Merge remote-tracking branch 'upstream/main' into W-21112167-Replications-API

Author: charithaT07

.changeset/job-log-command.md

@@ -103,16 +103,16 @@ const referenceSidebar = [
     items: [
       {text: 'cartridge_deploy', link: '/mcp/tools/cartridge-deploy'},
       {text: 'mrt_bundle_push', link: '/mcp/tools/mrt-bundle-push'},
-      {text: 'pwakit_development_guidelines', link: '/mcp/tools/pwakit-development-guidelines'},
+      {text: 'pwakit_get_guidelines', link: '/mcp/tools/pwakit-get-guidelines'},
       {text: 'scapi_schemas_list', link: '/mcp/tools/scapi-schemas-list'},
-      {text: 'scapi_custom_api_scaffold', link: '/mcp/tools/scapi-custom-api-scaffold'},
-      {text: 'scapi_custom_apis_status', link: '/mcp/tools/scapi-custom-apis-status'},
-      {text: 'storefront_next_development_guidelines', link: '/mcp/tools/storefront-next-development-guidelines'},
-      {text: 'storefront_next_figma_to_component_workflow', link: '/mcp/tools/storefront-next-figma-to-component-workflow'},
-      {text: 'storefront_next_generate_component', link: '/mcp/tools/storefront-next-generate-component'},
-      {text: 'storefront_next_map_tokens_to_theme', link: '/mcp/tools/storefront-next-map-tokens-to-theme'},
-      {text: 'storefront_next_page_designer_decorator', link: '/mcp/tools/storefront-next-page-designer-decorator'},
-      {text: 'storefront_next_site_theming', link: '/mcp/tools/storefront-next-site-theming'},
+      {text: 'scapi_custom_api_generate_scaffold', link: '/mcp/tools/scapi-custom-api-generate-scaffold'},
+      {text: 'scapi_custom_apis_get_status', link: '/mcp/tools/scapi-custom-apis-get-status'},
+      {text: 'sfnext_get_guidelines', link: '/mcp/tools/sfnext-get-guidelines'},
+      {text: 'sfnext_start_figma_workflow', link: '/mcp/tools/sfnext-start-figma-workflow'},
+      {text: 'sfnext_analyze_component', link: '/mcp/tools/sfnext-analyze-component'},
+      {text: 'sfnext_match_tokens_to_theme', link: '/mcp/tools/sfnext-match-tokens-to-theme'},
+      {text: 'sfnext_add_page_designer_decorator', link: '/mcp/tools/sfnext-add-page-designer-decorator'},
+      {text: 'sfnext_configure_theme', link: '/mcp/tools/sfnext-configure-theme'},
     ],
   },
 ];

docs/.vitepress/config.mts

@@ -1,5 +1,11 @@
 # @salesforce/b2c-dx-docs
 
+## 0.2.6
+
+### Patch Changes
+
+- [#270](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/pull/270) [`bf35222`](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/commit/bf352223881dccba4ba07c62bdf4d50a2832c835) - Rename MCP tools for clearer, action-oriented naming. scapi_custom_api_scaffold → scapi_custom_api_generate_scaffold. sfnext_map_tokens_to_theme → sfnext_match_tokens_to_theme. (Thanks [@yhsieh1](https://github.com/yhsieh1)!)
+
 ## 0.2.5
 
 ### Patch Changes

docs/CHANGELOG.md

@@ -27,6 +27,32 @@ These flags are available on all commands that interact with B2C instances:
 | `--username`, `-u` | `SFCC_USERNAME`      | Username for Basic Auth            |
 | `--password`, `-p` | `SFCC_PASSWORD`      | Password/access key for Basic Auth |
 
