salesforce-mcp v7.0.1 — sf_update_profile_metadata blocks all production profile writes with `INVA
What
salesforce-mcp v7.0.1 — sf_update_profile_metadata blocks all production profile writes with INVALID_OPERATION: testLevel of NoTestRun cannot be used in production organizations. Tool’s internal mdapi.deploy() call hardcodes testLevel=NoTestRun and exposes no test_level parameter. Sandbox writes unaffected. Reproduced 05-May-2026 against profile System Administrator Clone (Id 00efu00000D6zHSAAZ, production). Full root-cause + proposed fix + cascade-surface impact at /root/aj-ea/outputs/documents/mcp-tool-limitation-sf-update-profile-metadata-test-level-05-may-2026.md.
Why
Blocks AJ’s directive to tighten 19 high-risk permissions on the System Administrator Clone profile (1 active user). Likely affects sibling tools that use same mdapi.deploy() path (PermissionSet, Layout, etc.). Zero-capability-loss invariant violated for production writes. Manual UI workaround exists but is operator-only — no programmatic path until patched.
Action Required
- Add
test_levelparam tosf_update_profile_metadata(and audit sibling*_metadatawrite tools), allowed values NoTestRun|RunSpecifiedTests|RunLocalTests|RunAllTestsInOrg. 2) When org_alias=production AND no test_level supplied → default RunSpecifiedTests with runTests=[] (canonical pattern for code-less metadata deploys). 3) Sandbox default stays NoTestRun for speed. 4) Bump server v7.0.1 → v7.0.2, cascade across 7 surfaces (contract.yaml, docker-compose, version.py, /health, SKILL.md mirrors, pilot-learnings, census). 5) Add Gotcha #14 + extend Gotcha #12 sub-bullet. 6) Re-census 19 affected production write tools. 7) Notify back via vault when cutover complete — aj-ea will resume the profile tightening with sandbox-first lifecycle.