Skip to content

NEW @W-22393672@ Expose ApexGuru engine in CLI with --target-org flag#2051

Closed
nikhil-mittal-165 wants to merge 7 commits into
devfrom
feature/W-22393676-apexguru-cli-integration
Closed

NEW @W-22393672@ Expose ApexGuru engine in CLI with --target-org flag#2051
nikhil-mittal-165 wants to merge 7 commits into
devfrom
feature/W-22393676-apexguru-cli-integration

Conversation

@nikhil-mittal-165

@nikhil-mittal-165 nikhil-mittal-165 commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Summary

Integrates the ApexGuru engine into the Code Analyzer CLI. Adds a --target-org flag to sf code-analyzer run so users can run Apex anti-pattern analysis against an authenticated org.

GUS Ticket

W-22393672 — code-analyzer | Expose ApexGuru engine in CLI with --target-org flag

Changes

  • Add --target-org flag to sf code-analyzer run command (standard SF CLI org flag pattern)
  • Register ApexGuru as an engine in EnginePluginsFactory
  • Wire target-org config through RunAction to engine config (passes alias/username string only — core resolves credentials internally via @salesforce/core)
  • Add end-to-end tests for --target-org flag
  • Fix test stubs for getInsights and getEngineInsights

Test Evidence

  • Unit tests: 384/386 pass
  • Integration: sf code-analyzer run finds 1224 violations on dreamhouse
  • ApexGuru workspace scan completes (65.97% progress on large codebases before 120s timeout)

Test Status: PASS

Findings Doc

https://docs.google.com/document/d/1zNU-LaHOZIEfGDVHlk5-9MpuCucKEEAseQglyF0bDWk/edit

Add --target-org/-o flag to code-analyzer run command to specify
target Salesforce org for remote analysis engines like ApexGuru.

Changes:
- Add target-org flag to RunCommand with char 'o'
- Update RunInput type to include optional target-org field
- Add ApexGuru engine dependency from feature branch
- Register ApexGuru engine in EnginePluginsFactory
- Wire target-org through CliOverrides to engine config
- Add unit tests for flag parsing and config wiring

The flag value is passed to the ApexGuru engine via engine_overrides
config as target_org field, following the engine's config schema.
Add E2E tests verifying --target-org and -o shorthand are accepted
and parsed without errors. Tests use try-catch since ApexGuru may
fail in test environment without authenticated org.
Test stubs were missing getInsights and getEngineInsights methods
added to RunResults interface in core. Also disable lint warning
for target-org -o shorthand which is the correct convention.
@nikhil-mittal-165 nikhil-mittal-165 marked this pull request as ready for review June 16, 2026 13:02

@aruntyagiTutu aruntyagiTutu left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

APPROVE WITH COMMENTS ⚠️

Good implementation overall, but has one pre-merge requirement.

13-Point Review: Mostly PASS, one requirement before merge.

⚠️ PRE-MERGE REQUIREMENT:
The GitHub SHA dependency must be updated to a published version before merge:

// CURRENT (temporary)
"@salesforce/code-analyzer-apexguru-engine": "github:forcedotcom/code-analyzer-core#feature/W-22393676-sfap-workspace-scan:packages/apexguru-engine"

// REQUIRED (published version)
"@salesforce/code-analyzer-apexguru-engine": "^0.39.0"

Action Required: Update to published version once PRs #468 and #472 are merged and released.

Non-Blocking Suggestions:

  1. Add early org validation for clearer error messages at CLI boundary
  2. E2E tests should assert specific error types rather than swallowing all exceptions

Otherwise, well-structured implementation with clean architecture.

@aruntyagiTutu aruntyagiTutu left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New commits detected. The PR now includes the ApexGuru engine integration with the --target-org flag, which is a significant addition. Based on the diff:

Changes observed:
✅ New --target-org flag added with proper documentation in messages/run-command.md
✅ @salesforce/code-analyzer-apexguru-engine dependency added (0.39.0)
✅ Dependency updates: @jsforce/jsforce-node upgraded to 3.10.17
✅ New transitive dependencies added for ApexGuru engine support

Remaining review areas (per Code Analyzer PR Review guidelines):

