@squadbase/vite-server 0.1.7-dev.4 → 0.1.7-dev.6

package/dist/cli/index.js

@@ -85095,7 +85095,7 @@ var grafanaConnector = new ConnectorPlugin({
   description: "Connect to Grafana for monitoring dashboards, datasource queries, and alerting.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/3nGaPhV94lXQsHcCtv4mXz/0559d42f83066e8ba79e78410806750c/grafana-icon.webp",
   parameters: parameters58,
-  releaseFlag: { dev1: true, dev2: false, prod: false },
+  releaseFlag: { dev1: true, dev2: true, prod: true },
   onboarding: grafanaOnboarding,
   systemPrompt: {
     en: `### Tools
@@ -86264,42 +86264,6 @@ await sentry.updateIssue("12345", { status: "resolved" });
 
 // ../connectors/src/connectors/salesforce/setup.ts
 var salesforceOnboarding = new ConnectorOnboarding({
-  connectionSetupInstructions: {
-    en: `#### Create a Connected App in Salesforce
-1. In Salesforce Setup, go to App Manager \u2192 New Connected App
-2. Under API (Enable OAuth Settings), check "Enable OAuth Settings"
-3. Add OAuth scopes: "Manage user data via APIs (api)" and "Perform requests at any time (refresh_token, offline_access)"
-4. Save and note the Consumer Key (client_id) and Consumer Secret (client_secret)
-
-#### Allow Username-Password Flow
-1. Go to Setup \u2192 Identity \u2192 OAuth and OpenID Connect Settings
-2. Enable "Allow OAuth Username-Password Flows"
-
-#### Reset your Security Token
-1. Go to Settings \u2192 My Personal Information \u2192 Reset My Security Token
-2. Salesforce emails you a new security token \u2014 append it to your password when entering the Password parameter (password + securityToken)
-
-#### Sandbox vs Production
-- Leave Use Sandbox as "false" (or empty) to connect to production (login.salesforce.com)
-- Set Use Sandbox to "true" to connect to a sandbox (test.salesforce.com)`,
-    ja: `#### Salesforce \u3067 Connected App \u3092\u4F5C\u6210
-1. Setup \u2192 App Manager \u2192 New Connected App
-2. API (Enable OAuth Settings) \u30BB\u30AF\u30B7\u30E7\u30F3\u3067 "Enable OAuth Settings" \u3092\u6709\u52B9\u5316
-3. OAuth \u30B9\u30B3\u30FC\u30D7\u306B "Manage user data via APIs (api)" \u3068 "Perform requests at any time (refresh_token, offline_access)" \u3092\u8FFD\u52A0
-4. \u4FDD\u5B58\u5F8C\u3001Consumer Key (client_id) \u3068 Consumer Secret (client_secret) \u3092\u63A7\u3048\u308B
-
-#### Username-Password Flow \u3092\u8A31\u53EF
-1. Setup \u2192 Identity \u2192 OAuth and OpenID Connect Settings
-2. "Allow OAuth Username-Password Flows" \u3092\u6709\u52B9\u5316
-
-#### Security Token \u306E\u767A\u884C
-1. \u500B\u4EBA\u8A2D\u5B9A \u2192 My Personal Information \u2192 Reset My Security Token
-2. Salesforce \u304B\u3089\u9001\u3089\u308C\u308B\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30C8\u30FC\u30AF\u30F3\u3092\u30D1\u30B9\u30EF\u30FC\u30C9\u306B\u9023\u7D50\u3057\u3066\u5165\u529B\uFF08password + securityToken\uFF09
-
-#### Sandbox / Production
-- \u672C\u756A (login.salesforce.com) \u306E\u5834\u5408: Use Sandbox \u3092 "false" \u307E\u305F\u306F\u672A\u5165\u529B
-- Sandbox (test.salesforce.com) \u306E\u5834\u5408: Use Sandbox \u3092 "true" \u306B\u8A2D\u5B9A`
-  },
   dataOverviewInstructions: {
     en: `1. Call salesforce_request with GET /services/data/v60.0/sobjects/ to list available sObjects (standard + custom)
 2. Call salesforce_request with GET /services/data/v60.0/sobjects/Account/describe to inspect Account fields; repeat for Contact, Opportunity, Lead as needed
@@ -86312,28 +86276,19 @@ var salesforceOnboarding = new ConnectorOnboarding({
 
