A clear local-first boundary for Salesforce assessment data.

SF Analyzer separates customer org evidence from product operations: the desktop app stores Salesforce data locally, while the portal handles account and license workflows.

Data Flow Diagram

The diagram is intentionally simple: customer evidence moves from Salesforce to the local desktop workspace; AI calls go directly to the provider selected by the user.

01

Salesforce org → desktop app

The desktop app authenticates with the local Salesforce CLI and retrieves metadata/source files to the user's machine.

02

Desktop app → local workspace

Snapshots, source files, git-backed history, wiki pages and exported documents are written under the local ~/.sf-analyzer workspace.

03

Desktop app → AI provider

Only when AI generation is run, selected metadata/code context is sent directly to the provider configured by the user with their own key.

04

Desktop app ↔ portal

The portal handles account, license, limits and operational telemetry. It is not the storage layer for Salesforce org data.

Data Boundaries

The portal is not a repository for customer org metadata or source code. AI provider traffic is direct BYO-key traffic controlled by the user.

Stays on the user's computer
Customer org evidence is local-first by design.
  • Salesforce metadata snapshots and retrieved source files
  • Local git analysis history and delta evidence
  • Generated wiki Markdown pages and exported technical documents
  • LLM API keys stored locally with OS-backed encryption
Stored or processed by SF Analyzer portal
Cloud data is limited to product operations.
  • Account identity
  • License status and usage limits
  • Operational telemetry and bug reports when enabled
Sent directly to the user's AI provider
AI traffic is controlled by the user's BYO-key provider choice.
  • Prompt instructions for As-Is documentation
  • Selected local metadata/code excerpts needed for the requested AI output
  • No SF Analyzer cloud proxy for customer prompts or source code

Application Hardening

The desktop app follows Electron hardening practices documented in ADR-007: sandboxed renderer, typed IPC and OS-backed secret storage.

Sandboxed renderer
Electron runs with sandbox, context isolation, nodeIntegration disabled and filesystem access only through typed IPC.
Validated IPC
Renderer-to-main messages are defined in shared contracts and validated with zod before domain logic runs.
Encrypted local secrets
LLM keys are stored locally through Electron safeStorage backed by the operating-system keychain/DPAPI/Secret Service.