@salesforce/afv-skills 1.17.0 → 1.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/skills/analyzing-test-failures/SKILL.md +159 -0
- package/skills/building-sf-integrations/SKILL.md +1 -1
- package/skills/checking-devops-prerequisites/SKILL.md +141 -0
- package/skills/configuring-code-analyzer/SKILL.md +482 -0
- package/skills/configuring-code-analyzer/examples/apex-project-config.yml +41 -0
- package/skills/configuring-code-analyzer/examples/ci-github-actions.yml +96 -0
- package/skills/configuring-code-analyzer/examples/fullstack-project-config.yml +46 -0
- package/skills/configuring-code-analyzer/examples/lwc-project-config.yml +26 -0
- package/skills/configuring-code-analyzer/references/ci-cd-templates.md +648 -0
- package/skills/configuring-code-analyzer/references/config-schema.md +257 -0
- package/skills/configuring-code-analyzer/references/diagnostic-flow.md +70 -0
- package/skills/configuring-code-analyzer/references/engine-prerequisites.md +276 -0
- package/skills/configuring-code-analyzer/references/rule-name-resolution.md +67 -0
- package/skills/configuring-code-analyzer/references/troubleshooting.md +298 -0
- package/skills/configuring-code-analyzer/scripts/check-prerequisites.sh +189 -0
- package/skills/configuring-code-analyzer/scripts/generate-config.sh +143 -0
- package/skills/configuring-code-analyzer/scripts/validate-config.sh +153 -0
- package/skills/configuring-quality-gate/SKILL.md +120 -0
- package/skills/configuring-test-provider/SKILL.md +113 -0
- package/skills/creating-fix-work-item/SKILL.md +66 -0
- package/skills/managing-cdc-enablement/SKILL.md +164 -0
- package/skills/managing-cdc-enablement/assets/PlatformEventChannel-template.xml +5 -0
- package/skills/managing-cdc-enablement/assets/PlatformEventChannelMember-template.xml +11 -0
- package/skills/managing-cdc-enablement/references/deploy-troubleshooting.md +73 -0
- package/skills/managing-cdc-enablement/references/filter-expressions.md +93 -0
- package/skills/managing-suite-assignments/SKILL.md +161 -0
- package/skills/polling-test-results/SKILL.md +72 -0
- package/skills/recommending-devops-tests/SKILL.md +137 -0
- package/skills/running-code-analyzer/SKILL.md +264 -267
- package/skills/running-code-analyzer/references/post-scan-workflows.md +286 -0
- package/skills/running-code-analyzer/scripts/describe-rule.js +382 -0
- package/skills/running-code-analyzer/scripts/list-rules.js +260 -0
- package/skills/running-code-analyzer/scripts/query-results.js +230 -0
- package/skills/running-devops-test-suite/SKILL.md +144 -0
- package/skills/syncing-test-providers/SKILL.md +108 -0
- package/skills/using-salesforce-archive/SKILL.md +121 -0
- package/skills/using-salesforce-archive/examples/monitor-failed-jobs.md +47 -0
- package/skills/using-salesforce-archive/references/archive-activity-entity.md +59 -0
- package/skills/using-salesforce-archive/references/connect-api-operations.md +157 -0
|
@@ -0,0 +1,257 @@
|
|
|
1
|
+
# Code Analyzer Configuration Schema
|
|
2
|
+
|
|
3
|
+
Full reference for the `code-analyzer.yml` configuration file.
|
|
4
|
+
|
|
5
|
+
## Top-Level Fields
|
|
6
|
+
|
|
7
|
+
```yaml
|
|
8
|
+
# code-analyzer.yml
|
|
9
|
+
|
|
10
|
+
# Root directory for resolving relative paths in the config
|
|
11
|
+
config_root: .
|
|
12
|
+
|
|
13
|
+
# Directory where Code Analyzer writes log files
|
|
14
|
+
log_folder: /tmp
|
|
15
|
+
|
|
16
|
+
# Log verbosity: 1=Error, 2=Warn, 3=Info, 4=Debug, 5=Fine
|
|
17
|
+
log_level: 3
|
|
18
|
+
|
|
19
|
+
# File patterns to exclude from analysis
|
|
20
|
+
ignores:
|
|
21
|
+
files: []
|
|
22
|
+
|
|
23
|
+
# Rule severity, tag, and disable overrides
|
|
24
|
+
rules: {}
|
|
25
|
+
|
|
26
|
+
# Engine-specific configuration
|
|
27
|
+
engines: {}
|
|
28
|
+
|
|
29
|
+
# Bulk suppression rules
|
|
30
|
+
suppressions:
|
|
31
|
+
disable_suppressions: false
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
## Ignores Section
|
|
35
|
+
|
|
36
|
+
```yaml
|
|
37
|
+
ignores:
|
|
38
|
+
files:
|
|
39
|
+
- "**/node_modules/**" # npm dependencies
|
|
40
|
+
- "**/.sfdx/**" # Salesforce DX internal
|
|
41
|
+
- "**/.sf/**" # Salesforce CLI internal
|
|
42
|
+
- "**/test/**" # Test directories
|
|
43
|
+
- "**/*.test.js" # Test files
|
|
44
|
+
- "**/*.min.js" # Minified files
|
|
45
|
+
- "**/staticresources/**" # Static resources (often vendor)
