Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From vanguard-frontier-agentic
Fetches Salesforce metadata (objects, fields, flows, validation rules, profiles, Apex, LWC) live from a connected T1 org without ModifyMetadata. Routes sanitized output to downstream review skills.
npx claudepluginhub raishin/vanguard-frontier-agentic --plugin vanguard-frontier-agenticHow this skill is triggered — by the user, by Claude, or both
Slash command
/vanguard-frontier-agentic:salesforce-metadata-fetcher-skillThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Fetches Salesforce metadata live from a connected org under T1 least-privilege scope,
Executes read-only SOQL queries against a connected Salesforce org via sf data query CLI under T1 least-privilege scope. Returns sanitized JSON with structured audit envelope. Use for live record evidence like pipeline counts, field values, or aggregate queries.
Generates, refactors, and reviews Apex classes including service, selector, domain, triggers, batch, queueable, and REST resources. Includes test generation.
Provides patterns for Salesforce platform development: Lightning Web Components (LWC), Apex triggers/classes, REST/Bulk APIs, Connected Apps, Salesforce DX with scratch orgs and 2GP.
Share bugs, ideas, or general feedback.
Fetches Salesforce metadata live from a connected org under T1 least-privilege scope, sanitizes output, and routes sanitized payloads to the appropriate downstream review skill. This skill eliminates the hand-paste requirement across the entire Vanguard Salesforce review portfolio — admins no longer need to manually export XML and paste it into review skills.
This skill owns the task when the user wants live metadata from a connected org rather than supplying a pre-exported file.
| Request type | Delegate to |
|---|---|
| Live SOQL record queries | salesforce-soql-explorer-skill |
| Static review of already-pasted XML | salesforce-metadata-review-skill |
| Deploy or validate a deployment | salesforce-deployment-validator-skill (T2) |
| Full org posture assessment | salesforce-org-assessment-skill |
| Permission topology across profiles + PSGs | salesforce-permission-model-review-skill |
| Flow logic review (user has flow XML) | salesforce-flow-automation-review-skill |
| Apex code review (user has class code) | salesforce-apex-lwc-code-review-skill |
| Certificate lifecycle / Connected App review | salesforce-integration-agent + salesforce-certificate-lifecycle-agent |
Before executing any CLI command, confirm all of the following:
sf org list to verify connectivity). Never default to the defaultusername if the user has not confirmed the target.The following types can be fetched without requiring ModifyMetadata permission via the REST describe or list paths:
CustomObject and CustomField — via /sobjects/<Object>/describeFlow — via Tooling API /tooling/sobjects/FlowValidationRule — via Tooling APIPermissionSet — via sf org list metadata --metadata-type PermissionSetProfile — via sf org list metadata --metadata-type Profile (list only; full retrieval is elevated — see note)ApexClass — via sf org list metadata --metadata-type ApexClass + sf project retrieve start (Tooling API preferred)ApexTrigger — via Tooling API /tooling/sobjects/ApexTriggerLightningComponentBundle (LWC) — via sf org list metadata --metadata-type LightningComponentBundleAuraDefinitionBundle (Aura) — via sf org list metadata --metadata-type AuraDefinitionBundleCustomMetadata — via REST describe (type definitions only, not record values)CustomSetting — via REST describe (type definitions only)Profile full retrieval note: Full profile XML retrieval via sf project retrieve start requires Customize Application or elevated permissions on some orgs. Prefer listing profiles and confirming with the user before full retrieval.
sf org display --target-org <alias>
Status: Connected and that the Access Token Expiry is not expired..sandbox. or .scratch..Before issuing any retrieval command:
Prefer listing before retrieving. This step has the lowest privilege footprint and confirms what is actually in the org.
sf org list metadata --metadata-type <Type> --target-org <alias>
/services/data/vXX.X/sobjects/<Object>/describe via REST.sf project retrieve startsf project retrieve start writes files to disk and may require Modify Metadata on some orgs. Prefer REST describe paths wherever possible:
Object describe (no ModifyMetadata required):
sf sobject describe --sobject <ObjectApiName> --target-org <alias>
Flow via Tooling API (requires only View Setup and Configuration):
# List flows
sf org list metadata --metadata-type Flow --target-org <alias>
# Retrieve specific flow definition via REST
# GET /services/data/v62.0/tooling/sobjects/Flow/<flowId>
Apex class via Tooling API:
# GET /services/data/v62.0/tooling/sobjects/ApexClass/<classId>
Only fall back to sf project retrieve start when no REST equivalent exists, and always declare the elevated path in the audit envelope.