  • Performance (#1 priority): Need to verify ApexGuru engine doesn't block on sync I/O operations. Remote connectivity should be async throughout.
  • Validation: --target-org flag should validate org authentication upfront (before expensive processing) and provide distinct error messages for auth failures
  • Logging: Verify proper log levels for remote engine operations (Debug for internal state, Info for user-facing progress, Error for auth/connection failures)
  • Error handling: Remote engine failures should provide actionable error messages guiding users to fix auth/connectivity issues

Recommended verification before merge:

  1. Test on a large project to ensure remote engine doesn't degrade overall CLI performance
  2. Verify --target-org validation provides clear errors when org is not authenticated
  3. Check logging doesn't spam console with debug-level remote engine details
  4. Confirm error messages guide users to solve auth/connection issues

Still marked as dependent on another PR merge. Will re-review once implementation code is visible.

@nikhil-mittal-165 nikhil-mittal-165 changed the title [W-22393672] Expose ApexGuru engine in CLI with --target-org flag NEW @W-22393672@ Expose ApexGuru engine in CLI with --target-org flag Jun 29, 2026
@nikhil-mittal-165 nikhil-mittal-165 force-pushed the feature/W-22393676-apexguru-cli-integration branch from 92a8fcc to 232062f Compare June 29, 2026 09:30

@aruntyagiTutu aruntyagiTutu left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation code is now visible. Reviewing against Code Analyzer PR Review guidelines:

Positive observations:
✅ Flag properly added with short option -o and documentation
✅ Target org passed through RunInput → RunAction → ConfigFactory → config object
✅ Config factory properly handles CLI override merging with YAML config

Issues to address:

1. Validation (#3 - CRITICAL)

  • ❌ No upfront validation of target-org parameter. Per guidelines: "Token/credential validation upfront. If the workflow requires a GitHub token or org connection, validate it exists and has correct permissions before proceeding."
  • Missing: Check if org is authenticated before expensive file processing
  • Missing: Distinct error messages for different failure cases (org not found, not authenticated, connection failed)

2. Error Messages (#3)

  • Need actionable guidance when org validation fails
  • Should tell users to run sf org login or similar

3. Config Logic Complexity (#2 - Naming & Consistency)

  • ConfigFactory.mergeConfigAndOverrides() has complex branching logic that's hard to follow
  • Line 66: if (disableSuppressionExplicitlySet && !cliOverrides.targetOrg) - why does targetOrg presence affect suppressions precedence? This coupling is unexpected.
  • Consider: separate concerns - handle suppressions override independently from targetOrg override

4. Performance (#1 - Most Critical)

  • Remote engine operations must be async throughout (can't verify without seeing ApexGuru engine implementation)
  • If target org validation involves network calls, ensure they don't block

Recommended changes:

// In RunAction.execute(), add validation before expensive operations:
if (input['target-org']) {
    await this.validateTargetOrg(input['target-org']); // throws with actionable message
}

Request changes to add target org validation upfront.

@aruntyagiTutu aruntyagiTutu left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest commit reviewed. The requested validation changes were not addressed.

Issue still present:
❌ No upfront validation of target-org in RunAction.execute()

  • The target org is passed straight through to config without checking if it exists or is authenticated
  • This violates guideline #3: "Token/credential validation upfront. If the workflow requires a GitHub token or org connection, validate it exists and has correct permissions before proceeding."

Current flow:

  1. User provides --target-org myorg
  2. Flag parsed → RunAction → ConfigFactory → config object → ApexGuru engine
  3. Only when ApexGuru engine runs will org validation happen (deep in execution)

Required change:
Add validation at the boundary (RunAction.execute) before expensive processing:

public async execute(input: RunInput): Promise<void> {
    // Validate org upfront if provided
    if (input['target-org']) {
        await this.validateTargetOrg(input['target-org']);
    }
    
    const cliOverrides = // ... rest of existing code

Where validateTargetOrg throws with actionable error like:

  • "Org 'myorg' not found. Run 'sf org list' to see available orgs."
  • "Org 'myorg' not authenticated. Run 'sf org login web --alias myorg'."

Test observation:
Test at line 89 explicitly catches and ignores validation failures with "ApexGuru may fail if org is not authenticated, which is expected". This confirms validation happens too late (in the engine) rather than upfront.

Request still stands: add upfront validation per Code Analyzer guidelines.

@nikhil-mittal-165 nikhil-mittal-165 force-pushed the feature/W-22393676-apexguru-cli-integration branch from a55f920 to 92a8fcc Compare June 29, 2026 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants