@squadbase/vite-server 0.1.4-dev.1 → 0.1.5-dev.0

package/dist/connectors/salesforce.js

@@ -0,0 +1,862 @@
+// ../connectors/src/parameter-definition.ts
+var ParameterDefinition = class {
+  slug;
+  name;
+  description;
+  envVarBaseKey;
+  type;
+  secret;
+  required;
+  constructor(config) {
+    this.slug = config.slug;
+    this.name = config.name;
+    this.description = config.description;
+    this.envVarBaseKey = config.envVarBaseKey;
+    this.type = config.type;
+    this.secret = config.secret;
+    this.required = config.required;
+  }
+  /**
+   * Get the parameter value from a ConnectorConnectionObject.
+   */
+  getValue(connection2) {
+    const param = connection2.parameters.find(
+      (p) => p.parameterSlug === this.slug
+    );
+    if (!param || param.value == null) {
+      throw new Error(
+        `Parameter "${this.slug}" not found or has no value in connection "${connection2.id}"`
+      );
+    }
+    return param.value;
+  }
+  /**
+   * Try to get the parameter value. Returns undefined if not found (for optional params).
+   */
+  tryGetValue(connection2) {
+    const param = connection2.parameters.find(
+      (p) => p.parameterSlug === this.slug
+    );
+    if (!param || param.value == null) return void 0;
+    return param.value;
+  }
+};
+
+// ../connectors/src/connectors/salesforce/parameters.ts
+var parameters = {
+  username: new ParameterDefinition({
+    slug: "username",
+    name: "Username",
+    description: "Your Salesforce account username (the email you use to sign in).",
+    envVarBaseKey: "SALESFORCE_USERNAME",
+    type: "text",
+    secret: false,
+    required: true
+  }),
+  password: new ParameterDefinition({
+    slug: "password",
+    name: "Password",
+    description: "Your Salesforce account password concatenated with your security token (password + securityToken). The security token is emailed to you when you reset it from Settings \u2192 My Personal Information \u2192 Reset My Security Token.",
+    envVarBaseKey: "SALESFORCE_PASSWORD",
+    type: "text",
+    secret: true,
+    required: true
+  }),
+  clientId: new ParameterDefinition({
+    slug: "client-id",
+    name: "Consumer Key",
+    description: "The Consumer Key (client_id) of your Salesforce Connected App. Enable OAuth Settings and 'Allow OAuth Username-Password Flows' in your org's identity settings.",
+    envVarBaseKey: "SALESFORCE_CLIENT_ID",
+    type: "text",
+    secret: false,
+    required: true
+  }),
+  clientSecret: new ParameterDefinition({
+    slug: "client-secret",
+    name: "Consumer Secret",
+    description: "The Consumer Secret (client_secret) of your Salesforce Connected App.",
+    envVarBaseKey: "SALESFORCE_CLIENT_SECRET",
+    type: "text",
+    secret: true,
+    required: true
+  }),
+  isSandbox: new ParameterDefinition({
+    slug: "is-sandbox",
+    name: "Use Sandbox",
+    description: 'Set to "true" to authenticate against a Salesforce sandbox (test.salesforce.com) instead of production (login.salesforce.com). Defaults to "false".',
+    envVarBaseKey: "SALESFORCE_IS_SANDBOX",
+    type: "text",
+    secret: false,
+    required: false
+  })
+};
+
+// ../connectors/src/connectors/salesforce/sdk/index.ts
+var DEFAULT_API_VERSION = "60.0";
+async function fetchAccessToken(loginHost, clientId, clientSecret, username, password) {
+  const body = new URLSearchParams({
+    grant_type: "password",
+    client_id: clientId,
+    client_secret: clientSecret,
+    username,
+    password
+  });
+  const res = await fetch(`${loginHost}/services/oauth2/token`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString()
+  });
+  if (!res.ok) {
+    const errText = await res.text().catch(() => "(unreadable body)");
+    throw new Error(
+      `salesforce: failed to obtain access token: ${res.status} ${res.statusText} \u2014 ${errText}`
+    );
+  }
+  const json = await res.json();
+  if (!json.access_token || !json.instance_url) {
+    throw new Error(
+      "salesforce: access_token or instance_url not found in token response"
+    );
+  }
+  return { accessToken: json.access_token, instanceUrl: json.instance_url };
+}
+function createClient(params) {
+  const username = params[parameters.username.slug];
+  const password = params[parameters.password.slug];
+  const clientId = params[parameters.clientId.slug];
+  const clientSecret = params[parameters.clientSecret.slug];
+  const isSandbox = (params[parameters.isSandbox.slug] ?? "").toLowerCase() === "true";
+  for (const [slug, value] of [
+    [parameters.username.slug, username],
+    [parameters.password.slug, password],
+    [parameters.clientId.slug, clientId],
+    [parameters.clientSecret.slug, clientSecret]
+  ]) {
+    if (!value) {
+      throw new Error(`salesforce: missing required parameter: ${slug}`);
+    }
+  }
+  const loginHost = isSandbox ? "https://test.salesforce.com" : "https://login.salesforce.com";
+  async function getToken() {
+    return fetchAccessToken(
+      loginHost,
+      clientId,
+      clientSecret,
+      username,
+      password
+    );
+  }
+  async function authFetch(path2, init) {
+    const { accessToken, instanceUrl } = await getToken();
