Grounded, not generative
Every component it names is backed by a tool call and cited with a canonical ID like CustomField:Account.Industry__c. No invented fields.
Salesforce org intelligence · read-only · MCP server
A grounded, fail-closed MCP server for AI assistants working in one Salesforce org - the funnel advises, your LLM decides, and anything it can't ground is refused. Ask metadata, permission, dependency, Apex, Flow, and impact questions in plain language.
Runs in Claude Code, Claude Desktop, or any MCP client. Needs Node 20+ & the Salesforce CLI.
# vault loaded · offline_snapshot · 176 tools ready
where's the emale field?
◆ 3 matches for “email” - which did you mean? Email__c on Account Email__c on Contact Alternate_Email__c on Lead
the contact one - what breaks if I delete it?
▸ 3 components reference CustomField:Contact.Email__c: ValidationRule · Flow · ApexClass
the problem
Ask a general model “what breaks if I delete this field?” and it answers from generic Salesforce training data - confidently, and often wrong for your org. sf-intelligence answers only from the metadata you actually retrieved. When it isn't sure, it says so and shows you the candidates.
Every component it names is backed by a tool call and cited with a canonical ID like CustomField:Account.Industry__c. No invented fields.
A typo-tolerant resolver turns messy phrasing into the right component. When several match, it hands you a clarifying question - it never silently picks one.
The vault lives on your machine. Answering makes no network calls. Live org reads are opt-in, read-only, capped - and never backfill stale claims.
$ sfi.capabilities - what can you ask?
Not a tool catalogue - the operational questions admins, developers, architects, release managers, and support reps ask every day. You type the question in plain language; the router surfaces the right tools and your AI assistant runs them - across eight areas.
One question for any component - field, class, Flow, layout, custom metadata - answered from the dependency graph plus a source-grep, and honest when there's no evidence (never a false "unused").
use cases
Intent-matched pages for the operational problems Salesforce teams search for - metadata analysis, dependency analysis, impact analysis, sharing troubleshooting, and MCP setup.
Search and explain schema, fields, Flows, Apex, permissions, integrations, OmniStudio, and generated documentation from a local org vault.
Trace what depends on a field, object, Flow, Apex class, permission set, integration endpoint, or package before you change it.
Register a read-only Salesforce MCP server in Claude Code, Claude Desktop, Cursor, Codex, or any MCP client.
What breaks if you delete a field, object, Flow, or Apex class? Dependency tracing with confidence tiers.
Why can't a user see a record? Who can edit a field? Trace Profiles, Permission Sets, and the sharing cascade.
Register in Claude Code, Cursor, or Codex. The only free, offline Salesforce MCP built for understanding - not deploying.
how it works
No cloud service, no account. The whole index is files on your machine.
Run sfi refresh. It shells out to sf project retrieve against your org - read-only - and pulls the metadata down once.
It builds a local Markdown vault and a DuckDB dependency graph of objects, fields, Flows, Apex and permissions, connected by typed, confidence-tagged edges.
Question your org in plain language from any MCP client. Answers are served locally, stamped with provenance and freshness.
trust & provenance
Findings carry where they came from, how they were derived, and how complete the underlying coverage was.
Refusal gates run on every question before any routing. "Delete this field for me" is refused - and answered anyway with the read-only simulation that covers it safely, like safe_to_delete_field. Prompt injection ("ignore your previous instructions…") and record-value exfiltration ("dump all SSN values") are hard-refused, with no tool shortlist left to route around. And when no tool models the question - login history, adoption metrics - it returns an honest gap naming the nearest real reads instead of a confident guess.
› how it's tested - ~5,200 tests, full CI gate & the trust model
before you point it at production
The first question any admin asks. The left column is the one-screen guarantee sfi init prints in your terminal; the right is the boundaries it states plainly instead of papering over.
It never writes, deploys, or modifies anything in Salesforce - only sf project retrieve (metadata read). No create, update, or delete path exists.
Every answer comes from the local vault built at the last refresh, not a live call. The org is contacted only when you run sfi refresh.
The vault lives on your machine and is never sent anywhere. No telemetry, no phone-home; feedback is captured locally and shared only if you choose to.
The published package is code only - a files whitelist keeps the vault out, and every public version has been downloaded and grepped clean of org identifiers (the leak audit).
The vault stores schema and source, not rows. “How many Opportunities closed?” is a live-org question - answered only by the opt-in, capped live plane you turn on yourself.
Dynamic SOQL and reflective Apex are invisible - “no references” means “no static evidence”, not “unused”. Heuristic edges are labelled so you know to spot-check.
The opt-in live read-only plane (capped counts/samples) stays disabled until you enable it - and even then runs a curated query roster, never arbitrary SOQL, never a write.
Answers reflect the metadata you retrieved. It stamps every answer with freshness and tells you when the vault is stale rather than implying it's current.
highlights
Read-only capabilities built for large production orgs - all optional except the defaults you already get on refresh.
Servable vault in minutes on large orgs - T0 skeleton, T1 priority families, T2 full build. Honest mid-build coverage.
sfi serve --http for CI/shared read-only access. Live plane hard-disabled over the wire.
Auto-commit on refresh. component_history and component_as_of for time-travel queries.
Curated owner, status, and glossary synonyms that survive every refresh.
Parser-grade dependency edges by default - stronger than regex heuristics alone.
Top 500 Reports/Dashboards by actual usage pulled on every refresh - field refs included.
install
Distributed on npm as sf-intelligence - an MCP server plus the sfi CLI.
claude mcp add --transport stdio --scope project sf-intelligence -- npx -y sf-intelligence mcp
{
"mcpServers": {
"sf-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "sf-intelligence", "mcp"]
}
}
}
# 1. create the local vault and pick your org alias sfi init # 2. retrieve metadata and build the index (read-only) sfi refresh --target-org my-org-alias # 3. confirm freshness and component counts any time sfi status
Free and source-available under MIT + Commons Clause. One retrieve, and every answer after that is grounded in your real metadata.