 // ../connectors/src/connectors/salesforce/parameters.ts
 var parameters62 = {
-  username: new ParameterDefinition({
-    slug: "username",
-    name: "Username",
-    description: "Your Salesforce account username (the email you use to sign in).",
-    envVarBaseKey: "SALESFORCE_USERNAME",
+  instanceUrl: new ParameterDefinition({
+    slug: "instance-url",
+    name: "Instance URL",
+    description: "Your Salesforce org's My Domain URL (e.g., https://yourorg.my.salesforce.com). Find it under Setup \u2192 Company Settings \u2192 My Domain \u2192 Current My Domain URL.",
+    envVarBaseKey: "SALESFORCE_INSTANCE_URL",
     type: "text",
     secret: false,
     required: true
   }),
-  password: new ParameterDefinition({
-    slug: "password",
-    name: "Password",
-    description: "Your Salesforce account password concatenated with your security token (password + securityToken). The security token is emailed to you when you reset it from Settings \u2192 My Personal Information \u2192 Reset My Security Token.",
-    envVarBaseKey: "SALESFORCE_PASSWORD",
-    type: "text",
-    secret: true,
-    required: true
-  }),
   clientId: new ParameterDefinition({
     slug: "client-id",
     name: "Consumer Key",
-    description: "The Consumer Key (client_id) of your Salesforce Connected App. Enable OAuth Settings and 'Allow OAuth Username-Password Flows' in your org's identity settings.",
+    description: "The Consumer Key (client_id) of your External Client App (or Connected App). The app must enable the OAuth 2.0 Client Credentials Flow and bind a Run-As user with API access.",
     envVarBaseKey: "SALESFORCE_CLIENT_ID",
     type: "text",
     secret: false,
@@ -86342,20 +86297,11 @@ var parameters62 = {
   clientSecret: new ParameterDefinition({
     slug: "client-secret",
     name: "Consumer Secret",
-    description: "The Consumer Secret (client_secret) of your Salesforce Connected App.",
+    description: "The Consumer Secret (client_secret) of your External Client App (or Connected App).",
     envVarBaseKey: "SALESFORCE_CLIENT_SECRET",
     type: "text",
     secret: true,
     required: true
-  }),
-  isSandbox: new ParameterDefinition({
-    slug: "is-sandbox",
-    name: "Use Sandbox",
-    description: 'Set to "true" to authenticate against a Salesforce sandbox (test.salesforce.com) instead of production (login.salesforce.com). Defaults to "false".',
-    envVarBaseKey: "SALESFORCE_IS_SANDBOX",
-    type: "text",
-    secret: false,
-    required: false
   })
 };
 
@@ -86386,10 +86332,17 @@ var outputSchema75 = z77.discriminatedUnion("success", [
     error: z77.string()
   })
 ]);
+function normalizeInstanceUrl(raw) {
+  const trimmed = raw.trim().replace(/\/+$/, "");
+  if (!/^https?:\/\//i.test(trimmed)) {
+    return `https://${trimmed}`;
+  }
+  return trimmed;
+}
 var requestTool47 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Salesforce REST API.
-Authentication is handled automatically using the OAuth 2.0 username-password flow (Connected App Consumer Key + Secret with the Salesforce account credentials). An access token and instance URL are obtained on each request, so the tool user only provides the API path.
+Authentication is handled automatically using the OAuth 2.0 Client Credentials Flow (External Client App or Connected App Consumer Key + Secret). An access token is obtained on each request, so the tool user only provides the API path.
 Use this tool for all Salesforce interactions: describing sObjects, running SOQL queries (GET /services/data/vXX.X/query?q=...), reading/creating/updating standard (Account, Contact, Opportunity, Lead, Case) and custom objects.
 Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads rather than paginating /sobjects/{Type} endpoints.`,
   inputSchema: inputSchema75,
@@ -86406,20 +86359,16 @@ Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads ra
       `[connector-request] salesforce/${connection.name}: ${method} ${path5}`
     );
     try {
-      const username = parameters62.username.getValue(connection);
-      const password = parameters62.password.getValue(connection);
+      const instanceUrlParam = parameters62.instanceUrl.getValue(connection);
       const clientId = parameters62.clientId.getValue(connection);
       const clientSecret = parameters62.clientSecret.getValue(connection);
-      const isSandbox = parameters62.isSandbox.tryGetValue(connection)?.toLowerCase() === "true";
-      const loginHost = isSandbox ? "https://test.salesforce.com" : "https://login.salesforce.com";
+      const instanceUrl = normalizeInstanceUrl(instanceUrlParam);
       const tokenBody = new URLSearchParams({
-        grant_type: "password",
+        grant_type: "client_credentials",
         client_id: clientId,
-        client_secret: clientSecret,
-        username,
-        password
+        client_secret: clientSecret
       });
-      const tokenRes = await fetch(`${loginHost}/services/oauth2/token`, {
+      const tokenRes = await fetch(`${instanceUrl}/services/oauth2/token`, {
         method: "POST",
         headers: {
           "Content-Type": "application/x-www-form-urlencoded"
@@ -86434,13 +86383,14 @@ Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads ra
         };
       }
       const tokenJson = await tokenRes.json();
-      if (!tokenJson.access_token || !tokenJson.instance_url) {
+      if (!tokenJson.access_token) {
         return {
           success: false,
-          error: "access_token or instance_url not found in token response"
+          error: "access_token not found in token response"
         };
       }
-      const url = `${tokenJson.instance_url}${path5.startsWith("/") ? "" : "/"}${path5}`;
+      const resolvedInstanceUrl = tokenJson.instance_url ?? instanceUrl;
+      const url = `${resolvedInstanceUrl}${path5.startsWith("/") ? "" : "/"}${path5}`;
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS59);
       try {
@@ -86489,7 +86439,7 @@ Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads ra
 var tools62 = { request: requestTool47 };
 var salesforceConnector = new ConnectorPlugin({
   slug: "salesforce",
-  authType: AUTH_TYPES.USER_PASSWORD,
+  authType: AUTH_TYPES.API_KEY,
   name: "Salesforce",
   description: "Connect to Salesforce CRM for accounts, contacts, opportunities, leads, cases, and custom objects via SOQL and the REST API.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/6vZlbrUKhxXIiuvWJlb8YB/bbc5e08b88de46c8ed338a74c7d0abb3/salesforce-icon.png",
@@ -86499,7 +86449,7 @@ var salesforceConnector = new ConnectorPlugin({
   systemPrompt: {
     en: `### Tools
 