+    const url = path2.startsWith("http") ? path2 : `${instanceUrl}${path2.startsWith("/") ? "" : "/"}${path2}`;
+    const headers = new Headers(init?.headers);
+    headers.set("Authorization", `Bearer ${accessToken}`);
+    if (!headers.has("Content-Type") && init?.body) {
+      headers.set("Content-Type", "application/json");
+    }
+    return fetch(url, { ...init, headers });
+  }
+  async function assertOk(res, label) {
+    if (!res.ok) {
+      const body = await res.text().catch(() => "(unreadable body)");
+      throw new Error(
+        `salesforce ${label}: ${res.status} ${res.statusText} \u2014 ${body}`
+      );
+    }
+  }
+  const apiBase = `/services/data/v${DEFAULT_API_VERSION}`;
+  return {
+    request(path2, init) {
+      return authFetch(path2, init);
+    },
+    async query(soql) {
+      const res = await authFetch(
+        `${apiBase}/query?q=${encodeURIComponent(soql)}`,
+        { method: "GET" }
+      );
+      await assertOk(res, "query");
+      return await res.json();
+    },
+    async queryMore(nextRecordsUrl) {
+      const res = await authFetch(nextRecordsUrl, { method: "GET" });
+      await assertOk(res, "queryMore");
+      return await res.json();
+    },
+    async describeSObject(objectType) {
+      const res = await authFetch(
+        `${apiBase}/sobjects/${encodeURIComponent(objectType)}/describe`,
+        { method: "GET" }
+      );
+      await assertOk(res, "describeSObject");
+      return await res.json();
+    },
+    async getRecord(objectType, id, options) {
+      const qs = options?.fields?.length ? `?fields=${encodeURIComponent(options.fields.join(","))}` : "";
+      const res = await authFetch(
+        `${apiBase}/sobjects/${encodeURIComponent(objectType)}/${encodeURIComponent(id)}${qs}`,
+        { method: "GET" }
+      );
+      await assertOk(res, "getRecord");
+      return await res.json();
+    },
+    async createRecord(objectType, fields) {
+      const res = await authFetch(
+        `${apiBase}/sobjects/${encodeURIComponent(objectType)}`,
+        {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify(fields)
+        }
+      );
+      await assertOk(res, "createRecord");
+      return await res.json();
+    },
+    async updateRecord(objectType, id, fields) {
+      const res = await authFetch(
+        `${apiBase}/sobjects/${encodeURIComponent(objectType)}/${encodeURIComponent(id)}`,
+        {
+          method: "PATCH",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify(fields)
+        }
+      );
+      await assertOk(res, "updateRecord");
+    },
+    async deleteRecord(objectType, id) {
+      const res = await authFetch(
+        `${apiBase}/sobjects/${encodeURIComponent(objectType)}/${encodeURIComponent(id)}`,
+        { method: "DELETE" }
+      );
+      await assertOk(res, "deleteRecord");
+    }
+  };
+}
+
+// ../connectors/src/connector-onboarding.ts
+var ConnectorOnboarding = class {
+  /** Phase 1: Connection setup instructions (optional — some connectors don't need this) */
+  connectionSetupInstructions;
+  /** Phase 2: Data overview instructions */
+  dataOverviewInstructions;
+  constructor(config) {
+    this.connectionSetupInstructions = config.connectionSetupInstructions;
+    this.dataOverviewInstructions = config.dataOverviewInstructions;
+  }
+  getConnectionSetupPrompt(language) {
+    return this.connectionSetupInstructions?.[language] ?? null;
+  }
+  getDataOverviewInstructions(language) {
+    return this.dataOverviewInstructions[language];
+  }
+};
+
+// ../connectors/src/connector-tool.ts
+var ConnectorTool = class {
+  name;
+  description;
+  inputSchema;
+  outputSchema;
+  _execute;
+  constructor(config) {
+    this.name = config.name;
+    this.description = config.description;
+    this.inputSchema = config.inputSchema;
+    this.outputSchema = config.outputSchema;
+    this._execute = config.execute;
+  }
+  createTool(connections, config) {
+    return {
+      description: this.description,
+      inputSchema: this.inputSchema,
+      outputSchema: this.outputSchema,
+      execute: (input) => this._execute(input, connections, config)
+    };
+  }
+};
+
+// ../connectors/src/connector-plugin.ts
+var ConnectorPlugin = class _ConnectorPlugin {
+  slug;
+  authType;
+  name;
+  description;
+  iconUrl;
+  parameters;
+  releaseFlag;
+  proxyPolicy;
+  experimentalAttributes;
+  onboarding;
+  systemPrompt;
+  tools;
+  query;
+  checkConnection;
+  constructor(config) {
+    this.slug = config.slug;
+    this.authType = config.authType;
+    this.name = config.name;
+    this.description = config.description;
+    this.iconUrl = config.iconUrl;
+    this.parameters = config.parameters;
+    this.releaseFlag = config.releaseFlag;
+    this.proxyPolicy = config.proxyPolicy;
+    this.experimentalAttributes = config.experimentalAttributes;
+    this.onboarding = config.onboarding;
+    this.systemPrompt = config.systemPrompt;
+    this.tools = config.tools;
+    this.query = config.query;
+    this.checkConnection = config.checkConnection;
+  }
+  get connectorKey() {
+    return _ConnectorPlugin.deriveKey(this.slug, this.authType);
+  }
+  /**
+   * Create tools for connections that belong to this connector.
