@salesforce/webapp-template-feature-react-chart-experimental 1.105.1 → 1.106.0

package/dist/.a4drules/skills/{implementing-graphql-data-access/docs/generate-mutation-query.md → salesforce-graphql-mutation-query/SKILL.md}

@@ -1,40 +1,47 @@
-# GraphQL Mutation Query Generation
+---
+name: salesforce-graphql-mutation-query
+description: Generate Salesforce GraphQL mutation queries. Use when the query to generate is a mutation query. Schema exploration must complete first — invoke salesforce-graphql-explore-schema first.
+paths:
+  - "**/*.ts"
+  - "**/*.tsx"
+  - "**/*.graphql"
+---
+
+# Salesforce GraphQL Mutation Query Generation
 
 **Triggering conditions**
 
-1. Only if the schema exploration phase completed successfully
+1. Only if the schema exploration phase completed successfully (invoke `salesforce-graphql-explore-schema` first)
 2. Only if the query to generate is a mutation query
 
-## Your Role
+## Schema Access Policy
 
-You are a GraphQL expert and your role is to help generate Salesforce compatible GraphQL mutation queries once the exploration phase has completed.
+> ⚠️ **GREP ONLY** — During mutation generation you may need to verify field names, input types, or representations. All schema lookups **MUST** use the grep-only commands defined in the `salesforce-graphql-explore-schema` skill. Do NOT open, read, stream, or parse `./schema.graphql` with any tool other than grep.
 
-You will leverage the context provided by the requesting user as well as the validation phase provided by the schema exploration. This tool will also provide you with a method to dynamically query the target org instance that you will use to test the generated query.
+## Your Role
 
-If the schema exploration has not been executed yet, you **MUST** run it first, and then get back to mutation query generation.
+You are a GraphQL expert. Generate Salesforce-compatible mutation queries. Schema exploration must complete first. If the schema exploration has not been executed yet, you **MUST** run the full exploration workflow from the `salesforce-graphql-explore-schema` skill first, then return here for mutation query generation.
 
 ## Mutation Queries General Information
 
-**IMPORTANT**:
-
-1. **Mutation Types**: The GraphQL engine supports `Create`, `Update` and `Delete` operations
-2. **Id Based Mutations**: `Update` and `Delete` operations operate on Id-based entity identification
-3. **Mutation Schema**: Defined in the [mutation query schema](#mutation-query-schema) section
+The GraphQL engine supports `Create`, `Update`, and `Delete` operations. `Update` and `Delete` operate on Id-based entity identification. See the [mutation query schema](#mutation-query-schema) section.
 
 ## Mutation Query Generation Workflow
 
 Strictly follow the rules below when generating the GraphQL mutation query:
 
-1. **Input Fields Validation** - Validate that the set of fields validate [input field constraints](#mutation-queries-input-field-constraints)
+1. **Input Fields Validation** - Validate that the set of fields validate [input field constraints](#mutation-queries-input-field-constraints). Verify every field name and type against grep output from the schema — do NOT guess or assume
 2. **Output Fields Validation** - Validate that the set of fields used in the select part of the query validate the [output fields constraints](#mutation-queries-output-field-constraints)
-3. **Type Consistency** - Make sure variables used as query arguments and their related fields share the same GraphQL type
+3. **Type Consistency** - Make sure variables used as query arguments and their related fields share the same GraphQL type. Verify types via grep lookup — do NOT assume types
 4. **Report Phase** - Use the [Mutation Query Report Template](#mutation-query-report-template) below to report on the previous validation phases
 5. **Input Arguments** - `input` is the default name for the argument, unless otherwise specified
 6. **Output Field** - For `Create` and `Update` operations, the output field is always named `Record`, and is of type EntityName
-7. **Query Generation** - Use the [mutation query](#mutation-query-templates) template and adjust it based on the selected operation
-8. **Output Format** - Use the [standalone](#mutation-standalone-default-output-format---clean-code-only)
-9. **Test the Query** - Use the [Generated Mutation Query Testing](#generated-mutation-query-testing) workflow to test the generated query
-   1. **Report First** - Always report first, using the proper output format, before testing
+7. **Field Name Validation** - Every field name in the generated mutation **MUST** match a field confirmed via grep lookup in the schema. Do NOT guess or assume field names exist
+8. **Query Generation** - Use the [mutation query](#mutation-query-templates) template and adjust it based on the selected operation
+9. **Output Format** - Use the [standalone](#mutation-standalone-default-output-format---clean-code-only)
+10. **Lint Validation** - After writing the mutation to a file, run `npx eslint <file>` from the webapp dir to validate it against the schema. Fix any reported errors before proceeding. See [Lint Validation](#lint-validation) for details
+11. **Test the Query** - Use the [Generated Mutation Query Testing](#generated-mutation-query-testing) workflow to test the generated query
+    1. **Report First** - Always output the generated mutation in the proper output format BEFORE initiating any test
 