-- \`salesforce_request\`: The only way to call the Salesforce REST API. Use it to run SOQL queries, describe sObjects, and read/create/update/delete standard (Account, Contact, Opportunity, Lead, Case) and custom objects. Authentication (OAuth 2.0 username-password flow against the Connected App) is configured automatically \u2014 an access token and the org's instance URL are resolved on each request. Prefer SOQL via \`GET /services/data/v60.0/query?q=...\` over paginating \`/sobjects/{Type}\` endpoints for filtered or joined reads.
+- \`salesforce_request\`: The only way to call the Salesforce REST API. Use it to run SOQL queries, describe sObjects, and read/create/update/delete standard (Account, Contact, Opportunity, Lead, Case) and custom objects. Authentication (OAuth 2.0 Client Credentials Flow against the External Client App / Connected App) is configured automatically \u2014 an access token is resolved on each request against the configured org instance URL. Prefer SOQL via \`GET /services/data/v60.0/query?q=...\` over paginating \`/sobjects/{Type}\` endpoints for filtered or joined reads.
 
 ### Business Logic
 
@@ -86545,9 +86495,8 @@ export default async function handler(c: Context) {
 
 ### Salesforce REST API Reference
 
-- Login host: \`https://login.salesforce.com\` (production) or \`https://test.salesforce.com\` (sandbox)
-- Token endpoint: \`POST /services/oauth2/token\` (grant_type=password + client_id/secret + username/password)
-- Base path after login: \`{instance_url}/services/data/v60.0\`
+- Token endpoint: \`POST {instance_url}/services/oauth2/token\` (grant_type=client_credentials + client_id/secret)
+- Base path: \`{instance_url}/services/data/v60.0\` where instance_url is the org's My Domain URL
 - Authentication: Bearer token (handled automatically per request)
 - Pagination (SOQL): follow \`nextRecordsUrl\` from the response (absolute path starting with \`/services/data/v60.0/query/...\`)
 
@@ -86571,7 +86520,7 @@ export default async function handler(c: Context) {
 - Parent-to-child subquery: \`SELECT Id, Name, (SELECT Id, Email FROM Contacts) FROM Account\``,
     ja: `### \u30C4\u30FC\u30EB
 
-- \`salesforce_request\`: Salesforce REST API \u3092\u547C\u3073\u51FA\u3059\u552F\u4E00\u306E\u624B\u6BB5\u3067\u3059\u3002SOQL \u30AF\u30A8\u30EA\u306E\u5B9F\u884C\u3001sObject \u306E describe\u3001\u6A19\u6E96\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\uFF08Account, Contact, Opportunity, Lead, Case\uFF09\u3084\u30AB\u30B9\u30BF\u30E0\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u306E\u8AAD\u307F\u66F8\u304D\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u8A8D\u8A3C\uFF08Connected App + OAuth 2.0 Username-Password Flow\uFF09\u306F\u81EA\u52D5\u3067\u884C\u308F\u308C\u3001\u30EA\u30AF\u30A8\u30B9\u30C8\u3054\u3068\u306B\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u3068\u7D44\u7E54\u306E instance URL \u304C\u89E3\u6C7A\u3055\u308C\u307E\u3059\u3002\u30D5\u30A3\u30EB\u30BF\u3084\u7D50\u5408\u306E\u3042\u308B\u8AAD\u307F\u53D6\u308A\u3067\u306F \`/sobjects/{Type}\` \u3092\u30DA\u30FC\u30B8\u30F3\u30B0\u3059\u308B\u306E\u3067\u306F\u306A\u304F\u3001\`GET /services/data/v60.0/query?q=...\` \u306E SOQL \u3092\u512A\u5148\u3057\u3066\u304F\u3060\u3055\u3044\u3002
+- \`salesforce_request\`: Salesforce REST API \u3092\u547C\u3073\u51FA\u3059\u552F\u4E00\u306E\u624B\u6BB5\u3067\u3059\u3002SOQL \u30AF\u30A8\u30EA\u306E\u5B9F\u884C\u3001sObject \u306E describe\u3001\u6A19\u6E96\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\uFF08Account, Contact, Opportunity, Lead, Case\uFF09\u3084\u30AB\u30B9\u30BF\u30E0\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u306E\u8AAD\u307F\u66F8\u304D\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u8A8D\u8A3C\uFF08External Client App / Connected App + OAuth 2.0 Client Credentials Flow\uFF09\u306F\u81EA\u52D5\u3067\u884C\u308F\u308C\u3001\u8A2D\u5B9A\u3055\u308C\u305F\u7D44\u7E54\u306E instance URL \u306B\u5BFE\u3057\u3066\u30EA\u30AF\u30A8\u30B9\u30C8\u3054\u3068\u306B\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u304C\u89E3\u6C7A\u3055\u308C\u307E\u3059\u3002\u30D5\u30A3\u30EB\u30BF\u3084\u7D50\u5408\u306E\u3042\u308B\u8AAD\u307F\u53D6\u308A\u3067\u306F \`/sobjects/{Type}\` \u3092\u30DA\u30FC\u30B8\u30F3\u30B0\u3059\u308B\u306E\u3067\u306F\u306A\u304F\u3001\`GET /services/data/v60.0/query?q=...\` \u306E SOQL \u3092\u512A\u5148\u3057\u3066\u304F\u3060\u3055\u3044\u3002
 
