@salesforce/afv-skills 1.17.0 → 1.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/package.json +1 -1
  2. package/skills/analyzing-test-failures/SKILL.md +159 -0
  3. package/skills/building-sf-integrations/SKILL.md +1 -1
  4. package/skills/checking-devops-prerequisites/SKILL.md +141 -0
  5. package/skills/configuring-code-analyzer/SKILL.md +482 -0
  6. package/skills/configuring-code-analyzer/examples/apex-project-config.yml +41 -0
  7. package/skills/configuring-code-analyzer/examples/ci-github-actions.yml +96 -0
  8. package/skills/configuring-code-analyzer/examples/fullstack-project-config.yml +46 -0
  9. package/skills/configuring-code-analyzer/examples/lwc-project-config.yml +26 -0
  10. package/skills/configuring-code-analyzer/references/ci-cd-templates.md +648 -0
  11. package/skills/configuring-code-analyzer/references/config-schema.md +257 -0
  12. package/skills/configuring-code-analyzer/references/diagnostic-flow.md +70 -0
  13. package/skills/configuring-code-analyzer/references/engine-prerequisites.md +276 -0
  14. package/skills/configuring-code-analyzer/references/rule-name-resolution.md +67 -0
  15. package/skills/configuring-code-analyzer/references/troubleshooting.md +298 -0
  16. package/skills/configuring-code-analyzer/scripts/check-prerequisites.sh +189 -0
  17. package/skills/configuring-code-analyzer/scripts/generate-config.sh +143 -0
  18. package/skills/configuring-code-analyzer/scripts/validate-config.sh +153 -0
  19. package/skills/configuring-quality-gate/SKILL.md +120 -0
  20. package/skills/configuring-test-provider/SKILL.md +113 -0
  21. package/skills/creating-fix-work-item/SKILL.md +66 -0
  22. package/skills/managing-cdc-enablement/SKILL.md +164 -0
  23. package/skills/managing-cdc-enablement/assets/PlatformEventChannel-template.xml +5 -0
  24. package/skills/managing-cdc-enablement/assets/PlatformEventChannelMember-template.xml +11 -0
  25. package/skills/managing-cdc-enablement/references/deploy-troubleshooting.md +73 -0
  26. package/skills/managing-cdc-enablement/references/filter-expressions.md +93 -0
  27. package/skills/managing-suite-assignments/SKILL.md +161 -0
  28. package/skills/polling-test-results/SKILL.md +72 -0
  29. package/skills/recommending-devops-tests/SKILL.md +137 -0
  30. package/skills/running-code-analyzer/SKILL.md +264 -267
  31. package/skills/running-code-analyzer/references/post-scan-workflows.md +286 -0
  32. package/skills/running-code-analyzer/scripts/describe-rule.js +382 -0
  33. package/skills/running-code-analyzer/scripts/list-rules.js +260 -0
  34. package/skills/running-code-analyzer/scripts/query-results.js +230 -0
  35. package/skills/running-devops-test-suite/SKILL.md +144 -0
  36. package/skills/syncing-test-providers/SKILL.md +108 -0
  37. package/skills/using-salesforce-archive/SKILL.md +121 -0
  38. package/skills/using-salesforce-archive/examples/monitor-failed-jobs.md +47 -0
  39. package/skills/using-salesforce-archive/references/archive-activity-entity.md +59 -0
  40. package/skills/using-salesforce-archive/references/connect-api-operations.md +157 -0
@@ -0,0 +1,482 @@
1
+ ---
2
+ name: configuring-code-analyzer
3
+ description: "Set up, configure, and troubleshoot Salesforce Code Analyzer for any project. Handles installation, prerequisite checks, diagnosing broken setups, creating and editing code-analyzer.yml overrides, engine-specific settings, ignore patterns, severity overrides, and CI/CD pipeline setup. TRIGGER when: user says 'set up code analyzer', 'configure code analyzer', 'install code analyzer', 'code analyzer not working', 'fix my setup', 'scan is failing', 'check my setup', 'is code analyzer installed', 'enable/disable engine', 'exclude files', 'change severity', 'set up GitHub Actions', 'set up CI/CD', 'add code analyzer to pipeline', 'make pipeline fail', 'update my workflow', 'quality gate', 'fail on violations', 'scan changed files only', 'add SARIF', 'code-analyzer.yml', 'ESLint config', 'increase SFGE memory', or reports errors running Code Analyzer. DO NOT TRIGGER when: user wants to run a scan (use running-code-analyzer), fix violations, explain rules, create custom rules, or suppress violations."