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
**Pattern syntax:** Glob patterns using `*` (any filename chars), `**` (any path segment), `?` (single char).
|
|
49
|
+
|
|
50
|
+
## Rules Section
|
|
51
|
+
|
|
52
|
+
Override severity, tags, or disable rules per engine:
|
|
53
|
+
|
|
54
|
+
```yaml
|
|
55
|
+
rules:
|
|
56
|
+
<engine_name>:
|
|
57
|
+
<rule_name>:
|
|
58
|
+
severity: <1-5 or "Critical"|"High"|"Moderate"|"Low"|"Info">
|
|
59
|
+
tags: ["Tag1", "Tag2"] # Override rule tags
|
|
60
|
+
disabled: true|false # Disable/enable rule
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
### Severity Values
|
|
64
|
+
|
|
65
|
+
| Number | Name | Meaning |
|
|
66
|
+
|--------|------|---------|
|
|
67
|
+
| 1 | Critical | Security vulnerabilities, must fix before release |
|
|
68
|
+
| 2 | High | Significant issues, should fix |
|
|
69
|
+
| 3 | Moderate | Recommended improvements |
|
|
70
|
+
| 4 | Low | Minor suggestions |
|
|
71
|
+
| 5 | Info | Informational, no action required |
|
|
72
|
+
|
|
73
|
+
### Example Rule Overrides
|
|
74
|
+
|
|
75
|
+
```yaml
|
|
76
|
+
rules:
|
|
77
|
+
pmd:
|
|
78
|
+
ApexCRUDViolation:
|
|
79
|
+
severity: 1 # Promote to Critical
|
|
80
|
+
AvoidGlobalModifier:
|
|
81
|
+
disabled: true # Disable entirely
|
|
82
|
+
ApexDoc:
|
|
83
|
+
severity: 5 # Demote to Info
|
|
84
|
+
tags: ["Documentation"]
|
|
85
|
+
eslint:
|
|
86
|
+
no-console:
|
|
87
|
+
severity: 4 # Demote to Low
|
|
88
|
+
no-unused-vars:
|
|
89
|
+
severity: 2 # Promote to High
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
## Engines Section
|
|
93
|
+
|
|
94
|
+
### PMD Engine
|
|
95
|
+
|
|
96
|
+
```yaml
|
|
97
|
+
engines:
|
|
98
|
+
pmd:
|
|
99
|
+
disable_engine: false
|
|
100
|
+
java_command: "java" # Path to Java executable
|
|
101
|
+
custom_rulesets: # Additional ruleset XML files
|
|
102
|
+
- "./config/custom-pmd-rules.xml"
|
|
103
|
+
java_classpath_entries: # JARs for custom Java rules
|
|
104
|
+
- "./lib/my-custom-rules.jar"
|
|
105
|
+
file_extensions: # Override scanned file types
|
|
106
|
+
apex: [".cls", ".trigger"]
|
|
107
|
+
visualforce: [".page", ".component"]
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
### ESLint Engine
|
|
111
|
+
|
|
112
|
+
```yaml
|
|
113
|
+
engines:
|
|
114
|
+
eslint:
|
|
115
|
+
disable_engine: false
|
|
116
|
+
auto_discover_eslint_config: true # Use project's eslint config files
|
|
117
|
+
eslint_config_file: "./eslint.config.mjs" # Explicit config file path
|
|
118
|
+
disable_javascript_base_config: false # Disable built-in JS rules
|
|
119
|
+
disable_typescript_base_config: false # Disable built-in TS rules
|
|
120
|
+
disable_lwc_base_config: false # Disable built-in LWC rules
|
|
121
|
+
disable_flow_base_config: false # Disable built-in Flow rules
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
**Note:** `auto_discover_eslint_config` requires a `--workspace` flag on the run command.
|
|
125
|
+
|
|
126
|
+
### CPD Engine (Copy-Paste Detector)
|
|
127
|
+
|
|
128
|
+
```yaml
|
|
129
|
+
engines:
|
|
130
|
+
cpd:
|
|
131
|
+
disable_engine: false
|
|
132
|
+
minimum_tokens: # Min tokens for duplicate detection
|
|
133
|
+
apex: 100 # Lower = more sensitive
|
|
134
|
+
html: 100
|
|
135
|
+
javascript: 100
|
|
136
|
+
visualforce: 100
|
|
137
|
+
xml: 100
|
|
138
|
+
skip_duplicate_files: false # Skip files with identical content
|
|
139
|
+
```
|
|
140
|
+
|
|
141
|
+
### SFGE Engine (Salesforce Graph Engine)
|
|
142
|
+
|
|
143
|
+
```yaml
|
|
144
|
+
engines:
|
|
145
|
+
sfge:
|
|
146
|
+
disable_engine: false
|
|
147
|
+
java_max_heap_size: "4g" # JVM heap (increase for large projects)
|
|
148
|
+
java_thread_count: 4 # Parallel threads
|
|
149
|
+
java_thread_timeout: 900000 # Per-thread timeout in ms
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
**Warning:** SFGE is resource-intensive. For projects with 500+ Apex classes, use 4g+ heap. Analysis can take 10-30 minutes.
|
|
153
|
+
|
|
154
|
+
### ApexGuru Engine
|
|
155
|
+
|
|
156
|
+
```yaml
|
|
157
|
+
engines:
|
|
158
|
+
apexguru:
|
|
159
|
+
disable_engine: false
|
|
160
|
+
target_org: "my-org-alias" # Authenticated org alias or username
|
|
161
|
+
api_timeout_ms: 300000 # API timeout in ms (default 5min)
|
|
162
|
+
```
|
|
163
|
+
|
|
164
|
+
**Requires:** Authenticated Salesforce org (`sf org login web`).
|
|
165
|
+
|
|
166
|
+
### Flow Engine
|
|
167
|
+
|
|
168
|
+
```yaml
|
|
169
|
+
engines:
|
|
170
|
+
flow:
|
|
171
|
+
disable_engine: false
|
|
172
|
+
python_command: "python3" # Path to Python 3 executable
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
**Requires:** Python 3 installed.
|
|
176
|
+
|
|
177
|
+
### Regex Engine
|
|
178
|
+
|
|
179
|
+
```yaml
|
|
180
|
+
engines:
|
|
181
|
+
regex:
|
|
182
|
+
disable_engine: false
|
|
183
|
+
custom_rules:
|
|
184
|
+
<RuleName>:
|
|
185
|
+
regex: "/<pattern>/<flags>" # JavaScript regex syntax
|
|
186
|
+
regex_ignore: "/<pattern>/<flags>" # Optional: false positive filter
|
|
187
|
+
file_extensions: [".cls", ".trigger"]
|
|
188
|
+
description: "What this rule checks"
|
|
189
|
+
violation_message: "Message shown to developer"
|
|
190
|
+
severity: 3
|
|
191
|
+
tags: ["Recommended", "Security"]
|
|
192
|
+
```
|
|
193
|
+
|
|
194
|
+
### RetireJS Engine
|
|
195
|
+
|
|
196
|
+
```yaml
|
|
197
|
+
engines:
|
|
198
|
+
retire-js:
|
|
199
|
+
disable_engine: false
|
|
200
|
+
```
|
|
201
|
+
|
|
202
|
+
**Note:** RetireJS scans JavaScript dependencies for known CVEs. No additional configuration needed beyond enable/disable.
