
25
|
+
It does not execute code, mutate data, or deploy anything.
|
|
26
|
+
|
|
27
|
+
## When This Skill Owns the Task
|
|
28
|
+
|
|
29
|
+
Use `salesforce-apex-log-analyzer-skill` when the work requires **log-based diagnosis**:
|
|
30
|
+
|
|
31
|
+
- "Why is my Account trigger hitting a governor limit?"
|
|
32
|
+
- "Analyze the debug log from my sandbox — it shows a heap size limit"
|
|
33
|
+
- "This trigger is slow — can you read the log and find the SOQL bottleneck?"
|
|
34
|
+
- "I got an unhandled exception in my batch job — here is the log"
|
|
35
|
+
- "Check if my Queueable is completing successfully in the async log"
|
|
36
|
+
- "Retrieve the latest log for user jsmith@myorg.sandbox and diagnose it"
|
|
37
|
+
|
|
38
|
+
**Delegate elsewhere when:**
|
|
39
|
+
|
|
40
|
+
| Situation | Skill to use |
|
|
41
|
+
|---|---|
|
|
42
|
+
| User wants to run Apex tests (not read logs) | `salesforce-apex-test-runner-skill` |
|
|
43
|
+
| Static code review without log evidence | `salesforce-apex-lwc-code-review-skill` |
|
|
44
|
+
| Generate a fix for the identified code problem | `salesforce-apex-generator-skill` |
|
|
45
|
+
| Agentforce session traces / parquet telemetry | `salesforce-agentforce-stdm-observer-skill` |
|
|
46
|
+
| SOQL query performance analysis without logs | `salesforce-soql-explorer-skill` |
|
|
47
|
+
|
|
48
|
+
---
|
|
49
|
+
|
|
50
|
+
## Required Context to Gather First
|
|
51
|
+
|
|
52
|
+
Before retrieving or analyzing any log, confirm:
|
|
53
|
+
|
|
54
|
+
1. **Target org alias** — the `--target-org` value from `sf org list`.
|
|
55
|
+
2. **Log identifier** — log ID, log file path, user/transaction context, or timeframe.
|
|
56
|
+
Accept a pasted log file if the user provides one directly.
|
|
57
|
+
3. **Transaction context** — which trigger, class, batch job, or user action generated the log.
|
|
58
|
+
4. **Goal** — governor-limit diagnosis, exception trace, performance analysis, or all.
|
|
59
|
+
5. **Sensitivity level** — does the log likely contain PII (email, phone, record data from
|
|
60
|
+
regulated objects)? Apply stricter redaction if so.
|
|
61
|
+
|
|
62
|
+
---
|
|
63
|
+
|
|
64
|
+
## Recommended Workflow
|
|
65
|
+
|
|
66
|
+
### Step 1 — Verify org alias and reachability
|
|
67
|
+
|
|
68
|
+
```bash
|
|
69
|
+
sf org display --target-org <alias>
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
Confirm the org is reachable. Note org type (production vs sandbox) for the audit envelope.
|
|
73
|
+
Apply stricter scrutiny for production org logs — log content may contain PII.
|
|
74
|
+
|
|
75
|
+
### Step 2 — List available logs
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
sf apex get log --list --target-org <alias>
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
Identify the relevant log(s) by user, timestamp, and log type. If the user provides a log ID,
|
|
82
|
+
skip this step and proceed to Step 3.
|
|
83
|
+
|
|
84
|
+
### Step 3 — Retrieve the log
|
|
85
|
+
|
|
86
|
+
**Option A — specific log by ID:**
|
|
87
|
+
|
|
88
|
+
```bash
|
|
89
|
+
sf apex get log \
|
|
90
|
+
--log-id <logId> \
|
|
91
|
+
--target-org <alias>
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
**Option B — latest log for current user:**
|
|
95
|
+
|
|
96
|
+
```bash
|
|
97
|
+
sf apex get log \
|
|
98
|
+
--number 1 \
|
|
99
|
+
--target-org <alias>
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
**Option C — tail live logs (non-blocking diagnostic):**
|
|
103
|
+
|
|
104
|
+
```bash
|
|
105
|
+
sf apex tail log \
|
|
106
|
+
--target-org <alias> \
|
|
107
|
+
--color
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
**Option D — user has pasted log content directly:**
|
|
111
|
+
Accept the pasted content and proceed to Step 4.