 ### Business Logic
 
@@ -86617,9 +86566,8 @@ export default async function handler(c: Context) {
 
 ### Salesforce REST API \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9
 
-- \u30ED\u30B0\u30A4\u30F3\u30DB\u30B9\u30C8: \`https://login.salesforce.com\`\uFF08\u672C\u756A\uFF09\u307E\u305F\u306F \`https://test.salesforce.com\`\uFF08Sandbox\uFF09
-- \u30C8\u30FC\u30AF\u30F3\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8: \`POST /services/oauth2/token\`\uFF08grant_type=password + client_id/secret + username/password\uFF09
-- \u30ED\u30B0\u30A4\u30F3\u5F8C\u306E\u30D9\u30FC\u30B9\u30D1\u30B9: \`{instance_url}/services/data/v60.0\`
+- \u30C8\u30FC\u30AF\u30F3\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8: \`POST {instance_url}/services/oauth2/token\`\uFF08grant_type=client_credentials + client_id/secret\uFF09
+- \u30D9\u30FC\u30B9\u30D1\u30B9: \`{instance_url}/services/data/v60.0\`\uFF08instance_url \u306F\u7D44\u7E54\u306E My Domain URL\uFF09
 - \u8A8D\u8A3C: Bearer \u30C8\u30FC\u30AF\u30F3\uFF08\u30EA\u30AF\u30A8\u30B9\u30C8\u3054\u3068\u306B\u81EA\u52D5\u8A2D\u5B9A\uFF09
 - \u30DA\u30FC\u30B8\u30CD\u30FC\u30B7\u30E7\u30F3\uFF08SOQL\uFF09: \u30EC\u30B9\u30DD\u30F3\u30B9\u306E \`nextRecordsUrl\`\uFF08\`/services/data/v60.0/query/...\` \u304B\u3089\u59CB\u307E\u308B\u7D76\u5BFE\u30D1\u30B9\uFF09\u3092\u8FBF\u308B
 
@@ -86861,7 +86809,7 @@ var influxdbConnector = new ConnectorPlugin({
   description: "Connect to InfluxDB (Cloud or OSS) to query time-series data with SQL, InfluxQL, or Flux and to write line protocol.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/J1JauVRNmahSVTVrpPfQK/18350d8d3f2dc3be25e8e36ee52914a0/influxdb.png",
   parameters: parameters63,
-  releaseFlag: { dev1: true, dev2: false, prod: false },
+  releaseFlag: { dev1: true, dev2: true, prod: true },
   onboarding: influxdbOnboarding,
   systemPrompt: {
     en: `### Variant Detection

package/dist/connectors/grafana.js

@@ -413,7 +413,7 @@ var grafanaConnector = new ConnectorPlugin({
   description: "Connect to Grafana for monitoring dashboards, datasource queries, and alerting.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/3nGaPhV94lXQsHcCtv4mXz/0559d42f83066e8ba79e78410806750c/grafana-icon.webp",
   parameters,
-  releaseFlag: { dev1: true, dev2: false, prod: false },
+  releaseFlag: { dev1: true, dev2: true, prod: true },
   onboarding: grafanaOnboarding,
   systemPrompt: {
     en: `### Tools

package/dist/connectors/influxdb.js

@@ -519,7 +519,7 @@ var influxdbConnector = new ConnectorPlugin({
   description: "Connect to InfluxDB (Cloud or OSS) to query time-series data with SQL, InfluxQL, or Flux and to write line protocol.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/J1JauVRNmahSVTVrpPfQK/18350d8d3f2dc3be25e8e36ee52914a0/influxdb.png",
   parameters,
-  releaseFlag: { dev1: true, dev2: false, prod: false },
+  releaseFlag: { dev1: true, dev2: true, prod: true },
   onboarding: influxdbOnboarding,
   systemPrompt: {
     en: `### Variant Detection