4
+ metadata:
5
+ version: "1.0"
6
+ argument-hint: "[--check-prerequisites] [--generate-config] [--engine pmd|eslint|cpd|retire-js|regex|flow|sfge|apexguru] [--ci github-actions|jenkins]"
7
+ ---
8
+
9
+ # Configuring Code Analyzer Skill
10
+
11
+ ## Overview
12
+
13
+ This skill manages the `code-analyzer.yml` configuration file — the single source of truth for how Code Analyzer behaves in a project. All customization (engines, rules, ignores, suppressions) is done by creating or editing this file. If the file doesn't exist, this skill creates it in the current working directory.
14
+
15
+ ---
16
+
17
+ ## Scope
18
+
19
+ **In scope:**
20
+ - Checking prerequisites (sf CLI, Java, Node.js, Python, org auth)
21
+ - Installing/updating the Code Analyzer plugin
22
+ - Creating `code-analyzer.yml` if it doesn't exist
23
+ - Editing `code-analyzer.yml` for all configuration changes
24
+ - Engine settings, rule overrides, ignore patterns, suppressions
25
+ - CI/CD pipeline setup (GitHub Actions, Jenkins, etc.)
26
+ - Environment validation and troubleshooting
27
+
28
+ **Out of scope:**
29
+ - Running scans (use `running-code-analyzer` skill)
30
+ - Fixing violations, explaining rules, creating custom rules, suppression management
31
+
32
+ ---
33
+
34
+ ## Tool Usage Rules
35
+
36
+ **Allowed:** Bash (sf, java, node, python3, git, npm), Read, Write, Edit
37
+ **Forbidden:** MCP tools, Agent tool, Web tools, other skills, `which`, `find`, `locate`, searching for binaries
38
+
39
+ ---
40
+
41
+ ## Core Principle: YAML Only When Customizing
42
+
43
+ Code Analyzer works out of the box with NO config file — all defaults are built into the tool. The `code-analyzer.yml` file is ONLY created when the user explicitly requests a customization.
44
+
45
+ **Rules:**
46
+ - **Do NOT create `code-analyzer.yml` proactively** — only when user asks to change something
47
+ - **Do NOT duplicate built-in defaults** — only write entries that intentionally override behavior
48
+ - **Always place at project root** — where `sfdx-project.json` or `sf-project.json` lives
49
+ - **The CLI auto-discovers it** — `sf code-analyzer run` from project root automatically picks up `code-analyzer.yml` in that directory. No `--config-file` flag needed.
50
+ - User says "configure code analyzer" with no specifics? → **Ask what they want to customize**. Don't create an empty or boilerplate file.
51
+
52
+ **Workflow:**
53
+ 1. User requests a customization (e.g., "disable PMD", "ignore test files", "increase SFGE memory")
54
+ 2. Check if `code-analyzer.yml` exists at project root
55
+ 3. If NO → create it at project root with ONLY the requested override
56
+ 4. If YES → read it, then edit in the requested change
57
+ 5. Validate with `sf code-analyzer config`
58
+
59
+ ---
60
+
61
+ ## Step 1: Understand Intent and Map to Config Sections
62
+
63
+ The user can request ANY combination of configuration changes in natural language. Your job is to:
64
+
65
+ 1. **Parse what they want** — may be one thing or many things combined
66
+ 2. **Map each request to the correct section(s) of `code-analyzer.yml`**
67
+ 3. **Create the file if it doesn't exist, then apply all changes**
68
+
69
+ ### The `code-analyzer.yml` Structure (what you can write/edit)
70
+
71
+ ```yaml
72
+ config_root: . # Root for relative path resolution
73
+ log_folder: <path> # Where logs are written
74
+ log_level: <1-5> # 1=Error, 2=Warn, 3=Info, 4=Debug, 5=Fine
75
+
76
+ ignores: # Files/folders excluded from scanning
77
+ files: [<glob patterns>]
78
+
79
+ engines: # Per-engine settings
80
+ <engine_name>:
81
+ disable_engine: <bool>
82
+ <engine_specific_keys>: ...