 ## Mutation Query Schema
 
@@ -127,7 +134,7 @@ mutation mutateEntityName(
 ## Mutation Standalone (Default) Output Format - CLEAN CODE ONLY
 
 ```javascript
-import { gql } from 'api/graphql.ts';
+import { gql } from '@salesforce/sdk-data';
 const QUERY_NAME = gql`
   mutation mutateEntity($input: EntityNameOperationInput!) {
     uiapi {
@@ -150,36 +157,54 @@ const QUERY_VARIABLES = {
 };
 ```
 
-**❌ DO NOT INCLUDE:**
+**❌ FORBIDDEN — Do NOT include any of the following:**
 
-- Explanatory comments about the query
-- Field descriptions
+- Explanatory comments about the query (inline or surrounding)
+- Field descriptions or annotations
 - Additional text about what the query does
-- Workflow step descriptions
+- Workflow step descriptions or summaries
+- Comments like `// fetches...`, `// creates...`, `/* ... */`
 
-**✅ ONLY INCLUDE:**
+**✅ ONLY output:**
 
-- Raw query string
-- Variables object
-- Nothing else
+- The raw query string constant (using `gql` tagged template)
+- The variables object constant
+- Nothing else — no extra imports, no exports, no wrapper functions
+
+## Lint Validation
+
+After writing the generated mutation into a source file, validate it against the schema using the project's GraphQL ESLint setup:
+
+```bash
+# Run from webapp dir (force-app/main/default/webapplications/<app-name>/)
+npx eslint <path-to-file-containing-mutation>
+```
+
+**How it works:** The ESLint config uses `@graphql-eslint/eslint-plugin` with its `processor`, which extracts GraphQL operations from `gql` template literals in `.ts`/`.tsx` files and validates the extracted `.graphql` virtual files against `schema.graphql`.
+
+**Rules enforced:** `no-anonymous-operations`, `no-duplicate-fields`, `known-fragment-names`, `no-undefined-variables`, `no-unused-variables`
+
+**On failure:** Fix the reported issues, re-run `npx eslint <file>` until clean, then proceed to testing.
+
+> ⚠️ **Prerequisites**: The `schema.graphql` file must exist (invoke `salesforce-graphql-explore-schema` first) and project dependencies must be installed (`npm install`).
 
 ## Generated Mutation Query Testing
 
-**Triggering conditions** - **ALL CONDITIONS MUST VALIDATE\***
+**Triggering conditions** — **ALL conditions must be true:**
 
-1. Only if the [Mutation Query Generation Workflow](#mutation-query-generation-workflow) step global status is `SUCCESS` and you have a generated query
-2. Only if the query to generate is a mutation query
-3. Only if non manual method was used during schema exploration to retrieve introspection data
+1. The [Mutation Query Generation Workflow](#mutation-query-generation-workflow) completed with status `SUCCESS` and you have a generated query
+2. The query is a mutation query
+3. A non-manual method was used during schema exploration to retrieve introspection data
 
