mcp -salesforce

This Salesforce MCP Server exposes a suite of tools that let AI agents securely interact with Salesforce data. By default the server starts in a safe read-only mode to prevent unintended writes during testing. You can enable write capabilities by setting SALESFORCE_READ_ONLY_MODE to false in the environment. Available read operations include retrieving specific records, navigating relationships, and viewing record history. For writes, there are create, update, and delete tools that modify Salesforce data and should only be used when you are confident in the changes. The server supports searching across objects with both targeted and global searches, as well as executing custom SOQL queries. Tools are exposed under a consistent naming scheme such as search_records, soql_query, global_search, get_record, get_related_records, get_record_history, create_record, update_record, and delete_record. Use these tools in your prompts to fetch data, validate results, and perform updates in a controlled manner. The integration respects Salesforce permissions and includes input validation to minimize injection risks.

Prerequisites: Node.js (recommended LTS), npm or yarn, and Salesforce connected app credentials for OAuth. Decide whether you want to run via NPX directly from GitHub or install locally and run via Node.

Option A — NPX (no local install required):

1. Ensure you have npx (comes with Node.js):
   • Verify: node -v and npm -v
2. Run the MCP server via NPX:
   • npx -y github:tomnagengast/mcp-server-salesforce
3. Provide environment variables as needed (see config below) and start using the server.

Option B — Local installation (builds locally):

1. Prerequisites: Node.js installed, Git available.
2. Clone the repository: git clone https://github.com/tomnagengast/mcp-server-salesforce.git
3. Install dependencies and build: cd mcp-server-salesforce npm install npm run build
4. Start the server in production mode: npm run start

Configuration (environment variables): Create a .env file (or supply via your hosting environment) with at least these values: SALESFORCE_LOGIN_URL=https://login.salesforce.com SALESFORCE_CLIENT_ID=your_connected_app_client_id SALESFORCE_CLIENT_SECRET=your_connected_app_client_secret SALESFORCE_USERNAME=your_salesforce_username SALESFORCE_PASSWORD=your_salesforce_password SALESFORCE_SECURITY_TOKEN=your_security_token PORT=3000 SALESFORCE_READ_ONLY_MODE=true LOG_LEVEL=info

Note: The server starts in read-only mode by default. Set SALESFORCE_READ_ONLY_MODE=false to enable write operations.

Tips and common considerations: - Read-only by default helps prevent accidental data changes during testing. - When enabling writes, ensure the connected Salesforce user has appropriate permissions. - Keep your OAuth credentials secure; rotate them periodically and avoid embedding secrets in prompts. - The environment variable PORT controls where the server listens; ensure it does not conflict with other services. - If using Claude Desktop integration, provide the same env vars in your Claude config to align authentication and behavior. - For debugging, increase LOG_LEVEL to debug and check server logs for detailed error messages. - If you encounter SOQL injection concerns, rely on the server's input validation and avoid composing raw queries unsafely.