+### Safety Mode
+
+Safety Mode provides protection against accidental or unwanted destructive operations. This is particularly important when using the CLI in automated environments, CI/CD pipelines, or as a tool for AI agents.
+
+| Environment Variable   | Values | Description |
+| ---------------------- | ------ | ----------- |
+| `SFCC_SAFETY_LEVEL` | `NONE` (default) | No restrictions |
+| | `NO_DELETE` | Block DELETE operations |
+| | `NO_UPDATE` | Block DELETE and destructive operations (reset, stop, restart) |
+| | `READ_ONLY` | Block all write operations (GET only) |
+
+**Example:**
+```bash
+# Prevent deletions in CI/CD
+export SFCC_SAFETY_LEVEL=NO_DELETE
+b2c sandbox create --realm test  # ✅ Allowed
+b2c sandbox delete test-id       # ❌ Blocked
+
+# Read-only mode for reporting
+export SFCC_SAFETY_LEVEL=READ_ONLY
+b2c sandbox list                 # ✅ Allowed
+b2c sandbox create --realm test  # ❌ Blocked
+```
+
+Safety Mode operates at the HTTP layer and cannot be bypassed by command-line flags. See the [Security Guide](/guide/security#operational-security-safety-mode) for detailed information.
+
 ### Other Environment Variables
 
 | Environment Variable         | Description                             |

docs/cli/index.md

@@ -82,6 +82,7 @@ You can configure the CLI using environment variables:
 | `MRT_PROJECT`                 | MRT project slug (`SFCC_MRT_PROJECT` also supported)           |
 | `MRT_ENVIRONMENT`             | MRT environment name (`SFCC_MRT_ENVIRONMENT`, `MRT_TARGET` also supported) |
 | `MRT_CLOUD_ORIGIN`            | MRT API origin URL override (`SFCC_MRT_CLOUD_ORIGIN` also supported) |
+| `SFCC_SAFETY_LEVEL`           | Safety mode: `NONE`, `NO_DELETE`, `NO_UPDATE`, `READ_ONLY` (see [Safety Mode](/guide/security#operational-security-safety-mode)) |
 
 ## .env File
 

docs/guide/configuration.md

@@ -64,6 +64,44 @@ When adding a new dependency that requires build scripts:
 
 This project uses [NPM trusted publishers](https://docs.npmjs.com/trusted-publishers) for package publication. Instead of storing long-lived npm tokens, packages are published via GitHub Actions using short-lived OIDC tokens that cannot be extracted or reused.
 
+## Operational Security: Safety Mode
+
+The CLI includes a **Safety Mode** feature via CLI checks and HTTP middleware that prevents accidental or unwanted destructive operations. This is particularly important when:
+
+- Providing the CLI as a tool to AI agents/LLMs
+- Working in production environments
+- Training new team members
+- Running commands from untrusted scripts
+
+### Safety Levels
+
+Configure via the `SFCC_SAFETY_LEVEL` environment variable:
+
+| Level | Description | Blocks |
+|-------|-------------|--------|
+| `NONE` | No restrictions (default) | Nothing |
+| `NO_DELETE` | Prevent deletions | DELETE operations |
+| `NO_UPDATE` | Prevent deletions and destructive updates | DELETE + reset/stop/restart |
+| `READ_ONLY` | Read-only mode | All writes (POST/PUT/PATCH/DELETE) |
+
+### Usage
+
+```bash
+# Default - no restrictions
+export SFCC_SAFETY_LEVEL=NONE
+
+# Prevent deletions
+export SFCC_SAFETY_LEVEL=NO_DELETE
+
+# Prevent deletions and destructive updates
+export SFCC_SAFETY_LEVEL=NO_UPDATE
+
+# Read-only mode
+export SFCC_SAFETY_LEVEL=READ_ONLY
+```
+
+Environment variables are used instead of command-line flags because LLMs control commands and flags, but not the environment.
+
 ## Best Practices
 
 ### For Contributors
@@ -78,3 +116,4 @@ This project uses [NPM trusted publishers](https://docs.npmjs.com/trusted-publis
 - Keep the CLI updated to receive security patches
 - Review the `pnpm-workspace.yaml` settings if you fork or modify this project
 - Consider using similar protections in your own projects
+- **Use Safety Mode** when running CLI in automated environments or providing it as a tool to AI agents

docs/guide/security.md

@@ -4,7 +4,7 @@ description: Prerequisites and setup for Figma-to-component tools (workflow orch
 
 # Figma-to-Component Tools Setup
 
-Prerequisites and setup for using the Figma workflow tools: `storefront_next_figma_to_component_workflow`, `storefront_next_generate_component`, and `storefront_next_map_tokens_to_theme`.
+Prerequisites and setup for using the Figma workflow tools: `sfnext_start_figma_workflow`, `sfnext_analyze_component`, and `sfnext_match_tokens_to_theme`.
 
