Salesforce Platform Tooling MCP Server

Create a powerful Model Context Protocol (MCP) server for Salesforce Platform Tooling API in minutes with our AI Gateway. This guide walks you through setting up seamless development and metadata management integration with enterprise-grade security and instant OAuth authentication.

About Salesforce Platform Tooling API

The Salesforce Tooling API provides programmatic access to the Salesforce platform's development and configuration capabilities. It enables developers and administrators to build custom development tools, automate deployments, and manage metadata. The Tooling API provides access to:

• Apex Development: Classes, triggers, and test execution
• Lightning Components: Aura and LWC component management
• Metadata Management: Custom objects, fields, and configurations
• Debug & Diagnostics: Debug logs, heap dumps, and execution data
• Code Coverage: Test coverage analysis and reporting
• Deployment: Change sets and metadata deployment
• Static Resources: JavaScript, CSS, and image management
• Development Tools: IDE integration and custom tooling

Key Features

• REST API: Modern RESTful interface for tooling
• SOAP API: Legacy support for existing tools
• Metadata API: Retrieve and deploy customizations
• Source Tracking: Track changes in scratch orgs
• Apex Execution: Anonymous code execution
• Symbol Tables: Code completion and analysis
• Debug Logs: Detailed execution tracing
• Performance Analysis: CPU time and heap analysis

What You Can Do with Salesforce Platform Tooling MCP Server

The MCP server transforms Tooling API into a natural language interface, enabling AI agents to:

Apex Development

• Code Management

  • "Create new Apex class for order processing"
  • "Update trigger to include new validation logic"
  • "Find all classes that reference Account object"
  • "Show Apex classes modified in last week"

• Test Development

  • "Create test class for OrderService"
  • "Run all tests in namespace"
  • "Check code coverage for Apex classes"
  • "Generate test data factory class"

• Code Analysis

  • "Analyze CPU time for slow-running code"
  • "Find SOQL queries in loops"
  • "Check heap size usage in batch class"
  • "Identify governor limit risks"

Lightning Development

• Component Management

  • "Create new Lightning Web Component"
  • "Update Aura component controller"
  • "Deploy LWC to production org"
  • "Find all components using specific apex controller"

• Component Analysis

  • "Show component dependencies"
  • "Check component performance metrics"
  • "Validate component security"
  • "Find unused components"

• Static Resources

  • "Upload new JavaScript library"
  • "Update CSS file in static resource"
  • "Deploy image assets"
  • "Manage third-party libraries"

Metadata Management

• Object & Field Management

  • "Create custom object for inventory tracking"
  • "Add lookup field to Order object"
  • "Update field-level security"
  • "Deploy validation rules"

• Configuration Management

  • "Retrieve all custom metadata"
  • "Deploy permission sets"
  • "Update page layouts"
  • "Manage record types"

• Schema Analysis

  • "Show object relationships diagram"
  • "Find all fields referencing User"
  • "Analyze field usage across objects"
  • "Check for unused custom fields"

Debug & Diagnostics

• Debug Log Management

  • "Enable debug logging for specific user"
  • "Retrieve debug logs from last hour"
  • "Set log levels for Apex and Database"
  • "Analyze debug log for errors"

• Performance Analysis

  • "Profile slow-running transactions"
  • "Analyze SOQL query performance"
  • "Check API call patterns"
  • "Monitor heap and CPU usage"

• Error Tracking

  • "Find all runtime exceptions today"
  • "Track error frequency by class"
  • "Analyze error patterns"
  • "Create error handling improvements"

Deployment & CI/CD

• Change Management

  • "Create change set for new feature"
  • "Validate deployment to production"
  • "Deploy specific components"
  • "Rollback failed deployment"

• Source Control Integration

  • "Retrieve metadata for Git commit"
  • "Deploy from feature branch"
  • "Compare org with source"
  • "Track metadata changes"

• Continuous Integration

  • "Run automated tests on deploy"
  • "Validate code quality standards"
  • "Check deployment conflicts"
  • "Generate deployment reports"

Analytics & Reporting

• Code Quality Metrics

  • "Generate code complexity report"
  • "Show test coverage trends"
  • "Analyze technical debt"
  • "Track code review metrics"

• Org Health Analysis

  • "Check org limits usage"
  • "Analyze custom object count"
  • "Monitor API usage patterns"
  • "Review security health check"

• Development Metrics

  • "Track deployment frequency"
  • "Measure development velocity"
  • "Analyze bug resolution time"
  • "Monitor code churn"

Prerequisites

• Access to Cequence AI Gateway
• Salesforce org with API access
• System Administrator or appropriate developer permissions
• Connected App configuration capabilities

Step 1: Create Salesforce Connected App

Before setting up the MCP server, you need to create a Connected App in Salesforce.

