AGENT-READINESS X-RAY

What's actually running in this org.

A sample Agentforce readiness assessment — auto-generated Salesforce org documentation, evidence-graded.

This is a sample Agent-Readiness X-Ray run on a reference org, so you can see exactly how your own report would read. It's a complete, evidence-graded map of the automation (a full flow impact analysis), permissions, structure, and data quality an AI agent would inherit, plus a prioritized path to fix what matters before you turn an agent on. If you inherited a messy Salesforce org and don't know what's wired to what, this is where you start.

Org
Reference Org (sample)
Scan date
· sample ·
Metadata components
2,847
Scan mode
Full + stratified
01 · the story

This org grew. It wasn't designed.

Eight years of Salesforce, three admins, two acquisitions, and one CPQ rollout have left a system that no single person fully understands. The scan found 14 custom objects carrying real business logic, and two of them, Client__c and Customer__c, appear to do the same job, built four years apart.

The bigger exposure is movement. A single update to a Case ripples four objects deep through a chain of Flows and Apex triggers, and one of those chains loops back on itself in a way that will hit recursion limits under the right conditions. Meanwhile, a standard user is carrying Modify All Data, and a permission set nobody is assigned to still grants live access.

None of this is unusual. All of it is fixable. What follows is the complete map, graded by how certain we are of each finding, so your admin can act on what's confirmed and verify what isn't, rather than taking our word for it.

how this org was read
Your org read in full, every finding graded by evidence, mapped into a control layer, delivered as this report.

every finding here traces back to what we read from the org

Confirmed read directly from metadata
Computed calculated, reproducible
Inferred heuristic: verify before acting
Requires Confirmation needs a human decision
02 · risk scorecard

Where the org stands, module by module.

Object & Field Structure
68/100
needs attention
Automation Health
54/100
high risk
Cascade Complexity
49/100
high risk
Permission Hygiene
61/100
needs attention
Data Quality
72/100
needs attention
Overall
58/100
remediation advised

Scores are Computed : deterministic functions of the extracted metadata. Same org, same score, every run.

03 · objects & fields

Structure

14 custom objects, 83 custom fields

Confirmed

The custom data model carrying business logic beyond the standard Salesforce objects.

2 orphaned objects with no relationships or automation

Confirmed

Account_Annotation__c and Sales_Note_Archive__c connect to nothing and are referenced by nothing: candidates for retirement.

Client__c and Customer__c appear to serve duplicate purposes

Inferred

~60% field-name overlap and high label similarity. Likely two objects built for the same job by different people at different times.

Composite heuristic: field-overlap pre-filter + bounded LLM enrichment, confidence 0.81. Verify with the admin before consolidating.

5 abandoned fields: >95% null, no description, unmodified 18+ months

Computed

All on Sales_Note_Archive__c. High confidence they're dead weight; safe to deprecate after a usage check.

04 · cascade risk

What breaks when you change one thing.

The toolkit runs a full flow impact analysis — projecting every automation into a dependency graph and walking the chains. Three findings carry real blast-radius risk.

A Case update cascades 4 objects deep across Flow and Apex

Computed
L0 Case.Priority changed
  └─→ L1 Flow: updates Account.SLA__c
      └─→ L2 Apex trigger: updates Opportunity.IsHighPriority__c
         └─→ L3 Flow: updates Project__c.Status__c

Circular cascade between Account and Contact

Computed

A Flow on Account writes a Contact field; an Apex trigger on Contact writes back to Account. The metadata forms a loop that will hit recursion limits under the right data conditions.

Flow: Account_Sync ──writes──→ Contact.Notes__c
                            
Account.Health__c ←──writes── Apex: ContactTrigger ⟲ CYCLE

A validation rule blocks a field a Flow in the chain writes

Inferred

The validation rule on Account.SLA__c can reject the very update the SLA Flow attempts: a silent contradiction that surfaces as intermittent automation failures.

Cross-reference: validation-rule field overlaps Flow-written field. Confirm intended behavior with the admin.
05 · permissions

Who can touch what, including agents.