+   * Filters connections by connectorKey internally.
+   * Returns tools keyed as `${connectorKey}_${toolName}`.
+   */
+  createTools(connections, config, opts) {
+    const myConnections = connections.filter(
+      (c) => _ConnectorPlugin.deriveKey(c.connector.slug, c.connector.authType) === this.connectorKey
+    );
+    const result = {};
+    for (const t of Object.values(this.tools)) {
+      const tool = t.createTool(myConnections, config);
+      const originalToModelOutput = tool.toModelOutput;
+      result[`${this.connectorKey}_${t.name}`] = {
+        ...tool,
+        toModelOutput: async (options) => {
+          if (!originalToModelOutput) {
+            return opts.truncateOutput(options.output);
+          }
+          const modelOutput = await originalToModelOutput(options);
+          if (modelOutput.type === "text" || modelOutput.type === "json") {
+            return opts.truncateOutput(modelOutput.value);
+          }
+          return modelOutput;
+        }
+      };
+    }
+    return result;
+  }
+  static deriveKey(slug, authType) {
+    if (authType) return `${slug}-${authType}`;
+    const LEGACY_NULL_AUTH_TYPE_MAP = {
+      // user-password
+      "postgresql": "user-password",
+      "mysql": "user-password",
+      "clickhouse": "user-password",
+      "kintone": "user-password",
+      "squadbase-db": "user-password",
+      // service-account
+      "snowflake": "service-account",
+      "bigquery": "service-account",
+      "google-analytics": "service-account",
+      "google-calendar": "service-account",
+      "aws-athena": "service-account",
+      "redshift": "service-account",
+      // api-key
+      "databricks": "api-key",
+      "dbt": "api-key",
+      "airtable": "api-key",
+      "openai": "api-key",
+      "gemini": "api-key",
+      "anthropic": "api-key",
+      "wix-store": "api-key"
+    };
+    const fallbackAuthType = LEGACY_NULL_AUTH_TYPE_MAP[slug];
+    if (fallbackAuthType) return `${slug}-${fallbackAuthType}`;
+    return slug;
+  }
+};
+
+// ../connectors/src/auth-types.ts
+var AUTH_TYPES = {
+  OAUTH: "oauth",
+  API_KEY: "api-key",
+  JWT: "jwt",
+  SERVICE_ACCOUNT: "service-account",
+  PAT: "pat",
+  USER_PASSWORD: "user-password"
+};
+
+// ../connectors/src/connectors/salesforce/setup.ts
+var salesforceOnboarding = new ConnectorOnboarding({
+  connectionSetupInstructions: {
+    en: `#### Create a Connected App in Salesforce
+1. In Salesforce Setup, go to App Manager \u2192 New Connected App
+2. Under API (Enable OAuth Settings), check "Enable OAuth Settings"
+3. Add OAuth scopes: "Manage user data via APIs (api)" and "Perform requests at any time (refresh_token, offline_access)"
+4. Save and note the Consumer Key (client_id) and Consumer Secret (client_secret)
+
+#### Allow Username-Password Flow
+1. Go to Setup \u2192 Identity \u2192 OAuth and OpenID Connect Settings
+2. Enable "Allow OAuth Username-Password Flows"
+
+#### Reset your Security Token
+1. Go to Settings \u2192 My Personal Information \u2192 Reset My Security Token
+2. Salesforce emails you a new security token \u2014 append it to your password when entering the Password parameter (password + securityToken)
+
+#### Sandbox vs Production
+- Leave Use Sandbox as "false" (or empty) to connect to production (login.salesforce.com)
+- Set Use Sandbox to "true" to connect to a sandbox (test.salesforce.com)`,
+    ja: `#### Salesforce \u3067 Connected App \u3092\u4F5C\u6210
+1. Setup \u2192 App Manager \u2192 New Connected App
+2. API (Enable OAuth Settings) \u30BB\u30AF\u30B7\u30E7\u30F3\u3067 "Enable OAuth Settings" \u3092\u6709\u52B9\u5316
+3. OAuth \u30B9\u30B3\u30FC\u30D7\u306B "Manage user data via APIs (api)" \u3068 "Perform requests at any time (refresh_token, offline_access)" \u3092\u8FFD\u52A0
+4. \u4FDD\u5B58\u5F8C\u3001Consumer Key (client_id) \u3068 Consumer Secret (client_secret) \u3092\u63A7\u3048\u308B