 > **Note:** 🚧 This MCP tool is for Storefront Next. Storefront Next is part of a closed pilot and isn't available for general use.
 
@@ -15,7 +15,7 @@ The Figma-to-component workflow requires an **external Figma MCP server** to fet
 **Prerequisites:**
 - b2c-dx-mcp configured with `--allow-non-ga-tools` flag (Figma tools are preview)
 - Storefront Next project
-- `app.css` theme file (required for `storefront_next_map_tokens_to_theme` tool; optional path can be provided)
+- `app.css` theme file (required for `sfnext_match_tokens_to_theme` tool; optional path can be provided)
 - External Figma MCP server enabled in your MCP client
 
 See [Installation](./installation) for b2c-dx-mcp setup.
@@ -49,8 +49,8 @@ If the Figma MCP server is not enabled, the workflow tool will still return inst
 
 ## Related Documentation
 
-- [storefront_next_figma_to_component_workflow](./tools/storefront-next-figma-to-component-workflow) - Workflow orchestrator (call first)
-- [storefront_next_generate_component](./tools/storefront-next-generate-component) - REUSE/EXTEND/CREATE recommendation
-- [storefront_next_map_tokens_to_theme](./tools/storefront-next-map-tokens-to-theme) - Token mapping
+- [sfnext_start_figma_workflow](./tools/sfnext-start-figma-workflow) - Workflow orchestrator (call first)
+- [sfnext_analyze_component](./tools/sfnext-analyze-component) - REUSE/EXTEND/CREATE recommendation
+- [sfnext_match_tokens_to_theme](./tools/sfnext-match-tokens-to-theme) - Token mapping
 - [STOREFRONTNEXT Toolset](./toolsets#storefrontnext) - Overview of Storefront Next tools
 - [Figma MCP Server Documentation](https://developers.figma.com/docs/figma-mcp-server) - Official Figma MCP setup

docs/mcp/figma-tools-setup.md

@@ -2,13 +2,13 @@
 description: Get PWA Kit v3 development guidelines and best practices for React, Chakra UI, and Commerce API.
 ---
 
-# pwakit_development_guidelines
+# pwakit_get_guidelines
 
 Returns critical architecture rules, coding standards, and best practices for building PWA Kit v3 applications with React, Chakra UI, and Commerce API.
 
 ## Overview
 
-The `pwakit_development_guidelines` tool provides essential development guidance for PWA Kit v3. It:
+The `pwakit_get_guidelines` tool provides essential development guidance for PWA Kit v3. It:
 
 1. Returns comprehensive guidelines by default (quick-reference plus key sections).
 2. Supports retrieving specific topic sections on demand.

…p/tools/pwakit-development-guidelines.md docs/mcp/tools/pwakit-get-guidelines.mddocs/mcp/tools/pwakit-development-guidelines.md renamed to docs/mcp/tools/pwakit-get-guidelines.md docs/mcp/tools/pwakit-development-guidelines.md renamed to docs/mcp/tools/pwakit-get-guidelines.md

@@ -2,19 +2,19 @@
 description: Generate a new custom SCAPI endpoint (OAS 3.0 schema, api.json, script.js) in an existing cartridge.
 ---
 
-# scapi_custom_api_scaffold
+# scapi_custom_api_generate_scaffold
 
 Generate a new custom SCAPI endpoint in an existing cartridge. Creates `schema.yaml` (OAS 3.0 contract), `api.json` (endpoint mapping), and `script.js` (implementation) under the cartridge's `rest-apis/<apiName>/` directory.
 
