@salesforce/afv-skills 1.16.0 → 1.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/skills/activating-datacloud/SKILL.md +2 -2
- package/skills/analyzing-omnistudio-dependencies/SKILL.md +1 -1
- package/skills/building-sf-integrations/SKILL.md +1 -1
- package/skills/building-ui-bundle-app/SKILL.md +1 -1
- package/skills/configuring-code-analyzer/SKILL.md +482 -0
- package/skills/configuring-code-analyzer/examples/apex-project-config.yml +41 -0
- package/skills/configuring-code-analyzer/examples/ci-github-actions.yml +96 -0
- package/skills/configuring-code-analyzer/examples/fullstack-project-config.yml +46 -0
- package/skills/configuring-code-analyzer/examples/lwc-project-config.yml +26 -0
- package/skills/configuring-code-analyzer/references/ci-cd-templates.md +648 -0
- package/skills/configuring-code-analyzer/references/config-schema.md +257 -0
- package/skills/configuring-code-analyzer/references/diagnostic-flow.md +70 -0
- package/skills/configuring-code-analyzer/references/engine-prerequisites.md +276 -0
- package/skills/configuring-code-analyzer/references/rule-name-resolution.md +67 -0
- package/skills/configuring-code-analyzer/references/troubleshooting.md +298 -0
- package/skills/configuring-code-analyzer/scripts/check-prerequisites.sh +189 -0
- package/skills/configuring-code-analyzer/scripts/generate-config.sh +143 -0
- package/skills/configuring-code-analyzer/scripts/validate-config.sh +153 -0
- package/skills/connecting-datacloud/SKILL.md +2 -2
- package/skills/creating-b2b-commerce-store/SKILL.md +0 -1
- package/skills/developing-agentforce/SKILL.md +0 -1
- package/skills/generating-apex/SKILL.md +1 -0
- package/skills/generating-mermaid-diagrams/assets/datamodel/b2b-commerce-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/campaigns-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/consent-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/files-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/forecasting-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/fsl-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/party-model-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/quote-order-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/revenue-cloud-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/sales-cloud-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/salesforce-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/scheduler-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/service-cloud-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/assets/datamodel/territory-management-erd.md +1 -1
- package/skills/generating-mermaid-diagrams/references/erd-conventions.md +1 -1
- package/skills/generating-mermaid-diagrams/references/preview-guide.md +2 -5
- package/skills/harmonizing-datacloud/SKILL.md +2 -2
- package/skills/implementing-ui-bundle-agentforce-conversation-client/SKILL.md +1 -2
- package/skills/investigating-agentforce-d360/SKILL.md +1 -1
- package/skills/managing-cdc-enablement/SKILL.md +164 -0
- package/skills/managing-cdc-enablement/assets/PlatformEventChannel-template.xml +5 -0
- package/skills/managing-cdc-enablement/assets/PlatformEventChannelMember-template.xml +11 -0
- package/skills/managing-cdc-enablement/references/deploy-troubleshooting.md +73 -0
- package/skills/managing-cdc-enablement/references/filter-expressions.md +93 -0
- package/skills/observing-agentforce/SKILL.md +0 -1
- package/skills/observing-agentforce/references/stdm-queries.md +3 -11
- package/skills/orchestrating-datacloud/README.md +5 -7
- package/skills/orchestrating-datacloud/SKILL.md +3 -3
- package/skills/orchestrating-datacloud/references/feature-readiness.md +2 -2
- package/skills/orchestrating-datacloud/references/plugin-setup.md +6 -8
- package/skills/orchestrating-datacloud/scripts/diagnose-org.mjs +1 -1
- package/skills/orchestrating-datacloud/scripts/verify-plugin.sh +2 -2
- package/skills/preparing-datacloud/SKILL.md +2 -2
- package/skills/retrieving-datacloud/SKILL.md +3 -3
- package/skills/reviewing-lwc-mobile-offline/SKILL.md +0 -1
- package/skills/running-code-analyzer/SKILL.md +264 -267
- package/skills/running-code-analyzer/references/post-scan-workflows.md +286 -0
- package/skills/running-code-analyzer/scripts/describe-rule.js +382 -0
- package/skills/running-code-analyzer/scripts/list-rules.js +260 -0
- package/skills/running-code-analyzer/scripts/query-results.js +230 -0
- package/skills/testing-agentforce/SKILL.md +0 -1
- package/skills/using-mobile-native-capabilities/SKILL.md +0 -1
- package/skills/using-salesforce-archive/SKILL.md +121 -0
- package/skills/using-salesforce-archive/examples/monitor-failed-jobs.md +47 -0
- package/skills/using-salesforce-archive/references/archive-activity-entity.md +59 -0
- package/skills/using-salesforce-archive/references/connect-api-operations.md +157 -0
package/package.json
CHANGED
|
@@ -40,7 +40,7 @@ Ask for or infer:
|
|
|
40
40
|
## Core Operating Rules
|
|
41
41
|
|
|
42
42
|
- Verify the upstream segment or insight is healthy before creating downstream delivery assets.
|
|
43
|
-
- Run the shared readiness classifier before mutating activation assets: `node
|
|
43
|
+
- Run the shared readiness classifier before mutating activation assets: `node ../orchestrating-datacloud/scripts/diagnose-org.mjs -o <org> --phase act --json`.
|
|
44
44
|
- Inspect available platforms and targets before mutating activation setup.
|
|
45
45
|
- Keep destination definitions deterministic and reusable where possible.
|
|
46
46
|
- Treat downstream credential and platform constraints as separate validation concerns.
