sf-agent-framework/sf-core/utils/code-analyzer.md

AI Agent Orchestration Framework for Salesforce Development - Two-phase architecture with 70% context reduction

# Code Analyzer Utility - Agent Instructions

## Purpose

This utility provides instructions for AI agents to generate comprehensive code
analysis solutions for Salesforce development, including static analysis,
quality metrics, and technical debt assessment.

## Agent Instructions

### When to Generate Code Analysis

Generate code analysis components when:

- Code quality needs assessment
- Technical debt requires measurement
- Security vulnerabilities need detection
- Performance bottlenecks need identification
- Coding standards need enforcement
- Refactoring opportunities need discovery
- Team code reviews need automation

### Core Components to Generate

#### 1. Static Code Analyzer

Generate an Apex class that:

- Analyzes code complexity metrics
- Detects code smells and anti-patterns
- Identifies security vulnerabilities
- Checks governor limit usage
- Validates naming conventions
- Measures code coverage quality

Key metrics to calculate:

- Cyclomatic complexity
- Cognitive complexity
- Lines of code (LOC)
- Code duplication percentage
- Method length
- Class coupling

#### 2. Security Scanner

Create security analysis components that:

- Detect SOQL injection vulnerabilities
- Verify CRUD/FLS enforcement
- Check sharing rule compliance
- Validate input sanitization
- Identify hardcoded credentials
- Analyze error handling patterns

#### 3. Performance Analyzer

Implement performance checks for:

- SOQL queries in loops
- DML operations in loops
- Inefficient collection usage
- Governor limit risks
- Bulk processing patterns
- CPU time optimization

### Configuration Requirements

#### Custom Objects

Create these objects:

```yaml
Code_Analysis_Result__c:
  - Class_Name__c (Text)
  - Analysis_Date__c (DateTime)
  - Lines_of_Code__c (Number)
  - Complexity_Score__c (Number)
  - Quality_Score__c (Number)
  - Security_Score__c (Number)
  - Performance_Score__c (Number)
  - Technical_Debt_Minutes__c (Number)
  - Issues_Count__c (Number)

Code_Issue__c:
  - Analysis_Result__c (Master-Detail)
  - Issue_Type__c (Picklist)
  - Severity__c (Picklist)
  - Description__c (Text Area)
  - Line_Number__c (Number)
  - Method_Name__c (Text)
  - Recommendation__c (Text Area)
  - Category__c (Picklist)
```

#### Analysis Rules Configuration

```yaml
Analysis_Rule__mdt:
  - Rule_Name__c (Text)
  - Category__c (Picklist)
  - Pattern__c (Text Area)
  - Severity__c (Picklist)
  - Description__c (Text Area)
  - Recommendation__c (Text Area)
  - Active__c (Checkbox)
```

### Analysis Patterns to Implement

#### Code Quality Patterns

1. **Complexity Analysis**
   - Count decision points (if, for, while, etc.)
   - Calculate nesting depth
   - Measure logical operators
   - Assess method complexity
   - Evaluate class cohesion

2. **Code Smell Detection**
   - Long methods (>50 lines)
   - Large classes (>500 lines)
   - Too many parameters (>5)
   - Duplicate code blocks
   - Dead code detection

3. **Best Practice Validation**
   - Bulkification patterns
   - Error handling presence
   - Test class quality
   - Documentation coverage
   - Naming conventions

#### Security Patterns

1. **SOQL Injection Prevention**
   - Dynamic SOQL analysis
   - String concatenation in queries
   - User input validation
   - Bind variable usage
   - Escapement verification

2. **Access Control**
   - CRUD checks before DML
   - FLS validation
   - Sharing keyword usage
   - Permission set checks
   - Profile-based access

3. **Data Protection**
   - Encryption usage
   - Sensitive data exposure
   - API key management
   - Password handling
   - PII protection

### Reporting Components to Generate

#### Code Quality Dashboard

Display metrics for:

- Overall code health score
- Complexity distribution
- Issue severity breakdown
- Technical debt trends
- Coverage statistics
- Team performance

#### Security Dashboard

Show analysis of:

- Vulnerability count by type
- Security score trends
- Critical issues requiring attention
- Compliance status
- Risk assessment matrix

#### Technical Debt Dashboard

Visualize:

- Debt accumulation over time
- Estimated remediation effort
- Debt by component
- Priority recommendations
- ROI of refactoring

### Integration Requirements

#### IDE Integration

- VS Code extension support
- IntelliJ plugin compatibility
- Command-line interface
- Git hook integration
- Pre-commit validation

#### CI/CD Integration

- Jenkins plugin
- Azure DevOps tasks
- GitHub Actions
- GitLab CI
- Quality gates

#### Reporting Integration

- Email reports
- Slack notifications
- JIRA ticket creation
- Confluence documentation
- Custom dashboards

### Best Practices to Implement

1. **Performance Optimization**
   - Cache analysis results
   - Incremental analysis
   - Parallel processing
   - Efficient parsing
   - Memory management

2. **Accuracy Enhancement**
   - False positive reduction
   - Context-aware analysis
   - Pattern refinement
   - Machine learning integration
   - Continuous improvement

3. **Usability Features**
   - Clear issue descriptions
   - Actionable recommendations
   - Code examples
   - Fix suggestions
   - Learning resources

4. **Customization Options**
   - Rule configuration
   - Severity adjustment
   - Custom patterns
   - Exclusion lists
   - Team-specific rules

### Analysis Algorithms to Implement

#### Cyclomatic Complexity

```
1. Start with complexity = 1
2. Add 1 for each:
   - if, else if
   - for, while, do-while
   - case, when
   - catch
   - && and || operators
3. Calculate per method and aggregate
```

#### Code Duplication Detection

```
1. Tokenize code blocks
2. Generate fingerprints
3. Compare fingerprints
4. Identify matching sequences
5. Calculate duplication percentage
```

#### Dependency Analysis

```
1. Parse class references
2. Build dependency graph
3. Identify circular dependencies
4. Calculate coupling metrics
5. Suggest decoupling strategies
```

### Error Handling Instructions

Implement error handling for:

1. Invalid code syntax
2. Missing dependencies
3. API limits exceeded
4. Analysis timeouts
5. Memory constraints

Error recovery strategies:

- Graceful degradation
- Partial analysis results
- Error categorization
- Retry mechanisms
- User notifications

### Testing Requirements

Generate test classes that:

1. Test all analysis rules
2. Verify metric calculations
3. Validate issue detection
4. Check false positives
5. Ensure performance

### Advanced Features to Consider

1. **AI-Powered Analysis**
   - Pattern learning from codebase
   - Automated fix suggestions
   - Code quality prediction
   - Anomaly detection
   - Style learning

2. **Collaborative Features**
   - Code review integration
   - Team analytics
   - Knowledge sharing
   - Best practice library
   - Peer comparisons

3. **Continuous Monitoring**
   - Real-time analysis
   - Trend detection
   - Alert mechanisms
   - Quality gates
   - Automated reporting

### Output Formats

Support multiple output formats:

- JSON for API integration
- HTML for reports
- CSV for data analysis
- Markdown for documentation
- XML for tool integration

### Metrics Calculation Formulas

1. **Quality Score**

   ```
   QualityScore = 100 - (IssuePoints / MaxPoints * 100)
   Where IssuePoints = Sum(IssueSeverity * IssueCount)
   ```

2. **Technical Debt**

   ```
   DebtMinutes = Sum(IssueRemediationTime)
   Where RemediationTime is based on issue type and severity
   ```

3. **Security Score**
   ```
   SecurityScore = (SecurePatterns / TotalPatterns) * 100
   ```