Apply all sanitization rules from references/sanitization-rules.md before passing output to any downstream skill or surfacing it to the user:
00D).005).00e).https://user:pass@) — reject the entire payload and stop.Sanitization must complete before any output is emitted. If sanitization cannot be confirmed (e.g., the payload is too large to inspect), surface this as a gap and do not proceed.
Every retrieval operation must emit a structured audit envelope before handing off to a downstream skill. See Audit Envelope Schema below. The envelope must include:
operation — the CLI command or REST path usedmetadata_type — the type retrievedorg_type — production or sandboxorg_id_placeholder — <org_id_placeholder> (never the real org ID)run_as_user_id_placeholder — <user_id_placeholder>items_retrieved — countsanitization_applied — booleantimestamp — ISO 8601elevated_path_used — boolean (true if sf project retrieve start was used instead of REST)escalation_triggers_fired — list of any stop conditions that firedUse the delegation routing table in references/delegation-routing.md to determine the correct downstream skill. Emit the required handoff fields for that route.
Every handoff must include:
downstream_skill_recommendation field identifying which skill to invoke nextStop and do not proceed if any of the following are true:
UserInfo.getSessionId call being stored in a field or sent externally.Score the output of this skill before handing off. Outputs scoring below 60 must be rejected. Outputs scoring 60–79 may proceed with a caveat flag. Outputs scoring 80+ are acceptable.
| Dimension | Max points | Scoring guidance |
|---|---|---|
| Completeness | 25 | All requested metadata types retrieved and present in output. Partial retrieval: deduct 5 per missing type. Empty retrieval: 0. |
| Sanitization quality | 35 | All org IDs, user IDs, and profile IDs redacted: 20 pts. Field default scan complete: 8 pts. Encrypted field markers identified and skipped: 7 pts. Any unredacted Salesforce ID found: deduct 20. Any real credential found unredacted: 0 pts for entire dimension + stop. |
| Audit envelope | 15 | All required envelope fields present: 15 pts. Missing 1–2 fields: 8 pts. Missing > 2 fields or envelope absent: 0 pts. |
| Proper delegation routing | 15 | Downstream skill correctly identified and declared: 15 pts. Wrong skill recommended: 5 pts. No recommendation made: 0 pts. |
| Governor-limit awareness | 10 | Large payloads (> 50 items) summarized before full retrieval; user confirmation obtained: 10 pts. Large retrieval without confirmation: 0 pts. |
This skill operates under the T1 read-only-runtime tier as defined in docs/salesforce-wave-4-plan.md.
| Scope | Required | Rationale |
|---|---|---|
api | Yes | Enables REST API and Tooling API calls |
refresh_token | Yes | Allows token refresh without re-authentication |
full | Denied | Excessive; grants admin-level access |
web | Denied | Not required for CLI/API operations |
sfap_api | Denied | Agentforce platform scope; out of T1 scope |
cdp_query_api | Denied | Data Cloud scope; out of T1 scope |
| Permission | Status |
|---|---|
| View Setup and Configuration | Required |
| Per-object Read FLS (on target objects) | Required |
| ModifyAllData | Denied |
| ViewAllData (system-level) | Denied |
| ViewEncryptedData | Denied |
| ModifyMetadata | Denied (REST describe paths avoid this) |
| AuthorApex | Denied |
| ManageConnectedApps | Denied |
| Customize Application | Denied (flag as elevated if full Profile XML is needed) |
Only the following CLI command families are pre-approved:
sf org display — connectivity check onlysf org list metadata — enumeration only, no retrievalsf sobject describe — REST describe, read-onlysf project retrieve start — elevated path, must be declared in audit envelope; only used when no REST equivalent existsCommands that are explicitly out of scope:
sf project deploy (any form) — T2/T3sf data (DML) — T2/T3sf apex run — T2/T3--full flag — excessive scopeStop immediately and do not emit output (except a structured refusal message) if:
* wildcard or "dump everything").EncryptionKey, TenantSecret, ManagedContentType, or any type that directly exposes encryption configuration.production, prod, PROD, or any variant that suggests a production org and the metadata type includes Profile or PermissionSet full retrieval — require explicit confirmation.Refusal message format:
refusal:
trigger: [which refusal condition fired]
reason: [plain-language explanation]
recommended_action: [what the user should do instead]
escalation_required: [true/false]
Every retrieval operation must emit this envelope. Fields marked required must be present for the output to be accepted by downstream skills.
