// MCP TOOL REFERENCE

SALESFORCE MCP SERVER TOOLS

41 tools from the Salesforce MCP Server MCP Server, categorised by risk level.

View the Salesforce MCP Server policy →
// ALL 41 SALESFORCE MCP SERVER TOOLS
READ 17 tools
Read apex_get_log Fetch the specified log or given number of most recent logs from the org. Read apex_log_list Fetch the list of apex debug logs returning the logs with their IDs. Read get_apex_code_coverage Get code coverage information for a Salesforce Org. This command allows you to retrieve org-wide coverage p... Read get_apex_test_results Retrieve results from a previous asynchronous Apex test run. Use this command with a test run ID to get det... Read get_default_org Get the current default target org configured in the Salesforce CLI. This returns the org alias or username... Read get_server_permissions Get current server permission settings Read list_code_analyzer_rules List available code analysis rules with details. Use to determine rules for code-analyzer run command. Read list_connected_salesforce_orgs List connected Salesforce Orgs. This command retrieves a list of all Salesforce Orgs that are currently con... Read list_metadata List the metadata components and properties of a specified type. Use this command to identify individual co... Read list_metadata_types Display details about the metadata types that are enabled for your org. The information includes Apex class... Read query_records Query records from a SINGLE Salesforce object using structured field conditions. Use this for precise queri... Read query_records_to_file Query records from a Salesforce SObject and save to a file. This command allows you to execute a SOQL query... Read search_records Search for text across multiple Salesforce objects simultaneously. USE THIS TOOL when searching for records... Read sobject_describe Describe a Salesforce SObject. This command retrieves detailed metadata about a specific Salesforce SObject... Read sobject_list List all standard and custom objects in a Salesforce Org. This command retrieves a list of all standard and... Read display_user Display information about a Salesforce user. Output includes the profile name, org ID, access token, instan... Read generate_frontdoor_url Generate an authenticated Salesforce frontdoor URL that allows seamless browser login without re-entering c...
WRITE 11 tools
Write assign_permission_set Assign a permission set to one or more org users. To specify an alias for the --target-org or --on-behalf-o... Write assign_permission_set_license Assign a permission set license to one or more org users. To specify an alias for the --target-org or --on-... Write create_record Create a new record in a Salesforce org using the REST API. Returns the ID of the created record on success... Write generate_class Generates the Apex *.cls file and associated metadata file. These files must contained in a parent director... Write generate_component Generate Lightning Web Components (LWC) or Aura components with customizable templates and output directories Write generate_trigger Generates the Apex trigger *.trigger file and associated metadata file. These files must be contained in a ... Write install_skill Install the Salesforce MCP Server skill for Claude Code into the current working directory (.claude/skills/... Write login_into_org Authenticate and login to a Salesforce org via web browser. This command opens a browser window for OAuth a... Write schema_generate_tab Generate metadata source files for a new custom tab on a custom object. Custom tabs display custom object d... Write set_default_org Set the default target org for the Salesforce CLI. Once set, all tools will use this org by default when no... Write update_record Update an existing record in a Salesforce org using the REST API. Updates specified fields on the record. I...
DESTRUCTIVE 4 tools
Destructive clear_default_org Clear the default target org from the Salesforce CLI configuration. After clearing, all tools will require ... Destructive delete_record Delete a record from a Salesforce org using the REST API. Permanently removes the specified record. Input m... Destructive package_uninstall Uninstall a second-generation package from the target org. Specify the package ID (starts with 04t) or alia... Destructive logout Log out of a Salesforce org. Use targetOrg to logout of a specific org, or set all to true to logout of all...
EXECUTE 9 tools
Execute deploy_start Deploy metadata to Salesforce org with test execution options. Execute execute_anonymous_apex Execute Apex code in a Salesforce Org. This command allows you to run Apex code directly against a specifie... Execute run_apex_tests Run Apex tests in a Salesforce Org. This command allows you to execute unit tests with various options incl... Execute run_code_analyzer Analyze code for quality and security issues. Run list_code_analyzer_rules first to select appropriate rule... Execute scanner_run Scan codebase with security and quality rules. Defaults to all rules if none specified. Execute scanner_run_dfa Run Graph Engine for Apex data flow analysis. Detects complex security issues like SOQL/SQL injection. Execute open Open your Salesforce org in a browser. To open a specific page, specify the portion of the URL after Execute open_record Opens a Salesforce record in a browser. Execute package_install Install or upgrade a package version in a Salesforce org. Supports both package IDs (04t) and aliases with ...

Route Salesforce MCP Server through PolicyLayer and every one of its 41 tools is checked against your policy before it runs.

CHECK YOUR STACK →

See every tool, the dangerous ones, and the token cost across your stack.

// FAQ
How many tools does the Salesforce MCP Server MCP server have? +

The Salesforce MCP Server MCP server exposes 41 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on Salesforce MCP Server tools? +

Route the Salesforce MCP Server server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do Salesforce MCP Server tools fall into? +

Salesforce MCP Server tools are categorised as Read (17), Write (11), Destructive (4), Execute (9). Each category has a recommended default policy.

Enforce policy on every Salesforce MCP Server tool call.

Start from Salesforce MCP Server, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.