83
+
84
+ rules: # Per-rule overrides
85
+ <engine_name>:
86
+ <rule_name>:
87
+ severity: <1-5>
88
+ tags: [<strings>]
89
+ disabled: <bool>
90
+
91
+ suppressions: # Bulk suppression configuration
92
+ disable_suppressions: <bool>
93
+ "<file_or_folder_path>":
94
+ - rule_selector: "<selector>"
95
+ max_suppressed_violations: <number|null>
96
+ reason: "<why>"
97
+ ```
98
+
99
+ ### Mapping Principle
100
+
101
+ Any user request maps to one or more sections above. Parse the intent and edit the right section(s):
102
+
103
+ | Intent Category | Maps To | Examples of What User Might Say |
104
+ |----------------|---------|-------------------------------|
105
+ | Setup / Install | Step 2 (prerequisites + install) | "set up", "install", "get started", "new laptop", "from scratch" |
106
+ | **Diagnose / Fix** | **Step 2A (systematic debug)** | **"not working", "broken", "fix my setup", "scan fails", "getting errors"** |
107
+ | Engine control | `engines.<name>.disable_engine` | "disable X", "turn off Y", "only use Z", "enable all" |
108
+ | Engine tuning | `engines.<name>.<property>` | "increase memory", "change heap", "use my eslint config", "set tokens to 50" |
109
+ | File exclusions | `ignores.files` | "exclude", "ignore", "skip", "don't scan X" |
110
+ | Rule severity | `rules.<engine>.<rule>.severity` | "make X critical", "promote", "demote", "change severity" |
111
+ | Rule disable | `rules.<engine>.<rule>.disabled` | "disable rule X", "turn off Y rule", "remove Z" |
112
+ | Rule tags | `rules.<engine>.<rule>.tags` | "tag X as security", "add recommended tag" |
113
+ | Suppressions | `suppressions` section | "suppress X in folder Y", "allow N violations" |
114
+ | CI/CD | Generate pipeline file (separate from config) | "github actions", "CI", "quality gate" |
115
+ | View/inspect | Read file + `sf code-analyzer config` | "show config", "what's configured", "current settings" |
116
+
117
+ ### File Existence Decision
118
+
119
+ **BEFORE editing anything**, check if `code-analyzer.yml` exists at project root:
120
+
121
+ ```bash
122
+ ls code-analyzer.yml code-analyzer.yaml 2>/dev/null
123
+ ```
124
+
125
+ - **File does NOT exist** → Create it at project root with ONLY the user's requested override(s)
126
+ - **File exists** → Read it, then Edit to add/modify the requested section(s)
127
+
128
+ The CLI auto-discovers `code-analyzer.yml` in the current directory. Since scans run from project root, the file must live there.
129
+
130
+ ### ⚠️ Rule Name Resolution — ALWAYS Before Writing YAML
131
+
132
+ When a user references rules by partial, descriptive, or approximate names (e.g., "the doc rule", "CRUD violation", "console rule", "hardcoded values"), you MUST resolve to exact rule names using the lookup in **Step 6.1** BEFORE writing any YAML. The `code-analyzer.yml` file silently ignores rule names that don't exactly match — there is no error, the override just won't apply.
133
+
134
+ **Examples of fuzzy → exact resolution needed:**
135
+ - "Disable the ApexDoc rule" → lookup confirms `ApexDoc` (engine: `pmd`)
136
+ - "Demote no-console to low" → lookup confirms `no-console` (engine: `eslint`)
137
+ - "Make CRUD violations critical" → lookup confirms `ApexCRUDViolation` (engine: `pmd`)
138
+ - "Turn off the hardcoded values check" → lookup finds `@salesforce-ux/slds/no-hardcoded-values-slds2` (engine: `eslint`)
139
+ - "Disable the injection rule" → multiple matches possible → ask user which one
140
+
141
+ **Only skip the lookup** when the user provides an unambiguous, exact, well-known name (e.g., "ApexDoc", "no-console", "no-unused-vars").