 **Workflow**
 
-1. **Report Step** - Explain that you are able to test the query using `sf api request rest`
-2. **Interactive Step** - Ask the user whether they want you to test the query
-   1. **WAIT** for the user's answer.
-3. **Input Arguments** - You **MUST** ask the user for the input arguments to use
-   1. **WAIT** for the user's answer.
-4. **Test Query** - If the user are OK with you testing the query:
-   1. Use `sf api request rest` to POST the query and variables to the GraphQL endpoint:
+1. **Report Step** - State the exact method you will use to test (e.g., `sf api request graphql` from the **project root**, Connect API, etc.) — this **MUST** match the method used during schema exploration
+2. **Interactive Step** - Ask the user whether they want you to test the query using the proposed method
+   1. **STOP and WAIT** for the user's answer. Do NOT proceed until the user responds. Do NOT assume consent.
+3. **Input Arguments** - You **MUST** ask the user for the input argument values to use in the test
+   1. **STOP and WAIT** for the user's answer. Do NOT proceed until the user provides values. Do NOT fabricate test data.
+4. **Test Query** - Only if the user explicitly agrees and has provided input values:
+   1. Execute the mutation using the reported method (e.g., `sf api request rest` to POST the query and variables to the GraphQL endpoint):
       ```bash
       sf api request rest /services/data/v65.0/graphql \
         --method POST \
@@ -207,14 +232,14 @@ The query is invalid:
    - **Navigation** - Error contains `is not currently available in mutation results`
    - **API Version** - Query deals with updates, you're testing with Connect API and error contains `Cannot invoke JsonElement.isJsonObject()`
 3. **Targeted Resolution** - Depending on the root cause categorization
-   - **Execution** - You're trying to update or delete an unknown/no longer available entity: either create an entity first, if you have generated the related query, or ask for a valid entity id to use
+   - **Execution** - You're trying to update or delete an unknown/no longer available entity: either create an entity first, if you have generated the related query, or ask for a valid entity id to use. **STOP and WAIT** for the user to provide a valid Id
    - **Syntax** - Update the query using the error message information to fix the syntax errors
-   - **Validation** - This field's name is most probably invalid, ask user for clarification and **WAIT** for the user's answer
-   - **Type** - Use the error details and GraphQL schema to correct argument's type, and adjust variables accordingly
+   - **Validation** - The field name is most probably invalid. Re-run the relevant grep command from the `salesforce-graphql-explore-schema` skill to verify the correct field name. If still unclear, ask the user for clarification and **STOP and WAIT** for their answer
+   - **Type** - Use the error details and re-verify the type via grep lookup in the schema. Correct the argument type and adjust variables accordingly
    - **Navigation** - Use the [`PARTIAL` status handling workflow](#partial-status-handling-workflow) below
    - **API Version** - `Record` selection is only available with API version 64 and higher, **report** the issue, and try again with API version 64
 4. **Test Again** - Resume the [query testing workflow](#generated-mutation-query-testing) with the updated query (increment and track attempt counter)
-5. **Escalation Path** - If targeted resolution fails after 2 attempts, ask for additional details and restart the entire GraphQL workflow, going again through the introspection phase
+5. **Escalation Path** - If targeted resolution fails after 2 attempts, ask for additional details and restart the entire GraphQL workflow from the `salesforce-graphql-explore-schema` skill
 
 ### `PARTIAL` Status Handling Workflow
 
@@ -224,5 +249,10 @@ The query can be improved:
 2. Explain that these fields can't be queried as part of a mutation query
 3. Explain that the query might be considered as failing, as it will report errors
 4. Offer to remove the offending fields
-5. **WAIT** for the user's answer
+5. **STOP and WAIT** for the user's answer. Do NOT remove fields without explicit consent.
 6. If they are OK with removing the fields restart the [generation workflow](#mutation-query-generation-workflow) with the new field list
+
+## Related Skills
+
+- Schema exploration: `salesforce-graphql-explore-schema` (must complete first)
+- Read query generation: `salesforce-graphql-read-query`