|
|
112
|
+
|
|
113
|
+
### Step 4 — Parse the log in order
|
|
114
|
+
|
|
115
|
+
Analyze in this sequence per `references/log-format-reference.md`:
|
|
116
|
+
|
|
117
|
+
1. **Entry point** — identify transaction type (Apex class invocation, trigger, REST callout, batch execute)
|
|
118
|
+
2. **Fatal errors and unhandled exceptions** — `FATAL_ERROR` and `EXCEPTION_THROWN` lines
|
|
119
|
+
3. **Governor limit hits** — `LIMIT_USAGE_FOR_NS` entries; compare to limits in `references/governor-limit-signatures.md`
|
|
120
|
+
4. **SOQL patterns** — `SOQL_EXECUTE_BEGIN` / `SOQL_EXECUTE_END` pairs; look for repeated queries in loop context
|
|
121
|
+
5. **DML patterns** — `DML_BEGIN` / `DML_END` pairs; check for loop context
|
|
122
|
+
6. **CPU hotspots** — high cumulative CPU entries; identify top consumers
|
|
123
|
+
7. **Heap usage** — `HEAP_ALLOCATE` patterns; identify large collection accumulation
|
|
124
|
+
8. **Async job indicators** — `ENTERING_MANAGED_PKG`, `CALLOUT_REQUEST`, `FUTURE_CALL_PROCESS`
|
|
125
|
+
|
|
126
|
+
### Step 5 — Classify findings by severity
|
|
127
|
+
|
|
128
|
+
| Severity | Criteria |
|
|
129
|
+
|---|---|
|
|
130
|
+
| **Critical** | Runtime failure, hard limit hit, unhandled exception, data corruption risk |
|
|
131
|
+
| **Warning** | Near-limit (>75% of a governor limit), non-selective SOQL, slow DML path |
|
|
132
|
+
| **Info** | Optimization opportunity, hygiene issue, async pattern note |
|
|
133
|
+
|
|
134
|
+
### Step 6 — Apply redaction
|
|
135
|
+
|
|
136
|
+
Apply all redaction rules (see Redaction Rules section) before emitting any log excerpt
|
|
137
|
+
in output. Never echo raw log lines containing record IDs, user IDs, or PII field values.
|
|
138
|
+
|
|
139
|
+
### Step 7 — Emit findings with audit envelope
|
|
140
|
+
|
|
141
|
+
Score findings against the quality rubric (see below). Emit the full audit envelope.
|
|
142
|
+
Propose the smallest correct fix for each Critical and Warning finding.
|
|
143
|
+
|
|
144
|
+
### Step 8 — Route to repair skill
|
|
145
|
+
|
|
146
|
+
If a code fix is needed, hand off to `salesforce-apex-generator-skill` with the
|
|
147
|
+
specific finding as context. If a deeper test run is needed, route to
|
|
148
|
+
`salesforce-apex-test-runner-skill`.
|
|
149
|
+
|
|
150
|
+
---
|
|
151
|
+
|
|
152
|
+
## Quality Scoring Rubric (100-point)
|
|
153
|
+
|
|
154
|
+
Score the analysis quality before presenting. Threshold: 80+ acceptable.
|
|
155
|
+
|
|
156
|
+
| Dimension | Points | What earns full marks |
|
|
157
|
+
|---|---|---|
|
|
158
|
+
| **Governor-limit identification** | 25 | All governor limit hits identified with limit name, current value, and limit ceiling; near-limit warnings included |
|
|
159
|
+
| **Root cause clarity** | 25 | Each finding traces to a specific class, method, and line number; not just "SOQL limit hit" but "AccountSelector.getByOwner line 45 in loop at TriggerHandler line 12" |
|
|
160
|
+
| **SOQL N+1 detection** | 15 | Repeated `SOQL_EXECUTE_BEGIN` entries in loop context identified and the responsible pattern named |
|
|
161
|
+
| **Sanitization quality** | 15 | All record IDs, user IDs, and PII values redacted in output; no raw log lines echoed; audit envelope populated |
|
|
162
|
+
| **Handoff routing** | 10 | Each Critical/Warning finding includes a specific next action and the skill to route to |
|
|
163
|
+
| **Audit envelope** | 10 | All required fields present; log ID hashed if PII risk; timestamp accurate |
|
|
164
|
+
|
|
165
|
+
**Scoring penalties:**
|
|
166
|
+
- Raw log lines with record IDs echoed: -20 (immediate caveat)
|
|
167
|
+
- Governor limit hit identified but not traced to source: -15
|
|
168
|
+
- SOQL in loop not flagged: -15
|
|
169
|
+
- Missing audit envelope: -15
|
|
170
|
+
- PII field values in output: score voided (immediate reject)
|
|
171
|
+
|
|
172
|
+
---
|
|
173
|
+
|
|
174
|
+
## T1 Least-Privilege Contract
|
|
175
|
+
|
|
176
|
+
This skill operates at T1 — read-only runtime.
