npm - @salesforce/webapp-template-feature-react-file-upload-experimental - Versions diffs - 1.107.2 → 1.107.3 - Mend

@salesforce/webapp-template-feature-react-file-upload-experimental 1.107.2 → 1.107.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/dist/.a4drules/skills/creating-webapp/SKILL.md CHANGED Viewed

@@ -5,10 +5,30 @@ paths:
   - "**/webapplications/**/*"
 ---
+# First Steps (MUST FOLLOW)
+**Always run `npm install` before doing anything else** when working in a web app directory (e.g. `force-app/main/default/webapplications/<appName>/` or a dist app path). Dependencies must be installed before running `npm run dev`, `npm run build`, `npm run lint`, or any other script. If `node_modules` is missing or stale, commands will fail.
 # Skills-First (MUST FOLLOW)
 **Before writing any code or running any command**, search for relevant skills (`SKILL.md` files) that cover your task. Read the full skill and follow its instructions. Skills live in `.a4drules/skills/` and `feature/*/skills/`. See **webapp-skills-first.md** for the full protocol and a task-to-skill lookup table.
+# Deployment Order (MUST FOLLOW)
+**Metadata deployments must complete before fetching GraphQL schema or running codegen.** The schema reflects the current org state; custom objects and fields appear only after metadata is deployed. Running schema fetch or codegen too early produces incomplete or incorrect types.
+**Invoke the `deploying-to-salesforce` skill** (`.a4drules/skills/deploying-to-salesforce/`) whenever the task involves:
+- Deploying metadata (objects, permission sets, layouts)
+- Fetching GraphQL schema (`npm run graphql:schema`)
+- Running GraphQL codegen (`npm run graphql:codegen`)
+- Generating deploy/setup commands or syncing with the org
+The skill enforces the correct sequence: **deploy metadata → assign permset → schema fetch → codegen**.
+**Critical rules:**
+- Do **not** run `npm run graphql:schema` before metadata (objects, permission sets) is deployed — the schema will not include custom objects/fields.
+- Do **not** skip schema refetch after any metadata deployment — re-run `npm run graphql:schema` and `npm run graphql:codegen` from the webapp dir.
 # Web App Generation
 ## Before `sf webapp generate`

package/dist/.a4drules/skills/deploying-to-salesforce/SKILL.md ADDED Viewed

@@ -0,0 +1,229 @@
+---
+name: deploying-to-salesforce
+description: Enforces the correct order for deploying metadata, assigning permission sets, and fetching GraphQL schema. Use for ANY deployment to a Salesforce org — webapps, LWC, Aura, Apex, metadata, schema fetch, or org sync. Codifies setup-cli.mjs.
+paths:
+  - "**/*"
+---
+# Deploying to Salesforce
+Guidance for AI agents deploying metadata to a Salesforce org or syncing with the org. **The order of operations is critical.** This skill codifies the exact sequence from `scripts/setup-cli.mjs` and documents **every Salesforce interaction**.
+## When to Use
+Invoke this skill whenever the task involves:
+- Deploying metadata (objects, permission sets, layouts, Apex, web applications)
+- Generating deploy commands or setup instructions
+- Fetching the GraphQL schema (`npm run graphql:schema`)
+- Running GraphQL codegen (`npm run graphql:codegen`)
+- Full org setup (login, deploy, permset, data, schema, build)
+- Any manual step that touches the Salesforce org
+## Canonical Sequence (from setup-cli.mjs)
+Execute steps in this **exact order**. Steps marked **(SF)** perform a Salesforce API or CLI interaction.
+### Step 1: Login — org authentication
+| Action | Salesforce interaction? | Command |
+|--------|-------------------------|---------|
+| Check if org is connected | **(SF)** | `sf org display --target-org <alias> --json` |
+| If not connected: authenticate | **(SF)** | `sf org login web --alias <alias>` |
+- **Run when:** Org is not connected. **Omit when:** Org is already authenticated (check via `sf org display`).
+- All subsequent steps require an authenticated org.