package/dist/.a4drules/skills/salesforce-graphql-read-query/SKILL.md

@@ -0,0 +1,253 @@
+---
+name: salesforce-graphql-read-query
+description: Generate Salesforce GraphQL read queries. Use when the query to generate is a read query. Schema exploration must complete first — invoke salesforce-graphql-explore-schema first.
+paths:
+  - "**/*.ts"
+  - "**/*.tsx"
+  - "**/*.graphql"
+---
+
+# Salesforce GraphQL Read Query Generation
+
+**Triggering conditions**
+
+1. Only if the schema exploration phase completed successfully (invoke `salesforce-graphql-explore-schema` first)
+2. Only if the query to generate is a read query
+
+## Schema Access Policy
+
+> ⚠️ **GREP ONLY** — During query generation you may need to verify field names, types, or relationships. All schema lookups **MUST** use the grep-only commands defined in the `salesforce-graphql-explore-schema` skill. Do NOT open, read, stream, or parse `./schema.graphql` with any tool other than grep.
+
+## Field-Level Security and @optional
+
+Field-level security (FLS) restricts which fields different users can see. Use the `@optional` directive on Salesforce record fields when possible. The server omits the field when the user lacks access, allowing the query to succeed instead of failing. Apply `@optional` to scalar fields, value-type fields (e.g. `Name { value }`), parent relationships, and child relationships. Available in API v65.0+.
+
+**Consuming code must defend against missing fields.** When a field is omitted due to FLS, it will be `undefined` (or absent) in the response. Use optional chaining (`?.`), nullish coalescing (`??`), and explicit null/undefined checks when reading query results. Never assume an optional field is present — otherwise the app may crash or behave incorrectly for users without field access.
+
+```ts
+// ✅ Defend against missing fields
+const name = node.Name?.value ?? '';
+const relatedName = node.RelationshipName?.Name?.value ?? 'N/A';
+
+// ❌ Unsafe — will throw if field omitted due to FLS
+const name = node.Name.value;
+```
+
+## Your Role
+
+You are a GraphQL expert. Generate Salesforce-compatible read queries. Schema exploration must complete first. If the schema exploration has not been executed yet, you **MUST** run the full exploration workflow from the `salesforce-graphql-explore-schema` skill first, then return here for read query generation.
+
+## Read Query Generation Workflow
+
+Strictly follow the rules below when generating the GraphQL read query:
+
+1. **No Proliferation** - Only generate for the explicitly requested fields, nothing else. Do NOT add fields the user did not ask for.
+2. **Unique Query** - Leverage child relationships to query entities in one single query
+3. **Navigate Entities** - Always use `relationshipName` to access reference fields and child entities
+   1. **Exception** - if the `relationshipName` field is null, you can't navigate the related entity, and will have to return the `Id` itself
+4. **Leverage Fragments** - Generate one fragment per possible type on polymorphic fields (field with `dataType="REFERENCE"` and more than one entry in `referenceToInfos` introspection attribute)
+5. **Type Consistency** - Make sure variables used as query arguments and their related fields share the same GraphQL type. Verify types against grep output from the schema — do not assume types
+6. **Type Enforcement** - Make sure to leverage field type information from introspection and GraphQL schema to generate field access
+7. **Field Name Validation** - Every field name in the generated query **MUST** match a field confirmed via grep lookup in the schema. Do NOT guess or assume field names exist
+8. **@optional for FLS** - Apply `@optional` on all Salesforce record fields when possible (see [Field-Level Security and @optional](#field-level-security-and-optional)). This lets the query succeed when the user lacks field-level access; the server omits inaccessible fields instead of failing
+9. **Consuming code defense** - When generating or modifying code that consumes read query results, defend against missing fields (see [Field-Level Security and @optional](#field-level-security-and-optional)). Use optional chaining, nullish coalescing, and null/undefined checks — never assume optional fields are present
