mcp
Provides an MCP server (TypeScript/Node via @salesforce/mcp) that lets an MCP client/LLM securely interact with Salesforce orgs using a configurable set of DX/MCP tools (e.g., orgs, metadata, data, users, DevOps Center, etc.).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security is largely dependent on local Salesforce CLI org authorization and the principle of least privilege via selecting specific orgs/toolsets. The README mentions a comprehensive overview including security features exists in external Salesforce documentation, but the provided content does not include concrete details on transport security, token handling/log redaction, scope granularity, or rate limiting. Debug logging may increase exposure risk if MCP client logs are accessible.
⚡ Reliability
Best When
You want an MCP-compatible agent/IDE to operate on Salesforce org content using a curated toolset with explicit org authorization via Salesforce CLI.
Avoid When
You need simple API-key REST access or you cannot securely authorize and manage access to Salesforce credentials/tokens on the machine running the MCP server.
Use Cases
- • Salesforce org automation and agentic workflows via LLM tools (read/manage resources).
- • Metadata and code assistance (e.g., analyze/enrich/migrate assets) in a structured MCP workflow.
- • Running Salesforce-related operations such as Apex test execution through MCP tools (tool selection via flags).
- • Building IDE integrations (VS Code/Copilot, Claude Code, Cursor, etc.) that can invoke Salesforce actions.
Not For
- • Direct production API access to Salesforce over HTTP from arbitrary services (this is an MCP server used by MCP clients).
- • Use cases requiring a documented REST/GraphQL/SDK contract for programmatic integration outside the MCP protocol.
- • Environments where installing/running npx/Node packages is not permitted (e.g., locked-down build environments).
Interface
Authentication
The README indicates you must authorize orgs locally with Salesforce CLI; the MCP server then uses the authorized orgs specified by `--orgs`. No explicit OAuth parameters/scopes are described in the README content provided.
Pricing
No pricing details were present in the provided README content.
Agent Metadata
Known Gotchas
- ⚠ Toolsets can be large (README notes 60+ tools); enabling too many tools may overwhelm LLM context—prefer explicit `--toolsets/--tools`.
- ⚠ Authorization is required for org access; agents will fail if the specified org(s) are not locally authorized via Salesforce CLI.
- ⚠ Some features are marked experimental (e.g., `--dynamic-tools`) and may not work consistently across MCP client environments.
- ⚠ `--debug` logging depends on whether the MCP client exposes MCP logs; logging may not be available for troubleshooting.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.