+### Step 2: Webapp build — pre-deploy (required for entity deployment)
+| Action | Salesforce interaction? | Command |
+|--------|-------------------------|---------|
+| Install dependencies | No | `npm install` (in each webapp dir) |
+| Build web app | No | `npm run build` (in each webapp dir) |
+- Produces `dist/` so `sf project deploy start` can deploy web application entities. Run **before** deploy when deploying web apps.
+- **Run when:** Deploying web apps AND (`dist/` does not exist OR webapp source has changed since last build). **Omit when:** Not deploying, or `dist/` is current and no source changes.
+### Step 3: Deploy metadata
+| Action | Salesforce interaction? | Command |
+|--------|-------------------------|---------|
+| Deploy metadata | **(SF)** | See below |
+**Check for a manifest (package.xml) first.** Only use it if present:
+- **If `manifest/package.xml` (or `package.xml`) exists:** Deploy using the manifest:
+  ```bash
+  sf project deploy start --manifest manifest/package.xml --target-org <alias>
+  ```
+- **If no manifest exists:** Deploy all metadata from the project (packageDirectories in sfdx-project.json):
+  ```bash
+  sf project deploy start --target-org <alias>
+  ```
+Do not assume a manifest exists. Check the project root and common locations (e.g., `manifest/`, `config/`) before choosing the deploy command.
+- Deploys objects, layouts, permission sets, Apex classes, web applications, and all other metadata.
+- **Must complete successfully before schema fetch** — the schema reflects org state; custom objects/fields appear only after deployment.
+- **Run when:** Metadata has changed since last deploy, or never deployed. **Omit when:** No metadata changes and deploy has already run successfully.
+### Step 4: Post-deployment configuration — assign permissions and configure
+| Action | Salesforce interaction? | Command |
+|--------|-------------------------|---------|
+| Assign permission set or group | **(SF)** | `sf org assign permset --name <name> --target-org <alias>` (works for both permsets and permset groups) |
+| Assign profile to user | **(SF)** | `sf data update record` or at user creation |
+| Other post-deploy config | **(SF)** | Varies (e.g., named credentials, connected apps, custom settings) |
+**Example commands:**
+```bash
+# Permission set (assigns to default user of target org)
+sf org assign permset --name Property_Management_Access --target-org myorg
+# Permission set group (same command; pass the group name)
+sf org assign permset --name My_Permset_Group --target-org myorg
+# Assign to a specific user
+sf org assign permset --name Property_Management_Access --target-org myorg --on-behalf-of user@example.com
+# Profile — update existing user's profile (requires ProfileId and User Id)
+sf data update record --sobject User --record-id <userId> --values "ProfileId=<profileId>" --target-org myorg
+# Profile — get ProfileId first
+sf data query --query "SELECT Id, Name FROM Profile WHERE Name='Standard User'" --target-org myorg
+```
+- **Deploying does not mean assigning.** Even after permission sets, permission set groups, and profiles are deployed to the org, they must be explicitly assigned or configured for users. Deployment makes them available; assignment/configuration grants access.
+- **Permission sets** — Assign to users so they have access to custom objects and fields. Required for GraphQL introspection to return the correct schema.
+- **Permission set groups** — Assign to users when using grouped permission sets.
+- **Profiles** — Ensure users have the correct profile; profile assignment may be done at user creation or via Setup.
+- **Other post-deploy configuration** — Named credentials, connected apps, custom settings, flow activation, and any metadata that requires manual configuration after deploy.
+- All of the above must exist in the org (deployed in Step 3).
+- **Run when:** Any permission set, permission set group, profile, or other post-deploy config was deployed or changed and not yet assigned/configured. **Omit when:** All required assignments and configuration are already in place.
+**Proactive behavior:** After a successful deploy, discover permission sets in the project (e.g., `force-app/main/default/permissionsets/*.permissionset-meta.xml`) and assign each one. Extract the API name from the filename (e.g., `Property_Management_Access.permissionset-meta.xml` → `Property_Management_Access`). If the user has not explicitly requested a full setup, you may ask: "Do you want me to assign the permission sets to your org?" — but do not skip this step silently; either run it or ask.
