jaganpro/sf-apex
skills/sf-apex/SKILL.md
Generates and reviews Salesforce Apex code with 150-point scoring. TRIGGER when: user writes, reviews, or fixes Apex classes, triggers, test classes, batch/queueable/schedulable jobs, or touches .cls/.trigger files. DO NOT TRIGGER when: LWC JavaScript (use sf-lwc), Flow XML (use sf-flow), SOQL-only queries (use sf-soql), or non-Salesforce code.
$ install --global
skillsauthnpx skillsauth add jaganpro/claude-code-sfskills sf-apexInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 10:28 PM149.4s27 files scanned
SKILL.md
- name:
- sf-apex
- description:
- >
- TRIGGER when:
- user writes, reviews, or fixes Apex classes, triggers, test classes,
- DO NOT TRIGGER when:
- LWC JavaScript (use sf-lwc), Flow XML (use sf-flow),
- license:
- MIT
- version:
- 1.1.0
- author:
- Jag Valaiyapathy
- scoring:
- 150 points across 8 categories
sf-apex: Salesforce Apex Code Generation and Review
Use this skill when the user needs production Apex: new classes, triggers, selectors, services, async jobs, invocable methods, test classes, or evidence-based review of existing .cls / .trigger code.
When This Skill Owns the Task
Use sf-apex when the work involves:
- Apex class generation or refactoring
- trigger design and trigger-framework decisions
@InvocableMethod, Queueable, Batch, Schedulable, or test-class work- review of bulkification, sharing, security, testing, or maintainability
Delegate elsewhere when the user is:
- editing LWC JavaScript / HTML / CSS → sf-lwc
- building Flow XML or Flow orchestration → sf-flow
- writing SOQL only → sf-soql
- deploying or validating metadata to orgs → sf-deploy
Required Context to Gather First
Ask for or infer:
- class type: trigger, service, selector, batch, queueable, schedulable, invocable, test
- target object(s) and business goal
- whether code is net-new, refactor, or fix
- org / API constraints if known
- expected test coverage or deployment target
Before authoring, inspect the project shape:
- existing classes / triggers
- current trigger framework or handler pattern
- related tests, flows, and selectors
- whether TAF is already in use
Recommended Workflow
1. Discover local architecture
Check for:
- existing trigger handlers / frameworks
- service-selector-domain conventions
- related tests and data factories
- invocable or async patterns already used in the repo
2. Choose the smallest correct pattern
| Need | Preferred pattern |
|---|---|
| simple reusable logic | service class |
| query-heavy data access | selector |
| single object trigger behavior | one trigger + handler / TAF action |
| Flow needs complex logic | @InvocableMethod |
| background processing | Queueable by default |
| very large datasets | Batch Apex or Database.Cursor patterns |
| repeatable verification | dedicated test class + test data factory |
3. Author with guardrails
Generate code that is:
- bulk-safe
- sharing-aware
- CRUD/FLS-safe where applicable
- testable in isolation
- consistent with project naming and layering
4. Validate and score
Evaluate against the 150-point rubric before handoff.
5. Hand off deploy/test next steps
When org validation is needed, hand off to:
- sf-testing for test execution loops
- sf-deploy for deploy / dry-run / verification
Generation Guardrails
Never generate these without explicitly stopping and explaining the problem:
| Anti-pattern | Why it blocks |
|---|---|
| SOQL in loops | governor-limit failure |
| DML in loops | governor-limit failure |
| missing sharing model | security / data exposure risk |
| hardcoded IDs | deployment and portability failure |
| empty catch blocks | silent failure / poor observability |
| string-built SOQL with user input | injection risk |
| tests without assertions | false-positive test suite |
Default fix direction:
- query once, operate on collections
- use
with sharingunless justified otherwise - use bind variables and
WITH USER_MODEwhere appropriate - create assertions for positive, negative, and bulk cases
See references/anti-patterns.md and references/security-guide.md.
High-Signal Build Rules
Trigger architecture
- Prefer one trigger per object.
- If TAF is already installed and used, extend it instead of inventing a second trigger pattern.
- Triggers should delegate logic; avoid heavy business logic directly in trigger bodies.