|
|
203
|
+
|
|
204
|
+
## Suppressions Section
|
|
205
|
+
|
|
206
|
+
```yaml
|
|
207
|
+
suppressions:
|
|
208
|
+
disable_suppressions: false # Set true to ignore ALL suppressions
|
|
209
|
+
|
|
210
|
+
# Bulk suppressions by file/folder path
|
|
211
|
+
"src/legacy/":
|
|
212
|
+
- rule_selector: "pmd:ApexDoc"
|
|
213
|
+
max_suppressed_violations: 50 # Quota (null = unlimited)
|
|
214
|
+
reason: "Legacy code, documentation not required"
|
|
215
|
+
|
|
216
|
+
"src/utils/Logger.cls":
|
|
217
|
+
- rule_selector: "eslint:no-console"
|
|
218
|
+
max_suppressed_violations: 10
|
|
219
|
+
reason: "Logger intentionally uses console"
|
|
220
|
+
```
|
|
221
|
+
|
|
222
|
+
### Inline Suppression Markers
|
|
223
|
+
|
|
224
|
+
In addition to bulk config suppressions, violations can be suppressed inline:
|
|
225
|
+
|
|
226
|
+
```java
|
|
227
|
+
// Apex: PMD suppression
|
|
228
|
+
// NOPMD - reason here
|
|
229
|
+
@SuppressWarnings('PMD.ApexCRUDViolation')
|
|
230
|
+
|
|
231
|
+
// Any engine: universal marker
|
|
232
|
+
// code-analyzer-suppress(pmd:ApexCRUDViolation) - reason
|
|
233
|
+
// code-analyzer-suppress(eslint:no-console) - reason
|
|
234
|
+
```
|
|
235
|
+
|
|
236
|
+
## Config File Discovery
|
|
237
|
+
|
|
238
|
+
Code Analyzer automatically looks for configuration in this order:
|
|
239
|
+
1. File specified via `--config-file` flag
|
|
240
|
+
2. `code-analyzer.yml` in current working directory
|
|
241
|
+
3. `code-analyzer.yaml` in current working directory
|
|
242
|
+
4. No config (use defaults)
|
|
243
|
+
|
|
244
|
+
## Validating Configuration
|
|
245
|
+
|
|
246
|
+
Always validate after making changes:
|
|
247
|
+
|
|
248
|
+
```bash
|
|
249
|
+
# Validate config and show effective settings
|
|
250
|
+
sf code-analyzer config --config-file code-analyzer.yml
|
|
251
|
+
|
|
252
|
+
# Show config for specific rules
|
|
253
|
+
sf code-analyzer config --rule-selector pmd:Security
|
|
254
|
+
|
|
255
|
+
# Show all rule defaults (verbose)
|
|
256
|
+
sf code-analyzer config --include-unmodified-rules --rule-selector all
|
|
257
|
+
```
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# Diagnostic Flow: Fix a Broken Setup
|
|
2
|
+
|
|
3
|
+
**TRIGGER:** User says "not working", "broken", "getting errors", "scan fails", "help me fix", etc.
|
|
4
|
+
|
|
5
|
+
## NEVER DO THESE (anti-patterns that waste time)
|
|
6
|
+
|
|
7
|
+
- ❌ NEVER run `which sfdx`, `which sf`, `find`, `ls /opt/homebrew/bin/` or search for binaries
|
|
8
|
+
- ❌ NEVER use an old `sfdx` binary as a workaround — it is NOT a substitute for `sf`
|
|
9
|
+
- ❌ NEVER create symlinks (`ln -s`) to work around missing commands
|
|
10
|
+
- ❌ NEVER check PATH, inspect Cellar directories, or search for alternative installations
|
|
11
|
+
- ❌ NEVER proceed to Layer 2 if Layer 1 failed — fix Layer 1 first
|
|
12
|
+
- ❌ NEVER give the user a list of manual steps — fix it yourself or give ONE command
|
|
13
|
+
|
|
14
|
+
## Diagnostic Flow (follow this EXACTLY, no deviation)
|
|
15
|
+
|
|
16
|
+
Run **ONLY** this one command first:
|
|
17
|
+
```bash
|
|
18
|
+
sf --version 2>&1
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
**If output contains "command not found":**
|
|
22
|
+
→ STOP. Do not run any other commands. Tell user: "sf CLI is not installed. I'll install it now."
|
|
23
|
+
→ Ask user for permission, then run: `npm install -g @salesforce/cli`
|
|
24
|
+
→ After install, re-run `sf --version 2>&1` to verify. If it works, continue to next layer.
|
|
25
|
+
|
|
26
|
+
**If sf works**, run ONLY:
|
|
27
|
+
```bash
|
|
28
|
+
sf plugins --core 2>&1 | grep -i "code-analyzer"
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
**If output is empty or shows "JIT" but not a real version:**
|
|
32
|
+
→ STOP. Run: `sf plugins install @salesforce/plugin-code-analyzer`
|
|
33
|
+
→ After install, re-check. If it works, continue to next layer.