+### Step 5: Data — prepare and import (optional)
+| Action | Salesforce interaction? | Command |
+|--------|-------------------------|---------|
+| Prepare unique fields | No | `node scripts/prepare-import-unique-fields.js --data-dir <dataDir>` |
+| Clean existing records | **(SF)** | `sf apex run --target-org <alias> --file <apex>` (per sobject, reverse plan order) |
+| Import records | **(SF)** | `sf apex run --target-org <alias> --file <apex>` (per batch) |
+- Only runs if `data/data-plan.json` and `data/` exist.
+- Delete runs in reverse plan order (children before parents).
+- Import uses Anonymous Apex with `Database.DMLOptions.duplicateRuleHeader.allowSave = true`.
+- **Run when:** Data plan exists AND (never imported OR data files or plan changed). **Omit when:** No data plan, or data already imported and unchanged.
+**Proactive behavior:** If `data/data-plan.json` and `data/` exist, you MUST ask the user: "Do you want me to import the sample data now? This will prepare unique fields, optionally clean existing records, and import data. Reply yes to proceed." Do not skip this step silently; either run it (after confirmation) or ask. Never import or clean without explicit user confirmation.
+### Step 6: GraphQL schema and codegen
+| Action | Salesforce interaction? | Command |
+|--------|-------------------------|---------|
+| Install webapp deps | No | `npm install` (in webapp dir) |
+| Set default org | **(SF)** | `sf config set target-org <alias> --global` |
+| Fetch schema (introspection) | **(SF)** | `npm run graphql:schema` (from webapp dir) |
+| Generate types | No | `npm run graphql:codegen` (from webapp dir) |
+- `graphql:schema` performs GraphQL introspection against the org — a **Salesforce API call**.
+- Schema is written to `schema.graphql` at the SFDX project root.
+- Codegen reads the schema file locally; no Salesforce interaction.
+- **Run when:** Schema does not exist, OR metadata was deployed/changed since last schema fetch, OR permissions or post-deploy config was assigned since last schema fetch. **Omit when:** Schema exists and is current relative to org state.
+### Step 7: Webapp build (if not done in Step 2)
+| Action | Salesforce interaction? | Command |
+|--------|-------------------------|---------|
+| Build web app | No | `npm run build` (in webapp dir) |
+- **Run when:** Build is needed (e.g., for dev server or deploy) AND (`dist/` does not exist OR webapp source has changed since last build). **Omit when:** `dist/` is current and no build needed.
+### Step 8: Dev server (optional)
+| Action | Salesforce interaction? | Command |
+|--------|-------------------------|---------|
+| Launch dev server | No | `npm run dev` (in webapp dir) |
+- **Run when:** User requests to launch the dev server. **Omit when:** Not requested.
+## Summary: All Salesforce Interactions (in order)
+1. `sf org display` — check org connection
+2. `sf org login web` — authenticate (if needed)
+3. `sf project deploy start` — deploy metadata
+4. `sf org assign permset` (permsets and permset groups) / profile assignment / other post-deploy config — assign permissions and configure
+5. `sf apex run` — delete existing data (if data plan)
+6. `sf apex run` — import data (if data plan)
+7. `sf config set target-org` — set default org for schema
+8. `npm run graphql:schema` — GraphQL introspection (Salesforce API)
+## Post-Deploy Checklist (MUST NOT SKIP)
+After **every successful metadata deploy**, the agent MUST address these before considering the task complete:
+1. **Permission sets** — Discover `force-app/main/default/permissionsets/*.permissionset-meta.xml`, extract API names, and assign each via `sf org assign permset --name <name> --target-org <alias>`. If unsure, ask: "Do you want me to assign the permission sets (e.g., Property_Management_Access, Tenant_Maintenance_Access) to your org?"
+2. **Data import** — If `data/data-plan.json` exists, ask: "Do you want me to import the sample data now? Reply yes to proceed." Do not import without confirmation.
+3. **Schema refetch** — Run `npm run graphql:schema` and `npm run graphql:codegen` from the webapp dir (required after deploy).
+Do not silently skip permission set assignment or data import. Either run them or ask the user.