|
|
@@ -52,7 +52,7 @@ Ask for or infer:
|
|
|
52
52
|
|
|
53
53
|
### 1. Classify readiness for act work
|
|
54
54
|
```bash
|
|
55
|
-
node
|
|
55
|
+
node ../orchestrating-datacloud/scripts/diagnose-org.mjs -o <org> --phase act --json
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
### 2. Inspect destinations first
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: analyzing-omnistudio-dependencies
|
|
3
|
-
description: "Cross-cutting OmniStudio analysis skill for namespace detection, dependency visualization, and impact analysis across OmniScripts, FlexCards, Integration Procedures, and Data Mappers.
|
|
3
|
+
description: "Cross-cutting OmniStudio analysis skill for namespace detection, dependency visualization, and impact analysis across OmniScripts, FlexCards, Integration Procedures, and Data Mappers. TRIGGER when: user asks about OmniStudio dependencies, wants namespace detection (Core vs vlocity_cmt vs vlocity_ins), needs impact analysis, requests dependency graphs or Mermaid diagrams, or asks which components are affected by a change. DO NOT TRIGGER when: authoring OmniScripts (use building-omnistudio-omniscript), building FlexCards (use building-omnistudio-flexcard), creating Integration Procedures (use building-omnistudio-integration-procedure), or configuring Data Mappers (use building-omnistudio-datamapper)."
|
|
4
4
|
metadata:
|
|
5
5
|
version: "1.0"
|
|
6
6
|
---
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: building-sf-integrations
|
|
3
|
-
description: "Salesforce integration architecture and runtime plumbing with 120-point scoring. Use this skill to set up Named Credentials, External Credentials, External Services, REST/SOAP callout patterns, Platform Events, and Change Data Capture. TRIGGER when: user sets up Named Credentials, External Services, REST/SOAP callouts, Platform Events, CDC, or touches .namedCredential-meta.xml files. DO NOT TRIGGER when: Connected App/OAuth config (use configuring-connected-apps), Apex-only logic (use generating-apex),
|
|
3
|
+
description: "Salesforce integration architecture and runtime plumbing with 120-point scoring. Use this skill to set up Named Credentials, External Credentials, External Services, REST/SOAP callout patterns, Platform Events, and Change Data Capture. TRIGGER when: user sets up Named Credentials, External Services, REST/SOAP callouts, Platform Events, CDC, or touches .namedCredential-meta.xml files. DO NOT TRIGGER when: Connected App/OAuth config (use configuring-connected-apps), Apex-only logic (use generating-apex), data import/export (use handling-sf-data), or CDC channel-membership metadata such as PlatformEventChannel, PlatformEventChannelMember, or EnrichedField (use managing-cdc-enablement)."
|
|
4
4
|
metadata:
|
|
5
5
|
version: "1.1"
|
|
6
6
|
---
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: building-ui-bundle-app
|
|
3
|
-
description: "MUST activate when the user wants to build, create, or generate a React application, React app, web application, single-page application (SPA), or frontend application — even if no project files exist yet. MUST also activate when the project contains a uiBundles/*/src/ directory or sfdx-project.json and the prompt says create, build, construct, or generate a new app, site, or page from scratch — even if the prompt also describes visual styling. MUST also activate when the task spans more than one ui-bundle skill. Use this skill when building a complete app end-to-end.
|
|
3
|
+
description: "MUST activate when the user wants to build, create, or generate a React application, React app, web application, single-page application (SPA), or frontend application — even if no project files exist yet. MUST also activate when the project contains a uiBundles/*/src/ directory or sfdx-project.json and the prompt says create, build, construct, or generate a new app, site, or page from scratch — even if the prompt also describes visual styling. MUST also activate when the task spans more than one ui-bundle skill. Use this skill when building a complete app end-to-end. Do NOT use for Lightning Experience apps with custom objects (use generating-lightning-app). Do NOT use for single-concern edits to an existing page (use building-ui-bundle-frontend)."
|
|
4
4
|
metadata:
|
|
5
5
|
version: "1.0"
|
|
6
6
|
related-skills: generating-ui-bundle-metadata, generating-ui-bundle-features, using-ui-bundle-salesforce-data, building-ui-bundle-frontend, implementing-ui-bundle-agentforce-conversation-client, implementing-ui-bundle-file-upload, deploying-ui-bundle, generating-ui-bundle-site, generating-ui-bundle-custom-app
|
|
@@ -0,0 +1,482 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: configuring-code-analyzer
|
|
3
|
+
description: "Set up, configure, and troubleshoot Salesforce Code Analyzer for any project. Handles installation, prerequisite checks, diagnosing broken setups, creating and editing code-analyzer.yml overrides, engine-specific settings, ignore patterns, severity overrides, and CI/CD pipeline setup. TRIGGER when: user says 'set up code analyzer', 'configure code analyzer', 'install code analyzer', 'code analyzer not working', 'fix my setup', 'scan is failing', 'check my setup', 'is code analyzer installed', 'enable/disable engine', 'exclude files', 'change severity', 'set up GitHub Actions', 'set up CI/CD', 'add code analyzer to pipeline', 'make pipeline fail', 'update my workflow', 'quality gate', 'fail on violations', 'scan changed files only', 'add SARIF', 'code-analyzer.yml', 'ESLint config', 'increase SFGE memory', or reports errors running Code Analyzer. DO NOT TRIGGER when: user wants to run a scan (use running-code-analyzer), fix violations, explain rules, create custom rules, or suppress violations."
