jaganpro/sf-deploy
skills/sf-deploy/SKILL.md
Salesforce DevOps automation using sf CLI v2. TRIGGER when: user deploys metadata, creates/manages scratch orgs or sandboxes, sets up CI/CD pipelines, or troubleshoots deployment errors with sf project deploy. DO NOT TRIGGER when: writing Apex/LWC code (use sf-apex/sf-lwc), creating metadata XML (use sf-metadata), or querying org data (use sf-data).
$ install --global
skillsauthnpx skillsauth add jaganpro/sf-skills sf-deployInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 10:30 PM43.7s9 files scanned
SKILL.md
- name:
- sf-deploy
- description:
- >
- TRIGGER when:
- user deploys metadata, creates/manages scratch orgs or sandboxes,
- DO NOT TRIGGER when:
- writing Apex/LWC code (use sf-apex/sf-lwc), creating metadata
- license:
- MIT
- version:
- 2.3.0
- author:
- Jag Valaiyapathy
sf-deploy: Comprehensive Salesforce DevOps Automation
Use this skill when the user needs deployment orchestration: dry-run validation, targeted or manifest-based deploys, CI/CD workflow advice, scratch-org management, failure triage, or safe rollout sequencing for Salesforce metadata.
When This Skill Owns the Task
Use sf-deploy when the work involves:
sf project deploy start,quick,report, or retrieval workflows- release sequencing across objects, permission sets, Apex, and Flows
- CI/CD gates, test-level selection, or deployment reports
- troubleshooting deployment failures and dependency ordering
Delegate elsewhere when the user is:
- authoring Apex or LWC code → sf-apex, sf-lwc
- creating metadata definitions → sf-metadata
- building Flows → sf-flow
- doing org data operations → sf-data
- authoring Agent Script logic → sf-ai-agentscript
Critical Operating Rules
- Use
sfCLI v2 only. - On non-source-tracking orgs, deploy/retrieve commands require an explicit scope such as
--source-dir,--metadata, or--manifest. - Prefer
--dry-runfirst before real deploys. - For Flows, deploy safely and activate only after validation.
- Keep test-data creation guidance delegated to
sf-dataafter metadata is validated or deployed.
Default deployment order
| Phase | Metadata | |---|---| | 1 | Custom objects / fields | | 2 | Permission sets | | 3 | Apex | | 4 | Flows as Draft | | 5 | Flow activation / post-verify |
This ordering prevents many dependency and FLS failures.
Required Context to Gather First
Ask for or infer:
- target org alias and environment type
- deployment scope: source-dir, metadata list, or manifest
- whether this is validate-only, deploy, quick deploy, retrieve, or CI/CD guidance
- required test level and rollback expectations
- whether special metadata types are involved (Flow, permission sets, agents, packages)
Preflight checks:
sf --version
sf org list
sf org display --target-org <alias> --json
test -f sfdx-project.json
Recommended Workflow
1. Preflight
Confirm auth, repo shape, package directories, and target scope.
2. Validate first
sf project deploy start --dry-run --source-dir force-app --target-org <alias> --wait 30 --json
Use manifest- or metadata-scoped validation when the change set is targeted.
3. If validation succeeds, offer the next safe workflow
After a successful validation, guide the user to the correct next action:
- deploy now
- assign permission sets
- create test data via sf-data
- run tests / smoke checks
- orchestrate multiple post-deploy steps in order
4. Deploy the smallest correct scope
# source-dir deploy
sf project deploy start --source-dir force-app --target-org <alias> --wait 30 --json
# manifest deploy
sf project deploy start --manifest manifest/package.xml --target-org <alias> --test-level RunLocalTests --wait 30 --json
# manifest deploy with Spring '26 relevant-test selection
sf project deploy start --manifest manifest/package.xml --target-org <alias> --test-level RunRelevantTests --wait 30 --json
# quick deploy after successful validation
sf project deploy quick --job-id <validation-job-id> --target-org <alias> --json
5. Verify
sf project deploy report --job-id <job-id> --target-org <alias> --json
Then verify tests, Flow state, permission assignments, and smoke-test behavior.
6. Report clearly
Summarize what deployed, what failed, what was skipped, and what the next safe action is.
Output template: references/deployment-report-template.md
High-Signal Failure Patterns
| Error / symptom | Likely cause | Default fix direction |
|---|---|---|
| FIELD_CUSTOM_VALIDATION_EXCEPTION | validation rule or bad test data | adjust data or rule timing |
| INVALID_CROSS_REFERENCE_KEY | missing dependency | include referenced metadata first |
| CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY | trigger / Flow / validation side effect | inspect automation stack and failing logic |
| tests fail during deploy | broken code or fragile tests | run targeted tests, fix root cause, revalidate |
| field/object not found in permset | wrong order | deploy objects/fields before permission sets |
| Flow invalid / version conflict | dependency or activation problem | deploy as Draft, verify, then activate |
Full workflows: references/orchestration.md, references/trigger-deployment-safety.md
CI/CD Guidance
Default pipeline shape:
- authenticate
- validate repo / org state
- static analysis
- dry-run deploy
- tests + coverage gates
- deploy
- verify + notify
- When org policy and release risk allow it, consider
--test-level RunRelevantTestsfor Apex-heavy deployments. - Pair this with modern Apex test annotations such as
@IsTest(testFor=...)and@IsTest(isCritical=true)as documented insf-apex.