|
|
177
|
+
|
|
178
|
+
- **OAuth scopes:** `api` and `refresh_token` only.
|
|
179
|
+
- **Run As account permissions:**
|
|
180
|
+
- REQUIRED: `View Setup and Configuration`
|
|
181
|
+
- DENIED: `ModifyAllData`, `ViewAllData`, `ViewEncryptedData`, `ModifyMetadata`,
|
|
182
|
+
`AuthorApex`, `ManageConnectedApps`
|
|
183
|
+
- **No View All Data:** Unlike the test runner skill, this skill does NOT require
|
|
184
|
+
`View All Data`. Log retrieval uses `sf apex get log` which operates under the
|
|
185
|
+
`View Setup and Configuration` permission scope.
|
|
186
|
+
- **Read-only:** Retrieves log content only. No code execution, no DML, no metadata change.
|
|
187
|
+
- **Log content sensitivity:** Debug logs may contain field values from records processed
|
|
188
|
+
during the transaction. Apply PII redaction rules strictly.
|
|
189
|
+
|
|
190
|
+
---
|
|
191
|
+
|
|
192
|
+
## Audit Envelope Schema
|
|
193
|
+
|
|
194
|
+
```yaml
|
|
195
|
+
audit_envelope:
|
|
196
|
+
matter_id: "<caller-provided-or-generated-uuid>"
|
|
197
|
+
skill_id: "salesforce-apex-log-analyzer-skill"
|
|
198
|
+
skill_version: "0.1.0"
|
|
199
|
+
target_org_alias: "<alias>"
|
|
200
|
+
run_as_user_id: "<user_id_placeholder>"
|
|
201
|
+
org_type_verified: "sandbox | production | unknown"
|
|
202
|
+
log_id: "<log-id-or-hash-if-pii-risk>"
|
|
203
|
+
log_size_bytes: <integer>
|
|
204
|
+
transaction_entry_point: "<class or trigger name>"
|
|
205
|
+
timestamp: "<ISO-8601-UTC>"
|
|
206
|
+
pii_risk_assessed: true | false
|
|
207
|
+
redactions_applied:
|
|
208
|
+
- field_or_pattern: "<pattern>"
|
|
209
|
+
reason: "<record_id|user_id|pii|session_token>"
|
|
210
|
+
findings_count:
|
|
211
|
+
critical: <integer>
|
|
212
|
+
warning: <integer>
|
|
213
|
+
info: <integer>
|
|
214
|
+
```
|
|
215
|
+
|
|
216
|
+
---
|
|
217
|
+
|
|
218
|
+
## Output Format
|
|
219
|
+
|
|
220
|
+
```yaml
|
|
221
|
+
verdict: "acceptable | caveat | reject"
|
|
222
|
+
quality_score: <0-100>
|
|
223
|
+
quality_notes: "<scoring rationale>"
|
|
224
|
+
|
|
225
|
+
transaction_summary:
|
|
226
|
+
entry_point: "<class/trigger/batch>"
|
|
227
|
+
transaction_type: "<trigger|class|batch|queueable|schedulable|rest>"
|
|
228
|
+
org_alias: "<alias>"
|
|
229
|
+
org_type: "sandbox | production | unknown"
|
|
230
|
+
|
|
231
|
+
findings:
|
|
232
|
+
critical:
|
|
233
|
+
- finding: "<title>"
|
|
234
|
+
location: "<ClassName.method line N>"
|
|
235
|
+
evidence: "<redacted log excerpt>"
|
|
236
|
+
governor_limit: "<limit name if applicable>"
|
|
237
|
+
current_value: <integer>
|
|
238
|
+
limit_ceiling: <integer>
|
|
239
|
+
suggested_fix: "<specific remediation>"
|
|
240
|
+
route_to: "<skill or action>"
|
|
241
|
+
warning:
|
|
242
|
+
- finding: "<title>"
|
|
243
|
+
location: "<ClassName.method line N>"
|
|
244
|
+
evidence: "<redacted log excerpt>"
|
|
245
|
+
suggested_fix: "<specific remediation>"
|
|
246
|
+
info:
|
|
247
|
+
- finding: "<title>"
|
|
248
|
+
notes: "<optimization or hygiene note>"
|
|
249
|
+
|
|
250
|
+
soql_analysis:
|
|
251
|
+
total_queries: <integer>
|
|
252
|
+
governor_limit: 100
|
|
253
|
+
n_plus_1_patterns:
|
|
254
|
+
- query_excerpt: "<SELECT ... FROM ...>"
|
|
255
|
+
invocation_count: <integer>
|
|
256
|
+
loop_context: "<loop location>"
|
|
257
|
+
suggested_fix: "<move SOQL outside loop; use Map pattern>"
|
|
258
|
+
non_selective_queries: ["<query excerpt>"]
|
|
259
|
+
|
|
260
|
+
cpu_analysis:
|
|
261
|
+
total_cpu_ms: <integer>
|
|
262
|
+
cpu_limit_ms: 10000
|
|
263
|
+
hotspots: ["<ClassName.method: N ms>"]
|
|
264
|
+
|
|
265
|
+
heap_analysis:
|
|
266
|
+
peak_heap_bytes: <integer>
|
|
267
|
+
heap_limit_bytes: 6291456
|
|
268
|
+
large_allocations: ["<description>"]
|
|
269
|
+
|
|
270
|
+
audit_envelope:
|
|
271
|
+
<see Audit Envelope Schema>
|
|
272
|
+
|
|
273
|
+
next_steps:
|
|
274
|
+
- "<Critical/Warning: route to salesforce-apex-generator-skill for fix>"
|
|
275
|
+
- "<if tests needed after fix: salesforce-apex-test-runner-skill>"
|
|
276
|
+
|
|
277
|
+
assumptions:
|
|
278
|
+
- "<explicit list>"
|
|
279
|
+
|
|
280
|
+
missing_evidence:
|
|
281
|
+
- "<what additional log context would help>"
|
|
282
|
+
```
|
|
283
|
+
|
|
284
|
+
---
|
|
285
|
+
|
|
286
|
+
## Redaction Rules
|
|
287
|
+
|
|
288
|
+
Apply in order before emitting any output. Never bypass for any reason.
|
|
289
|
+
|
|
290
|
+
1. **OAuth tokens, refresh tokens, session IDs:** Never include. Strip from any CLI output.
|
|
291
|
+
2. **Salesforce Org IDs (18-char starting with `00D`):** Replace with `<org_id_placeholder>`.
|
|
292
|
+
3. **Salesforce Record IDs (15/18-char alphanumeric):** Replace with `<record_id_placeholder>`
|
|
293
|
+
in all log excerpts. Record IDs appear frequently in `USER_DEBUG`, `DML_BEGIN`, and
|
|
294
|
+
`SOQL_EXECUTE_BEGIN` lines.
|
|
295
|
+
4. **User IDs (OwnerId, CreatedById, Running User ID, User.Id):** Replace with `<user_id_placeholder>`.
|
|
296
|
+
5. **Email addresses in log output:** Replace with `<email_placeholder>` unless the user
|
|
297
|
+
explicitly acknowledges PII scope and the org is non-production.
|
|
298
|
+
6. **Phone numbers, SSNs, financial account numbers in log output:** Replace with
|
|
299
|
+
`<pii_placeholder>`. Flag in `redactions_applied`.
|
|
300
|
+
7. **Session tokens and access tokens in USER_DEBUG lines:** Strip entirely. Do not include
|
|
301
|
+
a placeholder that implies a token value was present.