|
|
4
|
+
metadata:
|
|
5
|
+
version: "1.0"
|
|
6
|
+
argument-hint: "[--check-prerequisites] [--generate-config] [--engine pmd|eslint|cpd|retire-js|regex|flow|sfge|apexguru] [--ci github-actions|jenkins]"
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Configuring Code Analyzer Skill
|
|
10
|
+
|
|
11
|
+
## Overview
|
|
12
|
+
|
|
13
|
+
This skill manages the `code-analyzer.yml` configuration file — the single source of truth for how Code Analyzer behaves in a project. All customization (engines, rules, ignores, suppressions) is done by creating or editing this file. If the file doesn't exist, this skill creates it in the current working directory.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## Scope
|
|
18
|
+
|
|
19
|
+
**In scope:**
|
|
20
|
+
- Checking prerequisites (sf CLI, Java, Node.js, Python, org auth)
|
|
21
|
+
- Installing/updating the Code Analyzer plugin
|
|
22
|
+
- Creating `code-analyzer.yml` if it doesn't exist
|
|
23
|
+
- Editing `code-analyzer.yml` for all configuration changes
|
|
24
|
+
- Engine settings, rule overrides, ignore patterns, suppressions
|
|
25
|
+
- CI/CD pipeline setup (GitHub Actions, Jenkins, etc.)
|
|
26
|
+
- Environment validation and troubleshooting
|
|
27
|
+
|
|
28
|
+
**Out of scope:**
|
|
29
|
+
- Running scans (use `running-code-analyzer` skill)
|
|
30
|
+
- Fixing violations, explaining rules, creating custom rules, suppression management
|
|
31
|
+
|
|
32
|
+
---
|
|
33
|
+
|
|
34
|
+
## Tool Usage Rules
|
|
35
|
+
|
|
36
|
+
**Allowed:** Bash (sf, java, node, python3, git, npm), Read, Write, Edit
|
|
37
|
+
**Forbidden:** MCP tools, Agent tool, Web tools, other skills, `which`, `find`, `locate`, searching for binaries
|
|
38
|
+
|
|
39
|
+
---
|
|
40
|
+
|
|
41
|
+
## Core Principle: YAML Only When Customizing
|
|
42
|
+
|
|
43
|
+
Code Analyzer works out of the box with NO config file — all defaults are built into the tool. The `code-analyzer.yml` file is ONLY created when the user explicitly requests a customization.
|
|
44
|
+
|
|
45
|
+
**Rules:**
|
|
46
|
+
- **Do NOT create `code-analyzer.yml` proactively** — only when user asks to change something
|
|
47
|
+
- **Do NOT duplicate built-in defaults** — only write entries that intentionally override behavior
|
|
48
|
+
- **Always place at project root** — where `sfdx-project.json` or `sf-project.json` lives
|
|
49
|
+
- **The CLI auto-discovers it** — `sf code-analyzer run` from project root automatically picks up `code-analyzer.yml` in that directory. No `--config-file` flag needed.
|
|
50
|
+
- User says "configure code analyzer" with no specifics? → **Ask what they want to customize**. Don't create an empty or boilerplate file.
|
|
51
|
+
|
|
52
|
+
**Workflow:**
|
|
53
|
+
1. User requests a customization (e.g., "disable PMD", "ignore test files", "increase SFGE memory")
|
|
54
|
+
2. Check if `code-analyzer.yml` exists at project root
|
|
55
|
+
3. If NO → create it at project root with ONLY the requested override
|
|
56
|
+
4. If YES → read it, then edit in the requested change
|
|
57
|
+
5. Validate with `sf code-analyzer config`
|
|
58
|
+
|
|
59
|
+
---
|
|
60
|
+
|
|
61
|
+
## Step 1: Understand Intent and Map to Config Sections
|
|
62
|
+
|
|
63
|
+
The user can request ANY combination of configuration changes in natural language. Your job is to:
|
|
64
|
+
|
|
65
|
+
1. **Parse what they want** — may be one thing or many things combined
|
|
66
|
+
2. **Map each request to the correct section(s) of `code-analyzer.yml`**
|
|
67
|
+
3. **Create the file if it doesn't exist, then apply all changes**
|
|
68
|
+
|
|
69
|
+
### The `code-analyzer.yml` Structure (what you can write/edit)
|
|
70
|
+
|
|
71
|
+
```yaml
|
|
72
|
+
config_root: . # Root for relative path resolution
|
|
73
|
+
log_folder: <path> # Where logs are written
|
|
74
|
+
log_level: <1-5> # 1=Error, 2=Warn, 3=Info, 4=Debug, 5=Fine
|
|
75
|
+
|
|
76
|
+
ignores: # Files/folders excluded from scanning
|
|
77
|
+
files: [<glob patterns>]
|
|
78
|
+
|
|
79
|
+
engines: # Per-engine settings
|
|
80
|
+
<engine_name>:
|
|
81
|
+
disable_engine: <bool>
|
|
82
|
+
<engine_specific_keys>: ...