+## Agent Decision Criteria
+Evaluate each step before running it. Ask:
+- **Has this step ever run before?** If not, it is likely needed.
+- **Have changes been made that require this step?** (e.g., metadata edits → deploy; deploy → schema refetch)
+- **Is the current state sufficient?** (e.g., org connected, schema exists and is current, permissions and post-deploy config assigned)
+Do not rely on CLI flags. Decide based on project state and what has changed.
+## Evaluation: When Each Step Touches Salesforce
+| Step | Salesforce interaction | Run when |
+|------|------------------------|----------|
+| 1. Login | Yes | Org not connected |
+| 2. Webapp build | No | Deploying web apps AND dist missing or source changed |
+| 3. Deploy | Yes | Metadata changed or never deployed |
+| 4. Post-deploy config | Yes | Permission sets, permset groups, profiles, or other config deployed/changed and not assigned |
+| 5. Data | Yes | Data plan exists AND (never imported OR data changed) |
+| 6. GraphQL | Yes (schema only) | Schema missing or metadata/permissions changed since last fetch |
+| 7. Webapp build | No | Build needed AND dist missing or source changed |
+| 8. Dev | No | User requests dev server |
+**Critical rule:** Steps 3 (deploy) and 4 (post-deploy config) must complete **before** step 6 (graphql:schema). The schema reflects the org state; running introspection too early yields an incomplete schema.
+## Schema Refetch Rule (CRITICAL)
+**After any metadata deployment**, you MUST re-run schema fetch and codegen:
+- New custom objects
+- New custom fields
+- New or updated permission sets
+- Any change to metadata that affects the GraphQL schema
+```bash
+# From webapp dir (force-app/main/default/webapplications/<appName>/)
+npm run graphql:schema
+npm run graphql:codegen
+```
+Do **not** assume the existing `schema.graphql` is current after metadata changes.
+## One-Command Setup (Reference)
+The project includes `scripts/setup-cli.mjs` which runs this sequence in batch. Use it when the user wants a full setup; otherwise, follow this skill and run only the steps that are needed based on current state.
+## Prohibited Actions
+- **Do not** run `npm run graphql:schema` before metadata is deployed — the schema will not include custom objects/fields
+- **Do not** skip schema refetch after deploying new metadata — types and queries will be out of sync
+- **Do not** assign permissions or configure before deploying — permission sets, permset groups, and profiles must exist in the org first
+- **Do not** run GraphQL introspection before assigning permissions — the user may lack FLS for custom fields
+## Related Skills
+- **exploring-graphql-schema** — Schema exploration (grep-only) after schema exists
+- **using-graphql** — Full GraphQL workflow (explore, query, codegen, lint)

package/dist/.a4drules/skills/exploring-graphql-schema/SKILL.md CHANGED Viewed

@@ -11,6 +11,13 @@ paths:
 Guidance for AI agents working with the Salesforce GraphQL API schema. **GREP ONLY** — the schema file is very large (~265,000+ lines). All lookups MUST use grep; do NOT open, read, stream, or parse the file.
+## Deployment Prerequisites
+The schema reflects the **current org state**. Custom objects and fields appear only after metadata is deployed.
+- **Before** running `npm run graphql:schema`: Deploy all metadata (objects, permission sets, layouts) and assign the permission set to the target user. Invoke the `deploying-to-salesforce` skill for the full sequence.
+- **After** any metadata deployment: Re-run `npm run graphql:schema` and `npm run graphql:codegen` so types and queries stay in sync.
 ## Schema File Location
 **Location:** `schema.graphql` at the **SFDX project root** (NOT inside the webapp dir). All grep commands **must be run from the project root** where `schema.graphql` lives.
