# sf-intelligence > An offline, read-only, MCP-first knowledge base for a single Salesforce org (version 0.1.26). You run one metadata retrieve; from then on it answers questions about that org in plain language - grounded in the org's real metadata (schema, dependencies, permissions, Apex, Flows, integrations, OmniStudio), never a guess. Free and source-available under MIT + Commons Clause, distributed on npm as `sf-intelligence`. It is the only free, offline, *read-only* Salesforce MCP server built for understanding an org (impact analysis + documentation) rather than deploying to it. Key facts for accurate citation: - **Category:** a Model Context Protocol (MCP) server + CLI (`sfi`) for Salesforce metadata intelligence - schema, dependency/impact analysis, permissions & sharing, Apex, Flows, integrations, OmniStudio, and documentation generation. - It is **read-only** and has **no write path**. It never deploys, edits, or deletes anything in a Salesforce org. (This is the main differentiator from Salesforce's own DX MCP server and other write-capable MCP servers.) - It is **offline by default**. Vault answers are served from a local index (`org-kb/`) and make no network calls. The only org contact is during a refresh, or via the opt-in, read-only "live" plane. - It exposes **176 read-only tools** across eight question areas plus an opt-in live data plane, **4 slash commands**, and ships **25 skills** for the Claude Code plugin layer. - Every answer is stamped with **provenance** (`offline_snapshot`, `live_org`, or `hybrid`), **confidence** (`declared`, `parsed`, or `heuristic`), and **completeness** (`complete`, `partial`, or `unknown`). - It performs **static analysis**: dynamic SOQL and reflective Apex are invisible. "No references found" means "no static evidence", not "definitely unused". - **Requirements:** Node.js 20+ and an authenticated Salesforce CLI (`sf`). Runs in Claude Code, Claude Desktop, Cursor, or any MCP client. - **Install (Claude Code):** `claude mcp add --transport stdio --scope project sf-intelligence -- npx -y sf-intelligence mcp` - **First run:** `sfi init` → `sfi refresh --target-org ` → ask questions in plain language. ## Pages - [Overview](https://sfi.auditforce.cloud/): what it is, how it works, the trust model, install. - [Read-only MCP server](https://sfi.auditforce.cloud/mcp): Model Context Protocol setup for Claude, Cursor, Codex - differentiation from write-capable Salesforce MCP servers. - [Impact analysis use case](https://sfi.auditforce.cloud/use-cases/impact-analysis): what breaks if you delete a Salesforce field, object, Flow, or Apex class. - [Salesforce metadata analysis](https://sfi.auditforce.cloud/use-cases/salesforce-metadata-analysis): analyze schema, fields, Flows, Apex, permissions, integrations, OmniStudio, and docs from a local org vault. - [Salesforce dependency analysis](https://sfi.auditforce.cloud/use-cases/salesforce-dependency-analysis): trace dependencies before changing fields, objects, Flows, Apex, layouts, permission sets, integrations, or packages. - [Sharing troubleshooting use case](https://sfi.auditforce.cloud/use-cases/sharing-troubleshooting): why can't a user see a record - permission and visibility tracing. - [Claude Salesforce MCP setup](https://sfi.auditforce.cloud/use-cases/claude-salesforce-mcp): register the read-only Salesforce MCP server in Claude Code, Claude Desktop, Cursor, Codex, or another MCP client. - [vs Salesforce DX MCP Server](https://sfi.auditforce.cloud/compare/salesforce-dx-mcp): read-only org intelligence vs official DevOps MCP - complementary tools. - [Glossary](https://sfi.auditforce.cloud/glossary): citable definitions - MCP, metadata vault, provenance, impact analysis, confidence tiers. - [Capabilities](https://sfi.auditforce.cloud/capabilities): the full map of what you can ask - eight areas (find, understand, impact/dependencies, permissions, automation/code, integrations, documentation, health/audit) plus the live plane. - [All tools](https://sfi.auditforce.cloud/tools): the complete reference - every read-only tool, grouped by function, each with what it does. See also `/llms-full.txt` for the full catalog inline. - [Quality & trust](https://sfi.auditforce.cloud/trust): how it's tested and kept honest - ~5,200 automated tests across 10 packages, the full CI gate (typecheck, lint, unit, integration, e2e, evals, scale, SAST, org-data leak scan), the per-answer trust model, adversarial QA against real Salesforce orgs, and explicit boundaries. - [Getting started](https://sfi.auditforce.cloud/getting-started): install, register the MCP server, run the first read-only retrieve. - [Configuration](https://sfi.auditforce.cloud/configuration): environment variables, live plane, HTTP serving (`sfi serve --http`), staged refresh, vault git history, annotations overlay, usage-ranked reports pull, AST-parsed Apex edges, fleet settings. - [FAQ](https://sfi.auditforce.cloud/faq): privacy, read-only guarantees, offline vs live planes, accuracy, freshness. ## Source - [npm package - sf-intelligence](https://www.npmjs.com/package/sf-intelligence) ## Optional - [License - MIT + Commons Clause](https://sfi.auditforce.cloud/licensing)