Static analysis now uses Code Analyzer v5 (sf code-analyzer), not retired sf scanner.
Deep reference: references/deployment-workflows.md
Agentforce Deployment Note
Use this skill to orchestrate deployment/publish sequencing around agents, but use the agent-specific skills for authoring decisions:
- sf-ai-agentscript for
.agentauthoring and validation - sf-ai-agentforce for Agent Builder / Prompt Builder / metadata config
For full agent DevOps details, including Agent: pseudo metadata, publish/activate, and sync-between-orgs, see:
- references/agent-deployment-guide.md
Cross-Skill Integration
| Need | Delegate to | Reason | |---|---|---| | custom object / field creation | sf-metadata | define metadata before deploy | | Apex compile / review / fixes | sf-apex | code authoring and repair | | Flow creation / repair | sf-flow | Flow authoring and activation guidance | | test data or seed records | sf-data | describe-first data setup and cleanup | | Agent Script build/publish readiness | sf-ai-agentscript | agent-specific correctness |
Reference Map
Start here
- references/orchestration.md
- references/deployment-workflows.md
- references/deployment-report-template.md
Specialized deployment safety
- references/trigger-deployment-safety.md
- references/agent-deployment-guide.md
- references/deploy.sh
Score Guide
| Score | Meaning | |---|---| | 90+ | strong deployment plan and execution guidance | | 75–89 | good deploy guidance with minor review items | | 60–74 | partial coverage of deployment risk | | < 60 | insufficient confidence; tighten plan before rollout |
Completion Format
Deployment goal: <validate / deploy / retrieve / pipeline>
Target org: <alias>
Scope: <source-dir / metadata / manifest>
Result: <passed / failed / partial>
Key findings: <errors, ordering, tests, skipped items>
Next step: <safe follow-up action>
Related Skills
jaganpro/sf-lwc
development
VerifiedTrustedCommunity
Lightning Web Components with PICKLES methodology and 165-point scoring. TRIGGER when: user creates/edits LWC components, touches lwc/**/*.js, .html, .css, .js-meta.xml files, or asks about wire service, SLDS, or Jest LWC tests. DO NOT TRIGGER when: Apex classes (use sf-apex), Aura components, or Visualforce.
394SKILL.mdUpdated Apr 5, 2026
jaganpro/sf-ai-agentforce-grid
tools
VerifiedTrustedCommunity
Use this skill whenever users want to build, inspect, debug, automate, or publish workflows in Agentforce Grid (AI Workbench) using Salesforce plus the Grid MCP or direct Grid REST calls. Trigger it for Grid workbook creation, worksheet setup, Object/Reference/AI/Agent/AgentTest/Evaluation/PromptTemplate/InvocableAction column design, prompt drafting inside Grid, worksheet execution troubleshooting, Grid YAML `apply_grid` specs, and Windows-specific Grid setup issues. Also use it when users mention AI Workbench, Grid Studio, workbook IDs, worksheet IDs, Grid Connect, or ask for recipes like "top opportunities with AI email drafts", "agent test suite in Grid", or "build this worksheet from YAML". Do not use it for generic Salesforce work unrelated to Agentforce Grid.
372SKILL.mdUpdated Apr 23, 2026
jaganpro/sf-flex-estimator
development
VerifiedTrustedCommunity
Salesforce Flex Credit estimation for Agentforce and Data Cloud workloads. TRIGGER when: user needs cost projections, scenario planning, budget sizing, or architecture tradeoff analysis for Agentforce prompts/actions, Data Cloud meters, or monthly Flex Credit usage. DO NOT TRIGGER when: user is building Agentforce metadata or .agent files themselves (use sf-ai-agentforce or sf-ai-agentscript), implementing Data Cloud assets (use sf-datacloud-*), or asking for contract-specific commercial approval that depends on non-public pricing terms.
366SKILL.mdUpdated Apr 22, 2026
jaganpro/sf-permissions
testing
VerifiedTrustedCommunity
Permission Set analysis, hierarchy viewer, and access auditing. TRIGGER when: user asks "who has access to X?", analyzes permission sets/groups, or touches .permissionset-meta.xml / .permissionsetgroup-meta.xml files. DO NOT TRIGGER when: creating new metadata (use sf-metadata), deploying permission sets (use sf-deploy), or Apex sharing logic (use sf-apex).
366SKILL.mdUpdated Apr 5, 2026