Agent Capability Scanner
The SquireX scanner is a static analysis engine for Salesforce Agentforce, ServiceNow Now Assist, MuleSoft Agent Fabric, and MCP servers. Unlike generic linters, it constructs a Semantic Graph across all metadata files and evaluates rules that span multiple file types and platforms.
Semantic Graphโ
SquireX builds a cross-metadata graph before evaluating any rules:
GenAiPlanner
โ orchestrates
โผ
GenAiPlugin (Topic)
โ contains
โผ
GenAiFunction (Action)
โ invokes
โผ
Apex Class โโโโ shares โโโโ SObject Schema
โ โ
โโโ calls โโโบ Flow โโโ lookup โโ CustomField
โโโ calls โโโบ PromptTemplate โโโบ PromptTemplateActv
โโโ publishes โโโบ PlatformEvent โโโบ ApexTrigger
โโโ callout โโโบ NamedCredential โโโบ ConnectedApp
MCPServerConfig โโ exposes โโโบ MCPTool โโ shadows? โโโบ GenAiFunction
โ
โโโ connects โโโบ AgentFabric โโ policy โโโบ AgentFabricPolicy
23 node types ยท 21 edge types ยท O(1) lookup ยท BFS traversal ยท 4 platforms
This graph is what enables rules like AGENTFORCE-1.3 (privilege analysis) to trace from an agent action all the way down to the Apex sharing model on the target class โ something no single-file linter can do.
How Rules are Evaluatedโ
- Discovery โ All supported metadata files are loaded from the target directory
- Parsing โ 25+ type-specific parsers extract structured ASTs (including
.mcp.json,agent-network.yaml, Update Set XML,sn_aia_agent, GlideScript) - Linking โ The semantic graph is constructed from cross-file references
- Rule Engine โ rules execute graph traversals and pattern matches
- SARIF Generation โ Results written as SARIF v2.1.0 with line-level locations
Performanceโ
| Project Size | Files | Duration |
|---|---|---|
| Small (< 10 agents) | ~30 files | ~150ms |
| Medium (< 50 agents) | ~150 files | ~400ms |
| Large (100+ agents) | ~500 files | ~1.2s |
Go engine handles rule evaluation; TypeScript handles parsing. The boundary is a JSON IPC channel.