+
+#### Username-Password Flow \u3092\u8A31\u53EF
+1. Setup \u2192 Identity \u2192 OAuth and OpenID Connect Settings
+2. "Allow OAuth Username-Password Flows" \u3092\u6709\u52B9\u5316
+
+#### Security Token \u306E\u767A\u884C
+1. \u500B\u4EBA\u8A2D\u5B9A \u2192 My Personal Information \u2192 Reset My Security Token
+2. Salesforce \u304B\u3089\u9001\u3089\u308C\u308B\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30C8\u30FC\u30AF\u30F3\u3092\u30D1\u30B9\u30EF\u30FC\u30C9\u306B\u9023\u7D50\u3057\u3066\u5165\u529B\uFF08password + securityToken\uFF09
+
+#### Sandbox / Production
+- \u672C\u756A (login.salesforce.com) \u306E\u5834\u5408: Use Sandbox \u3092 "false" \u307E\u305F\u306F\u672A\u5165\u529B
+- Sandbox (test.salesforce.com) \u306E\u5834\u5408: Use Sandbox \u3092 "true" \u306B\u8A2D\u5B9A`
+  },
+  dataOverviewInstructions: {
+    en: `1. Call salesforce_request with GET /services/data/v60.0/sobjects/ to list available sObjects (standard + custom)
+2. Call salesforce_request with GET /services/data/v60.0/sobjects/Account/describe to inspect Account fields; repeat for Contact, Opportunity, Lead as needed
+3. Run a sample SOQL query: GET /services/data/v60.0/query?q=SELECT+Id,Name,Industry+FROM+Account+LIMIT+5 to verify access and explore data`,
+    ja: `1. salesforce_request \u3067 GET /services/data/v60.0/sobjects/ \u3092\u547C\u3073\u51FA\u3057\u3001\u5229\u7528\u53EF\u80FD\u306A sObject\uFF08\u6A19\u6E96 + \u30AB\u30B9\u30BF\u30E0\uFF09\u3092\u4E00\u89A7\u53D6\u5F97
+2. salesforce_request \u3067 GET /services/data/v60.0/sobjects/Account/describe \u3092\u547C\u3073\u51FA\u3057 Account \u306E\u30D5\u30A3\u30FC\u30EB\u30C9\u3092\u78BA\u8A8D\u3002Contact / Opportunity / Lead \u306A\u3069\u5FC5\u8981\u306A sObject \u306B\u5BFE\u3057\u3066\u540C\u69D8\u306B\u5B9F\u884C
+3. \u30B5\u30F3\u30D7\u30EB SOQL \u3092\u5B9F\u884C: GET /services/data/v60.0/query?q=SELECT+Id,Name,Industry+FROM+Account+LIMIT+5 \u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u5426\u3068\u30C7\u30FC\u30BF\u69CB\u9020\u3092\u78BA\u8A8D`
+  }
+});
+
+// ../connectors/src/connectors/salesforce/tools/request.ts
+import { z } from "zod";
+var REQUEST_TIMEOUT_MS = 6e4;
+var inputSchema = z.object({
+  toolUseIntent: z.string().optional().describe(
+    "Brief description of what you intend to accomplish with this tool call"
+  ),
+  connectionId: z.string().describe("ID of the Salesforce connection to use"),
+  method: z.enum(["GET", "POST", "PATCH", "DELETE"]).describe(
+    "HTTP method. GET for reading resources and SOQL queries, POST for creating, PATCH for updating, DELETE for removing."
+  ),
+  path: z.string().describe(
+    "API path appended to the instance URL (e.g., '/services/data/v60.0/sobjects/Account', '/services/data/v60.0/query?q=SELECT+Id,Name+FROM+Account+LIMIT+5'). Always start the path with '/services/data/'."
+  ),
+  body: z.record(z.string(), z.unknown()).optional().describe("Request body (JSON) for POST/PATCH requests")
+});
+var outputSchema = z.discriminatedUnion("success", [
+  z.object({
+    success: z.literal(true),
+    status: z.number(),
+    data: z.record(z.string(), z.unknown())
+  }),
+  z.object({
+    success: z.literal(false),
+    error: z.string()
+  })
+]);
+var requestTool = new ConnectorTool({
+  name: "request",
+  description: `Send authenticated requests to the Salesforce REST API.
+Authentication is handled automatically using the OAuth 2.0 username-password flow (Connected App Consumer Key + Secret with the Salesforce account credentials). An access token and instance URL are obtained on each request, so the tool user only provides the API path.
+Use this tool for all Salesforce interactions: describing sObjects, running SOQL queries (GET /services/data/vXX.X/query?q=...), reading/creating/updating standard (Account, Contact, Opportunity, Lead, Case) and custom objects.
+Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads rather than paginating /sobjects/{Type} endpoints.`,
+  inputSchema,
+  outputSchema,
+  async execute({ connectionId, method, path: path2, body }, connections) {
+    const connection2 = connections.find((c) => c.id === connectionId);
+    if (!connection2) {
+      return {
+        success: false,
+        error: `Connection ${connectionId} not found`
+      };
+    }
+    console.log(
+      `[connector-request] salesforce/${connection2.name}: ${method} ${path2}`
+    );
+    try {
+      const username = parameters.username.getValue(connection2);
+      const password = parameters.password.getValue(connection2);
+      const clientId = parameters.clientId.getValue(connection2);
+      const clientSecret = parameters.clientSecret.getValue(connection2);
+      const isSandbox = parameters.isSandbox.tryGetValue(connection2)?.toLowerCase() === "true";
+      const loginHost = isSandbox ? "https://test.salesforce.com" : "https://login.salesforce.com";
+      const tokenBody = new URLSearchParams({
+        grant_type: "password",
+        client_id: clientId,
+        client_secret: clientSecret,
+        username,
+        password
+      });
+      const tokenRes = await fetch(`${loginHost}/services/oauth2/token`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: tokenBody.toString()
+      });
+      if (!tokenRes.ok) {
+        const errText = await tokenRes.text().catch(() => "(unreadable body)");
+        return {
+          success: false,
+          error: `Failed to obtain access token: ${tokenRes.status} ${tokenRes.statusText} \u2014 ${errText}`
+        };
+      }
+      const tokenJson = await tokenRes.json();
+      if (!tokenJson.access_token || !tokenJson.instance_url) {
+        return {
+          success: false,
+          error: "access_token or instance_url not found in token response"
+        };
+      }
+      const url = `${tokenJson.instance_url}${path2.startsWith("/") ? "" : "/"}${path2}`;
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+      try {
+        const response = await fetch(url, {
+          method,
+          headers: {
+            Authorization: `Bearer ${tokenJson.access_token}`,
+            "Content-Type": "application/json"
+          },
+          body: body ? JSON.stringify(body) : void 0,
+          signal: controller.signal
+        });
+        const text = await response.text();
+        let data;
+        try {
+          data = text ? JSON.parse(text) : {};
+        } catch {
+          data = { raw: text };
+        }
+        if (!response.ok) {
+          let errorMessage = `HTTP ${response.status} ${response.statusText}`;
+          if (Array.isArray(data) && data.length > 0) {
+            const first = data[0];
+            if (first.message) {
+              errorMessage = first.errorCode ? `${first.errorCode}: ${first.message}` : first.message;
+            }
+          } else if (typeof data.message === "string") {
+            errorMessage = data.message;
+          } else if (typeof data.error === "string") {
+            errorMessage = data.error;
+          }
+          return { success: false, error: errorMessage };
+        }
+        return { success: true, status: response.status, data };
+      } finally {
+        clearTimeout(timeout);
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return { success: false, error: msg };
+    }
+  }
+});
+
+// ../connectors/src/connectors/salesforce/index.ts
+var tools = { request: requestTool };
+var salesforceConnector = new ConnectorPlugin({
+  slug: "salesforce",
+  authType: AUTH_TYPES.USER_PASSWORD,
+  name: "Salesforce",
+  description: "Connect to Salesforce CRM for accounts, contacts, opportunities, leads, cases, and custom objects via SOQL and the REST API.",
+  iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/6vZlbrUKhxXIiuvWJlb8YB/bbc5e08b88de46c8ed338a74c7d0abb3/salesforce-icon.png",
+  parameters,
+  releaseFlag: { dev1: true, dev2: false, prod: false },
+  onboarding: salesforceOnboarding,
+  systemPrompt: {
+    en: `### Tools
+
+- \`salesforce_request\`: The only way to call the Salesforce REST API. Use it to run SOQL queries, describe sObjects, and read/create/update/delete standard (Account, Contact, Opportunity, Lead, Case) and custom objects. Authentication (OAuth 2.0 username-password flow against the Connected App) is configured automatically \u2014 an access token and the org's instance URL are resolved on each request. Prefer SOQL via \`GET /services/data/v60.0/query?q=...\` over paginating \`/sobjects/{Type}\` endpoints for filtered or joined reads.
+
+### Business Logic
+
+The business logic type for this connector is "typescript". Use the connector SDK in your handler. Do NOT read credentials from environment variables.