1.1 Access Salesforce Setup

1. Log in to your Salesforce org
2. Navigate to Setup (gear icon Setup)
3. In Quick Find, search for "App Manager"
4. Click App Manager

1.2 Create New Connected App

1. Click New Connected App

2. Fill in Basic Information:

   • Connected App Name: "AI Gateway Platform Tooling MCP"
   • API Name: Auto-populated
   • Contact Email: Your admin email

3. Enable OAuth Settings:

   • Check Enable OAuth Settings
   • Callback URL:

     https://auth.aigateway.cequence.ai/v1/outbound/oauth/callback

1.3 Configure OAuth Scopes

Select the following OAuth scopes:

• Access and manage your data (api)
• Access custom permissions (custom_permissions)
• Perform requests on your behalf at any time (refresh_token, offline_access)
• Access the identity URL service (id, profile, email, address, phone)
• Manage user data via APIs (api)
• Full access (full) - Required for tooling operations

1.4 Save and Get Credentials

1. Save the Connected App
2. Click Manage View
3. Note the Consumer Key (Client ID)
4. Click Click to reveal for Consumer Secret
5. Copy both values securely

Step 2: Access AI Gateway Apps

1. Log in to your Cequence AI Gateway dashboard
2. Navigate to Apps in the left sidebar
3. You'll see the list of available third-party applications

Step 3: Find and Select Salesforce Platform Tooling API

1. In the Apps section, browse through the Third-party category
2. Look for Salesforce Platform Tooling or use the search function
3. Click on the Salesforce Platform Tooling API card to view details

Step 4: Create MCP Server

1. Click the Create MCP Server button on the API card
2. You'll be redirected to the MCP Server creation wizard

Step 5: Configure API Endpoints

In the App Configuration step:

1. Base URL: Enter your Salesforce instance URL

   • Format: https://{instance}.salesforce.com
   • Example: https://na139.salesforce.com
   • Or use your My Domain: https://mycompany.my.salesforce.com

2. Select API endpoints to expose to your MCP server

3. Click Next to proceed

Step 6: MCP Server Basic Setup

Configure your MCP server details:

1. MCP Server Name: Enter a descriptive name

   • Example: "Salesforce Development Tooling"
   • This name will identify your server in the dashboard

2. Description (Optional): Add details about the server's purpose

   • Example: "Development, deployment, and metadata management"

3. Production Mode: Toggle based on your needs

   • ON for production environments
   • OFF for development/testing

4. Click Next to continue

Step 7: Configure Authentication

This is where you'll use your Connected App credentials:

1. Authentication Type: Select OAuth 2.0

2. Fill in the OAuth configuration:

   • Authorization URL:

     https://login.salesforce.com/services/oauth2/authorize

     (Use test.salesforce.com for sandboxes)

   • Token URL:

     https://login.salesforce.com/services/oauth2/token

   • Client ID: Paste Consumer Key from Connected App

   • Client Secret: Paste Consumer Secret from Connected App

   • Redirect URI:

     https://auth.aigateway.cequence.ai/v1/outbound/oauth/callback

3. Scopes: Select from available scopes

Available Salesforce Platform Tooling OAuth Scopes

Configure the appropriate scopes based on your application needs:

Core Scopes

• api

  • Access Salesforce data and metadata
  • Required for Tooling API access
  • CRUD operations on development artifacts
  • Query and modify code

• refresh_token

  • Maintain persistent access
  • Required for long-running operations
  • Essential for CI/CD pipelines
  • Background processing

• full

  • Full access including metadata
  • Required for deployment operations
  • Administrative functions
  • Complete tooling capabilities