@@ -93,24 +100,6 @@ Search for `input <ObjectName>CreateInput` or `input <ObjectName>UpdateInput`:
 grep -nE '^input[[:space:]]+AccountCreateInput\b' ./schema.graphql -A 30
 ```
-## Common Operator Types
-- **StringOperators**: `eq`, `ne`, `like`, `lt`, `gt`, `lte`, `gte`, `in`, `nin`
-- **OrderByClause**: `order: ResultOrder` (ASC/DESC), `nulls: NullOrder` (FIRST/LAST)
-## Field Value Wrappers
-Salesforce GraphQL returns field values wrapped in typed objects:
-| Wrapper Type    | Access Pattern                     |
-| --------------- | ---------------------------------- |
-| `StringValue`   | `FieldName { value }`              |
-| `IntValue`      | `FieldName { value }`              |
-| `BooleanValue`  | `FieldName { value }`              |
-| `DateTimeValue` | `FieldName { value displayValue }` |
-| `PicklistValue` | `FieldName { value displayValue }` |
-| `CurrencyValue` | `FieldName { value displayValue }` |
 ## Agent Workflow for Building Queries (grep-only)
 **Pre-requisites (MANDATORY):**

package/dist/.a4drules/skills/using-graphql/SKILL.md CHANGED Viewed

@@ -59,7 +59,8 @@ The base React app (`base-react-app`) ships with all GraphQL dependencies and to
 Before using this skill, ensure:
 1. The `@salesforce/sdk-data` package is available (provides `createDataSDK`, `gql`, `NodeOfConnection`)
-2. A `schema.graphql` file exists at the project root. If missing, generate it:
+2. **Deployment order**: Metadata must be deployed before schema fetch; schema must be refetched after any metadata deployment. Invoke the `deploying-to-salesforce` skill when deploying or syncing with the org.
+3. A `schema.graphql` file exists at the project root. If missing, generate it:
    ```bash
    # Run from webapp dir (force-app/main/default/webapplications/<app-name>/)
    npm run graphql:schema

package/dist/.a4drules/webapp-code-quality.md CHANGED Viewed

@@ -15,7 +15,6 @@ Enforces ESLint, TypeScript, and build validation for consistent, maintainable c
 ```bash
 npm run lint   # MUST result in 0 errors
 npm run build  # MUST succeed (includes TypeScript check)
-npm run graphql:codegen # MUST succeed (verifies graphql queries)
 ```
 **Must Pass:**
@@ -25,4 +24,8 @@ npm run graphql:codegen # MUST succeed (verifies graphql queries)
 **Can Be Warnings:**
 - ESLint warnings (fix when convenient)
-- Minor TypeScript warnings
+- Minor TypeScript warnings
+## When Failures Occur
+If `npm run lint` or `npm run build` fails, the agent **must** attempt to resolve the issues and retry. Do not leave the session with failing quality gates. Fix the reported errors (TypeScript, ESLint), then re-run the failing command. Repeat until all steps pass.

package/dist/.a4drules/webapp-data-access.md ADDED Viewed

@@ -0,0 +1,25 @@
+---
+description: Salesforce data access for web apps — when and how to use the accessing-data skill
+paths:
+  - "**/*"
+---
+# Web App Data Access
+For all Salesforce data access from web apps (GraphQL, REST, Chatter, Connect, Apex REST, UI API, Einstein LLM), invoke the **`accessing-data`** skill (`.a4drules/skills/accessing-data/`). It enforces Data SDK usage (`createDataSDK()` + `sdk.graphql` or `sdk.fetch`), GraphQL-first preference, optional chaining, and documents when to use `sdk.fetch` via the `fetching-rest-api` skill.
+## Sub-skills
+- **GraphQL** — For queries and mutations, invoke the **`using-graphql`** skill (`.a4drules/skills/using-graphql/`). Covers schema exploration, query patterns, codegen, and type generation.
+- **REST / UI API** — When GraphQL cannot cover the use case, use `sdk.fetch?.()`. See the **`fetching-rest-api`** skill (`.a4drules/skills/fetching-rest-api/`) for Chatter, Connect REST, Apex REST, UI API REST, and Einstein LLM.
+## Clarifying Vague Data Requests
+When a user asks about data and the request is vague, **clarify before implementing**. Ask which of the following they want:
+- **Application code** — Add or modify code in a specific web app so the app performs the data interaction at runtime (e.g., GraphQL query in the React app)
+- **Local SF CLI** — Run Salesforce CLI commands locally (e.g., `sf data query`, `sf data import tree`) to interact with the org from the terminal
+- **Local example data** — Update or add local fixture/example data files (e.g., JSON in `data/`) for development or testing
+- **Other** — Data export, report generation, setup script, etc.