package/dist/connectors/salesforce.js

@@ -44,28 +44,19 @@ var ParameterDefinition = class {
 
 // ../connectors/src/connectors/salesforce/parameters.ts
 var parameters = {
-  username: new ParameterDefinition({
-    slug: "username",
-    name: "Username",
-    description: "Your Salesforce account username (the email you use to sign in).",
-    envVarBaseKey: "SALESFORCE_USERNAME",
+  instanceUrl: new ParameterDefinition({
+    slug: "instance-url",
+    name: "Instance URL",
+    description: "Your Salesforce org's My Domain URL (e.g., https://yourorg.my.salesforce.com). Find it under Setup \u2192 Company Settings \u2192 My Domain \u2192 Current My Domain URL.",
+    envVarBaseKey: "SALESFORCE_INSTANCE_URL",
     type: "text",
     secret: false,
     required: true
   }),
-  password: new ParameterDefinition({
-    slug: "password",
-    name: "Password",
-    description: "Your Salesforce account password concatenated with your security token (password + securityToken). The security token is emailed to you when you reset it from Settings \u2192 My Personal Information \u2192 Reset My Security Token.",
-    envVarBaseKey: "SALESFORCE_PASSWORD",
-    type: "text",
-    secret: true,
-    required: true
-  }),
   clientId: new ParameterDefinition({
     slug: "client-id",
     name: "Consumer Key",
-    description: "The Consumer Key (client_id) of your Salesforce Connected App. Enable OAuth Settings and 'Allow OAuth Username-Password Flows' in your org's identity settings.",
+    description: "The Consumer Key (client_id) of your External Client App (or Connected App). The app must enable the OAuth 2.0 Client Credentials Flow and bind a Run-As user with API access.",
     envVarBaseKey: "SALESFORCE_CLIENT_ID",
     type: "text",
     secret: false,
@@ -74,34 +65,30 @@ var parameters = {
   clientSecret: new ParameterDefinition({
     slug: "client-secret",
     name: "Consumer Secret",
-    description: "The Consumer Secret (client_secret) of your Salesforce Connected App.",
+    description: "The Consumer Secret (client_secret) of your External Client App (or Connected App).",
     envVarBaseKey: "SALESFORCE_CLIENT_SECRET",
     type: "text",
     secret: true,
     required: true
-  }),
-  isSandbox: new ParameterDefinition({
-    slug: "is-sandbox",
-    name: "Use Sandbox",
-    description: 'Set to "true" to authenticate against a Salesforce sandbox (test.salesforce.com) instead of production (login.salesforce.com). Defaults to "false".',
-    envVarBaseKey: "SALESFORCE_IS_SANDBOX",
-    type: "text",
-    secret: false,
-    required: false
   })
 };
 
 // ../connectors/src/connectors/salesforce/sdk/index.ts
 var DEFAULT_API_VERSION = "60.0";
-async function fetchAccessToken(loginHost, clientId, clientSecret, username, password) {
+function normalizeInstanceUrl(raw) {
+  const trimmed = raw.trim().replace(/\/+$/, "");
+  if (!/^https?:\/\//i.test(trimmed)) {
+    return `https://${trimmed}`;
+  }
+  return trimmed;
+}
+async function fetchAccessToken(instanceUrl, clientId, clientSecret) {
   const body = new URLSearchParams({
-    grant_type: "password",
+    grant_type: "client_credentials",
     client_id: clientId,
-    client_secret: clientSecret,
-    username,
-    password
+    client_secret: clientSecret
   });
-  const res = await fetch(`${loginHost}/services/oauth2/token`, {
+  const res = await fetch(`${instanceUrl}/services/oauth2/token`, {
     method: "POST",
     headers: { "Content-Type": "application/x-www-form-urlencoded" },
     body: body.toString()
@@ -113,22 +100,22 @@ async function fetchAccessToken(loginHost, clientId, clientSecret, username, pas
     );
   }
   const json = await res.json();
-  if (!json.access_token || !json.instance_url) {
+  if (!json.access_token) {
     throw new Error(
-      "salesforce: access_token or instance_url not found in token response"
+      "salesforce: access_token not found in token response"
     );
   }
-  return { accessToken: json.access_token, instanceUrl: json.instance_url };
+  return {
+    accessToken: json.access_token,
+    instanceUrl: json.instance_url ?? instanceUrl
+  };
 }
 function createClient(params) {
-  const username = params[parameters.username.slug];
-  const password = params[parameters.password.slug];
+  const instanceUrlParam = params[parameters.instanceUrl.slug];
   const clientId = params[parameters.clientId.slug];
   const clientSecret = params[parameters.clientSecret.slug];
-  const isSandbox = (params[parameters.isSandbox.slug] ?? "").toLowerCase() === "true";
   for (const [slug, value] of [
-    [parameters.username.slug, username],
-    [parameters.password.slug, password],
+    [parameters.instanceUrl.slug, instanceUrlParam],
     [parameters.clientId.slug, clientId],
     [parameters.clientSecret.slug, clientSecret]
   ]) {
@@ -136,19 +123,13 @@ function createClient(params) {
       throw new Error(`salesforce: missing required parameter: ${slug}`);
     }
   }
-  const loginHost = isSandbox ? "https://test.salesforce.com" : "https://login.salesforce.com";
+  const instanceUrl = normalizeInstanceUrl(instanceUrlParam);
   async function getToken() {
-    return fetchAccessToken(
-      loginHost,
-      clientId,
-      clientSecret,
-      username,
-      password
-    );
+    return fetchAccessToken(instanceUrl, clientId, clientSecret);
   }
   async function authFetch(path2, init) {
-    const { accessToken, instanceUrl } = await getToken();
-    const url = path2.startsWith("http") ? path2 : `${instanceUrl}${path2.startsWith("/") ? "" : "/"}${path2}`;
+    const { accessToken, instanceUrl: resolvedInstanceUrl } = await getToken();
+    const url = path2.startsWith("http") ? path2 : `${resolvedInstanceUrl}${path2.startsWith("/") ? "" : "/"}${path2}`;
     const headers = new Headers(init?.headers);
     headers.set("Authorization", `Bearer ${accessToken}`);
     if (!headers.has("Content-Type") && init?.body) {
@@ -381,42 +362,6 @@ var AUTH_TYPES = {
 