+10. **Semi and anti joins** - Use the semi-join or anti-join templates to filter an entity with conditions on child entities
+11. **Query Generation** - Use the [template](#read-query-template) to generate the query
+12. **Output Format** - Use the [standalone](#read-standalone-default-output-format---clean-code-only)
+13. **Lint Validation** - After writing the query to a file, run `npx eslint <file>` from the webapp dir to validate it against the schema. Fix any reported errors before proceeding. See [Lint Validation](#lint-validation) for details
+14. **Test the Query** - Use the [Generated Read Query Testing](#generated-read-query-testing) workflow to test the generated query
+    1. **Report First** - Always output the generated query in the proper output format BEFORE initiating any test
+
+## Read Query Template
+
+```graphql
+query QueryName {
+  uiapi {
+    query {
+      EntityName(
+        # conditions here
+      ) {
+        edges {
+          node {
+            # Direct fields — use @optional for FLS resilience
+            FieldName @optional { value }
+
+            # Non-polymorphic reference (single type)
+            RelationshipName @optional {
+              Id
+              Name { value }
+            }
+
+            # Polymorphic reference (multiple types)
+            PolymorphicRelationshipName @optional {
+              ...TypeAInfo
+              ...TypeBInfo
+            }
+
+            # Child relationship (subquery)
+            RelationshipName @optional (
+              # conditions here
+            ) {
+              edges {
+                node {
+                  # fields
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+fragment TypeAInfo on TypeA {
+  Id
+  SpecificFieldA @optional { value }
+}
+
+fragment TypeBInfo on TypeB {
+  Id
+  SpecificFieldB @optional { value }
+}
+```
+
+## Semi-Join and Anti-Join Condition Template
+
+Semi-joins (resp. anti-joins) condition leverage parent-child relationships and allow filtering the parent entity using a condition on child entities.
+This is a standard `where` condition, on the parent entity's `Id`, expressed using the `inq` (resp. `ninq`, i.e. not `inq`) operator. This operator accepts two attributes:
+
+- The child entity camelcase name to apply the condition on, with a value expressing the condition
+- The field name on the child entity containing the parent entity `Id`, which is the `fieldName` from the `childRelationships` information for the child entity
+- If the only condition is related child entity existence, you can use an `Id: { ne: null }` condition
+
+### Semi-Join Example - ParentEntity with at least one Matching ChildEntity
+
+```graphql
+query testSemiJoin {
+  uiapi {
+    query {
+      ParentEntity(
+        where: {
+          Id: {
+            inq: {
+              ChildEntity: {
+                # standard conditions here
+                Name: { like: "test%" }
+                Type: { eq: "some value" }
+              }
+              ApiName: "parentIdFieldInChild"
+            }
+          }
+        }
+      ) {
+        edges {
+          node {
+            Id
+            Name @optional {
+              value
+            }
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+### Anti-Join Example - ParentEntity with no Matching ChildEntity
+
+Same example as the [Semi-Join Example](#semi-join-example---parententity-with-at-least-one-matching-childentity), but replacing the `inq` operator by the `ninq` one.
+
+## Read Standalone (Default) Output Format - CLEAN CODE ONLY
+
+```javascript
+const QUERY_NAME = `
+  query GetData {
+    # query here
+  }
+`;
+
+const QUERY_VARIABLES = {
+  // variables here
+};
+```
+
+**❌ FORBIDDEN — Do NOT include any of the following:**
+
+- Explanatory comments about the query (inline or surrounding)
+- Field descriptions or annotations
+- Additional text about what the query does
+- Workflow step descriptions or summaries
+- Comments like `// fetches...`, `// returns...`, `/* ... */`
+
+**✅ ONLY output:**
+
+- The raw query string constant
+- The variables object constant
+- Nothing else — no imports, no exports, no wrapper functions