+
+SDK methods (client created via \`connection(connectionId)\`):
+- \`client.request(path, init?)\` \u2014 low-level authenticated fetch against the Salesforce instance URL
+- \`client.query(soql)\` \u2014 run a SOQL query and return \`{ totalSize, done, records, nextRecordsUrl? }\`
+- \`client.queryMore(nextRecordsUrl)\` \u2014 fetch the next page of SOQL results
+- \`client.describeSObject(objectType)\` \u2014 describe an sObject's metadata
+- \`client.getRecord(objectType, id, options?)\` \u2014 fetch a single record (optionally restrict fields)
+- \`client.createRecord(objectType, fields)\` \u2014 create a new record
+- \`client.updateRecord(objectType, id, fields)\` \u2014 patch an existing record
+- \`client.deleteRecord(objectType, id)\` \u2014 delete a record
+
+\`\`\`ts
+import type { Context } from "hono";
+import { connection } from "@squadbase/vite-server/connectors/salesforce";
+
+const salesforce = connection("<connectionId>");
+
+export default async function handler(c: Context) {
+  const { industry, limit = 50 } = await c.req.json<{
+    industry?: string;
+    limit?: number;
+  }>();
+
+  const where = industry
+    ? \`WHERE Industry = '\${industry.replace(/'/g, "\\\\'")}'\`
+    : "";
+  const soql = \`SELECT Id, Name, Industry, AnnualRevenue FROM Account \${where} ORDER BY AnnualRevenue DESC NULLS LAST LIMIT \${limit}\`;
+
+  const { records } = await salesforce.query<{
+    Id: string;
+    Name: string;
+    Industry: string | null;
+    AnnualRevenue: number | null;
+  }>(soql);
+
+  return c.json({ accounts: records });
+}
+\`\`\`
+
+### Salesforce REST API Reference
+
+- Login host: \`https://login.salesforce.com\` (production) or \`https://test.salesforce.com\` (sandbox)
+- Token endpoint: \`POST /services/oauth2/token\` (grant_type=password + client_id/secret + username/password)
+- Base path after login: \`{instance_url}/services/data/v60.0\`
+- Authentication: Bearer token (handled automatically per request)
+- Pagination (SOQL): follow \`nextRecordsUrl\` from the response (absolute path starting with \`/services/data/v60.0/query/...\`)
+
+#### Common Endpoints
+- GET \`/services/data/\` \u2014 List available API versions
+- GET \`/services/data/v60.0/sobjects/\` \u2014 List all sObjects (standard + custom)
+- GET \`/services/data/v60.0/sobjects/{Type}/describe\` \u2014 Describe an sObject (fields, relationships, picklists)
+- GET \`/services/data/v60.0/sobjects/{Type}/{id}\` \u2014 Get a record (supports \`?fields=...\`)
+- POST \`/services/data/v60.0/sobjects/{Type}\` \u2014 Create a record
+- PATCH \`/services/data/v60.0/sobjects/{Type}/{id}\` \u2014 Update a record
+- DELETE \`/services/data/v60.0/sobjects/{Type}/{id}\` \u2014 Delete a record
+- GET \`/services/data/v60.0/query?q={soql}\` \u2014 Run SOQL
+- GET \`/services/data/v60.0/search?q={sosl}\` \u2014 Run SOSL
+
+#### SOQL Reference
+- SELECT column list is required (no \`SELECT *\`)
+- Filter: \`WHERE\`, \`AND\` / \`OR\`, parent/child relationship fields (e.g., \`Account.Name\`)
+- Sort: \`ORDER BY field [ASC|DESC] [NULLS FIRST|NULLS LAST]\`
+- Paginate: \`LIMIT n\`, \`OFFSET m\`; for large result sets, follow \`nextRecordsUrl\` instead of OFFSET
+- Aggregate: \`GROUP BY\`, \`HAVING\`, \`COUNT()\`, \`SUM()\`, \`AVG()\`, \`MIN()\`, \`MAX()\`
+- Parent-to-child subquery: \`SELECT Id, Name, (SELECT Id, Email FROM Contacts) FROM Account\``,
+    ja: `### \u30C4\u30FC\u30EB
+
+- \`salesforce_request\`: Salesforce REST API \u3092\u547C\u3073\u51FA\u3059\u552F\u4E00\u306E\u624B\u6BB5\u3067\u3059\u3002SOQL \u30AF\u30A8\u30EA\u306E\u5B9F\u884C\u3001sObject \u306E describe\u3001\u6A19\u6E96\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\uFF08Account, Contact, Opportunity, Lead, Case\uFF09\u3084\u30AB\u30B9\u30BF\u30E0\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u306E\u8AAD\u307F\u66F8\u304D\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u8A8D\u8A3C\uFF08Connected App + OAuth 2.0 Username-Password Flow\uFF09\u306F\u81EA\u52D5\u3067\u884C\u308F\u308C\u3001\u30EA\u30AF\u30A8\u30B9\u30C8\u3054\u3068\u306B\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u3068\u7D44\u7E54\u306E instance URL \u304C\u89E3\u6C7A\u3055\u308C\u307E\u3059\u3002\u30D5\u30A3\u30EB\u30BF\u3084\u7D50\u5408\u306E\u3042\u308B\u8AAD\u307F\u53D6\u308A\u3067\u306F \`/sobjects/{Type}\` \u3092\u30DA\u30FC\u30B8\u30F3\u30B0\u3059\u308B\u306E\u3067\u306F\u306A\u304F\u3001\`GET /services/data/v60.0/query?q=...\` \u306E SOQL \u3092\u512A\u5148\u3057\u3066\u304F\u3060\u3055\u3044\u3002
+
+### Business Logic
+
+\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u306E\u30D3\u30B8\u30CD\u30B9\u30ED\u30B8\u30C3\u30AF\u30BF\u30A4\u30D7\u306F "typescript" \u3067\u3059\u3002\u30CF\u30F3\u30C9\u30E9\u5185\u3067\u306F\u30B3\u30CD\u30AF\u30BF SDK \u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u74B0\u5883\u5909\u6570\u304B\u3089\u8A8D\u8A3C\u60C5\u5831\u3092\u8AAD\u307F\u53D6\u3089\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002