142
+
143
+ ### Handling Combined/Complex Requests
144
+
145
+ Users will often combine multiple changes in one request. Handle ALL of them in a single edit:
146
+
147
+ - "Disable PMD's ApexDoc rule and make CRUD violations critical" → edit two entries under `rules.pmd`
148
+ - "Exclude test files and vendor code, and increase SFGE memory" → edit `ignores.files` + `engines.sfge.java_max_heap_size`
149
+ - "Set up code analyzer with only ESLint and PMD, ignore node_modules" → create file with `engines` (disable others) + `ignores`
150
+ - "Make all security rules severity 1" → look up rules via `sf code-analyzer rules --rule-selector Security`, then override each
151
+ - "Configure code analyzer" (no specifics) → ask user what they want to customize before creating any file
152
+
153
+ ### Quick Reference: Common Requests → Config Output
154
+
155
+ | User Says | Resulting YAML |
156
+ |-----------|---------------|
157
+ | "configure code analyzer" | Ask user what to customize — don't create file until there's an actual override |
158
+ | "disable the ApexDoc rule" | `rules: pmd: ApexDoc: disabled: true` |
159
+ | "only scan Apex, no JavaScript" | `engines: eslint: disable_engine: true` + `engines: retire-js: disable_engine: true` |
160
+ | "ignore all test files" | `ignores: files: ["**/test/**", "**/__tests__/**", "**/*.test.js"]` |
161
+ | "make security rules critical" | Look up rules, then `rules: <engine>: <rule>: severity: 1` for each |
162
+ | "increase SFGE memory to 8g" | `engines: sfge: java_max_heap_size: "8g"` |
163
+ | "use my project's ESLint config" | `engines: eslint: auto_discover_eslint_config: true` |
164
+ | "suppress CRUD violations in legacy folder" | `suppressions: "force-app/legacy/": [{rule_selector: "pmd:ApexCRUDViolation", reason: "..."}]` |
165
+
166
+ **The AI must understand the YAML schema and write valid config for ANY request, not just the examples above.**
167
+
168
+ ---
169
+
170
+ ## Step 2: Check Prerequisites and Install
171
+
172
+ Run `bash "<skill_dir>/scripts/check-prerequisites.sh"` or check manually:
173
+
174
+ ```bash
175
+ sf --version 2>&1 # sf CLI
176
+ sf plugins --core 2>&1 | grep -i "code-analyzer" # Plugin
177
+ java -version 2>&1 # Java 11+ (PMD, CPD, SFGE)
178
+ node --version 2>&1 # Node 18+ (ESLint, RetireJS)
179
+ python3 --version 2>&1 # Python 3 (Flow engine)
180
+ ```
181
+
182
+ If anything is missing, install it (**always ask user first**):
183
+
184
+ ```bash
185
+ npm install -g @salesforce/cli # sf CLI
186
+ sf plugins install @salesforce/plugin-code-analyzer # Code Analyzer plugin
187
+ ```
188
+
189
+ For Java/Node/Python installs, read `<skill_dir>/references/engine-prerequisites.md`.
190
+ If install fails, read `<skill_dir>/references/troubleshooting.md`.
191
+
192
+ ---
193
+
194
+ ## Step 2A: Diagnose and Fix a Broken Setup
195
+
196
+ **TRIGGER:** User says "not working", "broken", "getting errors", "scan fails", "help me fix", etc.
197
+
198
+ **Read `<skill_dir>/references/diagnostic-flow.md`** for the complete layered diagnostic procedure, fix table, and anti-patterns.
199
+
200
+ **Key principles (always apply):**
201
+ - Never search for binaries (`which`, `find`, `ls /opt/homebrew/bin/`)
202
+ - Never use `sfdx` as a workaround — only `sf`
203
+ - Fix layer by layer: CLI → Plugin → Engine deps → verify scan
204
+ - Give user ONE command at a time, wait for confirmation before continuing
205
+ - After fix succeeds, proceed to run the full scan automatically
206
+
207
+ ---
208
+
209
+ ## Step 3: Create or Edit `code-analyzer.yml`
210
+
211
+ **Only triggered when user requests a customization.** Never create proactively.
212
+
213
+ ### Creating (file doesn't exist)
214
+
215
+ Choose **one** of the two approaches below — do not run both:
216
+
217
+ **Option A — Auto-generate from project type (recommended for first-time setup):**
218
+
219
+ Run `bash "<skill_dir>/scripts/generate-config.sh"`. This detects Apex, LWC, and Flow markers and produces a minimal `code-analyzer.yml` suited to the project. Skip to the "After any create/edit, validate" section.
220
+
221
+ > Note: The script exits with an error if `code-analyzer.yml` already exists. Delete the existing file first if you need to regenerate.
222
+
223
+ **Option B — Write manually (when the user has specific customizations in mind):**
224
+
225
+ Read the appropriate example config as a reference for structure:
226
+ - For Apex-only projects, read `<skill_dir>/examples/apex-project-config.yml`
227
+ - For LWC-only projects, read `<skill_dir>/examples/lwc-project-config.yml`
228
+ - For full-stack (Apex + LWC + Flows), read `<skill_dir>/examples/fullstack-project-config.yml`
229
+
230
+ Write the file at project root using the Write tool. Include ONLY the user's requested changes:
231
+
232
+ ```bash
233
+ # Example: user said "ignore test files and increase SFGE memory"
234
+ # → Write to project root (where sfdx-project.json lives):
235
+ ```
236
+
237
+ ```yaml
238
+ ignores:
239
+ files:
240
+ - "**/test/**"
241
+ - "**/__tests__/**"
242
+
243
+ engines:
244
+ sfge:
245
+ java_max_heap_size: "4g"
246
+ ```
247
+
248
+ Do NOT add `config_root`, `log_folder`, or any other field the user didn't ask for.