 // ../connectors/src/connectors/salesforce/setup.ts
 var salesforceOnboarding = new ConnectorOnboarding({
-  connectionSetupInstructions: {
-    en: `#### Create a Connected App in Salesforce
-1. In Salesforce Setup, go to App Manager \u2192 New Connected App
-2. Under API (Enable OAuth Settings), check "Enable OAuth Settings"
-3. Add OAuth scopes: "Manage user data via APIs (api)" and "Perform requests at any time (refresh_token, offline_access)"
-4. Save and note the Consumer Key (client_id) and Consumer Secret (client_secret)
-
-#### Allow Username-Password Flow
-1. Go to Setup \u2192 Identity \u2192 OAuth and OpenID Connect Settings
-2. Enable "Allow OAuth Username-Password Flows"
-
-#### Reset your Security Token
-1. Go to Settings \u2192 My Personal Information \u2192 Reset My Security Token
-2. Salesforce emails you a new security token \u2014 append it to your password when entering the Password parameter (password + securityToken)
-
-#### Sandbox vs Production
-- Leave Use Sandbox as "false" (or empty) to connect to production (login.salesforce.com)
-- Set Use Sandbox to "true" to connect to a sandbox (test.salesforce.com)`,
-    ja: `#### Salesforce \u3067 Connected App \u3092\u4F5C\u6210
-1. Setup \u2192 App Manager \u2192 New Connected App
-2. API (Enable OAuth Settings) \u30BB\u30AF\u30B7\u30E7\u30F3\u3067 "Enable OAuth Settings" \u3092\u6709\u52B9\u5316
-3. OAuth \u30B9\u30B3\u30FC\u30D7\u306B "Manage user data via APIs (api)" \u3068 "Perform requests at any time (refresh_token, offline_access)" \u3092\u8FFD\u52A0
-4. \u4FDD\u5B58\u5F8C\u3001Consumer Key (client_id) \u3068 Consumer Secret (client_secret) \u3092\u63A7\u3048\u308B
-
-#### Username-Password Flow \u3092\u8A31\u53EF
-1. Setup \u2192 Identity \u2192 OAuth and OpenID Connect Settings
-2. "Allow OAuth Username-Password Flows" \u3092\u6709\u52B9\u5316
-
-#### Security Token \u306E\u767A\u884C
-1. \u500B\u4EBA\u8A2D\u5B9A \u2192 My Personal Information \u2192 Reset My Security Token
-2. Salesforce \u304B\u3089\u9001\u3089\u308C\u308B\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30C8\u30FC\u30AF\u30F3\u3092\u30D1\u30B9\u30EF\u30FC\u30C9\u306B\u9023\u7D50\u3057\u3066\u5165\u529B\uFF08password + securityToken\uFF09
-
-#### Sandbox / Production
-- \u672C\u756A (login.salesforce.com) \u306E\u5834\u5408: Use Sandbox \u3092 "false" \u307E\u305F\u306F\u672A\u5165\u529B
-- Sandbox (test.salesforce.com) \u306E\u5834\u5408: Use Sandbox \u3092 "true" \u306B\u8A2D\u5B9A`
-  },
   dataOverviewInstructions: {
     en: `1. Call salesforce_request with GET /services/data/v60.0/sobjects/ to list available sObjects (standard + custom)
 2. Call salesforce_request with GET /services/data/v60.0/sobjects/Account/describe to inspect Account fields; repeat for Contact, Opportunity, Lead as needed
@@ -454,10 +399,17 @@ var outputSchema = z.discriminatedUnion("success", [
     error: z.string()
   })
 ]);
+function normalizeInstanceUrl2(raw) {
+  const trimmed = raw.trim().replace(/\/+$/, "");
+  if (!/^https?:\/\//i.test(trimmed)) {
+    return `https://${trimmed}`;
+  }
+  return trimmed;
+}
 var requestTool = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Salesforce REST API.
-Authentication is handled automatically using the OAuth 2.0 username-password flow (Connected App Consumer Key + Secret with the Salesforce account credentials). An access token and instance URL are obtained on each request, so the tool user only provides the API path.
+Authentication is handled automatically using the OAuth 2.0 Client Credentials Flow (External Client App or Connected App Consumer Key + Secret). An access token is obtained on each request, so the tool user only provides the API path.
 Use this tool for all Salesforce interactions: describing sObjects, running SOQL queries (GET /services/data/vXX.X/query?q=...), reading/creating/updating standard (Account, Contact, Opportunity, Lead, Case) and custom objects.
 Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads rather than paginating /sobjects/{Type} endpoints.`,
   inputSchema,
@@ -474,20 +426,16 @@ Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads ra
       `[connector-request] salesforce/${connection2.name}: ${method} ${path2}`
     );
     try {
-      const username = parameters.username.getValue(connection2);
-      const password = parameters.password.getValue(connection2);
+      const instanceUrlParam = parameters.instanceUrl.getValue(connection2);
       const clientId = parameters.clientId.getValue(connection2);
       const clientSecret = parameters.clientSecret.getValue(connection2);
-      const isSandbox = parameters.isSandbox.tryGetValue(connection2)?.toLowerCase() === "true";
-      const loginHost = isSandbox ? "https://test.salesforce.com" : "https://login.salesforce.com";
+      const instanceUrl = normalizeInstanceUrl2(instanceUrlParam);
       const tokenBody = new URLSearchParams({
-        grant_type: "password",
+        grant_type: "client_credentials",
         client_id: clientId,
-        client_secret: clientSecret,
-        username,
-        password
+        client_secret: clientSecret
       });
-      const tokenRes = await fetch(`${loginHost}/services/oauth2/token`, {
+      const tokenRes = await fetch(`${instanceUrl}/services/oauth2/token`, {
         method: "POST",
         headers: {
           "Content-Type": "application/x-www-form-urlencoded"
@@ -502,13 +450,14 @@ Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads ra
         };
       }
       const tokenJson = await tokenRes.json();
-      if (!tokenJson.access_token || !tokenJson.instance_url) {
+      if (!tokenJson.access_token) {
         return {
           success: false,
-          error: "access_token or instance_url not found in token response"
+          error: "access_token not found in token response"
         };
       }
-      const url = `${tokenJson.instance_url}${path2.startsWith("/") ? "" : "/"}${path2}`;
+      const resolvedInstanceUrl = tokenJson.instance_url ?? instanceUrl;
+      const url = `${resolvedInstanceUrl}${path2.startsWith("/") ? "" : "/"}${path2}`;
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
       try {
@@ -557,7 +506,7 @@ Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads ra
 var tools = { request: requestTool };
 var salesforceConnector = new ConnectorPlugin({
   slug: "salesforce",
-  authType: AUTH_TYPES.USER_PASSWORD,
+  authType: AUTH_TYPES.API_KEY,
   name: "Salesforce",
   description: "Connect to Salesforce CRM for accounts, contacts, opportunities, leads, cases, and custom objects via SOQL and the REST API.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/6vZlbrUKhxXIiuvWJlb8YB/bbc5e08b88de46c8ed338a74c7d0abb3/salesforce-icon.png",
@@ -567,7 +516,7 @@ var salesforceConnector = new ConnectorPlugin({
   systemPrompt: {
     en: `### Tools
 