+Do not assume. A request like "fetch accounts" could mean: (1) add a GraphQL query to the app, (2) run `sf data query` in the terminal, or (3) update sample data files. Confirm the intent before proceeding.

package/dist/.a4drules/webapp-deployment.md ADDED Viewed

@@ -0,0 +1,32 @@
+---
+description: Always invoke the deploying-to-salesforce skill for deployment, schema fetch, or org sync
+paths:
+  - "**/*"
+---
+# Web App Deployment
+**This rule always applies.** Before running any deployment, schema fetch, codegen, or org sync command, you MUST invoke the **deploying-to-salesforce** skill (`.a4drules/skills/deploying-to-salesforce/SKILL.md`).
+## When to Invoke
+Invoke the skill whenever the task involves:
+- Deploying metadata (`sf project deploy start`)
+- Assigning permission sets, permission set groups, or profiles
+- Fetching GraphQL schema (`npm run graphql:schema`)
+- Running GraphQL codegen (`npm run graphql:codegen`)
+- Data import or cleaning existing records
+- Any command that touches the Salesforce org
+## Required Behavior
+1. **Read the skill first** — Open and read the full deploying-to-salesforce skill before executing deployment-related steps.
+2. **Follow the canonical sequence** — Execute steps in the exact order defined in the skill.
+3. **Evaluate before each step** — Use the skill's "Run when" / "Omit when" criteria; do not run steps blindly.
+4. **Proactive post-deploy actions** — After a successful deploy, the agent MUST either run or explicitly offer:
+   - **Permission set assignment:** Discover permsets in `force-app/main/default/permissionsets/` and assign each to the org (or ask: "Do you want me to assign the permission sets?")
+   - **Data import:** If `data/data-plan.json` exists, ask: "Do you want me to import the sample data now?" — never import without explicit user confirmation.
+5. **Ask before data operations** — Never import data or clean existing records without explicit user confirmation.
+Do not bypass this skill. It enforces the correct deployment order and prevents schema/codegen failures.

package/dist/.a4drules/webapp-react-typescript.md CHANGED Viewed

@@ -9,7 +9,7 @@ paths:
 ### Never Use `any`
 ```typescript
 // FORBIDDEN
-const data: any = await fetchData();
+const result: any = getSomething();
 ```
 ## React TypeScript Patterns
@@ -27,25 +27,17 @@ const handleSubmit = (event: React.FormEvent<HTMLFormElement>): void => {
 const [user, setUser] = useState<User | null>(null);
 ```
-### GraphQL via DataSDK
-See **webapp-react.md** for DataSDK usage patterns. Type your GraphQL responses:
-```typescript
-const response = await sdk.graphql?.<GetAccountsQuery>(QUERY, variables);
-```
 ### Type Assertions
 ```typescript
 // FORBIDDEN: Unsafe assertions
-const user = data as User;
+const user = obj as User;
 // REQUIRED: Type guards
 function isUser(obj: unknown): obj is User {
   return typeof obj === 'object' && obj !== null && typeof (obj as User).id === 'string';
 }
-if (isUser(data)) {
-  console.log(data.name); // Now safely typed
+if (isUser(obj)) {
+  console.log(obj.name); // Now safely typed
 }
 ```

package/dist/.a4drules/webapp-react.md CHANGED Viewed

@@ -1,12 +1,16 @@
 ---
-description: React-specific patterns and Salesforce data access for SFDX web apps
+description: React-specific patterns for SFDX web apps
 paths:
   - "**/webapplications/**/*"
 ---
 # React Web App (SFDX)
-For layout, navigation, and generation rules, see **webapp.md**.
+For layout, navigation, and generation rules, see **creating-webapp** (`.a4drules/skills/creating-webapp/SKILL.md`).
+## Deployment
+For deployment, schema fetch, codegen, or org sync, invoke the **`deploying-to-salesforce`** skill (`.a4drules/skills/deploying-to-salesforce/`).