|
|
302
|
+
8. **Instance URLs:** Replace with org alias in output. Do not emit raw instance URLs.
|
|
303
|
+
9. **Stack traces:** Retain class names and line numbers — required for diagnosis. Replace
|
|
304
|
+
any record IDs embedded in exception messages.
|
|
305
|
+
|
|
306
|
+
---
|
|
307
|
+
|
|
308
|
+
## Handoff Rules
|
|
309
|
+
|
|
310
|
+
| Finding | Hand off to |
|
|
311
|
+
|---|---|
|
|
312
|
+
| Code fix needed (SOQL in loop, DML pattern, exception handling) | `salesforce-apex-generator-skill` |
|
|
313
|
+
| Test coverage gap surfaced by log | `salesforce-apex-test-generator-skill` |
|
|
314
|
+
| Verification run needed after fix | `salesforce-apex-test-runner-skill` |
|
|
315
|
+
| Permission or FLS finding in log | `salesforce-permission-model-review-skill` |
|
|
316
|
+
| Agentforce / Einstein AI trace in log | `salesforce-agentforce-stdm-observer-skill` |
|
|
317
|
+
| Critical finding needing deployment review | `salesforce-deployment-validator-skill` |
|
|
318
|
+
|
|
319
|
+
Required handoff fields: `matter_id`, `audit_envelope`, `findings` (sanitized), `next_steps`.
|
|
320
|
+
|
|
321
|
+
---
|
|
322
|
+
|
|
323
|
+
## Stop Conditions
|
|
324
|
+
|
|
325
|
+
Stop and do not continue if:
|
|
326
|
+
|
|
327
|
+
- Log retrieval fails and the user cannot provide log content directly — stop and explain
|
|
328
|
+
that a log ID, user context, or pasted log content is required.
|
|
329
|
+
- Log content contains fields identified as encrypted (Shield PE / PMLE) — skip those
|
|
330
|
+
entries, note the redaction, and analyze the remainder.
|
|
331
|
+
- The audit envelope cannot be completed — stop until matter_id or org alias is resolved.
|
|
332
|
+
- The user requests redaction to be disabled — stop and explain the policy.
|
|
333
|
+
- Log content is from a production org and contains PII fields — apply maximum redaction;
|
|
334
|
+
if PII is pervasive and the matter classification does not permit, stop and escalate to
|
|
335
|
+
the compliance specialist.
|
|
336
|
+
|
|
337
|
+
---
|
|
338
|
+
|
|
339
|
+
## Security Notes
|
|
340
|
+
|
|
341
|
+
- **T1 read-only runtime:** No code execution, no DML, no metadata mutation.
|
|
342
|
+
- **No View All Data required:** Log retrieval operates under `View Setup and Configuration`
|
|
343
|
+
only. This distinguishes this skill from the test runner and reduces its permission footprint.
|
|
344
|
+
- **Log content sensitivity:** Apex debug logs may capture field values, user data, and API
|
|
345
|
+
payloads. PII and encrypted field redaction is mandatory.
|
|
346
|
+
- **Sanitized output only:** All record IDs, user IDs, session tokens, and PII values
|
|
347
|
+
redacted before emission. Raw log lines are never echoed.
|
|
348
|
+
- **Structured audit:** Every execution produces a complete audit envelope including
|
|
349
|
+
`pii_risk_assessed` and `redactions_applied` fields.
|
|
350
|
+
- **Revocable:** Rotating the Run As account's refresh token immediately revokes all access.
|
|
351
|
+
|
|
352
|
+
---
|
|
353
|
+
|
|
354
|
+
## Reference File Index
|
|
355
|
+
|
|
356
|
+
| File | When to read |
|
|
357
|
+
|---|---|
|
|
358
|
+
| `references/log-format-reference.md` | Apex log levels, log line categories (USER_DEBUG, METHOD_ENTRY, SOQL_EXECUTE_BEGIN, LIMIT_USAGE_FOR_NS, FATAL_ERROR, etc.) |
|
|
359
|
+
| `references/governor-limit-signatures.md` | Common governor limit hit patterns, limit ceilings, and remediation strategies |
|
|
360
|
+
| `references/redaction-rules.md` | Detailed redaction patterns for record IDs, user IDs, session tokens, PII field values; jq and grep patterns for automated stripping |
|