The Model Context Protocol (MCP) lets users interact with a system, such as Salesforce, using an LLM and natural language instead of an API or CLI command. MCP servers provide the LLM with tools, prompts, and resources that the LLM can use to perform specific tasks. Salesforce provides multiple ways to use MCP; see MCP Solutions for Developers for details.
Salesforce Code Analyzer includes MCP tools in the Salesforce DX MCP Server to scan your code. See Code Analyzer MCP Tools Reference for details.
The Code Analyzer MCP tools offer a vibey alternative to the CLI commands or the VS Code extension. However, because MCP tools are invoked by LLMs, and LLM resources incur financial and ecological costs, we recommend using the excellent CLI commands or VS Code extension unless you specifically require an LLM.
How you access the tools depends on the MCP client you use:
- If you use the Agentforce Vibes Extension, then you already have access to the Code Analyzer MCP tools. This is because Agentforce Vibes is pre-configured with the Salesforce DX MCP Server.
- If you use a different MCP Client, such as Cursor or Windsurf, then you must install and configure the Salesforce DX MCP Server. See the Install and Configure the Salesforce DX MCP Server (Beta) section in the Salesforce DX Dev Guide for complete details and examples.
After you have a basic Salesforce DX MCP Server working, you might need to update its configuration to ensure access to the Code Analyzer MCP tools. In particular:
- You can also optionally restrict the MCP tools in the DX MCP server to only those in the Code Analyzer toolset (
code-analysis). - Most Salesforce Code Analyzer MCP tools are generally available. To use tools that aren’t yet generally available, set the
--allow-non-ga-toolsflag.
This Agentforce Vibes example shows an updated args option in the a4d_mcp_settings.json file:
This example shows how to configure a VS Code with Copilot MCP client:
Code Analyzer doesn't typically require a Salesforce org. However, because the --orgs flag is required by the Salesforce DX MCP Server, you must still set it in your configuration. You don't get an error when the MCP server starts, even if you haven't set a default org in your local project.
In your MCP client, open an agentic chat window where you can enter prompts. The exact steps depend on your MCP client. For example, if you're using Agentforce, see Build with Agentforce.
Here are some sample prompts to get you started.
- Run a code analysis on the GeocodingService.cls file, use its absolute path, and tell me about the violations.
- Tell me more about the AvoidTermsWithImplicitBias violation.
- Show me the top two high-severity violations from the last run.
- List all available Code Analyzer rules for typescript language.
- List all available Code Analyzer rules for PMD security violations.
Note that you never call a specific MCP tool directly; rather, you use natural language to tell the LLM what you want to accomplish, and the LLM then figures out which MCP tools to call to complete the task.
After you approve the tasks that the MCP client wants to execute, Code Analyzer displays the results of your prompt in the chat window. If you ran a code analysis and got a list of violations, see Interpret the Run Results.
Be aware of these limitations when your prompt invokes the run_code_analyzer MCP tool:
- The tool can handle a maximum of 10 files in a single execution. If a prompt results in a list of over 10 files, the tool rejects it and returns an error.
- The tool includes only these engines in its analysis:
pmd,cpd,eslint,retire-js, andregex.
Code Analyzer provides these MCP tools in the code-analysis toolset.
| Tool Name | Toolset | GA? | Description |
|---|---|---|---|
run_code_analyzer | code-analysis | GA | Performs a static analysis of your code using Salesforce Code Analyzer. Includes validating that the code conforms to best practices, checking for security vulnerabilities, and identifying possible performance issues. Equivalent to the code-analyzer run CLI command. |
describe_code_analyzer_rule | code-analysis | GA | Gets the description of a Salesforce Code Analyzer rule, including the engine it belongs to, its severity, and associated tags. Equivalent to the code analyzer rules --rule-selector <rule-name> --view detail CLI command. |
query_code_analyzer_results | code-analysis | GA | Retrieves specific analysis results using the output file from a previous run. Allows the LLM to paginate through results or filter by criteria such as file name or severity level. |
list_code_analyzer_rules | code-analysis | GA | Displays lists of available Code Analyzer rules. Allows the LLM to identify available rules and request specific checks using a rule selector. Enables the LLM to request specific checks using a rule selector. Equivalent to the code-analyzer rules --rule-selector <selector> CLI command. |