|
|
34
|
+
|
|
35
|
+
**If plugin is installed**, check engine deps:
|
|
36
|
+
```bash
|
|
37
|
+
java -version 2>&1
|
|
38
|
+
node --version 2>&1
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
**If all pass**, verify with a scan:
|
|
42
|
+
```bash
|
|
43
|
+
sf code-analyzer run --rule-selector Recommended 2>&1 | tail -20
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
## Fix Table
|
|
47
|
+
|
|
48
|
+
| Error Pattern | The ONE Fix |
|
|
49
|
+
|--------------|-------------|
|
|
50
|
+
| `sf: command not found` | `npm install -g @salesforce/cli` |
|
|
51
|
+
| Plugin missing / JIT error | `sf plugins install @salesforce/plugin-code-analyzer` |
|
|
52
|
+
| `Cannot find module` | `sf plugins uninstall @salesforce/plugin-code-analyzer && sf plugins install @salesforce/plugin-code-analyzer` |
|
|
53
|
+
| `java: command not found` | Install Java 11+ (see `<skill_dir>/references/engine-prerequisites.md`) |
|
|
54
|
+
| `OutOfMemoryError` (SFGE) | Add `engines.sfge.java_max_heap_size: "4g"` to `code-analyzer.yml` |
|
|
55
|
+
| `YAMLException` | Read the config file, fix YAML syntax |
|
|
56
|
+
| `EPERM` / npm permission error | Tell user to run: `sudo chown -R $(whoami) ~/.npm` — then wait for them to confirm, then retry the SAME install command that failed. Do NOT dump next steps. |
|
|
57
|
+
|
|
58
|
+
## After Fix: Verify and Hand Off
|
|
59
|
+
|
|
60
|
+
Re-run the check for the fixed layer. Once a scan succeeds, tell the user what was fixed and **proceed to run the full scan**.
|
|
61
|
+
|
|
62
|
+
## When a fix requires user action (sudo, manual step)
|
|
63
|
+
|
|
64
|
+
Tell the user ONLY the ONE command they need to run and WHY. Then STOP and WAIT for them to confirm it's done. Do NOT:
|
|
65
|
+
- ❌ List the remaining steps ("after that, do X, then Y, then Z")
|
|
66
|
+
- ❌ Tell them what to run next after the manual step
|
|
67
|
+
- ❌ Provide a multi-step recovery plan
|
|
68
|
+
- ❌ Ask "would you like me to attempt with sudo or do it yourself"
|
|
69
|
+
|
|
70
|
+
Just say: "Run this command: `<command>`. It fixes [reason]. Let me know when it's done and I'll continue."
|
|
@@ -0,0 +1,276 @@
|
|
|
1
|
+
# Engine Prerequisites
|
|
2
|
+
|
|
3
|
+
Detailed installation instructions for each Code Analyzer engine's dependencies.