|
|
83
|
+
|
|
84
|
+
rules: # Per-rule overrides
|
|
85
|
+
<engine_name>:
|
|
86
|
+
<rule_name>:
|
|
87
|
+
severity: <1-5>
|
|
88
|
+
tags: [<strings>]
|
|
89
|
+
disabled: <bool>
|
|
90
|
+
|
|
91
|
+
suppressions: # Bulk suppression configuration
|
|
92
|
+
disable_suppressions: <bool>
|
|
93
|
+
"<file_or_folder_path>":
|
|
94
|
+
- rule_selector: "<selector>"
|
|
95
|
+
max_suppressed_violations: <number|null>
|
|
96
|
+
reason: "<why>"
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
### Mapping Principle
|
|
100
|
+
|
|
101
|
+
Any user request maps to one or more sections above. Parse the intent and edit the right section(s):
|
|
102
|
+
|
|
103
|
+
| Intent Category | Maps To | Examples of What User Might Say |
|
|
104
|
+
|----------------|---------|-------------------------------|
|
|
105
|
+
| Setup / Install | Step 2 (prerequisites + install) | "set up", "install", "get started", "new laptop", "from scratch" |
|
|
106
|
+
| **Diagnose / Fix** | **Step 2A (systematic debug)** | **"not working", "broken", "fix my setup", "scan fails", "getting errors"** |
|
|
107
|
+
| Engine control | `engines.<name>.disable_engine` | "disable X", "turn off Y", "only use Z", "enable all" |
|
|
108
|
+
| Engine tuning | `engines.<name>.<property>` | "increase memory", "change heap", "use my eslint config", "set tokens to 50" |
|
|
109
|
+
| File exclusions | `ignores.files` | "exclude", "ignore", "skip", "don't scan X" |
|
|
110
|
+
| Rule severity | `rules.<engine>.<rule>.severity` | "make X critical", "promote", "demote", "change severity" |
|
|
111
|
+
| Rule disable | `rules.<engine>.<rule>.disabled` | "disable rule X", "turn off Y rule", "remove Z" |
|
|
112
|
+
| Rule tags | `rules.<engine>.<rule>.tags` | "tag X as security", "add recommended tag" |
|
|
113
|
+
| Suppressions | `suppressions` section | "suppress X in folder Y", "allow N violations" |
|
|
114
|
+
| CI/CD | Generate pipeline file (separate from config) | "github actions", "CI", "quality gate" |
|
|
115
|
+
| View/inspect | Read file + `sf code-analyzer config` | "show config", "what's configured", "current settings" |
|
|
116
|
+
|
|
117
|
+
### File Existence Decision
|
|
118
|
+
|
|
119
|
+
**BEFORE editing anything**, check if `code-analyzer.yml` exists at project root:
|
|
120
|
+
|
|
121
|
+
```bash
|
|
122
|
+
ls code-analyzer.yml code-analyzer.yaml 2>/dev/null
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
- **File does NOT exist** → Create it at project root with ONLY the user's requested override(s)
|
|
126
|
+
- **File exists** → Read it, then Edit to add/modify the requested section(s)
|
|
127
|
+
|
|
128
|
+
The CLI auto-discovers `code-analyzer.yml` in the current directory. Since scans run from project root, the file must live there.
|
|
129
|
+
|
|
130
|
+
### ⚠️ Rule Name Resolution — ALWAYS Before Writing YAML
|
|
131
|
+
|
|
132
|
+
When a user references rules by partial, descriptive, or approximate names (e.g., "the doc rule", "CRUD violation", "console rule", "hardcoded values"), you MUST resolve to exact rule names using the lookup in **Step 6.1** BEFORE writing any YAML. The `code-analyzer.yml` file silently ignores rule names that don't exactly match — there is no error, the override just won't apply.
|
|
133
|
+
|
|
134
|
+
**Examples of fuzzy → exact resolution needed:**
|
|
135
|
+
- "Disable the ApexDoc rule" → lookup confirms `ApexDoc` (engine: `pmd`)
|
|
136
|
+
- "Demote no-console to low" → lookup confirms `no-console` (engine: `eslint`)
|
|
137
|
+
- "Make CRUD violations critical" → lookup confirms `ApexCRUDViolation` (engine: `pmd`)
|
|
138
|
+
- "Turn off the hardcoded values check" → lookup finds `@salesforce-ux/slds/no-hardcoded-values-slds2` (engine: `eslint`)
|
|
139
|
+
- "Disable the injection rule" → multiple matches possible → ask user which one
|
|
140
|
+
|
|
141
|
+
**Only skip the lookup** when the user provides an unambiguous, exact, well-known name (e.g., "ApexDoc", "no-console", "no-unused-vars").
|
|
142
|
+
|
|
143
|
+
### Handling Combined/Complex Requests
|
|
144
|
+
|
|
145
|
+
Users will often combine multiple changes in one request. Handle ALL of them in a single edit:
|
|
146
|
+
|
|
147
|
+
- "Disable PMD's ApexDoc rule and make CRUD violations critical" → edit two entries under `rules.pmd`
|
|
148
|
+
- "Exclude test files and vendor code, and increase SFGE memory" → edit `ignores.files` + `engines.sfge.java_max_heap_size`
|
|
149
|
+
- "Set up code analyzer with only ESLint and PMD, ignore node_modules" → create file with `engines` (disable others) + `ignores`
|
|
150
|
+
- "Make all security rules severity 1" → look up rules via `sf code-analyzer rules --rule-selector Security`, then override each
|
|
151
|
+
- "Configure code analyzer" (no specifics) → ask user what they want to customize before creating any file
|
|
152
|
+
|
|
153
|
+
### Quick Reference: Common Requests → Config Output
|
|
154
|
+
|
|
155
|
+