+
+SDK\u30E1\u30BD\u30C3\u30C9 (\`connection(connectionId)\` \u3067\u4F5C\u6210\u3057\u305F\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8):
+- \`client.request(path, init?)\` \u2014 Salesforce \u306E instance URL \u306B\u5BFE\u3059\u308B\u4F4E\u30EC\u30D9\u30EB\u306E\u8A8D\u8A3C\u4ED8\u304D fetch
+- \`client.query(soql)\` \u2014 SOQL \u30AF\u30A8\u30EA\u3092\u5B9F\u884C\u3057 \`{ totalSize, done, records, nextRecordsUrl? }\` \u3092\u8FD4\u5374
+- \`client.queryMore(nextRecordsUrl)\` \u2014 SOQL \u7D50\u679C\u306E\u6B21\u30DA\u30FC\u30B8\u3092\u53D6\u5F97
+- \`client.describeSObject(objectType)\` \u2014 sObject \u306E\u30E1\u30BF\u30C7\u30FC\u30BF\u3092\u53D6\u5F97
+- \`client.getRecord(objectType, id, options?)\` \u2014 1 \u4EF6\u306E\u30EC\u30B3\u30FC\u30C9\u3092\u53D6\u5F97\uFF08\u4EFB\u610F\u3067\u30D5\u30A3\u30FC\u30EB\u30C9\u3092\u6307\u5B9A\uFF09
+- \`client.createRecord(objectType, fields)\` \u2014 \u30EC\u30B3\u30FC\u30C9\u3092\u65B0\u898F\u4F5C\u6210
+- \`client.updateRecord(objectType, id, fields)\` \u2014 \u65E2\u5B58\u30EC\u30B3\u30FC\u30C9\u3092\u66F4\u65B0\uFF08PATCH\uFF09
+- \`client.deleteRecord(objectType, id)\` \u2014 \u30EC\u30B3\u30FC\u30C9\u3092\u524A\u9664
+
+\`\`\`ts
+import type { Context } from "hono";
+import { connection } from "@squadbase/vite-server/connectors/salesforce";
+
+const salesforce = connection("<connectionId>");
+
+export default async function handler(c: Context) {
+  const { industry, limit = 50 } = await c.req.json<{
+    industry?: string;
+    limit?: number;
+  }>();
+
+  const where = industry
+    ? \`WHERE Industry = '\${industry.replace(/'/g, "\\\\'")}'\`
+    : "";
+  const soql = \`SELECT Id, Name, Industry, AnnualRevenue FROM Account \${where} ORDER BY AnnualRevenue DESC NULLS LAST LIMIT \${limit}\`;
+
+  const { records } = await salesforce.query<{
+    Id: string;
+    Name: string;
+    Industry: string | null;
+    AnnualRevenue: number | null;
+  }>(soql);
+
+  return c.json({ accounts: records });
+}
+\`\`\`
+
+### Salesforce REST API \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9
+
+- \u30ED\u30B0\u30A4\u30F3\u30DB\u30B9\u30C8: \`https://login.salesforce.com\`\uFF08\u672C\u756A\uFF09\u307E\u305F\u306F \`https://test.salesforce.com\`\uFF08Sandbox\uFF09
+- \u30C8\u30FC\u30AF\u30F3\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8: \`POST /services/oauth2/token\`\uFF08grant_type=password + client_id/secret + username/password\uFF09
+- \u30ED\u30B0\u30A4\u30F3\u5F8C\u306E\u30D9\u30FC\u30B9\u30D1\u30B9: \`{instance_url}/services/data/v60.0\`
+- \u8A8D\u8A3C: Bearer \u30C8\u30FC\u30AF\u30F3\uFF08\u30EA\u30AF\u30A8\u30B9\u30C8\u3054\u3068\u306B\u81EA\u52D5\u8A2D\u5B9A\uFF09
+- \u30DA\u30FC\u30B8\u30CD\u30FC\u30B7\u30E7\u30F3\uFF08SOQL\uFF09: \u30EC\u30B9\u30DD\u30F3\u30B9\u306E \`nextRecordsUrl\`\uFF08\`/services/data/v60.0/query/...\` \u304B\u3089\u59CB\u307E\u308B\u7D76\u5BFE\u30D1\u30B9\uFF09\u3092\u8FBF\u308B
+
+#### \u4E3B\u8981\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8
+- GET \`/services/data/\` \u2014 \u5229\u7528\u53EF\u80FD\u306A API \u30D0\u30FC\u30B8\u30E7\u30F3\u4E00\u89A7
+- GET \`/services/data/v60.0/sobjects/\` \u2014 sObject \u4E00\u89A7\uFF08\u6A19\u6E96 + \u30AB\u30B9\u30BF\u30E0\uFF09
+- GET \`/services/data/v60.0/sobjects/{Type}/describe\` \u2014 sObject \u306E\u30D5\u30A3\u30FC\u30EB\u30C9\u30FB\u30EA\u30EC\u30FC\u30B7\u30E7\u30F3\u30FB\u30D4\u30C3\u30AF\u30EA\u30B9\u30C8\u3092\u53D6\u5F97
+- GET \`/services/data/v60.0/sobjects/{Type}/{id}\` \u2014 \u30EC\u30B3\u30FC\u30C9\u53D6\u5F97\uFF08\`?fields=...\` \u3067\u7D5E\u308A\u8FBC\u307F\u53EF\uFF09
+- POST \`/services/data/v60.0/sobjects/{Type}\` \u2014 \u30EC\u30B3\u30FC\u30C9\u4F5C\u6210
+- PATCH \`/services/data/v60.0/sobjects/{Type}/{id}\` \u2014 \u30EC\u30B3\u30FC\u30C9\u66F4\u65B0
+- DELETE \`/services/data/v60.0/sobjects/{Type}/{id}\` \u2014 \u30EC\u30B3\u30FC\u30C9\u524A\u9664
+- GET \`/services/data/v60.0/query?q={soql}\` \u2014 SOQL \u3092\u5B9F\u884C
+- GET \`/services/data/v60.0/search?q={sosl}\` \u2014 SOSL \u3092\u5B9F\u884C
+
+#### SOQL \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9
+- SELECT \u5217\u306E\u660E\u793A\u304C\u5FC5\u9808\uFF08\`SELECT *\` \u306F\u4E0D\u53EF\uFF09
+- \u30D5\u30A3\u30EB\u30BF: \`WHERE\`\u3001\`AND\` / \`OR\`\u3001\u89AA\u5B50\u30EA\u30EC\u30FC\u30B7\u30E7\u30F3\u53C2\u7167\uFF08\u4F8B: \`Account.Name\`\uFF09
+- \u4E26\u3073\u66FF\u3048: \`ORDER BY field [ASC|DESC] [NULLS FIRST|NULLS LAST]\`
+- \u30DA\u30FC\u30B8\u30F3\u30B0: \`LIMIT n\`, \`OFFSET m\`\u3002\u5927\u91CF\u30C7\u30FC\u30BF\u3067\u306F OFFSET \u3067\u306F\u306A\u304F \`nextRecordsUrl\` \u3092\u5229\u7528\u3059\u308B