A standard user holds Modify All Data

Confirmed

The Fixture_Overreach permission set grants org-wide modify rights to a non-admin user. This is the single highest compliance exposure in the scan.

This user has effective write access to 47 objects and 312 fields

Computed

Aggregated across all permission sets and the group muting that applies. Far beyond what any single role requires.

A permission set assigned to zero users still grants live access

Requires Confirmation

Fixture_DeadInheritance grants Account read but is assigned to nobody. Confirm whether it's staged for future use or safe to remove.

Agent-relevant: an agent with these grants could rewrite CRM data

Inferred

If an AI agent inherits the over-provisioned profile, a single hallucinated action has org-wide write reach. This is exactly the exposure the X-Ray surfaces before an agent ever goes live.

Reference-profile comparison against typical case-triage scope. Flagged for governance review.
06 · data quality

Is the data any good?

A Salesforce data quality assessment — null rates, duplicates, and picklist drift an agent would act on.

9 fields above the null-rate warning threshold

Computed

4 fields at 30–40% null, 5 fields at 60–80% null. Each undermines any report, automation, or agent that depends on them.

Inconsistent picklist values on Lead.Source and Account.Region

Inferred

Exact-case variants ('web' / 'Web' / ' Web ') and near-duplicates ('North America' / 'NorthAmerica' / 'N. America') fragment reporting.

String-similarity pre-filter + bounded LLM consolidation suggestions. Review before merging values.

~50 records owned by deactivated users

Confirmed

Across Account and Contact: work assigned to people who have left. Invisible in standard reports; the scan reads the underlying data.

3 detected duplicate record sets on Account

Requires Confirmation

Matching records the duplicate rule flagged but allowed. Confirm merge intent with the data owner.

07 · path forward

What to fix, in order.

1

Revoke the over-privileged Modify All Data grant

The highest-exposure, lowest-effort fix. Scope the user to what their role needs, before any agent inherits it.

effort: low · risk reduced: high
2

Break the Account ↔ Contact cascade loop

Add a recursion guard or restructure the two automations so the cycle can't fire. Prevents intermittent, hard-to-diagnose failures.

effort: medium · risk reduced: high
3

Resolve the validation-rule / Flow contradiction

Align the SLA__c validation rule with the SLA Flow so updates stop silently failing.

effort: low · risk reduced: medium
4

Consolidate Client__c / Customer__c

After admin confirmation, merge the duplicate-purpose objects onto one model. Removes ongoing confusion and reporting drift.

effort: high · risk reduced: medium
5

Clean picklist variants and reassign orphaned records

Standardize the fragmented picklists and re-home the ~50 records owned by deactivated users.

effort: medium · risk reduced: medium
included in the full x-ray

Inside the full Agent-Readiness X-Ray

This public sample shows the foundational read. The full Agent-Readiness X-Ray you receive also includes the agent-specific modules below: whether the org is safe for autonomous agents, and exactly what to do in the next 60 days.

Agent Blast Radius full x-ray

For each proposed agent, the precise set of objects and fields it could read or change, before you grant it anything.

Consumption Forecast full x-ray

Projected API and token cost of the agent workflows against your Salesforce call agreement.

Agent-Readiness Scorecard full x-ray

A single graded verdict on whether the org is ready, with the specific blockers ranked.

Capability Manifest full x-ray

A structured context file your AI agent (or your engineering team) can act on directly. Built for the agent that reads it, as much as the people.

✓ · scan coverage & limitations

What we scanned, and what we couldn't.

Honesty about coverage is part of the deliverable. Every limitation below is disclosed, not hidden.

ScannedObjects, fields, relationships : full metadata extraction via Tooling API.
ScannedAutomations & cascades : Flows, Apex triggers, validation rules projected to the dependency graph.
ScannedPermissions : permission sets, groups, muting, effective field-level security resolved.
PartialData quality : stratified sampling on objects above 100k records; null rates within ±2 points.
GapField encryption : Shield not enabled on this org; encrypted-field detection could not be exercised.
GapProcess Builder downstream : behavior traced to the Process Builder boundary; beyond it is a V1 limitation.