249
+
250
+ ### Editing (file already exists)
251
+
252
+ Read the file, then use the Edit tool to add/modify only the relevant section. Preserve everything else.
253
+
254
+ ### After any create/edit, validate:
255
+
256
+ Run `bash "<skill_dir>/scripts/validate-config.sh"` to validate YAML syntax and schema correctness, or use the CLI directly:
257
+
258
+ ```bash
259
+ sf code-analyzer config
260
+ ```
261
+
262
+ (No `--config-file` needed — the CLI auto-discovers `code-analyzer.yml` in CWD.)
263
+
264
+ ### If user says "configure code analyzer" with no specifics
265
+
266
+ Ask: "What would you like to customize? For example: ignore certain files, change rule severities, tune engine settings, or disable engines you don't need."
267
+
268
+ ---
269
+
270
+ ## Step 4: Enable/Disable Engines
271
+
272
+ Edit the `engines` section in `code-analyzer.yml`:
273
+
274
+ ```yaml
275
+ engines:
276
+ pmd:
277
+ disable_engine: true # Disable PMD
278
+ eslint:
279
+ disable_engine: false # Enable ESLint (default)
280
+ ```
281
+
282
+ Valid engine names: `pmd`, `cpd`, `eslint`, `regex`, `retire-js`, `flow`, `sfge`, `apexguru`
283
+
284
+ **Always validate after editing:**
285
+ ```bash
286
+ sf code-analyzer config --config-file code-analyzer.yml
287
+ ```
288
+
289
+ ---
290
+
291
+ ## Step 5: Ignore Patterns
292
+
293
+ Edit the `ignores` section in `code-analyzer.yml`:
294
+
295
+ ```yaml
296
+ ignores:
297
+ files:
298
+ - "**/node_modules/**"
299
+ - "**/.sfdx/**"
300
+ - "**/.sf/**"
301
+ - "**/vendor/**"
302
+ - "**/*.min.js"
303
+ ```
304
+
305
+ Common patterns:
306
+
307
+ | Pattern | Excludes |
308
+ |---------|----------|
309
+ | `**/node_modules/**` | npm dependencies |
310
+ | `**/.sfdx/**`, `**/.sf/**` | SF CLI internals |
311
+ | `**/test/**`, `**/__tests__/**` | Test directories |
312
+ | `**/*.test.js`, `**/*.spec.js` | Test files |
313
+ | `**/jest-mocks/**` | Jest mocks |
314
+ | `**/vendor/**`, `**/*.min.js` | Third-party/minified |
315
+ | `**/staticresources/**` | Static resources |
316
+
317
+ ---
318
+
319
+ ## Step 6: Rule Overrides
320
+
321
+ Edit the `rules` section in `code-analyzer.yml`. Each rule can have `severity`, `tags`, and `disabled` overrides:
322
+
323
+ ```yaml
324
+ rules:
325
+ pmd:
326
+ ApexCRUDViolation:
327
+ severity: 1 # Promote to Critical
328
+ AvoidGlobalModifier:
329
+ disabled: true # Turn off entirely
330
+ ApexDoc:
331
+ severity: 5 # Demote to Info
332
+ tags: ["Documentation"]
333
+ eslint:
334
+ no-console:
335
+ severity: 4 # Demote to Low
336
+ no-unused-vars:
337
+ severity: 2 # Promote to High
338
+ ```
339
+
340
+ **Severity values:** `1`/Critical, `2`/High, `3`/Moderate, `4`/Low, `5`/Info
341
+
342
+ ### 6.1 Rule Name Resolution (Fuzzy Matching)
343
+
344
+ **⚠️ CRITICAL:** A misspelled or partial rule name in `code-analyzer.yml` is SILENTLY IGNORED — no error, the override just won't apply.
345
+
346
+ **When users reference rules by approximate names** (e.g., "the doc rule", "CRUD violation", "hardcoded values"), resolve to exact names BEFORE writing YAML:
347
+
348
+ ```bash
349
+ sf code-analyzer rules --rule-selector all 2>&1 | grep -i "<USER_KEYWORD>"
350
+ ```
351
+
352
+ - **1 match** → use that exact name + its engine for the YAML path
353
+ - **Multiple matches** → ask user which one they meant
354
+ - **0 matches** → try broader keywords or inform user
355
+
356
+ **Skip the lookup only** when the name is unambiguous and exact (e.g., "ApexDoc", "no-console", "no-unused-vars").
