Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From vanguard-frontier-agentic
Retrieves and analyzes Apex debug logs from Salesforce orgs to identify governor-limit hits, SOQL N+1 patterns, unhandled exceptions, and async job failures.
npx claudepluginhub raishin/vanguard-frontier-agentic --plugin vanguard-frontier-agenticHow this skill is triggered — by the user, by Claude, or both
Slash command
/vanguard-frontier-agentic:salesforce-apex-log-analyzer-skillThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
T1 read-only runtime skill for Apex debug log retrieval and analysis. This skill is a
Analyzes Salesforce debug logs for root-cause diagnosis: governor limits, stack traces, slow queries, CPU/heap pressure. Scores issues 1-100 and recommends fixes.
Applies advanced Salesforce debugging via debug logs, SOQL query plans, and EventLogFile analysis for governor limits, slow queries, and complex bugs.
Executes read-only SOQL queries against a connected Salesforce org via sf data query CLI under T1 least-privilege scope. Returns sanitized JSON with structured audit envelope. Use for live record evidence like pipeline counts, field values, or aggregate queries.
Share bugs, ideas, or general feedback.
T1 read-only runtime skill for Apex debug log retrieval and analysis. This skill is a diagnostic flashlight — it retrieves log content, identifies governor-limit hits, surfaces SOQL N+1 patterns, traces exceptions, and produces a prioritized finding report. It does not execute code, mutate data, or deploy anything.
Use salesforce-apex-log-analyzer-skill when the work requires log-based diagnosis:
Delegate elsewhere when:
| Situation | Skill to use |
|---|---|
| User wants to run Apex tests (not read logs) | salesforce-apex-test-runner-skill |
| Static code review without log evidence | salesforce-apex-lwc-code-review-skill |
| Generate a fix for the identified code problem | salesforce-apex-generator-skill |
| Agentforce session traces / parquet telemetry | salesforce-agentforce-stdm-observer-skill |
| SOQL query performance analysis without logs | salesforce-soql-explorer-skill |
Before retrieving or analyzing any log, confirm:
--target-org value from sf org list.sf org display --target-org <alias>
Confirm the org is reachable. Note org type (production vs sandbox) for the audit envelope. Apply stricter scrutiny for production org logs — log content may contain PII.
sf apex get log --list --target-org <alias>
Identify the relevant log(s) by user, timestamp, and log type. If the user provides a log ID, skip this step and proceed to Step 3.
Option A — specific log by ID:
sf apex get log \
--log-id <logId> \
--target-org <alias>
Option B — latest log for current user:
sf apex get log \
--number 1 \
--target-org <alias>
Option C — tail live logs (non-blocking diagnostic):
sf apex tail log \
--target-org <alias> \
--color
Option D — user has pasted log content directly: Accept the pasted content and proceed to Step 4.
Analyze in this sequence per references/log-format-reference.md:
FATAL_ERROR and EXCEPTION_THROWN linesLIMIT_USAGE_FOR_NS entries; compare to limits in references/governor-limit-signatures.mdSOQL_EXECUTE_BEGIN / SOQL_EXECUTE_END pairs; look for repeated queries in loop contextDML_BEGIN / DML_END pairs; check for loop contextHEAP_ALLOCATE patterns; identify large collection accumulationENTERING_MANAGED_PKG, CALLOUT_REQUEST, FUTURE_CALL_PROCESS| Severity | Criteria |
|---|---|
| Critical | Runtime failure, hard limit hit, unhandled exception, data corruption risk |
| Warning | Near-limit (>75% of a governor limit), non-selective SOQL, slow DML path |
| Info | Optimization opportunity, hygiene issue, async pattern note |
Apply all redaction rules (see Redaction Rules section) before emitting any log excerpt in output. Never echo raw log lines containing record IDs, user IDs, or PII field values.
Score findings against the quality rubric (see below). Emit the full audit envelope. Propose the smallest correct fix for each Critical and Warning finding.
If a code fix is needed, hand off to salesforce-apex-generator-skill with the
specific finding as context. If a deeper test run is needed, route to
salesforce-apex-test-runner-skill.
Score the analysis quality before presenting. Threshold: 80+ acceptable.
| Dimension | Points | What earns full marks |
|---|---|---|
| Governor-limit identification | 25 | All governor limit hits identified with limit name, current value, and limit ceiling; near-limit warnings included |
| Root cause clarity | 25 | Each finding traces to a specific class, method, and line number; not just "SOQL limit hit" but "AccountSelector.getByOwner line 45 in loop at TriggerHandler line 12" |
| SOQL N+1 detection | 15 | Repeated SOQL_EXECUTE_BEGIN entries in loop context identified and the responsible pattern named |
| Sanitization quality | 15 | All record IDs, user IDs, and PII values redacted in output; no raw log lines echoed; audit envelope populated |
| Handoff routing | 10 | Each Critical/Warning finding includes a specific next action and the skill to route to |
| Audit envelope | 10 | All required fields present; log ID hashed if PII risk; timestamp accurate |
Scoring penalties:
This skill operates at T1 — read-only runtime.