|
|
4
|
+
|
|
5
|
+
## Summary Table
|
|
6
|
+
|
|
7
|
+
| Engine | Required Dependencies | Optional |
|
|
8
|
+
|--------|----------------------|----------|
|
|
9
|
+
| PMD | Java 11+ | Custom ruleset JARs |
|
|
10
|
+
| CPD | Java 11+ | — |
|
|
11
|
+
| ESLint | Node.js 18+ | Project ESLint config |
|
|
12
|
+
| RetireJS | Node.js 18+ | — |
|
|
13
|
+
| Regex | None (built-in) | — |
|
|
14
|
+
| Flow | Python 3 | — |
|
|
15
|
+
| SFGE | Java 11+ (4g+ heap recommended) | — |
|
|
16
|
+
| ApexGuru | Authenticated Salesforce org | — |
|
|
17
|
+
|
|
18
|
+
## Core: Salesforce CLI
|
|
19
|
+
|
|
20
|
+
**Required for ALL engines.**
|
|
21
|
+
|
|
22
|
+
### macOS
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
# Via Homebrew (recommended)
|
|
26
|
+
brew install sf
|
|
27
|
+
|
|
28
|
+
# Or via npm
|
|
29
|
+
npm install -g @salesforce/cli
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
### Windows
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
# Via npm
|
|
36
|
+
npm install -g @salesforce/cli
|
|
37
|
+
|
|
38
|
+
# Or download installer from:
|
|
39
|
+
# https://developer.salesforce.com/tools/salesforcecli
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
### Linux
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
# Via npm
|
|
46
|
+
npm install -g @salesforce/cli
|
|
47
|
+
|
|
48
|
+
# Or via tarball:
|
|
49
|
+
# https://developer.salesforce.com/docs/atlas.en-us.sfdx_setup.meta/sfdx_setup/sfdx_setup_install_cli.htm
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
### Verify
|
|
53
|
+
|
|
54
|
+
```bash
|
|
55
|
+
sf --version
|
|
56
|
+
# Expected: @salesforce/cli/2.x.x ...
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
## Code Analyzer Plugin
|
|
60
|
+
|
|
61
|
+
**Required: sf CLI must be installed first.**
|
|
62
|
+
|
|
63
|
+
```bash
|
|
64
|
+
# Install
|
|
65
|
+
sf plugins install @salesforce/plugin-code-analyzer
|
|
66
|
+
|
|
67
|
+
# Verify
|
|
68
|
+
sf code-analyzer --help
|
|
69
|
+
|
|
70
|
+
# Update to latest
|
|
71
|
+
sf plugins install @salesforce/plugin-code-analyzer@latest
|
|
72
|
+
|
|
73
|
+
# Check version
|
|
74
|
+
sf plugins --core | grep code-analyzer
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
## Java 11+ (for PMD, CPD, SFGE)
|
|
78
|
+
|
|
79
|
+
### macOS
|
|
80
|
+
|
|
81
|
+
```bash
|
|
82
|
+
# Via Homebrew
|
|
83
|
+
brew install openjdk@11
|
|
84
|
+
|
|
85
|
+
# Add to PATH (add to ~/.zshrc or ~/.bash_profile)
|
|
86
|
+
export PATH="/opt/homebrew/opt/openjdk@11/bin:$PATH"
|
|
87
|
+
export JAVA_HOME="/opt/homebrew/opt/openjdk@11"
|
|
88
|
+
|
|
89
|
+
# Or via SDKMAN (manages multiple Java versions)
|
|
90
|
+
curl -s "https://get.sdkman.io" | bash
|
|
91
|
+
sdk install java 11.0.21-tem
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
### Windows
|
|
95
|
+
|
|
96
|
+
```bash
|
|
97
|
+
# Via winget
|
|
98
|
+
winget install EclipseAdoptium.Temurin.11.JDK
|
|
99
|
+
|
|
100
|
+
# Or via Chocolatey
|
|
101
|
+
choco install temurin11
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
### Linux
|
|
105
|
+
|
|
106
|
+
```bash
|
|
107
|
+
# Ubuntu/Debian
|
|
108
|
+
sudo apt install openjdk-11-jdk
|
|
109
|
+
|
|
110
|
+
# RHEL/CentOS/Fedora
|
|
111
|
+
sudo dnf install java-11-openjdk-devel
|
|
112
|
+
|
|
113
|
+
# Via SDKMAN (any Linux)
|
|
114
|
+
curl -s "https://get.sdkman.io" | bash
|
|
115
|
+
sdk install java 11.0.21-tem
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
### Verify
|
|
119
|
+
|
|
120
|
+
```bash
|
|
121
|
+
java -version
|
|
122
|
+
# Expected: openjdk version "11.x.x" or higher
|
|
123
|
+
|
|
124
|
+
echo $JAVA_HOME
|
|
125
|
+
# Should point to JDK installation
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
### Troubleshooting Java
|
|
129
|
+
|
|
130
|
+
| Issue | Solution |
|
|
131
|
+
|-------|----------|
|
|
132
|
+
| `java: command not found` | Add Java bin dir to PATH |
|
|
133
|
+
| Wrong Java version | Set JAVA_HOME explicitly |
|
|
134
|
+
| Multiple Java versions | Use `sdk use java 11.x.x` or update PATH order |
|
|
135
|
+
| SFGE heap errors | Increase `java_max_heap_size` in config |
|
|
136
|
+
|
|
137
|
+
## Node.js 18+ (for ESLint, RetireJS)
|
|
138
|
+
|
|
139
|
+
### macOS
|
|
140
|
+
|
|
141
|
+
```bash
|
|
142
|
+
# Via Homebrew
|
|
143
|
+
brew install node@20
|
|
144
|
+
|
|
145
|
+
# Or via nvm (recommended for version management)
|