 ## Routing (React Router)
@@ -21,14 +25,4 @@ Use a **single** router package for the app. When using `createBrowserRouter` an
 React apps must NOT import Salesforce platform modules like `lightning/*` or `@wire` (LWC-only)
-## Data Access (CRITICAL)
-For all Salesforce data access (GraphQL, REST, Chatter, Connect, Apex REST, UI API, Einstein LLM), invoke the **`accessing-data`** skill (`.a4drules/skills/accessing-data/`). It enforces Data SDK usage, GraphQL-first preference, optional chaining, and documents when to use `sdk.fetch` via the `fetching-rest-api` skill.
-### GraphQL (Preferred)
-For queries and mutations, invoke the **`using-graphql`** skill (`.a4drules/skills/using-graphql/`). It covers schema exploration, query patterns, codegen, type generation, and guardrails.
-### UI API (Fallback)
-When GraphQL cannot cover the use case, use `sdk.fetch?.()` for UI API endpoints. See the **`fetching-rest-api`** skill (`.a4drules/skills/fetching-rest-api/`) for full REST API documentation.
+For Salesforce data access, see **webapp-data-access** (`.a4drules/webapp-data-access.md`).

package/dist/AGENT.md CHANGED Viewed

@@ -61,11 +61,14 @@ This project includes **.a4drules/** at the project root. Follow them when gener
 - **Accessing Data** (`.a4drules/skills/accessing-data/`): Use for all Salesforce data fetches. Enforces Data SDK usage (`createDataSDK()` + `sdk.graphql` or `sdk.fetch`); GraphQL preferred, fetch when GraphQL is not sufficient.
 - **Fetching REST API** (`.a4drules/skills/fetching-rest-api/`): Use when implementing Chatter, Connect REST, Apex REST, UI API REST, or Einstein LLM calls via `sdk.fetch`.
 - **Using GraphQL** (`.a4drules/skills/using-graphql/`): Use when implementing Salesforce GraphQL queries or mutations. Sub-skills: `exploring-graphql-schema`, `generating-graphql-read-query`, `generating-graphql-mutation-query`.
+- **Deploying to Salesforce** (`.a4drules/skills/deploying-to-salesforce/`): Use when deploying metadata, fetching GraphQL schema, or generating deploy/setup commands. Enforces deploy → permset → schema → codegen order; schema refetch after metadata deployment.
 When rules refer to "web app directory" or `<sfdx-source>/webapplications/<appName>/`, resolve `<sfdx-source>` from `sfdx-project.json` and use the **actual app folder name** for this project.
 ## Deploying
+**Deployment order:** Metadata (objects, permission sets) must be deployed before GraphQL schema fetch. After any metadata deployment, re-run `npm run graphql:schema` and `npm run graphql:codegen` from the webapp dir. **One-command setup:** `node scripts/setup-cli.mjs --target-org <alias>` runs deploy → permset → schema → codegen in the correct order. Invoke the `deploying-to-salesforce` skill for full guidance.
 From **this project root** (resolve the actual SFDX source path from `sfdx-project.json`):
 ```bash

package/dist/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+## [1.107.3](https://github.com/salesforce-experience-platform-emu/webapps/compare/v1.107.2...v1.107.3) (2026-03-18)
+### Bug Fixes
+* **lint-and-metadata:** Linting in template apps, metadata and query fixes, and skills for deployment orders ([#304](https://github.com/salesforce-experience-platform-emu/webapps/issues/304)) ([980b931](https://github.com/salesforce-experience-platform-emu/webapps/commit/980b9318cba0f7d5d93620e08bf4138df51b3700))
 ## [1.107.2](https://github.com/salesforce-experience-platform-emu/webapps/compare/v1.107.1...v1.107.2) (2026-03-18)
 **Note:** Version bump only for package @salesforce/webapp-template-base-sfdx-project-experimental

package/dist/eslint.config.js ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * ESLint 9 flat config for LWC and Aura.