357
+
358
+ **For detailed matching strategies, common fuzzy→exact mappings, and engine identification:** Read `<skill_dir>/references/rule-name-resolution.md`.
359
+
360
+ ---
361
+
362
+ ## Step 7: Engine-Specific Settings
363
+
364
+ Edit the `engines` section. Most common overrides:
365
+
366
+ ```yaml
367
+ engines:
368
+ sfge:
369
+ java_max_heap_size: "4g" # <200 classes→"2g", 200-500→"4g", 500+→"6g"/"8g"
370
+ java_thread_count: 4
371
+ java_thread_timeout: 900000
372
+ eslint:
373
+ auto_discover_eslint_config: true # Use project's own ESLint config
374
+ eslint_config_file: "./eslint.config.mjs"
375
+ pmd:
376
+ custom_rulesets: ["./config/custom-pmd-rules.xml"]
377
+ java_classpath_entries: ["./lib/custom-rules.jar"]
378
+ cpd:
379
+ minimum_tokens: { apex: 100, javascript: 100 }
380
+ apexguru:
381
+ target_org: "my-org-alias"
382
+ flow:
383
+ python_command: "python3"
384
+ regex:
385
+ custom_rules:
386
+ NoHardcodedIds:
387
+ regex: "/[a-zA-Z0-9]{15,18}/"
388
+ file_extensions: [".cls", ".trigger"]
389
+ description: "Detects hardcoded Salesforce record IDs"
390
+ severity: 2
391
+ tags: ["Security"]
392
+ ```
393
+
394
+ For full property list per engine, read `<skill_dir>/references/config-schema.md`.
395
+
396
+ ---
397
+
398
+ ## Step 8: CI/CD Pipeline Setup
399
+
400
+ Detect CI system from workspace (`.github/workflows/` → GitHub Actions, `Jenkinsfile` → Jenkins, etc.). Read `<skill_dir>/references/ci-cd-templates.md` for templates. Use `<skill_dir>/examples/ci-github-actions.yml` as GitHub Actions base. Key flags: `--severity-threshold 2` (gate), `--output-file results.sarif` (GitHub scanning), `--config-file code-analyzer.yml`.
401
+
402
+ ---
403
+
404
+ ## Step 9: View Current Configuration
405
+
406
+ ```bash
407
+ sf code-analyzer config # Show effective config
408
+ sf code-analyzer config --rule-selector pmd:Security # Specific rules
409
+ sf code-analyzer config --include-unmodified-rules # All defaults
410
+ ```
411
+
412
+ ---
413
+
414
+ ## Cross-Skill Integration
415
+
416
+ This skill works together with `running-code-analyzer`. The AI agent should seamlessly hand off between them:
417
+
418
+ ### When `running-code-analyzer` delegates HERE:
419
+
420
+ If a user says "scan my code" / "run code analyzer" but it fails (CLI missing, plugin not installed, or scan errors out), `running-code-analyzer` delegates to this skill. In that case:
421
+
422
+ 1. Run the **diagnose and fix** flow (Step 2A) — find what's broken, fix it
423
+ 2. After everything works, **automatically proceed to run the scan** — do not stop and ask. The user's original intent was to scan.
424
+ 3. Hand execution back to `running-code-analyzer` behavior (build command, execute, parse results).
425
+
426
+ ### When THIS skill hands off to `running-code-analyzer`:
427
+
428
+ After any successful configuration action, offer to run a scan (e.g., "Setup complete! Want me to run a scan?", "Config updated — want to scan and verify?"). If user says yes, proceed with `running-code-analyzer` behavior.
429
+
430
+ ### When user intent spans BOTH skills:
431
+
432
+ Handle end-to-end: "not working" → Diagnose → Fix → Scan. "Set up and scan" → Install → Scan. "Disable ESLint and scan Apex" → Edit config → Run with `--rule-selector pmd`. Always follow through to the user's final intent.