+
+## Lint Validation
+
+After writing the generated query into a source file, validate it against the schema using the project's GraphQL ESLint setup:
+
+```bash
+# Run from webapp dir (force-app/main/default/webapplications/<app-name>/)
+npx eslint <path-to-file-containing-query>
+```
+
+**How it works:** The ESLint config uses `@graphql-eslint/eslint-plugin` with its `processor`, which extracts GraphQL operations from `gql` template literals in `.ts`/`.tsx` files and validates the extracted `.graphql` virtual files against `schema.graphql`.
+
+**Rules enforced:** `no-anonymous-operations`, `no-duplicate-fields`, `known-fragment-names`, `no-undefined-variables`, `no-unused-variables`
+
+**On failure:** Fix the reported issues, re-run `npx eslint <file>` until clean, then proceed to testing.
+
+> ⚠️ **Prerequisites**: The `schema.graphql` file must exist (invoke `salesforce-graphql-explore-schema` first) and project dependencies must be installed (`npm install`).
+
+## Generated Read Query Testing
+
+**Triggering conditions** — **ALL conditions must be true:**
+
+1. The [Read Query Generation Workflow](#read-query-generation-workflow) completed with status `SUCCESS` and you have a generated query
+2. The query is a read query
+3. A non-manual method was used during schema exploration to retrieve introspection data
+
+**Workflow**
+
+1. **Report Step** - State the exact method you will use to test (e.g., `sf api request graphql` from the **project root**, Connect API, etc.) — this **MUST** match the method used during schema exploration
+2. **Interactive Step** - Ask the user whether they want you to test the query using the proposed method
+   1. **STOP and WAIT** for the user's answer. Do NOT proceed until the user responds. Do NOT assume consent.
+3. **Test Query** - Only if the user explicitly agrees:
+   1. Use `sf api request rest` to POST the query to the GraphQL endpoint:
+      ```bash
+      sf api request rest /services/data/v65.0/graphql \
+        --method POST \
+        --body '{"query":"query GetData { uiapi { query { EntityName { edges { node { Id } } } } } }"}'
+      ```
+   2. Replace `v65.0` with the API version of the target org
+   3. Replace the `query` value with the generated read query string
+   4. If the query uses variables, include them in the JSON body as a `variables` key
+   5. Report the result as `SUCCESS` if the query executed without error, or `FAILED` if errors were returned
+   6. An empty result set with no errors is `SUCCESS` — the query is valid, the org simply has no matching data
+4. **Remediation Step** - If status is `FAILED`, use the [`FAILED` status handling workflows](#failed-status-handling-workflow)
+
+### `FAILED` Status Handling Workflow
+
+The query is invalid:
+
+1. **Error Analysis** - Parse and categorize the specific error messages
+2. **Root Cause Identification** - Use error message to identify the root cause:
+   - **Syntax** - Error contains `invalid syntax`
+   - **Validation** - Error contains `validation error`
+   - **Type** - Error contains `VariableTypeMismatch` or `UnknownType`
+3. **Targeted Resolution** - Depending on the root cause categorization
+   - **Syntax** - Update the query using the error message information to fix the syntax errors
+   - **Validation** - The field name is most probably invalid. Re-run the relevant grep command from the `salesforce-graphql-explore-schema` skill to verify the correct field name. If still unclear, ask the user for clarification and **STOP and WAIT** for their answer
+   - **Type** - Use the error details and re-verify the type via grep lookup in the schema. Correct the argument type and adjust variables accordingly
+4. **Test Again** - Resume the [query testing workflow](#generated-read-query-testing) with the updated query (increment and track attempt counter)
+5. **Escalation Path** - If targeted resolution fails after 2 attempts, ask for additional details and restart the entire GraphQL workflow from the `salesforce-graphql-explore-schema` skill
+
+## Related Skills
+
+- Schema exploration: `salesforce-graphql-explore-schema` (must complete first)
+- Mutation generation: `salesforce-graphql-mutation-query`