|
146
|
+
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
|
|
147
|
+
nvm install 20
|
|
148
|
+
nvm use 20
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
### Windows
|
|
152
|
+
|
|
153
|
+
```bash
|
|
154
|
+
# Via winget
|
|
155
|
+
winget install OpenJS.NodeJS.LTS
|
|
156
|
+
|
|
157
|
+
# Or via nvm-windows
|
|
158
|
+
# Download from: https://github.com/coreybutler/nvm-windows/releases
|
|
159
|
+
nvm install 20
|
|
160
|
+
nvm use 20
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
### Linux
|
|
164
|
+
|
|
165
|
+
```bash
|
|
166
|
+
# Via nvm (recommended)
|
|
167
|
+
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
|
|
168
|
+
nvm install 20
|
|
169
|
+
nvm use 20
|
|
170
|
+
|
|
171
|
+
# Or via package manager (may be outdated)
|
|
172
|
+
# Ubuntu/Debian (use NodeSource for latest):
|
|
173
|
+
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
|
|
174
|
+
sudo apt install -y nodejs
|
|
175
|
+
```
|
|
176
|
+
|
|
177
|
+
### Verify
|
|
178
|
+
|
|
179
|
+
```bash
|
|
180
|
+
node --version
|
|
181
|
+
# Expected: v20.x.x or v18.x.x (minimum v18)
|
|
182
|
+
|
|
183
|
+
npm --version
|
|
184
|
+
# Expected: 9.x.x or 10.x.x
|
|
185
|
+
```
|
|
186
|
+
|
|
187
|
+
## Python 3 (for Flow Engine)
|
|
188
|
+
|
|
189
|
+
**Only needed if you scan Flow files (*.flow-meta.xml).**
|
|
190
|
+
|
|
191
|
+
### macOS
|
|
192
|
+
|
|
193
|
+
```bash
|
|
194
|
+
# Via Homebrew
|
|
195
|
+
brew install python3
|
|
196
|
+
|
|
197
|
+
# macOS may already have python3 via Xcode Command Line Tools
|
|
198
|
+
xcode-select --install
|
|
199
|
+
```
|
|
200
|
+
|
|
201
|
+
### Windows
|
|
202
|
+
|
|
203
|
+
```bash
|
|
204
|
+
# Via winget
|
|
205
|
+
winget install Python.Python.3.12
|
|
206
|
+
|
|
207
|
+
# Or from python.org
|
|
208
|
+
# https://www.python.org/downloads/windows/
|
|
209
|
+
```
|
|
210
|
+
|
|
211
|
+
### Linux
|
|
212
|
+
|
|
213
|
+
```bash
|
|
214
|
+
# Usually pre-installed. If not:
|
|
215
|
+
# Ubuntu/Debian
|
|
216
|
+
sudo apt install python3
|
|
217
|
+
|
|
218
|
+
# RHEL/CentOS/Fedora
|
|
219
|
+
sudo dnf install python3
|
|
220
|
+
```
|
|
221
|
+
|
|
222
|
+
### Verify
|
|
223
|
+
|
|
224
|
+
```bash
|
|
225
|
+
python3 --version
|
|
226
|
+
# Expected: Python 3.x.x
|
|
227
|
+
```
|
|
228
|
+
|
|
229
|
+
## Authenticated Org (for ApexGuru)
|
|
230
|
+
|
|
231
|
+
**Only needed for ApexGuru performance analysis.**
|
|
232
|
+
|
|
233
|
+
```bash
|
|
234
|
+
# Login to a Salesforce org
|
|
235
|
+
sf org login web --alias my-org
|
|
236
|
+
|
|
237
|
+
# Or login with JWT (CI/CD)
|
|
238
|
+
sf org login jwt --client-id <id> --jwt-key-file <key> --username <user> --alias my-org
|
|
239
|
+
|
|
240
|
+
# Verify
|
|
241
|
+
sf org display --target-org my-org
|
|
242
|
+
```
|
|
243
|
+
|
|
244
|
+
### Troubleshooting ApexGuru Auth
|
|
245
|
+
|
|
246
|
+
| Issue | Solution |
|
|
247
|
+
|-------|----------|
|
|
248
|
+
| `No default org` | Set default: `sf config set target-org my-org` |
|
|
249
|
+
| `Session expired` | Re-login: `sf org login web --alias my-org` |
|
|
250
|
+
| `Insufficient permissions` | Org needs API access enabled |
|
|
251
|
+
|
|
252
|
+
## Quick Setup Script
|
|
253
|
+
|
|
254
|
+
For a complete setup on macOS with Homebrew:
|
|
255
|
+
|
|
256
|
+
```bash
|
|
257
|
+
# Install all prerequisites
|
|
258
|
+
brew install node@20 openjdk@11 python3
|
|
259
|
+
|
|
260
|
+
# Set Java environment
|
|
261
|
+
export JAVA_HOME="/opt/homebrew/opt/openjdk@11"
|
|
262
|
+
export PATH="/opt/homebrew/opt/openjdk@11/bin:$PATH"
|
|
263
|
+
|
|
264
|
+
# Install Salesforce CLI
|
|
265
|
+
npm install -g @salesforce/cli
|
|
266
|
+
|
|
267
|
+
# Install Code Analyzer
|
|
268
|
+
sf plugins install @salesforce/plugin-code-analyzer
|
|
269
|
+
|
|
270
|
+
# Verify everything
|
|
271
|
+
sf --version
|
|
272
|
+
sf plugins --core | grep code-analyzer
|
|
273
|
+
java -version
|
|
274
|
+
node --version
|
|
275
|
+
python3 --version
|
|
276
|
+
```
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# Rule Name Resolution (Fuzzy Matching)
|
|
2
|
+
|
|
3
|
+
**⚠️ CRITICAL:** The `rules` section in `code-analyzer.yml` requires the EXACT full rule name as it appears in Code Analyzer's rule registry. A misspelled or partial name will be silently ignored — the override won't apply, and no error is shown.
