hardis:org:monitor:all
Description
Monitor org, generate reports and sends notifications
Command Behavior
Runs all monitoring commands on a Salesforce org, generates reports, and sends notifications.
Key functionalities:
- Monitoring commands: Runs a default list of monitoring commands (or custom ones defined in
.sfdx-hardis.yml), each producing individual notifications. - Non-interactive execution: Every monitoring sub-command is executed with
--agent, enforcing non-interactive behavior (no user prompts). - AI-powered summary: When an AI provider is configured, collects all monitoring notifications and generates a consolidated executive summary using AI, sent as a single notification.
- Weekly PPTX report: On weekly runs (Saturday, or when
MONITORING_IGNORE_FREQUENCY=true), a PowerPoint report can be generated by a coding agent (Claude, Codex, Gemini, or Copilot) and attached to the summary notification. - Report generation toggle (disabled by default): Enable coding-agent PPTX generation with
codingAgentGenerateReports: trueor env varSFDX_HARDIS_CODING_AGENT_GENERATE_REPORTS=true. RequirescodingAgentto be configured. - Disable/enable commands: You can skip specific monitoring commands via
monitoringDisableconfig orMONITORING_DISABLEenv var. - Frequency control: Commands can run daily or weekly. Use
MONITORING_IGNORE_FREQUENCY=trueto force all commands to run.
This command is part of sfdx-hardis Monitoring.
Technical explanations
The command runs each monitoring sub-command sequentially with --agent and collects exit codes.
When an AI provider is available (AiProvider.isAiAvailable()), each sub-command's notifications are written to temporary JSON files via MONITORING_NOTIF_OUTPUT_DIR. After all commands complete, the notifications are collected, an AI summary is generated using the PROMPT_MONITORING_SUMMARY template, and a consolidated MONITORING_SUMMARY notification is sent.
On weekly runs, a PPTX report is generated by invoking a coding agent CLI with the PROMPT_MONITORING_PPTX_REPORT template. The agent writes a Node.js script using pptxgenjs to produce a structured 7-slide PowerPoint presentation. The PPTX file is attached to the summary notification.
Both prompt templates can be overridden by placing files in config/prompt-templates/.
You can enable coding-agent PPTX generation by defining codingAgentGenerateReports: true in .sfdx-hardis.yml or by setting env var SFDX_HARDIS_CODING_AGENT_GENERATE_REPORTS=true.
You can disable some commands defining either a monitoringDisable property in .sfdx-hardis.yml, or a comma separated list in env variable MONITORING_DISABLE
Example in .sfdx-hardis.yml:
monitoringDisable:
- METADATA_STATUS
- MISSING_ATTRIBUTES
- UNUSED_METADATAS
Example in env var:
MONITORING_DISABLE=METADATA_STATUS,MISSING_ATTRIBUTES,UNUSED_METADATAS
A default list of monitoring commands is used, if you want to override it you can define property monitoringCommands in your .sfdx-hardis.yml file
Example:
monitoringCommands:
- title: My Custom command
command: sf my:custom:command
- title: My Custom command 2
command: sf my:other:custom:command
You can force the daily run of all commands by defining env var MONITORING_IGNORE_FREQUENCY=true
The default list of commands is the following:
| Key | Description | Command | Frequency |
|---|---|---|---|
| AUDIT_TRAIL | Detect suspect setup actions in major org | sf hardis:org:diagnose:audittrail | daily |
| LEGACY_API | Detect calls to deprecated API versions | sf hardis:org:diagnose:legacyapi | daily |
| ORG_LIMITS | Detect if org limits are close to be reached | sf hardis:org:monitor:limits | daily |
| APEX_FLEX_QUEUE | Detect Apex flex queue backlog (AsyncApexJob Holding) | sf hardis:org:diagnose:flex-queue | daily |