package/dist/.a4drules/skills/salesforce-rest-api-fetch/SKILL.md

@@ -0,0 +1,167 @@
+---
+name: salesforce-rest-api-fetch
+description: REST API usage via the Data SDK fetch method. Use when implementing Chatter, Connect REST, Apex REST, UI API REST, or Einstein LLM calls — only when GraphQL is not sufficient.
+paths:
+  - "**/*.ts"
+  - "**/*.tsx"
+  - "**/*.graphql"
+---
+
+# Salesforce REST API via Data SDK Fetch
+
+Use `sdk.fetch` from the Data SDK when GraphQL is not sufficient. The SDK applies authentication, CSRF handling, and base URL resolution. **Always use optional chaining** (`sdk.fetch?.()`) and handle the case where `fetch` is not available.
+
+Invoke this skill when you need to call Chatter, Connect REST, Apex REST, UI API REST, or Einstein LLM endpoints.
+
+## API Version
+
+Use the project's API version. It is typically injected as `__SF_API_VERSION__`; fallback to `"65.0"`:
+
+```typescript
+declare const __SF_API_VERSION__: string;
+const API_VERSION = typeof __SF_API_VERSION__ !== "undefined" ? __SF_API_VERSION__ : "65.0";
+```
+
+## Base Path
+
+URLs are relative to the Salesforce API base. The SDK prepends the correct base path. Use paths starting with `/services/...`.
+
+---
+
+## Chatter API
+
+User and collaboration data. No GraphQL equivalent.
+
+| Endpoint | Method | Purpose |
+| -------- | ------ | ------- |
+| `/services/data/v{version}/chatter/users/me` | GET | Current user (id, name, email, username) |
+
+```typescript
+const sdk = await createDataSDK();
+const response = await sdk.fetch?.(`/services/data/v${API_VERSION}/chatter/users/me`);
+
+if (!response?.ok) throw new Error(`HTTP ${response?.status}`);
+const data = await response.json();
+return { id: data.id, name: data.name };
+```
+
+---
+
+## Connect REST API
+
+File and content operations.
+
+| Endpoint | Method | Purpose |
+| -------- | ------ | ------- |
+| `/services/data/v{version}/connect/file/upload/config` | GET | Upload config (token, uploadUrl) for file uploads |
+
+```typescript
+const sdk = await createDataSDK();
+const configRes = await sdk.fetch?.(`/services/data/v${API_VERSION}/connect/file/upload/config`, {
+  method: "GET",
+});
+
+if (!configRes?.ok) throw new Error(`Failed to get upload config: ${configRes?.status}`);
+const config = await configRes.json();
+const { token, uploadUrl } = config;
+```
+
+---
+
+## Apex REST
+
+Custom Apex REST resources. Requires corresponding Apex classes in the org. CSRF protection is applied automatically for `services/apexrest` URLs.
+
+| Endpoint | Method | Purpose |
+| -------- | ------ | ------- |
+| `/services/apexrest/auth/login` | POST | User login |
+| `/services/apexrest/auth/register` | POST | User registration |
+| `/services/apexrest/auth/forgot-password` | POST | Request password reset |
+| `/services/apexrest/auth/reset-password` | POST | Reset password with token |
+| `/services/apexrest/auth/change-password` | POST | Change password (authenticated) |
+| `/services/apexrest/{resource}` | GET/POST | Custom Apex REST resources |
+
+**Example (login):**
+
+```typescript
+const sdk = await createDataSDK();
+const response = await sdk.fetch?.("/services/apexrest/auth/login", {
+  method: "POST",
+  body: JSON.stringify({ email, password, startUrl: "/" }),
+  headers: { "Content-Type": "application/json", Accept: "application/json" },
+});
+```
+
+Apex REST paths do not include the API version.
+
+---
+
+## UI API (REST)
+
+When GraphQL cannot cover the use case. **Prefer GraphQL** when possible.
+
+| Endpoint | Method | Purpose |
+| -------- | ------ | ------- |
+| `/services/data/v{version}/ui-api/records/{recordId}` | GET | Fetch a single record |
+
+```typescript
+const sdk = await createDataSDK();
+const response = await sdk.fetch?.(`/services/data/v${API_VERSION}/ui-api/records/${recordId}`);
+```
+
+---
+
+## Einstein LLM Gateway
+
+AI features. Requires Einstein API setup.
+
+| Endpoint | Method | Purpose |
+| -------- | ------ | ------- |
+| `/services/data/v{version}/einstein/llm/prompt/generations` | POST | Generate text from Einstein LLM |
+
+```typescript
+const sdk = await createDataSDK();
+const response = await sdk.fetch?.(`/services/data/v${API_VERSION}/einstein/llm/prompt/generations`, {
+  method: "POST",
+  headers: { "Content-Type": "application/json" },
+  body: JSON.stringify({
+    additionalConfig: { applicationName: "PromptTemplateGenerationsInvocable" },
+    promptTextorId: prompt,
+  }),
+});
+
+if (!response?.ok) throw new Error(`Einstein LLM failed (${response?.status})`);
+const data = await response.json();
+return data?.generations?.[0]?.text ?? "";
+```
+
+---
+
+## General Pattern
+
+```typescript
+import { createDataSDK } from "@salesforce/sdk-data";
+
+const sdk = await createDataSDK();
+
+if (!sdk.fetch) {
+  throw new Error("Data SDK fetch is not available in this context");
+}
+
+const response = await sdk.fetch(url, {
+  method: "GET", // or POST, PUT, PATCH, DELETE
+  headers: { "Content-Type": "application/json", Accept: "application/json" },
+  body: method !== "GET" ? JSON.stringify(payload) : undefined,
+});
+
+if (!response.ok) throw new Error(`HTTP ${response.status}`);
+const data = await response.json();
+```
+
+---
+
+## Reference
+
+- Parent: `salesforce-data-access` — enforces Data SDK usage for all Salesforce data fetches
+- GraphQL: `salesforce-graphql` — use for record queries and mutations when possible
+- `createRecord` from `@salesforce/webapp-experimental/api` for UI API record creation (uses SDK internally)

