Salesforce metadata · read-only · MCP server

ASK YOUR
SALESFORCE ORG.
GET THE TRUTH.

An offline knowledge base for a single Salesforce org that runs on your machine. One retrieve, then every answer is grounded in your org's real Salesforce metadata — not a guess.

148 tools 0 writes 100% offline Apache-2.0

$ install browse 148 capabilities

Runs in Claude Code, Claude Desktop, or any MCP client. Needs Node 20+ & the Salesforce CLI.

claude — sf-intelligence — 80×24

# vault loaded · offline_snapshot · 148 tools ready
where's the emale field?
◆ 3 matches for “email” — which did you mean?
                Email__c on Account
                Email__c on Contact
                Alternate_Email__c on Lead
              
the contact one — what breaks if I delete it?
▸ 3 components reference CustomField:Contact.Email__c:
                ValidationRule · Flow · ApexClass
              
provenance offline_snapshot · edges: declared, parsed

148

read-only tools

intelligence planes

writes to your org

100%

offline by default

the problem

A chatbot guesses. This reads the org.

Ask a general model “what breaks if I delete this field?” and it answers from generic Salesforce training data — confidently, and often wrong for your org. sf-intelligence answers only from the metadata you actually retrieved. When it isn't sure, it says so and shows you the candidates.

grounded

Grounded, not generative

Every component it names is backed by a tool call and cited with a canonical ID like CustomField:Account.Industry__c. No invented fields.

asks-first

Asks before it guesses

A typo-tolerant resolver turns messy phrasing into the right component. When several match, it hands you a clarifying question — it never silently picks one.

local-only

Private by design

The vault lives on your machine. Answering makes no network calls. Live org reads are opt-in, read-only, capped — and never backfill stale claims.

$ sfi.capabilities

Eight areas. All plain language.

You never type a tool name. A deterministic router maps each question to the right tools and the plane that answers it.

find

Find & identify

Locate an object, field, class or Flow from a half-remembered name.

where is the email field?
what's the payment object?

understand

Understand

Explain a field, a Flow, an Apex method, a formula, or a save.

what does this rule do?
what happens on Account save?

impact

Impact & dependencies

See what depends on something before you change or delete it.

what breaks if I delete this?
safe to deactivate this flow?

access

Permissions & sharing

Answer who-can-see-what, and why, across the visibility cascade.

why can't this user see it?
who can edit Salary?

automation

Automation & code

Trace what runs and when — order of execution, call graphs, dead code.

what runs on Case create?
which methods lack coverage?

integration

Integrations

Map how the org talks to the outside world.

what does this org talk to?
list every outbound endpoint

docs

Documentation

Generate an org tour, a data dictionary, an architecture overview.

give me a tour of this org
generate a data dictionary

govern

Health & audit

Check freshness, inventory PII, score technical debt.

where is PII stored?
is my vault still fresh?

› browse the capability map › all 148 tools

how it works

One retrieve, then ask anything.

No cloud service, no account. The whole index is files on your machine.

Retrieve

Run sfi refresh. It shells out to sf project retrieve against your org — read-only — and pulls the metadata down once.

Index

It builds a local Markdown vault and a DuckDB dependency graph of objects, fields, Flows, Apex and permissions, connected by typed, confidence-tagged edges.

Ask

Question your org in plain language from any MCP client. Answers are served locally, stamped with provenance and freshness.

trust & provenance

Every answer is labelled.

Findings carry where they came from, how they were derived, and how complete the underlying coverage was.

confidence

declaredSalesforce states it directly — highest trust.

parsedFrom AST/XML parsing of source — high trust.

heuristicRegex / token analysis — spot-check it.

provenance

offline_snapshotThe last refresh's vault — the default.

live_orgAn opt-in, capped, read-only SOQL read.

hybridFuses vault + live, discloses both.

completeness

completeEvery needed family was modeled.

partialA dependency wasn't retrieved — “not checked”, not “none”.

unknownCoverage couldn't be determined.

› how it's tested — ~3,100 tests, full CI gate & the trust model

no fine print

What it does NOT do.

Most tools hide their limits. This one states them, and tells you plainly when it hits one rather than papering over the gap with general Salesforce knowledge.

✓

It never writes to your org.

There is no write path. Every tool is read-only.

✓

Offline by default.

Vault tools never call Salesforce mid-conversation. Live reads are opt-in, capped, and clearly labelled.

✓

No record-level data.

The vault stores schema and source, not rows. “How many Opportunities closed?” is a live-org question.

✓

Static analysis, not runtime.

Dynamic SOQL and reflective Apex are invisible — “no references” means “no static evidence”, not “unused”.

install

Register once, then just ask.

Distributed on npm as sf-intelligence — an MCP server plus the sfi CLI.

// Claude Code — project-scoped

terminal

claude mcp add --transport stdio --scope project sf-intelligence -- npx -y sf-intelligence mcp

// Claude Desktop or any MCP client

claude_desktop_config.json

{
  "mcpServers": {
    "sf-intelligence": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "sf-intelligence", "mcp"]
    }
  }
}

// first run, from your Salesforce DX repo