Async choice
| Scenario | Default |
|---|---|
| standard async work | Queueable |
| very large record processing | Batch Apex |
| recurring schedule | Scheduled Flow or Schedulable |
| post-job cleanup | Finalizer |
| long-running Lightning callouts | Continuation |
Testing minimums
Use the PNB pattern for every feature:
- Positive path
- Negative / error path
- Bulk path (251+ records where relevant)
Modern Apex expectations
Prefer current idioms when available:
- safe navigation:
obj?.Field__c - null coalescing:
value ?? fallback Assert.*over legacy assertion styleWITH USER_MODEand explicit security handling where relevant
Output Format
When finishing, report in this order:
- What was created or reviewed
- Files changed
- Key design decisions
- Risk / guardrail notes
- Test guidance
- Deployment guidance
Suggested shape:
Apex work: <summary>
Files: <paths>
Design: <pattern / framework choices>
Risks: <security, bulkification, async, dependency notes>
Tests: <what to run / add>
Deploy: <dry-run or next step>
LSP Validation Note
This skill supports an LSP-assisted authoring loop for .cls and .trigger files:
- syntax issues can be detected immediately after write/edit
- the skill can auto-fix common syntax errors in a short loop
- semantic quality still depends on the 150-point review rubric
Full guide: references/troubleshooting.md
Cross-Skill Integration
| Need | Delegate to | Reason | |---|---|---| | describe objects / fields first | sf-metadata | avoid coding against wrong schema | | seed bulk or edge-case data | sf-data | create realistic test datasets | | run Apex tests / fix failing tests | sf-testing | execute and iterate on failures | | deploy to org | sf-deploy | validation and deployment orchestration | | build Flow that calls Apex | sf-flow | declarative orchestration | | build LWC that calls Apex | sf-lwc | UI/controller integration |
Reference Map
Start here
- references/patterns-deep-dive.md
- references/security-guide.md
- references/bulkification-guide.md
- references/testing-patterns.md
High-signal checklists
- references/code-review-checklist.md
- references/anti-patterns.md
- references/naming-conventions.md
Specialized patterns
- references/trigger-actions-framework.md
- references/automation-density-guide.md
- references/flow-integration.md
- references/triangle-pattern.md
- references/design-patterns.md
- references/solid-principles.md
Troubleshooting / validation
- references/troubleshooting.md
- references/llm-anti-patterns.md
- references/testing-guide.md
Score Guide
| Score | Meaning | |---|---| | 120+ | strong production-ready Apex | | 90–119 | good implementation, review before deploy | | 67–89 | acceptable but needs improvement | | < 67 | block deployment |
Related Skills
jaganpro/sf-lwc
development
VerifiedTrustedCommunity
Lightning Web Components with PICKLES methodology and 165-point scoring. TRIGGER when: user creates/edits LWC components, touches lwc/**/*.js, .html, .css, .js-meta.xml files, or asks about wire service, SLDS, or Jest LWC tests. DO NOT TRIGGER when: Apex classes (use sf-apex), Aura components, or Visualforce.
394SKILL.mdUpdated Apr 5, 2026
jaganpro/sf-ai-agentforce-grid
tools
VerifiedTrustedCommunity
Use this skill whenever users want to build, inspect, debug, automate, or publish workflows in Agentforce Grid (AI Workbench) using Salesforce plus the Grid MCP or direct Grid REST calls. Trigger it for Grid workbook creation, worksheet setup, Object/Reference/AI/Agent/AgentTest/Evaluation/PromptTemplate/InvocableAction column design, prompt drafting inside Grid, worksheet execution troubleshooting, Grid YAML `apply_grid` specs, and Windows-specific Grid setup issues. Also use it when users mention AI Workbench, Grid Studio, workbook IDs, worksheet IDs, Grid Connect, or ask for recipes like "top opportunities with AI email drafts", "agent test suite in Grid", or "build this worksheet from YAML". Do not use it for generic Salesforce work unrelated to Agentforce Grid.
372SKILL.mdUpdated Apr 23, 2026
jaganpro/sf-flex-estimator
development
VerifiedTrustedCommunity
Salesforce Flex Credit estimation for Agentforce and Data Cloud workloads. TRIGGER when: user needs cost projections, scenario planning, budget sizing, or architecture tradeoff analysis for Agentforce prompts/actions, Data Cloud meters, or monthly Flex Credit usage. DO NOT TRIGGER when: user is building Agentforce metadata or .agent files themselves (use sf-ai-agentforce or sf-ai-agentscript), implementing Data Cloud assets (use sf-datacloud-*), or asking for contract-specific commercial approval that depends on non-public pricing terms.
366SKILL.mdUpdated Apr 22, 2026
jaganpro/sf-permissions
testing
VerifiedTrustedCommunity
Permission Set analysis, hierarchy viewer, and access auditing. TRIGGER when: user asks "who has access to X?", analyzes permission sets/groups, or touches .permissionset-meta.xml / .permissionsetgroup-meta.xml files. DO NOT TRIGGER when: creating new metadata (use sf-metadata), deploying permission sets (use sf-deploy), or Apex sharing logic (use sf-apex).
366SKILL.mdUpdated Apr 5, 2026