Have you tried to resolve this issue yourself first?
Bug Description
When running sf code-analyzer run --rule-selector flow on Salesforce Flow metadata, several rules are either producing false positives or flagging platform limitations that cannot be remediated:
-
flow:MissingFaultHandler — Flags subflow elements for missing fault handlers, but Flow Builder does not support adding fault paths to subflow elements (platform limitation).
-
flow:MissingDescription — Flags system-managed elements like $Record.Id (trigger record references) for missing descriptions, but these elements cannot have custom descriptions added (platform limitation).
-
flow:UnusedResource — Flags resources (e.g., formula variables) as unused when they are actively being used in the flow (false positive). The analyzer appears to not detect usage in certain contexts such as decision conditions or formula expressions.
-
flow:SameRecordUpdate — Flags AfterSave record triggers for modifying the same record. This is a valid business requirement when email alerts (only supported in AfterSave flows) must be sent before updating the record. The logic cannot be moved to BeforeSave without losing functionality.
Output / Logs
# Severity Rule Location Message
1 2 (High) flow:MissingFaultHandler MyParentFlow.flow-meta.xml:140:1 An element that can fire fault events is missing fault handlers. Add fault handlers to all Create Records, Update Records, Delete Records, Action Calls, and Subflows.
2 2 (High) flow:MissingFaultHandler MySubFlow.flow-meta.xml:140:1 An element that can fire fault events is missing fault handlers. Add fault handlers to all Create Records, Update Records, Delete Records, Action Calls, and Subflows.
3 3 (Moderate) flow:UnusedResource MyParentFlow.flow-meta.xml:76:1 A resource is not used elsewhere in the flow. Check that you did not intend to use the resource and then delete it.
4 3 (Moderate) flow:SameRecordUpdate MyParentFlow.flow-meta.xml:103:1 An AfterSave record trigger is modifying the same record. Record modifications should be done in BeforeSave triggers, not AfterSave triggers. The trigger definition may be in a parent flow that calls the current flow as a subflow, passing in the recordId of the trigger record.
5 4 (Low) flow:MissingDescription MyParentFlow.flow-meta.xml:18:1 An element contains a label that is missing a description. Document all elements with labels to make the flow comprehensible to future maintainers.
6 4 (Low) flow:MissingDescription MyParentFlow.flow-meta.xml:150:1 An element contains a label that is missing a description. Document all elements with labels to make the flow comprehensible to future maintainers.
7 4 (Low) flow:MissingDescription MySubFlow.flow-meta.xml:2:1 An element contains a label that is missing a description. Document all elements with labels to make the flow comprehensible to future maintainers.
8 4 (Low) flow:MissingDescription MySubFlow.flow-meta.xml:2:1 An element contains a label that is missing a description. Document all elements with labels to make the flow comprehensible to future maintainers.
9 4 (Low) flow:MissingDescription MySubFlow.flow-meta.xml:49:1 An element contains a label that is missing a description. Document all elements with labels to make the flow comprehensible to future maintainers.
10 4 (Low) flow:MissingDescription MySubFlow.flow-meta.xml:49:1 An element contains a label that is missing a description. Document all elements with labels to make the flow comprehensible to future maintainers.
Steps To Reproduce
Create a Salesforce Flow metadata file with the following characteristics:
- MyParentFlow.flow-meta.xml (AfterSave record-triggered flow on Account object)
- Contains a subflow element (InvokeMySubflow)
- Contains a formula variable (formulavar) used in a decision condition
- Contains an email alert action followed by a record update on the same triggering record
- MySubFlow.flow-meta.xml (Auto-launched flow)
- Contains an assignment element and variables
-
Run the command:sf code-analyzer run --target "./force-app/main/default/flows" --rule-selector flow
-
Observe the violations listed above.
Attached Files:
MyParentFlow.flow-meta.xml
MySubFlow.flow-meta.xml
Expected Behavior
- flow:MissingFaultHandler — Should not flag subflow elements, as fault paths cannot be added to subflows in Flow Builder (platform limitation).
- flow:MissingDescription — Should not flag system-managed elements like $Record.Id, as these cannot have custom descriptions (platform limitation).
- flow:UnusedResource — Should correctly detect when a resource (like formulavar) is used in decision conditions and not flag it as unused.
- flow:SameRecordUpdate — Should support exceptions or provide guidance for valid business cases where AfterSave record updates are required (e.g., when email alerts must be sent before updating the record).
Operating System
macOS
Salesforce CLI Version
@salesforce/cli/2.130.9 darwin-arm64 node-v22.22.2
Code Analyzer Plugin (code-analyzer) Version
code-analyzer 5.11.1
Node Version
v24.14.0
Java Version
openjdk version "21.0.2" 2024-01-16 LTS OpenJDK Runtime Environment Zulu21.32+17-CA (build 21.0.2+13-LTS) OpenJDK 64-Bit Server VM Zulu21.32+17-CA (build 21.0.2+13-LTS, mixed mode, sharing)
Python Version
command not found: python
Additional Context (Screenshots, Files, etc)
Workaround
- Currently using the Suppress Violations feature to suppress false positives (flow:UnusedResource, flow:MissingDescription) by adding @Suppress in the tags of flow elements.
- However, this is a temporary workaround and does not address the underlying false positive detection or platform limitation issues.
Urgency
Moderate
Have you tried to resolve this issue yourself first?
Bug Description
When running
sf code-analyzer run --rule-selector flowon Salesforce Flow metadata, several rules are either producing false positives or flagging platform limitations that cannot be remediated:flow:MissingFaultHandler — Flags subflow elements for missing fault handlers, but Flow Builder does not support adding fault paths to subflow elements (platform limitation).
flow:MissingDescription — Flags system-managed elements like $Record.Id (trigger record references) for missing descriptions, but these elements cannot have custom descriptions added (platform limitation).
flow:UnusedResource — Flags resources (e.g., formula variables) as unused when they are actively being used in the flow (false positive). The analyzer appears to not detect usage in certain contexts such as decision conditions or formula expressions.
flow:SameRecordUpdate — Flags AfterSave record triggers for modifying the same record. This is a valid business requirement when email alerts (only supported in AfterSave flows) must be sent before updating the record. The logic cannot be moved to BeforeSave without losing functionality.
Output / Logs
Steps To Reproduce
Create a Salesforce Flow metadata file with the following characteristics:
Run the command:sf code-analyzer run --target "./force-app/main/default/flows" --rule-selector flow
Observe the violations listed above.
Attached Files:
MyParentFlow.flow-meta.xml
MySubFlow.flow-meta.xml
Expected Behavior
Operating System
macOS
Salesforce CLI Version
@salesforce/cli/2.130.9 darwin-arm64 node-v22.22.2
Code Analyzer Plugin (code-analyzer) Version
code-analyzer 5.11.1
Node Version
v24.14.0
Java Version
openjdk version "21.0.2" 2024-01-16 LTS OpenJDK Runtime Environment Zulu21.32+17-CA (build 21.0.2+13-LTS) OpenJDK 64-Bit Server VM Zulu21.32+17-CA (build 21.0.2+13-LTS, mixed mode, sharing)
Python Version
command not found: python
Additional Context (Screenshots, Files, etc)
Workaround
Urgency
Moderate