| User Says | Resulting YAML |
|
|
156
|
+
|-----------|---------------|
|
|
157
|
+
| "configure code analyzer" | Ask user what to customize — don't create file until there's an actual override |
|
|
158
|
+
| "disable the ApexDoc rule" | `rules: pmd: ApexDoc: disabled: true` |
|
|
159
|
+
| "only scan Apex, no JavaScript" | `engines: eslint: disable_engine: true` + `engines: retire-js: disable_engine: true` |
|
|
160
|
+
| "ignore all test files" | `ignores: files: ["**/test/**", "**/__tests__/**", "**/*.test.js"]` |
|
|
161
|
+
| "make security rules critical" | Look up rules, then `rules: <engine>: <rule>: severity: 1` for each |
|
|
162
|
+
| "increase SFGE memory to 8g" | `engines: sfge: java_max_heap_size: "8g"` |
|
|
163
|
+
| "use my project's ESLint config" | `engines: eslint: auto_discover_eslint_config: true` |
|
|
164
|
+
| "suppress CRUD violations in legacy folder" | `suppressions: "force-app/legacy/": [{rule_selector: "pmd:ApexCRUDViolation", reason: "..."}]` |
|
|
165
|
+
|
|
166
|
+
**The AI must understand the YAML schema and write valid config for ANY request, not just the examples above.**
|
|
167
|
+
|
|
168
|
+
---
|
|
169
|
+
|
|
170
|
+
## Step 2: Check Prerequisites and Install
|
|
171
|
+
|
|
172
|
+
Run `bash "<skill_dir>/scripts/check-prerequisites.sh"` or check manually:
|
|
173
|
+
|
|
174
|
+
```bash
|
|
175
|
+
sf --version 2>&1 # sf CLI
|
|
176
|
+
sf plugins --core 2>&1 | grep -i "code-analyzer" # Plugin
|
|
177
|
+
java -version 2>&1 # Java 11+ (PMD, CPD, SFGE)
|
|
178
|
+
node --version 2>&1 # Node 18+ (ESLint, RetireJS)
|
|
179
|
+
python3 --version 2>&1 # Python 3 (Flow engine)
|
|
180
|
+
```
|
|
181
|
+
|
|
182
|
+
If anything is missing, install it (**always ask user first**):
|
|
183
|
+
|
|
184
|
+
```bash
|
|
185
|
+
npm install -g @salesforce/cli # sf CLI
|
|
186
|
+
sf plugins install @salesforce/plugin-code-analyzer # Code Analyzer plugin
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
For Java/Node/Python installs, read `<skill_dir>/references/engine-prerequisites.md`.
|
|
190
|
+
If install fails, read `<skill_dir>/references/troubleshooting.md`.
|
|
191
|
+
|
|
192
|
+
---
|
|
193
|
+
|
|
194
|
+
## Step 2A: Diagnose and Fix a Broken Setup
|
|
195
|
+
|
|
196
|
+
**TRIGGER:** User says "not working", "broken", "getting errors", "scan fails", "help me fix", etc.
|
|
197
|
+
|
|
198
|
+
**Read `<skill_dir>/references/diagnostic-flow.md`** for the complete layered diagnostic procedure, fix table, and anti-patterns.
|
|
199
|
+
|
|
200
|
+
**Key principles (always apply):**
|
|
201
|
+
- Never search for binaries (`which`, `find`, `ls /opt/homebrew/bin/`)
|
|
202
|
+
- Never use `sfdx` as a workaround — only `sf`
|
|
203
|
+
- Fix layer by layer: CLI → Plugin → Engine deps → verify scan
|
|
204
|
+
- Give user ONE command at a time, wait for confirmation before continuing
|
|
205
|
+
- After fix succeeds, proceed to run the full scan automatically
|
|
206
|
+
|
|
207
|
+
---
|
|
208
|
+
|
|
209
|
+
## Step 3: Create or Edit `code-analyzer.yml`
|
|
210
|
+
|
|
211
|
+
**Only triggered when user requests a customization.** Never create proactively.
|
|
212
|
+
|
|
213
|
+
### Creating (file doesn't exist)
|
|
214
|
+
|
|
215
|
+
Choose **one** of the two approaches below — do not run both:
|
|
216
|
+
|
|
217
|
+
**Option A — Auto-generate from project type (recommended for first-time setup):**
|
|
218
|
+
|
|
219
|
+
Run `bash "<skill_dir>/scripts/generate-config.sh"`. This detects Apex, LWC, and Flow markers and produces a minimal `code-analyzer.yml` suited to the project. Skip to the "After any create/edit, validate" section.
|
|
220
|
+
|
|
221
|
+
> Note: The script exits with an error if `code-analyzer.yml` already exists. Delete the existing file first if you need to regenerate.
|
|
222
|
+
|
|
223
|
+
**Option B — Write manually (when the user has specific customizations in mind):**
|
|
224
|
+
|
|
225
|
+
Read the appropriate example config as a reference for structure:
|
|
226
|
+
- For Apex-only projects, read `<skill_dir>/examples/apex-project-config.yml`
|
|
227
|
+
- For LWC-only projects, read `<skill_dir>/examples/lwc-project-config.yml`
|
|
228
|
+
- For full-stack (Apex + LWC + Flows), read `<skill_dir>/examples/fullstack-project-config.yml`
|
|
229
|
+
|
|
230
|
+
Write the file at project root using the Write tool. Include ONLY the user's requested changes:
|
|
231
|
+
|
|
232
|
+
```bash
|
|
233
|
+
# Example: user said "ignore test files and increase SFGE memory"
|
|
234
|
+
# → Write to project root (where sfdx-project.json lives):
|
|
235
|
+
```
|
|
236
|
+
|
|
237
|
+
```yaml
|
|
238
|
+
ignores:
|
|
239
|
+
files:
|
|
240
|
+
- "**/test/**"
|
|
241
|
+
- "**/__tests__/**"
|
|
242
|
+
|
|
243
|
+
engines:
|
|
244
|
+
sfge:
|
|
245
|
+
java_max_heap_size: "4g"
|
|
246
|
+
```
|
|
247
|
+
|
|
248
|
+
Do NOT add `config_root`, `log_folder`, or any other field the user didn't ask for.