 ## Overview
 
-The `scapi_custom_api_scaffold` tool scaffolds a new custom API using the B2C tooling SDK's `custom-api` scaffold. It:
+The `scapi_custom_api_generate_scaffold` tool scaffolds a new custom API using the B2C tooling SDK's `custom-api` scaffold. It:
 
 - Creates an OpenAPI 3.0 schema, API manifest, and script stub in your project.
 - Uses the first cartridge found in the project if you don't specify one.
 - Supports **shopper** (siteId, customer-facing) or **admin** (no siteId) API types.
 
-**No instance or OAuth required** — this tool works locally and only writes files into your project. To check registration status after deployment, use [`scapi_custom_apis_status`](./scapi-custom-apis-status).
+**No instance or OAuth required** — this tool works locally and only writes files into your project. To check registration status after deployment, use [`scapi_custom_apis_get_status`](./scapi-custom-apis-get-status).
 
 ## Parameters
 
@@ -78,15 +78,15 @@ Returns the scaffold ID, output directory, and list of created files:
 1. **Edit** `schema.yaml` to define paths, request/response schemas, and operation IDs.
 2. **Edit** `script.js` to implement the endpoint logic.
 3. **Deploy** the cartridge to your instance and **activate** the code version to register the API.
-4. **Verify** with [`scapi_custom_apis_status`](./scapi-custom-apis-status) that endpoints show as `active`.
+4. **Verify** with [`scapi_custom_apis_get_status`](./scapi-custom-apis-get-status) that endpoints show as `active`.
 
 Shopper APIs are available at:
 `https://{shortCode}.api.commercecloud.salesforce.com/custom/{apiName}/v1/organizations/{organizationId}/...` and require the `siteId` query parameter and ShopperToken authentication.
 
 ## Related Tools
 
 - Part of the [SCAPI](../toolsets#scapi), [PWAV3](../toolsets#pwav3), and [STOREFRONTNEXT](../toolsets#storefrontnext) toolsets
-- [`scapi_custom_apis_status`](./scapi-custom-apis-status) — Check custom API endpoint registration status after deployment
+- [`scapi_custom_apis_get_status`](./scapi-custom-apis-get-status) — Check custom API endpoint registration status after deployment
 - [`scapi_schemas_list`](./scapi-schemas-list) — List or fetch custom API schemas (use `apiFamily: "custom"`)
 
 ## See Also

…s/mcp/tools/scapi-custom-api-scaffold.md …ls/scapi-custom-api-generate-scaffold.mddocs/mcp/tools/scapi-custom-api-scaffold.md renamed to docs/mcp/tools/scapi-custom-api-generate-scaffold.md docs/mcp/tools/scapi-custom-api-scaffold.md renamed to docs/mcp/tools/scapi-custom-api-generate-scaffold.md

@@ -2,15 +2,15 @@
 description: Check the registration status of custom SCAPI endpoints deployed on your B2C Commerce instance.
 ---
 
-# scapi_custom_apis_status
+# scapi_custom_apis_get_status
 
 List custom SCAPI endpoint registration status (active/not_registered). Returns one row per endpoint per site with detailed status information.
 
 ## Overview
 
 Checks the registration status of custom API endpoints deployed on your B2C Commerce instance. Returns endpoint status (`active` or `not_registered`) with per-site details.
 
-**Note:** This tool queries your live instance. For schema definitions, use [`scapi_schemas_list`](./scapi-schemas-list) with `apiFamily: "custom"`. To create a new custom API, use [`scapi_custom_api_scaffold`](./scapi-custom-api-scaffold).
+**Note:** This tool queries your live instance. For schema definitions, use [`scapi_schemas_list`](./scapi-schemas-list) with `apiFamily: "custom"`. To create a new custom API, use [`scapi_custom_api_generate_scaffold`](./scapi-custom-api-generate-scaffold).
 
 ## Authentication