Laki Agent Docs

Connecting Salesforce

The two separate Salesforce channels — the browser login and the sf CLI — and how to verify both with the Connection Status panel.

This is the one thing worth understanding up front: Laki Agent reaches Salesforce through two separate, independent channels, and they authenticate in different places.

ChannelRoleHow it authenticates
Browser loginThe agent's eyes — reads the rendered page via CDPCookies / SSO in the app's persistent browser session
sf CLIThe agent's handssf org list, SOQL, deployssf org login web in a terminal → stored in ~/.sf

Logging into Salesforce in the browser pane does NOT log in the `sf` CLI. They're separate. To have the agent fully working you connect both — once each.

1. Log into the browser

In the embedded browser, navigate to your org and log in normally. The app rides a persistent session, so SSO, IP restrictions, MFA, and "trusted browser" device tokens all work and survive restarts — you won't redo MFA every launch. This is what the agent *sees*.

2. Connect the sf CLI

In a terminal (or the app's Terminal tab), run:

sf org list          # shows the orgs the CLI is authenticated to
sf org login web     # authenticates a new org (opens a browser)
sf org list          # confirm it now appears

Note the alias — that's how you'll refer to the org when asking the agent (e.g. *"describe the Account object in acme"*).

Verify both — the Connection Status panel

Open Settings → Connection status. It runs a three-way check and uses the browser's *real* current URL (never a value the UI supplies):

  • Model — is your active model reachable (Claude CLI signed in, or a BYO key set).
  • Salesforce CLI — is sf installed and how many orgs it's authenticated to.
  • Browser org — does the org open in the browser match one of your sf-authenticated orgs. It reports *matched* (with the alias), *no-match* (a real org you haven't sf-authenticated), or *not on an org page yet*.

Sign out of Salesforce

Settings → Sign out of Salesforce wipes the browser's persistent session (cookies + storage) so you can test a clean login. It clears browser session state only — it never touches org data, and it's separate from Laki Bits sign-out.