audit_envelope:
skill_id: salesforce-metadata-fetcher-skill # required
skill_version: "0.1.0" # required
operation: "<sf command or REST path used>" # required
metadata_type: "<Type>" # required
org_type: "production | sandbox | scratch | unknown" # required
org_id_placeholder: "<org_id_placeholder>" # required; never the real org ID
run_as_user_id_placeholder: "<user_id_placeholder>" # required; never the real user ID
items_retrieved: <integer> # required
sanitization_applied: true # required; false triggers rejection
elevated_path_used: <boolean> # required; true if sf project retrieve start was used
timestamp: "<ISO 8601>" # required
escalation_triggers_fired: [] # required; empty list if none
quality_score: <integer 0-100> # required
All output from this skill is YAML. Raw XML from sf project retrieve start must be converted to structured YAML before emission.
salesforce_metadata_fetch:
sanitized_metadata:
metadata_type: "<Type>"
items:
- name: "<ApiName>"
label: "<Label>"
# Type-specific fields follow — see delegation-routing.md for required fields per type
metadata_summary:
total_items: <integer>
types_retrieved: [<list of types>]
items_skipped: <integer>
skip_reasons: [<list of reasons — e.g., "encrypted field skipped", "field default redacted">]
fls_notes:
# For object/field retrieval: list fields where FLS was not readable
inaccessible_fields: [<list>]
encrypted_fields_skipped: [<list>]
audit_envelope:
# Full audit envelope as defined above
downstream_skill_recommendation:
skill_id: "<downstream-skill-id>"
rationale: "<why this skill was chosen>"
required_handoff_fields:
# Type-specific handoff fields as defined in references/delegation-routing.md
escalation_triggers_fired: [] # empty if none
missing_evidence: [] # gaps that would improve coverage
assumptions: [] # any assumptions made during retrieval
Precise redaction rules are documented in references/sanitization-rules.md. Summary:
| Pattern | Action |
|---|---|
Org ID: 00D[A-Za-z0-9]{12,15} | Replace with <org_id_placeholder> |
User ID: 005[A-Za-z0-9]{12,15} | Replace with <user_id_placeholder> |
Profile/PermSet ID: 00e[A-Za-z0-9]{12,15} | Replace with <profile_id_placeholder> |
| Email address in field default | Flag and redact; note in skip_reasons |
| Phone number in field default | Flag and redact; note in skip_reasons |
| URL with embedded credentials | Reject entire payload; stop |
| Named Credential header value | Reject entire payload; stop |
| Shield PE / PMLE encrypted field | Skip field entirely; do not read value |
| Hardcoded session ID in Apex | Flag as Critical; escalate before handoff |
| Token-like string (> 20 chars, high entropy) in field default | Flag and redact; note in skip_reasons |
Hardcoded ID values must never be repeated verbatim in output. Describe the pattern and location only.
Full routing map is in references/delegation-routing.md. Summary:
| Metadata type retrieved | Downstream skill | Key handoff fields |
|---|---|---|
CustomObject, CustomField (ObjectDescribe) | salesforce-metadata-review-skill | object_summary, field_inventory, validation_rules_summary |
Flow | salesforce-flow-automation-review-skill | flow_xml_sanitized, fault_path_present, automation_mix_summary |
PermissionSet, Profile | salesforce-permission-model-review-skill | permission_set_summary, system_perms_granted, object_perms_summary, fls_summary |
ApexClass, ApexTrigger | salesforce-apex-lwc-code-review-skill | class_name, with_sharing_status, soql_count, complexity_indicators |
LightningComponentBundle, AuraDefinitionBundle | salesforce-apex-lwc-code-review-skill | component_name, js_imports, apex_calls, lwc_security_concerns |
ConnectedApp | salesforce-integration-agent + salesforce-certificate-lifecycle-agent | oauth_scopes, ip_relaxation, certificate_thumbprint |
Stop processing and emit a structured stop message (not a refusal — stop conditions fire mid-execution, refusal triggers fire pre-execution) when:
UserInfo.getSessionId result being stored externally or in a field default.Stop message format:
stop:
condition_fired: [which condition]
mid_execution: true
items_sanitized_before_stop: <integer>
items_not_sanitized: <integer>
recommended_action: [what the user or operator should do]
escalation_required: true
audit_envelope:
# Partial audit envelope up to point of stop
ModifyMetadata, AuthorApex, or ManageConnectedApps. If the org CLI session has these permissions, surface a warning before executing — the T1 contract is violated.sf project retrieve start because they have a lower permission footprint. When sf project retrieve start is used, it is declared in the audit envelope as an elevated path.