api and refresh_token only.View Setup and ConfigurationModifyAllData, ViewAllData, ViewEncryptedData, ModifyMetadata,
AuthorApex, ManageConnectedAppsView All Data. Log retrieval uses sf apex get log which operates under the
View Setup and Configuration permission scope.audit_envelope:
matter_id: "<caller-provided-or-generated-uuid>"
skill_id: "salesforce-apex-log-analyzer-skill"
skill_version: "0.1.0"
target_org_alias: "<alias>"
run_as_user_id: "<user_id_placeholder>"
org_type_verified: "sandbox | production | unknown"
log_id: "<log-id-or-hash-if-pii-risk>"
log_size_bytes: <integer>
transaction_entry_point: "<class or trigger name>"
timestamp: "<ISO-8601-UTC>"
pii_risk_assessed: true | false
redactions_applied:
- field_or_pattern: "<pattern>"
reason: "<record_id|user_id|pii|session_token>"
findings_count:
critical: <integer>
warning: <integer>
info: <integer>
verdict: "acceptable | caveat | reject"
quality_score: <0-100>
quality_notes: "<scoring rationale>"
transaction_summary:
entry_point: "<class/trigger/batch>"
transaction_type: "<trigger|class|batch|queueable|schedulable|rest>"
org_alias: "<alias>"
org_type: "sandbox | production | unknown"
findings:
critical:
- finding: "<title>"
location: "<ClassName.method line N>"
evidence: "<redacted log excerpt>"
governor_limit: "<limit name if applicable>"
current_value: <integer>
limit_ceiling: <integer>
suggested_fix: "<specific remediation>"
route_to: "<skill or action>"
warning:
- finding: "<title>"
location: "<ClassName.method line N>"
evidence: "<redacted log excerpt>"
suggested_fix: "<specific remediation>"
info:
- finding: "<title>"
notes: "<optimization or hygiene note>"
soql_analysis:
total_queries: <integer>
governor_limit: 100
n_plus_1_patterns:
- query_excerpt: "<SELECT ... FROM ...>"
invocation_count: <integer>
loop_context: "<loop location>"
suggested_fix: "<move SOQL outside loop; use Map pattern>"
non_selective_queries: ["<query excerpt>"]
cpu_analysis:
total_cpu_ms: <integer>
cpu_limit_ms: 10000
hotspots: ["<ClassName.method: N ms>"]
heap_analysis:
peak_heap_bytes: <integer>
heap_limit_bytes: 6291456
large_allocations: ["<description>"]
audit_envelope:
<see Audit Envelope Schema>
next_steps:
- "<Critical/Warning: route to salesforce-apex-generator-skill for fix>"
- "<if tests needed after fix: salesforce-apex-test-runner-skill>"
assumptions:
- "<explicit list>"
missing_evidence:
- "<what additional log context would help>"
Apply in order before emitting any output. Never bypass for any reason.
00D): Replace with <org_id_placeholder>.<record_id_placeholder>
in all log excerpts. Record IDs appear frequently in USER_DEBUG, DML_BEGIN, and
SOQL_EXECUTE_BEGIN lines.<user_id_placeholder>.<email_placeholder> unless the user
explicitly acknowledges PII scope and the org is non-production.<pii_placeholder>. Flag in redactions_applied.| Finding | Hand off to |
|---|---|
| Code fix needed (SOQL in loop, DML pattern, exception handling) | salesforce-apex-generator-skill |
| Test coverage gap surfaced by log | salesforce-apex-test-generator-skill |
| Verification run needed after fix | salesforce-apex-test-runner-skill |
| Permission or FLS finding in log | salesforce-permission-model-review-skill |
| Agentforce / Einstein AI trace in log | salesforce-agentforce-stdm-observer-skill |
| Critical finding needing deployment review | salesforce-deployment-validator-skill |
Required handoff fields: matter_id, audit_envelope, findings (sanitized), next_steps.
Stop and do not continue if:
View Setup and Configuration
only. This distinguishes this skill from the test runner and reduces its permission footprint.pii_risk_assessed and redactions_applied fields.| File | When to read |
|---|---|
references/log-format-reference.md | Apex log levels, log line categories (USER_DEBUG, METHOD_ENTRY, SOQL_EXECUTE_BEGIN, LIMIT_USAGE_FOR_NS, FATAL_ERROR, etc.) |
references/governor-limit-signatures.md | Common governor limit hit patterns, limit ceilings, and remediation strategies |
references/redaction-rules.md | Detailed redaction patterns for record IDs, user IDs, session tokens, PII field values; jq and grep patterns for automated stripping |