package/dist/.a4drules/webapp-react.md

@@ -90,55 +90,7 @@ Use standard web APIs and npm packages only.
 
 ## Data Access (CRITICAL)
 
-All Salesforce API calls **must** go through the DataSDK (`@salesforce/sdk-data`). Do NOT use `axios` or raw `fetch` — the SDK handles authentication and CSRF.
-
-### GraphQL (Preferred)
-
-For queries and mutations, follow the **`implementing-graphql-data-access`** skill in `feature-graphql`. It covers schema exploration, query patterns, codegen, type generation, and guardrails.
-
-### UI API (Fallback)
-
-When GraphQL cannot cover the use case, use `sdk.fetch!()` for UI API endpoints:
-
-```typescript
-const sdk = await getDataSDK();
-const resp = await sdk.fetch!('/services/data/v62.0/ui-api/records/{recordId}');
-```
-
-### Apex REST is NOT Available
-
-Apex REST cannot be called from React applications. If Apex seems required:
-1. Evaluate if GraphQL can accomplish the task
-2. If not, inform the user the feature is not supported in React
-
-### MCP Tool Integration
-
-Before implementing data access:
-1. Check if `orchestrate_lds_data_requirements` tool is available
-2. Use it to get guidance on the appropriate pattern (GraphQL or UI API)
-3. If it recommends Apex REST, ignore and use GraphQL instead
-
-## Einstein LLM Gateway (AI Features)
-
-```typescript
-import { getDataSDK } from '@salesforce/sdk-data';
-
-async function callEinsteinGenerations(prompt: string): Promise<string> {
-  const sdk = await getDataSDK();
-  const resp = await sdk.fetch!('/services/data/v62.0/einstein/llm/prompt/generations', {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({
-      additionalConfig: { applicationName: 'PromptTemplateGenerationsInvocable' },
-      promptTextorId: prompt,
-    }),
-  });
-
-  if (!resp.ok) throw new Error(`Einstein LLM failed (${resp.status})`);
-  const data = await resp.json();
-  return data?.generations?.[0]?.text || '';
-}
-```
+For all Salesforce data access (GraphQL, REST, Chatter, Connect, Apex REST, UI API, Einstein LLM), invoke the **`salesforce-data-access`** skill (`.a4drules/skills/salesforce-data-access/`). It enforces Data SDK usage, GraphQL-first preference, optional chaining, and documents when to use `sdk.fetch` via the `salesforce-rest-api-fetch` skill.
 
 ## Error Handling