433
+
434
+ ---
435
+
436
+ ## Rules / Constraints
437
+
438
+ | Constraint | Rationale |
439
+ |-----------|-----------|
440
+ | Only create YAML when user requests a customization | Defaults work without any file — don't create boilerplate |
441
+ | Place YAML at project root only | CLI auto-discovers `code-analyzer.yml` from CWD |
442
+ | Write only overrides, never duplicate defaults | Keep file minimal and intentional |
443
+ | Use Write tool to create, Edit tool to modify | Preserves existing settings |
444
+ | Validate after every change | `sf code-analyzer config` catches YAML errors |
445
+ | Ask before installing prerequisites | Never auto-install without consent |
446
+ | Never delete existing config without asking | User may have custom settings |
447
+ | After setup, offer to scan | Close the loop — config without scan is incomplete |
448
+
449
+ ---
450
+
451
+ ## Gotchas
452
+
453
+ | Issue | Solution |
454
+ |-------|----------|
455
+ | Config not picked up | Must be `code-analyzer.yml` in CWD or use `--config-file` |
456
+ | YAML validation fails | Spaces only (no tabs), check colon spacing |
457
+ | SFGE out of memory | Increase `java_max_heap_size` in engines section |
458
+ | ESLint rules missing | Set `auto_discover_eslint_config: true` |
459
+
460
+ For full troubleshooting, read `<skill_dir>/references/troubleshooting.md`.
461
+
462
+ ---
463
+
464
+ ## Reference File Index
465
+
466
+ `<skill_dir>` is the absolute path to the directory containing this SKILL.md file.
467
+
468
+ | File | Purpose |
469
+ |------|---------|
470
+ | `<skill_dir>/scripts/check-prerequisites.sh` | Environment check |
471
+ | `<skill_dir>/scripts/generate-config.sh` | Auto-detect project type and generate config |
472
+ | `<skill_dir>/scripts/validate-config.sh` | Validate YAML after changes |
473
+ | `<skill_dir>/references/config-schema.md` | Full YAML schema documentation |
474
+ | `<skill_dir>/references/diagnostic-flow.md` | Step 2A: layered diagnostic procedure and fix table |
475
+ | `<skill_dir>/references/rule-name-resolution.md` | Step 6.1: fuzzy rule name lookup strategies and mappings |
476
+ | `<skill_dir>/references/engine-prerequisites.md` | Install instructions per engine |
477
+ | `<skill_dir>/references/ci-cd-templates.md` | CI/CD pipeline templates |
478
+ | `<skill_dir>/references/troubleshooting.md` | Common setup issues and fixes |
479
+ | `<skill_dir>/examples/apex-project-config.yml` | Config for Apex-only project |
480
+ | `<skill_dir>/examples/lwc-project-config.yml` | Config for LWC-only project |
481
+ | `<skill_dir>/examples/fullstack-project-config.yml` | Config for Apex + LWC + Flows |
482
+ | `<skill_dir>/examples/ci-github-actions.yml` | GitHub Actions workflow |
@@ -0,0 +1,41 @@
1
+ # Code Analyzer Configuration — Apex-focused Project
2
+ #
3
+ # This file contains ONLY overrides. Code Analyzer's built-in defaults
4
+ # handle everything else. Only add entries here that intentionally
5
+ # change behavior for your project.
6
+ #
7
+ # Usage:
8
+ # Place at project root as code-analyzer.yml
9
+ # Validate: sf code-analyzer config --config-file code-analyzer.yml
10
+
11
+ # Exclude non-project files (these would otherwise be scanned)
12
+ ignores:
13
+ files:
14
+ - "**/node_modules/**"
15
+ - "**/.sfdx/**"
16
+ - "**/.sf/**"
17
+ - "**/staticresources/**"
18
+
19
+ # Engine tuning — only override what differs from defaults
20
+ engines:
21
+ # SFGE: increase heap for projects with 200+ Apex classes
22
+ # (built-in default is dynamic/1g, too small for large projects)
23
+ sfge:
24
+ java_max_heap_size: "4g"
25
+
26
+ # Rule overrides — promote security, demote noise
27
+ rules:
28
+ pmd:
29
+ # Promote security rules to Critical (default is High)
30
+ ApexCRUDViolation:
31
+ severity: 1
32
+ ApexSOQLInjection:
33
+ severity: 1
34
+ ApexSharingViolations:
35
+ severity: 1
36
+ # Demote noisy rules (default is Moderate)
37
+ ApexDoc:
38
+ severity: 5
39
+ # Disable rules that conflict with project conventions
40
+ AvoidGlobalModifier:
41
+ disabled: true
@@ -0,0 +1,96 @@
1
+ # GitHub Actions Workflow — Code Analyzer Quality Gate
2
+ #
3
+ # Scans pull requests for code quality and security violations.
4
+ # Uploads SARIF results to GitHub Code Scanning for inline annotations.