+- \u96C6\u8A08: \`GROUP BY\`, \`HAVING\`, \`COUNT()\`, \`SUM()\`, \`AVG()\`, \`MIN()\`, \`MAX()\`
+- \u89AA\u2192\u5B50\u30B5\u30D6\u30AF\u30A8\u30EA: \`SELECT Id, Name, (SELECT Id, Email FROM Contacts) FROM Account\``
+  },
+  tools
+});
+
+// src/connectors/create-connector-sdk.ts
+import { readFileSync } from "fs";
+import path from "path";
+
+// src/connector-client/env.ts
+function resolveEnvVar(entry, key, connectionId) {
+  const envVarName = entry.envVars[key];
+  if (!envVarName) {
+    throw new Error(`Connection "${connectionId}" is missing envVars mapping for key "${key}"`);
+  }
+  const value = process.env[envVarName];
+  if (!value) {
+    throw new Error(`Environment variable "${envVarName}" (for connection "${connectionId}", key "${key}") is not set`);
+  }
+  return value;
+}
+function resolveEnvVarOptional(entry, key) {
+  const envVarName = entry.envVars[key];
+  if (!envVarName) return void 0;
+  return process.env[envVarName] || void 0;
+}
+
+// src/connector-client/proxy-fetch.ts
+import { getContext } from "hono/context-storage";
+import { getCookie } from "hono/cookie";
+var APP_SESSION_COOKIE_NAME = "__Host-squadbase-session";
+function normalizeHeaders(input) {
+  const out = {};
+  if (!input) return out;
+  new Headers(input).forEach((value, key) => {
+    out[key] = value;
+  });
+  return out;
+}
+function createSandboxProxyFetch(connectionId) {
+  return async (input, init) => {
+    const token = process.env.INTERNAL_SQUADBASE_OAUTH_MACHINE_CREDENTIAL;
+    const sandboxId = process.env.INTERNAL_SQUADBASE_SANDBOX_ID;
+    if (!token || !sandboxId) {
+      throw new Error(
+        "Connection proxy is not configured. Please check your deployment settings."
+      );
+    }
+    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
+    const proxyUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+    return fetch(proxyUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${token}`
+      },
+      body: JSON.stringify({
+        url: originalUrl,
+        method: originalMethod,
+        headers: normalizeHeaders(init?.headers),
+        body: originalBody
+      })
+    });
+  };
+}
+function createDeployedAppProxyFetch(connectionId) {
+  const projectId = process.env["SQUADBASE_PROJECT_ID"];
+  if (!projectId) {
+    throw new Error(
+      "Connection proxy is not configured. Please check your deployment settings."
+    );
+  }
+  const baseDomain = process.env["SQUADBASE_APP_BASE_DOMAIN"] ?? "squadbase.app";
+  const proxyUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+  return async (input, init) => {
+    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const c = getContext();
+    const appSession = getCookie(c, APP_SESSION_COOKIE_NAME);
+    if (!appSession) {
+      throw new Error(
+        "No authentication method available for connection proxy."
+      );
+    }
+    return fetch(proxyUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${appSession}`
+      },
+      body: JSON.stringify({
+        url: originalUrl,
+        method: originalMethod,
+        headers: normalizeHeaders(init?.headers),
+        body: originalBody
+      })
+    });
+  };
+}
+function createProxyFetch(connectionId) {
+  if (process.env.INTERNAL_SQUADBASE_SANDBOX_ID) {
+    return createSandboxProxyFetch(connectionId);
+  }
+  return createDeployedAppProxyFetch(connectionId);
+}
+
+// src/connectors/create-connector-sdk.ts
+function loadConnectionsSync() {
+  const filePath = process.env.CONNECTIONS_PATH ?? path.join(process.cwd(), ".squadbase/connections.json");
+  try {
+    const raw = readFileSync(filePath, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+function createConnectorSdk(plugin, createClient2) {
+  return (connectionId) => {
+    const connections = loadConnectionsSync();
+    const entry = connections[connectionId];
+    if (!entry) {
+      throw new Error(
+        `Connection "${connectionId}" not found in .squadbase/connections.json`
+      );
+    }
+    if (entry.connector.slug !== plugin.slug) {
+      throw new Error(
+        `Connection "${connectionId}" is not a ${plugin.slug} connection (got "${entry.connector.slug}")`
+      );
+    }
+    const params = {};
+    for (const param of Object.values(plugin.parameters)) {
+      if (param.required) {
+        params[param.slug] = resolveEnvVar(entry, param.slug, connectionId);
+      } else {
+        const val = resolveEnvVarOptional(entry, param.slug);
+        if (val !== void 0) params[param.slug] = val;
+      }
+    }
+    return createClient2(params, createProxyFetch(connectionId));
+  };
+}
+
+// src/connectors/entries/salesforce.ts
+var connection = createConnectorSdk(salesforceConnector, createClient);
+export {
+  connection
+};