Salesforce org intelligence, run locally
Skemia reads your source and metadata, then draws how every component connects, what a change will break, and who can access what. It never connects to your org. It runs entirely on your machine, even offline.
The org-intelligence tool that never asks for your org.
Every other map connects to your production org and sends metadata to a cloud. Skemia is the local one: private by construction, and yours to run anywhere.
Look inside
The interactive graph maps the entire org. Focus a component to see exactly what it touches and what touches it, coloured by type and sized by impact.
Local by design
The engine reads source and metadata. It never connects to an org, never needs credentials, and never needs the Salesforce CLI to analyse. A clean read with nothing exposed.
The Studio, the CLI, and the engine all run on your box. No telemetry, no cloud round-trip. Map a client org on a plane, in a SCIF, or behind the strictest firewall.
The optional org pull runs through your own authenticated CLI, exactly as if you ran the retrieve. Every inferred edge carries a confidence, so you always know what is fact and what is a lead.
How it works
Open a local DX project, drop in a metadata zip, or pull a connected org through your own Salesforce CLI. Narrow the scan to exactly the metadata you care about.
Apex is parsed with a real grammar, LWC with Babel. Every component, dependency, and risk is resolved from source, with a confidence on each edge. Nothing leaves your box.
Explore the graph, grade the org, build a deploy bundle, derive least-privilege access, and find what is fragile or dead. In the Studio, the CLI, or as an MCP tool.
What is inside
The whole org, as one interactive map.
Lay the org out different ways, filter the noise to the types you care about, and focus any component to see its neighbourhood. Right-click a node to jump straight to its details, trace, deploy bundle, or access kit.
One read on how healthy the org is.
A single grade summarises the org, with the factors that moved it: missing references, circular dependencies, and the fragile high-coupling hubs that make change risky. Headline counts across components, Apex, flows, and more.
If I move this, what has to come with it.
Pick any component and Skemia computes its full dependency closure, groups it into a sensible deploy order, and hands you a ready package.xml. A focused diagram of the bundle, copy or download the manifest, and go.
Who can access what, read straight from metadata.
Read across permission sets, profiles, and groups. Object and field access, dangerous system permissions, and least-privilege risks, laid out. Look up a component and see which personas reach it, and where grants overlap or over-reach.
The least-privilege permission set, derived from source.
Pick a feature, app, component, flow, or controller, and Skemia derives the exact permission set a user needs to run it. Every grant is earned and explained, with a confidence and a reason, and the deployable set is ready to copy.
Keep the org honest.
Risks collects everything fragile in one list: missing references, circular dependencies, and high-coupling hubs. Unused and cleanup finds orphaned metadata and superseded OmniStudio versions, and hands you a destructiveChanges manifest.
See it move
From the org health grade to deploy bundles, permissions, and the access kit. Watch Skemia walk an org end to end.
Who it is for
One printable snapshot of how the org is built, by area, with the most depended-on components and the integration footprint.
See the blast radius before you touch anything. Build the exact deploy bundle, with a package.xml that already accounts for dependencies.
Who can access what, across sets, profiles, and groups. Derive least-privilege permission sets and flag dangerous grants.
Walk into any client org and understand it fast. Diff environments, surface tech debt, and leave with evidence, not guesses.
Start mapping
Download Skemia free and scan your first project in under a minute. Fully local, source-only, no account.