+ * @see https://github.com/salesforce/eslint-config-lwc
+ */
+const lwcConfig = require("@salesforce/eslint-config-lwc");
+module.exports = [...lwcConfig.configs.recommended];

package/dist/force-app/main/default/webapplications/feature-react-file-upload/eslint.config.js CHANGED Viewed

@@ -68,6 +68,8 @@ const config = [
       globals: {
         ...globals.browser,
         JSX: 'readonly',
+        React: 'readonly',
+        process: 'readonly',
       },
     },
     plugins: {

package/dist/force-app/main/default/webapplications/feature-react-file-upload/package.json CHANGED Viewed

@@ -15,14 +15,8 @@
     "graphql:schema": "node scripts/get-graphql-schema.mjs"
   },
   "dependencies": {
-    "@salesforce/agentforce-conversation-client": "file:../../../../../../../../../agentforceConversationClient",
-    "@salesforce/micro-frontends-experimental": "file:../../../../../../../../../micro-frontends",
-    "@salesforce/sdk-chat": "file:../../../../../../../../../sdk/sdk-chat",
-    "@salesforce/sdk-core": "file:../../../../../../../../../sdk/sdk-core",
-    "@salesforce/sdk-data": "file:../../../../../../../../../sdk/sdk-data",
-    "@salesforce/sdk-lightning": "file:../../../../../../../../../sdk/sdk-lightning",
-    "@salesforce/sdk-view": "file:../../../../../../../../../sdk/sdk-view",
-    "@salesforce/webapp-experimental": "file:../../../../../../../../../webapps",
+    "@salesforce/sdk-data": "^1.107.3",
+    "@salesforce/webapp-experimental": "^1.107.3",
     "@tailwindcss/vite": "^4.1.17",
     "@tanstack/react-form": "^1.28.5",
     "class-variance-authority": "^0.7.1",
@@ -48,7 +42,7 @@
     "@graphql-eslint/eslint-plugin": "^4.1.0",
     "@graphql-tools/utils": "^11.0.0",
     "@playwright/test": "^1.49.0",
-    "@salesforce/vite-plugin-webapp-experimental": "file:../../../../../../../../../vite-plugin-webapps",
+    "@salesforce/vite-plugin-webapp-experimental": "^1.107.3",
     "@testing-library/jest-dom": "^6.6.3",
     "@testing-library/react": "^16.1.0",
     "@testing-library/user-event": "^14.5.2",

package/dist/force-app/main/default/webapplications/feature-react-file-upload/src/app.tsx CHANGED Viewed

@@ -4,7 +4,10 @@ import { StrictMode } from 'react';
 import { createRoot } from 'react-dom/client';
 import './styles/global.css';
-const basename = (globalThis as any).SFDC_ENV?.basePath;
+// Normalize basename: strip trailing slash so it matches URLs like /lwr/application/ai/c-app
+const rawBasePath = (globalThis as any).SFDC_ENV?.basePath;
+const basename =
+  typeof rawBasePath === 'string' ? rawBasePath.replace(/\/+$/, '') : undefined;
 const router = createBrowserRouter(routes, { basename });
 createRoot(document.getElementById('root')!).render(

package/dist/force-app/main/default/webapplications/feature-react-file-upload/src/components/alerts/status-alert.tsx CHANGED Viewed

@@ -26,10 +26,10 @@ interface StatusAlertProps extends VariantProps<typeof statusAlertVariants> {
  * Returns null if no children are provided.
  */
 export function StatusAlert({ children, variant = 'error' }: StatusAlertProps) {
+  const descriptionId = useId();
   if (!children) return null;
   const isError = variant === 'error';
-  const descriptionId = useId();
   return (
     <Alert

package/dist/force-app/main/default/webapplications/feature-react-file-upload/tsconfig.json CHANGED Viewed

@@ -31,6 +31,12 @@
       "@assets/*": ["./src/assets/*"]
     }
   },
-  "include": ["src", "vite-env.d.ts", "vitest-env.d.ts"],
+  "include": [
+    "src",
+    "e2e",
+    "vite-env.d.ts",
+    "vitest-env.d.ts",
+    "vitest.setup.ts"
+  ],
   "references": [{ "path": "./tsconfig.node.json" }]
 }