|
|
249
|
+
|
|
250
|
+
### Editing (file already exists)
|
|
251
|
+
|
|
252
|
+
Read the file, then use the Edit tool to add/modify only the relevant section. Preserve everything else.
|
|
253
|
+
|
|
254
|
+
### After any create/edit, validate:
|
|
255
|
+
|
|
256
|
+
Run `bash "<skill_dir>/scripts/validate-config.sh"` to validate YAML syntax and schema correctness, or use the CLI directly:
|
|
257
|
+
|
|
258
|
+
```bash
|
|
259
|
+
sf code-analyzer config
|
|
260
|
+
```
|
|
261
|
+
|
|
262
|
+
(No `--config-file` needed — the CLI auto-discovers `code-analyzer.yml` in CWD.)
|
|
263
|
+
|
|
264
|
+
### If user says "configure code analyzer" with no specifics
|
|
265
|
+
|
|
266
|
+
Ask: "What would you like to customize? For example: ignore certain files, change rule severities, tune engine settings, or disable engines you don't need."
|
|
267
|
+
|
|
268
|
+
---
|
|
269
|
+
|
|
270
|
+
## Step 4: Enable/Disable Engines
|
|
271
|
+
|
|
272
|
+
Edit the `engines` section in `code-analyzer.yml`:
|
|
273
|
+
|
|
274
|
+
```yaml
|
|
275
|
+
engines:
|
|
276
|
+
pmd:
|
|
277
|
+
disable_engine: true # Disable PMD
|
|
278
|
+
eslint:
|
|
279
|
+
disable_engine: false # Enable ESLint (default)
|
|
280
|
+
```
|
|
281
|
+
|
|
282
|
+
Valid engine names: `pmd`, `cpd`, `eslint`, `regex`, `retire-js`, `flow`, `sfge`, `apexguru`
|
|
283
|
+
|
|
284
|
+
**Always validate after editing:**
|
|
285
|
+
```bash
|
|
286
|
+
sf code-analyzer config --config-file code-analyzer.yml
|
|
287
|
+
```
|
|
288
|
+
|
|
289
|
+
---
|
|
290
|
+
|
|
291
|
+
## Step 5: Ignore Patterns
|
|
292
|
+
|
|
293
|
+
Edit the `ignores` section in `code-analyzer.yml`:
|
|
294
|
+
|
|
295
|
+
```yaml
|
|
296
|
+
ignores:
|
|
297
|
+
files:
|
|
298
|
+
- "**/node_modules/**"
|
|
299
|
+
- "**/.sfdx/**"
|
|
300
|
+
- "**/.sf/**"
|
|
301
|
+
- "**/vendor/**"
|
|
302
|
+
- "**/*.min.js"
|
|
303
|
+
```
|
|
304
|
+
|
|
305
|
+
Common patterns:
|
|
306
|
+
|
|
307
|
+
| Pattern | Excludes |
|
|
308
|
+
|---------|----------|
|
|
309
|
+
| `**/node_modules/**` | npm dependencies |
|
|
310
|
+
| `**/.sfdx/**`, `**/.sf/**` | SF CLI internals |
|
|
311
|
+
| `**/test/**`, `**/__tests__/**` | Test directories |
|
|
312
|
+
| `**/*.test.js`, `**/*.spec.js` | Test files |
|
|
313
|
+
| `**/jest-mocks/**` | Jest mocks |
|
|
314
|
+
| `**/vendor/**`, `**/*.min.js` | Third-party/minified |
|
|
315
|
+
| `**/staticresources/**` | Static resources |
|
|
316
|
+
|
|
317
|
+
---
|
|
318
|
+
|
|
319
|
+
## Step 6: Rule Overrides
|
|
320
|
+
|
|
321
|
+
Edit the `rules` section in `code-analyzer.yml`. Each rule can have `severity`, `tags`, and `disabled` overrides:
|
|
322
|
+
|
|
323
|
+
```yaml
|
|
324
|
+
rules:
|
|
325
|
+
pmd:
|
|
326
|
+
ApexCRUDViolation:
|
|
327
|
+
severity: 1 # Promote to Critical
|
|
328
|
+
AvoidGlobalModifier:
|
|
329
|
+
disabled: true # Turn off entirely
|
|
330
|
+
ApexDoc:
|
|
331
|
+
severity: 5 # Demote to Info
|
|
332
|
+
tags: ["Documentation"]
|
|
333
|
+
eslint:
|
|
334
|
+
no-console:
|
|
335
|
+
severity: 4 # Demote to Low
|
|
336
|
+
no-unused-vars:
|
|
337
|
+
severity: 2 # Promote to High
|
|
338
|
+
```
|
|
339
|
+
|
|
340
|
+
**Severity values:** `1`/Critical, `2`/High, `3`/Moderate, `4`/Low, `5`/Info
|
|
341
|
+
|
|
342
|
+
### 6.1 Rule Name Resolution (Fuzzy Matching)
|
|
343
|
+
|
|
344
|
+
**⚠️ CRITICAL:** A misspelled or partial rule name in `code-analyzer.yml` is SILENTLY IGNORED — no error, the override just won't apply.