Development Scopes

• custom_permissions

  • Access custom permissions
  • Required for package development
  • Permission set management
  • Security configuration

• visualforce

  • Access Visualforce pages
  • Required for classic UI
  • Page deployment
  • Controller access

Recommended Scope Combinations

For Development:

api
refresh_token
full

For Deployment Only:

api
refresh_token

For Full Tooling Access:

api
refresh_token
full
custom_permissions
visualforce

Step 8: Configure Security

Set up API protection features:

1. API Protection: Toggle ON to enable
2. Click Next to continue

Step 9: Choose Deployment Method

Select your deployment preference and click Next.

Step 10: Review and Deploy

Review your configuration and click Create & Deploy.

Using Your Salesforce Platform Tooling MCP Server

With Claude Desktop

1. Open Claude Desktop settings

2. Add your MCP server:

   {
     "servers": {
       "salesforce-tooling": {
         "url": "your-mcp-server-url",
         "auth": {
           "type": "oauth2",
           "client_id": "your-client-id"
         }
       }
     }
   }

3. Start using natural language commands:

   • "Create an Apex class for processing orders"
   • "Run all test classes and show coverage"
   • "Deploy the new Lightning component to production"
   • "Show debug logs for the last failed transaction"
   • "Find all SOQL queries in the codebase"

API Integration Example

// Initialize MCP client
const mcpClient = new MCPClient({
  serverUrl: 'your-mcp-server-url',
  auth: {
    type: 'oauth2',
    token: 'user-access-token'
  }
});

// Create Apex class
const apexClass = await mcpClient.salesforce.tooling.createApexClass({
  Name: 'OrderProcessor',
  Body: `public class OrderProcessor {
    public static void processOrder(Id orderId) {
      Order__c order = [SELECT Id, Status__c FROM Order__c WHERE Id = :orderId];
      order.Status__c = 'Processing';
      update order;
    }
  }`,
  Status: 'Active'
});

// Run tests
const testRun = await mcpClient.salesforce.tooling.runTests({
  classIds: ['01p...'], // Test class IDs
  testLevel: 'RunSpecifiedTests'
});

// Check code coverage
const coverage = await mcpClient.salesforce.tooling.getCodeCoverage({
  apexClassOrTriggerId: apexClass.Id
});

// Query metadata
const customObjects = await mcpClient.salesforce.tooling.query({
  query: "SELECT DeveloperName, NamespacePrefix FROM CustomObject"
});

// Enable debug logging
const debugLog = await mcpClient.salesforce.tooling.createTraceFlag({
  TracedEntityId: 'user-id',
  DebugLevelId: 'debug-level-id',
  StartDate: new Date(),
  ExpirationDate: new Date(Date.now() + 3600000) // 1 hour
});

Common Use Cases

Development Workflows

• Apex class and trigger development
• Lightning component creation
• Test automation and coverage
• Code review and analysis
• Debug and troubleshooting

Deployment & DevOps

• Continuous integration setup
• Automated deployments
• Change set management
• Metadata comparison
• Rollback procedures

Platform Management

• Custom object creation
• Field and relationship management
• Permission set configuration
• Page layout updates
• Validation rule deployment

Security Best Practices

1. API Security:

   • Restrict IP ranges
   • Use session security
   • Monitor API usage
   • Rotate credentials

2. Code Security:

   • CRUD/FLS checks
   • SOQL injection prevention
   • Secure coding standards
   • Security scanner compliance

3. Deployment Security:

   • Test in sandbox first
   • Validate before deploy
   • Backup metadata
   • Rollback planning

Troubleshooting

Common Issues

1. Insufficient Privileges

   • Verify API Enabled permission
   • Check Modify All Data
   • Author Apex requirement
   • View Setup and Configuration

2. Deployment Failures

   • Check test coverage
   • Resolve dependencies
   • Validate in sandbox
   • Review error details

3. API Limits

   • Monitor usage
   • Batch operations
   • Implement caching
   • Optimize queries

Getting Help

• Documentation: AI Gateway Docs
• Support: support@cequence.ai
• Community: AI Gateway Forum
• Salesforce Docs: Tooling API Developer Guide

---