-- \`salesforce_request\`: The only way to call the Salesforce REST API. Use it to run SOQL queries, describe sObjects, and read/create/update/delete standard (Account, Contact, Opportunity, Lead, Case) and custom objects. Authentication (OAuth 2.0 username-password flow against the Connected App) is configured automatically \u2014 an access token and the org's instance URL are resolved on each request. Prefer SOQL via \`GET /services/data/v60.0/query?q=...\` over paginating \`/sobjects/{Type}\` endpoints for filtered or joined reads.
+- \`salesforce_request\`: The only way to call the Salesforce REST API. Use it to run SOQL queries, describe sObjects, and read/create/update/delete standard (Account, Contact, Opportunity, Lead, Case) and custom objects. Authentication (OAuth 2.0 Client Credentials Flow against the External Client App / Connected App) is configured automatically \u2014 an access token is resolved on each request against the configured org instance URL. Prefer SOQL via \`GET /services/data/v60.0/query?q=...\` over paginating \`/sobjects/{Type}\` endpoints for filtered or joined reads.
 
 ### Business Logic
 
@@ -613,9 +562,8 @@ export default async function handler(c: Context) {
 
 ### Salesforce REST API Reference
 
-- Login host: \`https://login.salesforce.com\` (production) or \`https://test.salesforce.com\` (sandbox)
-- Token endpoint: \`POST /services/oauth2/token\` (grant_type=password + client_id/secret + username/password)
-- Base path after login: \`{instance_url}/services/data/v60.0\`
+- Token endpoint: \`POST {instance_url}/services/oauth2/token\` (grant_type=client_credentials + client_id/secret)
+- Base path: \`{instance_url}/services/data/v60.0\` where instance_url is the org's My Domain URL
 - Authentication: Bearer token (handled automatically per request)
 - Pagination (SOQL): follow \`nextRecordsUrl\` from the response (absolute path starting with \`/services/data/v60.0/query/...\`)
 
@@ -639,7 +587,7 @@ export default async function handler(c: Context) {
 - Parent-to-child subquery: \`SELECT Id, Name, (SELECT Id, Email FROM Contacts) FROM Account\``,
     ja: `### \u30C4\u30FC\u30EB
 
-- \`salesforce_request\`: Salesforce REST API \u3092\u547C\u3073\u51FA\u3059\u552F\u4E00\u306E\u624B\u6BB5\u3067\u3059\u3002SOQL \u30AF\u30A8\u30EA\u306E\u5B9F\u884C\u3001sObject \u306E describe\u3001\u6A19\u6E96\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\uFF08Account, Contact, Opportunity, Lead, Case\uFF09\u3084\u30AB\u30B9\u30BF\u30E0\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u306E\u8AAD\u307F\u66F8\u304D\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u8A8D\u8A3C\uFF08Connected App + OAuth 2.0 Username-Password Flow\uFF09\u306F\u81EA\u52D5\u3067\u884C\u308F\u308C\u3001\u30EA\u30AF\u30A8\u30B9\u30C8\u3054\u3068\u306B\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u3068\u7D44\u7E54\u306E instance URL \u304C\u89E3\u6C7A\u3055\u308C\u307E\u3059\u3002\u30D5\u30A3\u30EB\u30BF\u3084\u7D50\u5408\u306E\u3042\u308B\u8AAD\u307F\u53D6\u308A\u3067\u306F \`/sobjects/{Type}\` \u3092\u30DA\u30FC\u30B8\u30F3\u30B0\u3059\u308B\u306E\u3067\u306F\u306A\u304F\u3001\`GET /services/data/v60.0/query?q=...\` \u306E SOQL \u3092\u512A\u5148\u3057\u3066\u304F\u3060\u3055\u3044\u3002
+- \`salesforce_request\`: Salesforce REST API \u3092\u547C\u3073\u51FA\u3059\u552F\u4E00\u306E\u624B\u6BB5\u3067\u3059\u3002SOQL \u30AF\u30A8\u30EA\u306E\u5B9F\u884C\u3001sObject \u306E describe\u3001\u6A19\u6E96\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\uFF08Account, Contact, Opportunity, Lead, Case\uFF09\u3084\u30AB\u30B9\u30BF\u30E0\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u306E\u8AAD\u307F\u66F8\u304D\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u8A8D\u8A3C\uFF08External Client App / Connected App + OAuth 2.0 Client Credentials Flow\uFF09\u306F\u81EA\u52D5\u3067\u884C\u308F\u308C\u3001\u8A2D\u5B9A\u3055\u308C\u305F\u7D44\u7E54\u306E instance URL \u306B\u5BFE\u3057\u3066\u30EA\u30AF\u30A8\u30B9\u30C8\u3054\u3068\u306B\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u304C\u89E3\u6C7A\u3055\u308C\u307E\u3059\u3002\u30D5\u30A3\u30EB\u30BF\u3084\u7D50\u5408\u306E\u3042\u308B\u8AAD\u307F\u53D6\u308A\u3067\u306F \`/sobjects/{Type}\` \u3092\u30DA\u30FC\u30B8\u30F3\u30B0\u3059\u308B\u306E\u3067\u306F\u306A\u304F\u3001\`GET /services/data/v60.0/query?q=...\` \u306E SOQL \u3092\u512A\u5148\u3057\u3066\u304F\u3060\u3055\u3044\u3002
 
 ### Business Logic
 
@@ -685,9 +633,8 @@ export default async function handler(c: Context) {
 
 ### Salesforce REST API \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9
 
-- \u30ED\u30B0\u30A4\u30F3\u30DB\u30B9\u30C8: \`https://login.salesforce.com\`\uFF08\u672C\u756A\uFF09\u307E\u305F\u306F \`https://test.salesforce.com\`\uFF08Sandbox\uFF09
-- \u30C8\u30FC\u30AF\u30F3\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8: \`POST /services/oauth2/token\`\uFF08grant_type=password + client_id/secret + username/password\uFF09
-- \u30ED\u30B0\u30A4\u30F3\u5F8C\u306E\u30D9\u30FC\u30B9\u30D1\u30B9: \`{instance_url}/services/data/v60.0\`
+- \u30C8\u30FC\u30AF\u30F3\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8: \`POST {instance_url}/services/oauth2/token\`\uFF08grant_type=client_credentials + client_id/secret\uFF09
+- \u30D9\u30FC\u30B9\u30D1\u30B9: \`{instance_url}/services/data/v60.0\`\uFF08instance_url \u306F\u7D44\u7E54\u306E My Domain URL\uFF09
 - \u8A8D\u8A3C: Bearer \u30C8\u30FC\u30AF\u30F3\uFF08\u30EA\u30AF\u30A8\u30B9\u30C8\u3054\u3068\u306B\u81EA\u52D5\u8A2D\u5B9A\uFF09
 - \u30DA\u30FC\u30B8\u30CD\u30FC\u30B7\u30E7\u30F3\uFF08SOQL\uFF09: \u30EC\u30B9\u30DD\u30F3\u30B9\u306E \`nextRecordsUrl\`\uFF08\`/services/data/v60.0/query/...\` \u304B\u3089\u59CB\u307E\u308B\u7D76\u5BFE\u30D1\u30B9\uFF09\u3092\u8FBF\u308B