|
|
345
|
+
|
|
346
|
+
**When users reference rules by approximate names** (e.g., "the doc rule", "CRUD violation", "hardcoded values"), resolve to exact names BEFORE writing YAML:
|
|
347
|
+
|
|
348
|
+
```bash
|
|
349
|
+
sf code-analyzer rules --rule-selector all 2>&1 | grep -i "<USER_KEYWORD>"
|
|
350
|
+
```
|
|
351
|
+
|
|
352
|
+
- **1 match** → use that exact name + its engine for the YAML path
|
|
353
|
+
- **Multiple matches** → ask user which one they meant
|
|
354
|
+
- **0 matches** → try broader keywords or inform user
|
|
355
|
+
|
|
356
|
+
**Skip the lookup only** when the name is unambiguous and exact (e.g., "ApexDoc", "no-console", "no-unused-vars").
|
|
357
|
+
|
|
358
|
+
**For detailed matching strategies, common fuzzy→exact mappings, and engine identification:** Read `<skill_dir>/references/rule-name-resolution.md`.
|
|
359
|
+
|
|
360
|
+
---
|
|
361
|
+
|
|
362
|
+
## Step 7: Engine-Specific Settings
|
|
363
|
+
|
|
364
|
+
Edit the `engines` section. Most common overrides:
|
|
365
|
+
|
|
366
|
+
```yaml
|
|
367
|
+
engines:
|
|
368
|
+
sfge:
|
|
369
|
+
java_max_heap_size: "4g" # <200 classes→"2g", 200-500→"4g", 500+→"6g"/"8g"
|
|
370
|
+
java_thread_count: 4
|
|
371
|
+
java_thread_timeout: 900000
|
|
372
|
+
eslint:
|
|
373
|
+
auto_discover_eslint_config: true # Use project's own ESLint config
|
|
374
|
+
eslint_config_file: "./eslint.config.mjs"
|
|
375
|
+
pmd:
|
|
376
|
+
custom_rulesets: ["./config/custom-pmd-rules.xml"]
|
|
377
|
+
java_classpath_entries: ["./lib/custom-rules.jar"]
|
|
378
|
+
cpd:
|
|
379
|
+
minimum_tokens: { apex: 100, javascript: 100 }
|
|
380
|
+
apexguru:
|
|
381
|
+
target_org: "my-org-alias"
|
|
382
|
+
flow:
|
|
383
|
+
python_command: "python3"
|
|
384
|
+
regex:
|
|
385
|
+
custom_rules:
|
|
386
|
+
NoHardcodedIds:
|
|
387
|
+
regex: "/[a-zA-Z0-9]{15,18}/"
|
|
388
|
+
file_extensions: [".cls", ".trigger"]
|
|
389
|
+
description: "Detects hardcoded Salesforce record IDs"
|
|
390
|
+
severity: 2
|
|
391
|
+
tags: ["Security"]
|
|
392
|
+
```
|
|
393
|
+
|
|
394
|
+
For full property list per engine, read `<skill_dir>/references/config-schema.md`.
|
|
395
|
+
|
|
396
|
+
---
|
|
397
|
+
|
|
398
|
+
## Step 8: CI/CD Pipeline Setup
|
|
399
|
+
|
|
400
|
+
Detect CI system from workspace (`.github/workflows/` → GitHub Actions, `Jenkinsfile` → Jenkins, etc.). Read `<skill_dir>/references/ci-cd-templates.md` for templates. Use `<skill_dir>/examples/ci-github-actions.yml` as GitHub Actions base. Key flags: `--severity-threshold 2` (gate), `--output-file results.sarif` (GitHub scanning), `--config-file code-analyzer.yml`.
|
|
401
|
+
|
|
402
|
+
---
|
|
403
|
+
|
|
404
|
+
## Step 9: View Current Configuration
|
|
405
|
+
|
|
406
|
+
```bash
|
|
407
|
+
sf code-analyzer config # Show effective config
|
|
408
|
+
sf code-analyzer config --rule-selector pmd:Security # Specific rules
|
|
409
|
+
sf code-analyzer config --include-unmodified-rules # All defaults
|
|
410
|
+
```
|
|
411
|
+
|
|
412
|
+
---
|
|
413
|
+
|
|
414
|
+
## Cross-Skill Integration
|
|
415
|
+
|
|
416
|
+
This skill works together with `running-code-analyzer`. The AI agent should seamlessly hand off between them:
|
|
417
|
+
|
|
418
|
+
### When `running-code-analyzer` delegates HERE:
|
|
419
|
+
|
|
420
|
+
If a user says "scan my code" / "run code analyzer" but it fails (CLI missing, plugin not installed, or scan errors out), `running-code-analyzer` delegates to this skill. In that case:
|
|
421
|
+
|
|
422
|
+
1. Run the **diagnose and fix** flow (Step 2A) — find what's broken, fix it
|
|
423
|
+
2. After everything works, **automatically proceed to run the scan** — do not stop and ask. The user's original intent was to scan.
|
|
424
|
+
3. Hand execution back to `running-code-analyzer` behavior (build command, execute, parse results).
|
|
425
|
+
|
|
426
|
+
### When THIS skill hands off to `running-code-analyzer`:
|
|
427
|
+
|
|
428
|
+
After any successful configuration action, offer to run a scan (e.g., "Setup complete! Want me to run a scan?", "Config updated — want to scan and verify?"). If user says yes, proceed with `running-code-analyzer` behavior.
|
|
429
|
+
|
|
430
|
+
### When user intent spans BOTH skills:
|
|
431
|
+
|
|
432
|
+
Handle end-to-end: "not working" → Diagnose → Fix → Scan. "Set up and scan" → Install → Scan. "Disable ESLint and scan Apex" → Edit config → Run with `--rule-selector pmd`. Always follow through to the user's final intent.