|
|
4
|
+
|
|
5
|
+
## Why This Matters
|
|
6
|
+
|
|
7
|
+
Unlike `--rule-selector` (which returns 0 results on mismatch), a wrong name in `code-analyzer.yml` is SILENTLY ignored. The config validates fine, but the override simply doesn't apply. This makes typos and partial names dangerous.
|
|
8
|
+
|
|
9
|
+
## Common Fuzzy → Exact Mappings
|
|
10
|
+
|
|
11
|
+
Users will often refer to rules by approximate, partial, or descriptive names:
|
|
12
|
+
|
|
13
|
+
| User Says | Exact Rule Name | Engine |
|
|
14
|
+
|-----------|----------------|--------|
|
|
15
|
+
| "the ApexDoc rule" | `ApexDoc` | `pmd` |
|
|
16
|
+
| "no-console" | `no-console` | `eslint` |
|
|
17
|
+
| "CRUD violation" | `ApexCRUDViolation` | `pmd` |
|
|
18
|
+
| "hardcoded values" | `@salesforce-ux/slds/no-hardcoded-values-slds2` | `eslint` |
|
|
19
|
+
| "unused variables" | `no-unused-vars` | `eslint` |
|
|
20
|
+
| "soql injection" | `ApexSOQLInjection` | `pmd` |
|
|
21
|
+
| "global modifier" | `AvoidGlobalModifier` | `pmd` |
|
|
22
|
+
| "empty catch" | `EmptyCatchBlock` | `pmd` |
|
|
23
|
+
|
|
24
|
+
## Lookup Procedure
|
|
25
|
+
|
|
26
|
+
When you are NOT 100% certain of the exact full rule name:
|
|
27
|
+
|
|
28
|
+
1. **Do NOT guess** — a wrong name silently fails (the override is ignored with no error)
|
|
29
|
+
2. **Look up the rule first** using the `sf code-analyzer rules` command with grep:
|
|
30
|
+
```bash
|
|
31
|
+
sf code-analyzer rules --rule-selector all 2>&1 | grep -i "<USER_KEYWORD>"
|
|
32
|
+
```
|
|
33
|
+
3. **If grep returns exactly one match** → use that exact rule name in the YAML
|
|
34
|
+
4. **If grep returns multiple matches** → present them to the user and ask which one they meant
|
|
35
|
+
5. **If grep returns 0 matches** → try broader keywords or tell the user no rule matched
|
|
36
|
+
|
|
37
|
+
## When You CAN Skip the Lookup
|
|
38
|
+
|
|
39
|
+
Skip only when confident in the exact name:
|
|
40
|
+
- User provides the full exact name (e.g., "ApexCRUDViolation", "no-unused-vars")
|
|
41
|
+
- The rule is extremely common AND unambiguous (e.g., "ApexDoc", "no-console")
|
|
42
|
+
|
|
43
|
+
## Matching Strategies for Ambiguous Input
|
|
44
|
+
|
|
45
|
+
| User Says | Grep Command | Notes |
|
|
46
|
+
|-----------|-------------|-------|
|
|
47
|
+
| "the doc rule" | `grep -i "doc"` | May match ApexDoc, JSDoc, etc. — ask user if multiple |
|
|
48
|
+
| "CRUD" | `grep -i "crud"` | Likely matches ApexCRUDViolation |
|
|
49
|
+
| "hardcoded" | `grep -i "hardcoded"` | May match multiple SLDS/custom rules |
|
|
50
|
+
| "console" | `grep -i "console"` | Likely matches no-console |
|
|
51
|
+
| "security rules" | Use `--rule-selector all:Security` | Category-based, not name-based |
|
|
52
|
+
| "the injection rule" | `grep -i "injection"` | May match ApexSOQLInjection, ApexXSSFromURLParam, etc. |
|
|
53
|
+
| "unused" | `grep -i "unused"` | May match no-unused-vars, UnusedLocalVariable, etc. |
|
|
54
|
+
|
|
55
|
+
## Identifying the Engine
|
|
56
|
+
|
|
57
|
+
The YAML structure requires nesting under the correct engine. Always extract BOTH the engine and rule name from the `sf code-analyzer rules` output:
|
|
58
|
+
|
|
59
|
+
```yaml
|
|
60
|
+
rules:
|
|
61
|
+
<engine>: # ← must match the engine that owns the rule
|
|
62
|
+
<rule_name>:
|
|
63
|
+
severity: ...
|
|
64
|
+
disabled: ...
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
The output of `sf code-analyzer rules` shows engine name alongside each rule. Use that to determine the correct YAML path.
|