AgentSkillsCN

Salesforce CLI Platform Reference

sf CLI命令的密集型参考——认证、临时组织、部署/检索、测试、数据操作,以及CI/CD模式。专为快速查阅而优化。

SKILL.md
--- frontmatter
name: Salesforce CLI Platform Reference
description: Dense reference for sf CLI commands — auth, scratch orgs, deploy/retrieve, testing, data ops, and CI/CD patterns. Optimized for quick lookup.
when_to_use: When working with Salesforce DX projects, deploying metadata, running Apex tests, managing orgs, querying data, or setting up CI/CD pipelines with the Salesforce CLI.
version: "62.0"

Salesforce CLI (sf) — Platform Reference

All commands use the modern sf CLI. Legacy sfdx aliases are deprecated.


Project Structure — sfdx-project.json

jsonc
{
  // Required. Defines where source lives and optional package info.
  "packageDirectories": [
    {
      "path": "force-app",          // Relative path to metadata source directory
      "default": true,              // One directory must be default
      "package": "MyPackage",       // Optional — unlocked/managed package name
      "versionName": "v1.0",        // Optional — human-readable version label
      "versionNumber": "1.0.0.NEXT" // Optional — MAJOR.MINOR.PATCH.BUILD
    }
  ],

  // Optional. Registered namespace prefix for the org/package.
  "namespace": "",

  // Optional. Login URL for auth. Use https://test.salesforce.com for sandboxes.
  "sfdcLoginUrl": "https://login.salesforce.com",

  // Optional. API version for source operations. Match your target org.
  "sourceApiVersion": "62.0"
}
FieldRequiredPurpose
packageDirectoriesYesArray of source directories. At least one must have "default": true.
namespaceNoNamespace prefix. Empty string for unmanaged projects.
sfdcLoginUrlNoDefault login endpoint. Overridable per command with --instance-url.
sourceApiVersionNoDefault API version for all source commands. Overridable with --api-version.

Auth Commands

CommandAuth MethodUse CaseKey Flags
sf org login webBrowser OAuthInteractive dev, first-time setup--alias, --instance-url, --set-default, --set-default-dev-hub
sf org login jwtJWT Bearer tokenCI/CD, headless automation--username, --jwt-key-file, --client-id, --instance-url, --set-default, --alias
sf org login sfdx-urlSFDX auth URL fileCI/CD, portable auth--sfdx-url-file, --alias, --set-default
sf org login deviceDevice code flowHeadless envs without key files--alias, --instance-url, --set-default
sf org displayShow current org auth info--target-org, --verbose
sf org listList all authenticated orgs--all, --clean, --skip-connection-status
sf org logoutRemove stored auth for an org--target-org, --no-prompt, --all

Scratch Org Commands

CommandPurposeKey Flags
sf org create scratchCreate a scratch org from a definition file--definition-file config/project-scratch-def.json, --alias, --duration-days (1–30, default 7), --set-default, --edition (developer, enterprise, group, professional), --target-dev-hub
sf org openOpen org in browser--target-org, --path (specific page), --url-only (print URL without opening)
sf org list --allList all orgs (including expired scratch orgs)--all, --clean (remove stale entries), --skip-connection-status
sf org delete scratchDelete a scratch org--target-org, --no-prompt
sf config set target-orgSet the default org for commandssf config set target-org=myAlias, --global

Deploy / Retrieve Commands

Cross-reference the metadata-api skill for package.xml structure and wildcard details.

CommandPurposeKey Flags
sf project deploy startDeploy source to an org--source-dir, --metadata, --manifest (package.xml), --target-org, --test-level, --tests, --dry-run, --wait, --async, --ignore-conflicts
sf project deploy reportCheck status of async deploy--job-id, --target-org, --wait
sf project deploy cancelCancel an in-progress deploy--job-id, --target-org, --wait
sf project retrieve startRetrieve source from an org--source-dir, --metadata, --manifest, --target-org, --wait, --ignore-conflicts, --package-name
sf project retrieve reportCheck status of async retrieve--job-id, --target-org, --wait