5
+ #
6
+ # Usage:
7
+ # Copy to .github/workflows/code-analyzer.yml in your repository
8
+ # Customize severity-threshold and rule-selector as needed
9
+ #
10
+ # Prerequisites:
11
+ # - Repository must have GitHub Advanced Security enabled for SARIF upload
12
+ # - Or remove the "Upload SARIF" step for basic artifact-only workflow
13
+
14
+ name: Code Analyzer
15
+
16
+ on:
17
+ pull_request:
18
+ branches: [main, develop]
19
+ paths:
20
+ - 'force-app/**'
21
+ - 'src/**'
22
+ - '**/*.cls'
23
+ - '**/*.trigger'
24
+ - '**/*.js'
25
+ - '**/*.ts'
26
+ - '**/*.html'
27
+ - '**/*.flow-meta.xml'
28
+ - 'code-analyzer.yml'
29
+ push:
30
+ branches: [main, develop]
31
+
32
+ permissions:
33
+ contents: read
34
+ security-events: write # Required for SARIF upload
35
+
36
+ jobs:
37
+ code-analysis:
38
+ runs-on: ubuntu-latest
39
+ timeout-minutes: 30
40
+
41
+ steps:
42
+ - name: Checkout code
43
+ uses: actions/checkout@v4
44
+ with:
45
+ fetch-depth: 0 # Full history for diff-based scans
46
+
47
+ - name: Set up Node.js
48
+ uses: actions/setup-node@v4
49
+ with:
50
+ node-version: '20'
51
+
52
+ - name: Set up Java
53
+ uses: actions/setup-java@v4
54
+ with:
55
+ distribution: 'temurin'
56
+ java-version: '11'
57
+
58
+ - name: Install Salesforce CLI
59
+ run: npm install -g @salesforce/cli
60
+
61
+ - name: Install Code Analyzer
62
+ run: sf plugins install @salesforce/plugin-code-analyzer
63
+
64
+ - name: Verify installation
65
+ run: |
66
+ sf --version
67
+ sf plugins --core | grep code-analyzer
68
+ java -version
69
+ node --version
70
+
71
+ - name: Run Code Analyzer
72
+ run: |
73
+ sf code-analyzer run \
74
+ --rule-selector Recommended \
75
+ --severity-threshold 2 \
76
+ --output-file results.sarif \
77
+ --output-file results.json \
78
+ --output-file results.html \
79
+ --config-file code-analyzer.yml
80
+
81
+ - name: Upload SARIF to GitHub Security
82
+ if: always()
83
+ uses: github/codeql-action/upload-sarif@v3
84
+ with:
85
+ sarif_file: results.sarif
86
+ category: code-analyzer
87
+
88
+ - name: Upload Results as Artifact
89
+ if: always()
90
+ uses: actions/upload-artifact@v4
91
+ with:
92
+ name: code-analyzer-results
93
+ path: |
94
+ results.json
95
+ results.html
96
+ retention-days: 30
@@ -0,0 +1,46 @@
1
+ # Code Analyzer Configuration — Full-Stack Salesforce Project
2
+ #
3
+ # This file contains ONLY overrides. Code Analyzer's built-in defaults
4
+ # handle everything else. Only add entries here that intentionally
5
+ # change behavior for your project.
6
+ #
7
+ # Usage:
8
+ # Place at project root as code-analyzer.yml
9
+ # Validate: sf code-analyzer config --config-file code-analyzer.yml
10
+
11
+ # Exclude non-project files
12
+ ignores:
13
+ files:
14
+ - "**/node_modules/**"
15
+ - "**/.sfdx/**"
16
+ - "**/.sf/**"
17
+ - "**/jest-mocks/**"
18
+ - "**/__tests__/**"
19
+ - "**/*.min.js"
20
+ - "**/staticresources/jquery*"
21
+ - "**/staticresources/bootstrap*"
22
+
23
+ # Engine tuning — only what differs from defaults
24
+ engines:
25
+ # SFGE: increase heap for large Apex codebases
26
+ sfge:
27
+ java_max_heap_size: "4g"
28
+ # ESLint: use project's existing config for LWC-specific rules
29
+ eslint:
30
+ auto_discover_eslint_config: true
31
+
32
+ # Rule overrides — only rules that need project-specific treatment
33
+ rules:
34
+ pmd:
35
+ # Promote security rules (default is High → make Critical)
36
+ ApexCRUDViolation:
37
+ severity: 1
38
+ ApexSOQLInjection:
39
+ severity: 1
40
+ # Demote noisy documentation rule
41
+ ApexDoc:
42
+ severity: 5
43
+ eslint:
44
+ # Demote console warnings in development (default is Moderate)
45
+ no-console:
46
+ severity: 4