| APEX_FLOW_ERRORS | Detect Apex and Flow errors | sf hardis:org:monitor:errors | daily |
| UNSECURED_CONNECTED_APPS | Detect unsecured Connected Apps in an org | sf hardis:org:diagnose:unsecure-connected-apps | daily |
| DEPLOYMENTS | Analyze metadata deployments and validations | sf hardis:org:diagnose:deployments --period weekly | daily |
| LICENSES | Extract licenses information | sf hardis:org:diagnose:licenses | weekly |
| LINT_ACCESS | Detect custom elements with no access rights defined in permission sets | sf hardis:lint:access | weekly |
| UNUSED_LICENSES | Detect permission set licenses that are assigned to users that do not need them | sf hardis:org:diagnose:unusedlicenses | weekly |
| UNUSED_USERS | Detect active users without recent logins (All licenses, 6 months) | sf hardis:org:diagnose:unusedusers --licensetypes all --days 180 | weekly |
| UNUSED_USERS_CRM_6_MONTHS | Detect active users without recent logins (CRM, 6 months) | sf hardis:org:diagnose:unusedusers --licensetypes all-crm --days 180 | weekly |
| UNUSED_USERS_EXPERIENCE_6_MONTHS | Detect active users without recent logins (Experience, 6 months) | sf hardis:org:diagnose:unusedusers --licensetypes experience --days 180 | weekly |
| ACTIVE_USERS_CRM_WEEKLY | Detect active users with recent logins (CRM, 1 week) | sf hardis:org:diagnose:unusedusers --returnactiveusers --licensetypes all-crm --days 7 | weekly |
| ACTIVE_USERS_EXPERIENCE_MONTHLY | Detect active users with recent logins (Experience, 1 month) | sf hardis:org:diagnose:unusedusers --returnactiveusers --licensetypes experience --days 30 | weekly |
| ORG_INFO | Get org info + SF instance info + next major upgrade date | sf hardis:org:diagnose:instanceupgrade | weekly |
| RELEASE_UPDATES | Gather warnings about incoming and overdue Release Updates | sf hardis:org:diagnose:releaseupdates | weekly |
| ORG_HEALTH_CHECK | Run Salesforce Security Health Check | sf hardis:org:monitor:health-check | weekly |
| UNUSED_METADATAS | Detect custom labels and custom permissions that are not in use | sf hardis:lint:unusedmetadatas | weekly |
| UNUSED_APEX_CLASSES | Detect unused Apex classes in an org | sf hardis:org:diagnose:unused-apex-classes | weekly |
| APEX_API_VERSION | Detect Apex classes and triggers with deprecated API version | sf hardis:org:diagnose:apex-api-version | weekly |
| CONNECTED_APPS | Detect unused Connected Apps in an org | sf hardis:org:diagnose:unused-connected-apps | weekly |
| METADATA_STATUS | Detect inactive metadata | sf hardis:lint:metadatastatus | weekly |
| MISSING_ATTRIBUTES | Detect missing description on custom field | sf hardis:lint:missingattributes | weekly |
| UNDERUSED_PERMSETS | Detect underused permission sets | sf hardis:org:diagnose:underusedpermsets | weekly |
| MINIMAL_PERMSETS | Detect permission sets with minimal permissions in project | sf hardis:org:diagnose:minimalpermsets | weekly |
Parameters
| Name | Type | Description | Default | Required | Options |
|---|---|---|---|---|---|
| agent | boolean | Run in non-interactive mode for agents and automation | |||
| debug -d |
boolean | Activate debug mode (more logs) | |||
| flags-dir | option | undefined | |||
| force-all | boolean | Force all monitoring commands to run, including weekly ones. Equivalent to MONITORING_IGNORE_FREQUENCY=true | |||
| json | boolean | Format output as json. | |||
| skipauth | boolean | Skip authentication check when a default username is required | |||
| target-org -o |
option | undefined | |||
| websocket | option | Websocket host:port for VsCode SFDX Hardis UI integration |
Examples
$ sf hardis:org:monitor:all
$ sf hardis:org:monitor:all --target-org myorg@example.com
$ sf hardis:org:monitor:all --force-all --agent
$ sf hardis:org:monitor:all --target-org myorg@example.com --debug