|
|
433
|
+
|
|
434
|
+
---
|
|
435
|
+
|
|
436
|
+
## Rules / Constraints
|
|
437
|
+
|
|
438
|
+
| Constraint | Rationale |
|
|
439
|
+
|-----------|-----------|
|
|
440
|
+
| Only create YAML when user requests a customization | Defaults work without any file — don't create boilerplate |
|
|
441
|
+
| Place YAML at project root only | CLI auto-discovers `code-analyzer.yml` from CWD |
|
|
442
|
+
| Write only overrides, never duplicate defaults | Keep file minimal and intentional |
|
|
443
|
+
| Use Write tool to create, Edit tool to modify | Preserves existing settings |
|
|
444
|
+
| Validate after every change | `sf code-analyzer config` catches YAML errors |
|
|
445
|
+
| Ask before installing prerequisites | Never auto-install without consent |
|
|
446
|
+
| Never delete existing config without asking | User may have custom settings |
|
|
447
|
+
| After setup, offer to scan | Close the loop — config without scan is incomplete |
|
|
448
|
+
|
|
449
|
+
---
|
|
450
|
+
|
|
451
|
+
## Gotchas
|
|
452
|
+
|
|
453
|
+
| Issue | Solution |
|
|
454
|
+
|-------|----------|
|
|
455
|
+
| Config not picked up | Must be `code-analyzer.yml` in CWD or use `--config-file` |
|
|
456
|
+
| YAML validation fails | Spaces only (no tabs), check colon spacing |
|
|
457
|
+
| SFGE out of memory | Increase `java_max_heap_size` in engines section |
|
|
458
|
+
| ESLint rules missing | Set `auto_discover_eslint_config: true` |
|
|
459
|
+
|
|
460
|
+
For full troubleshooting, read `<skill_dir>/references/troubleshooting.md`.
|
|
461
|
+
|
|
462
|
+
---
|
|
463
|
+
|
|
464
|
+
## Reference File Index
|
|
465
|
+
|
|
466
|
+
`<skill_dir>` is the absolute path to the directory containing this SKILL.md file.
|
|
467
|
+
|
|
468
|
+
| File | Purpose |
|
|
469
|
+
|------|---------|
|
|
470
|
+
| `<skill_dir>/scripts/check-prerequisites.sh` | Environment check |
|
|
471
|
+
| `<skill_dir>/scripts/generate-config.sh` | Auto-detect project type and generate config |
|
|
472
|
+
| `<skill_dir>/scripts/validate-config.sh` | Validate YAML after changes |
|
|
473
|
+
| `<skill_dir>/references/config-schema.md` | Full YAML schema documentation |
|
|
474
|
+
| `<skill_dir>/references/diagnostic-flow.md` | Step 2A: layered diagnostic procedure and fix table |
|
|
475
|
+
| `<skill_dir>/references/rule-name-resolution.md` | Step 6.1: fuzzy rule name lookup strategies and mappings |
|
|
476
|
+
| `<skill_dir>/references/engine-prerequisites.md` | Install instructions per engine |
|
|
477
|
+
| `<skill_dir>/references/ci-cd-templates.md` | CI/CD pipeline templates |
|
|
478
|
+
| `<skill_dir>/references/troubleshooting.md` | Common setup issues and fixes |
|
|
479
|
+
| `<skill_dir>/examples/apex-project-config.yml` | Config for Apex-only project |
|
|
480
|
+
| `<skill_dir>/examples/lwc-project-config.yml` | Config for LWC-only project |
|
|
481
|
+
| `<skill_dir>/examples/fullstack-project-config.yml` | Config for Apex + LWC + Flows |
|
|
482
|
+
| `<skill_dir>/examples/ci-github-actions.yml` | GitHub Actions workflow |
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# Code Analyzer Configuration — Apex-focused Project
|
|
2
|
+
#
|
|
3
|
+
# This file contains ONLY overrides. Code Analyzer's built-in defaults
|
|
4
|
+
# handle everything else. Only add entries here that intentionally
|
|
5
|
+
# change behavior for your project.
|
|
6
|
+
#
|
|
7
|
+
# Usage:
|
|
8
|
+
# Place at project root as code-analyzer.yml
|
|
9
|
+
# Validate: sf code-analyzer config --config-file code-analyzer.yml
|
|
10
|
+
|
|
11
|
+
# Exclude non-project files (these would otherwise be scanned)
|
|
12
|
+
ignores:
|
|
13
|
+
files:
|
|
14
|
+
- "**/node_modules/**"
|
|
15
|
+
- "**/.sfdx/**"
|
|
16
|
+
- "**/.sf/**"
|
|
17
|
+
- "**/staticresources/**"
|
|
18
|
+
|
|
19
|
+
# Engine tuning — only override what differs from defaults
|
|
20
|
+
engines:
|
|
21
|
+
# SFGE: increase heap for projects with 200+ Apex classes
|
|
22
|
+
# (built-in default is dynamic/1g, too small for large projects)
|
|
23
|
+
sfge:
|
|
24
|
+
java_max_heap_size: "4g"
|
|
25
|
+
|
|
26
|
+
# Rule overrides — promote security, demote noise
|
|
27
|
+
rules:
|
|
28
|
+
pmd:
|
|
29
|
+
# Promote security rules to Critical (default is High)
|
|
30
|
+
ApexCRUDViolation:
|
|
31
|
+
severity: 1
|
|
32
|
+
ApexSOQLInjection:
|
|
33
|
+
severity: 1
|
|
34
|
+
ApexSharingViolations:
|
|
35
|
+
severity: 1
|
|
36
|
+
# Demote noisy rules (default is Moderate)
|
|
37
|
+
ApexDoc:
|
|
38
|
+
severity: 5
|
|
39
|
+
# Disable rules that conflict with project conventions
|
|
40
|
+
AvoidGlobalModifier:
|
|
41
|
+
disabled: true
|