Testing Commands

CommandPurposeKey Flags
sf apex run test --tests ClassName.methodNameRun a specific test method--target-org, --wait, --result-format
sf apex run test --suite MySuiteRun a test suite--target-org, --wait
sf apex run test --test-level RunLocalTestsRun all local tests (excludes managed package tests)--target-org, --wait
sf apex run test --code-coverage --result-format humanRun tests and display coverage--output-dir (for junit/json output)
sf apex run test --wait 10Wait N minutes for async test resultsCombine with any of the above

Test Levels (used with --test-level on deploy or test commands):

LevelBehavior
NoTestRunNo tests. Only valid for non-production deploys.
RunSpecifiedTestsRun only tests named with --tests. Must cover deployed Apex.
RunLocalTestsAll tests in the org except managed package tests.
RunAllTestsInOrgEvery test, including managed package tests.

Data Operations

CommandPurposeKey Flags
sf data query --query "SELECT Id, Name FROM Account LIMIT 10"Inline SOQL query--target-org, --result-format (human, csv, json), --bulk (use Bulk API), --wait
sf data query --file query.soqlRun SOQL from fileSame as above
sf data export tree --query "SELECT Id, Name FROM Account" --planExport records with relationship plan file--target-org, --output-dir, --plan (generates plan JSON)
sf data import tree --plan plan.jsonImport records from a plan file--target-org
sf data create record --sobject Account --values "Name='Test'"Create a single record--target-org, --use-tooling-api
sf data update record --sobject Account --record-id 001xx... --values "Name='Updated'"Update a record by ID--target-org, --where (alternative to --record-id)
sf data delete record --sobject Account --record-id 001xx...Delete a record by ID--target-org, --where

Anonymous Apex

bash
# From file
sf apex run --file script.apex --target-org myOrg

# From stdin
echo "System.debug('hi');" | sf apex run --target-org myOrg

CI/CD Patterns

JWT Auth (headless)

  1. Create a Connected App in the target org (Enable OAuth, select api and refresh_token scopes, upload a digital certificate).
  2. Generate or obtain server.key (private key matching the certificate).
  3. Auth in CI:
    bash
    sf org login jwt \
      --username user@example.com \
      --jwt-key-file assets/server.key \
      --client-id <connected_app_consumer_key> \
      --instance-url https://login.salesforce.com \
      --set-default \
      --alias ci-org
    

Dry-Run Deployment

Validate without persisting changes. Runs tests if --test-level is specified.

bash
sf project deploy start \
  --source-dir force-app \
  --dry-run \
  --test-level RunLocalTests \
  --wait 30

Package Version Creation

bash
sf package version create \
  --package MyPackage \
  --installation-key-bypass \
  --wait 20 \
  --code-coverage \
  --definition-file config/project-scratch-def.json

Common Errors

ErrorCauseFix
No default org setNo target-org configured and no --target-org flag passedRun sf config set target-org=<alias> or pass --target-org explicitly
The org cannot be foundAlias/username not in local auth store, or org was deletedRe-authenticate with sf org login web --alias <alias> or check sf org list
INVALID_SESSION_IDAccess token expired or revokedRe-authenticate. For JWT: check certificate expiration and connected app permissions
Deploy failed — test coverage below 75%Org-wide Apex coverage under 75% after deployWrite more tests. Check coverage with sf apex run test --code-coverage. All triggers must have >0% coverage
Shape/feature not enabled in scratch orgScratch org definition requests a feature not available or misspelledVerify feature name in project-scratch-def.json. Check Salesforce docs for valid features and settings values
Socket timeoutNetwork interruption or long-running operation exceeded default timeoutIncrease --wait value. Check network/proxy. For deploys, use --async and poll with deploy report
ECONNRESETConnection dropped by Salesforce or intermediary proxyRetry the command. If persistent, check VPN/proxy/firewall. Use SF_LOG_LEVEL=debug for diagnostics
Metadata API request failedMalformed package.xml, invalid metadata type, or API version mismatchValidate package.xml types against the metadata coverage report. Ensure sourceApiVersion matches org capability