Repository

Creates a check run on a commit with optional code annotations. Supports GitHub check runs and Azure DevOps build status. Useful for reporting CI/CD results, code quality checks, or custom validations. Annotations can highlight specific lines in files with issues.

Updates a check run using check_id from the request body. Use this for check IDs that contain special characters (e.g., ADO genre/name format like "sfp/PR Validation").

Updates the status, conclusion, or output of an existing check run. For check IDs with special characters (slashes, spaces), use PATCH /checks/update instead.

Lists pull requests with optional filtering by username and state. Supports GitHub and Azure DevOps repositories. Supports pagination. Can filter PRs created by or assigned to a specific user. Returns basic PR information including title, state, and branch details.

Creates a new pull request between two branches. Supports draft pull requests. The source branch must have commits ahead of the target branch. Useful for automated PR creation in CI/CD workflows.

Returns a provider-agnostic PR context with branch info, commit SHAs, changed files, reviews, and metadata. Works with GitHub, Azure DevOps, and GitLab repositories. Used by sfp analyze to get PR context without needing CI-specific environment variables.

Closes an open pull request without merging. The PR can be reopened later if needed. This action preserves all PR history including comments and reviews.

Reopens a previously closed pull request. The PR must not have been merged. All previous history including comments and reviews is preserved.

Generates a scoped authentication token for the specified repository. Supports GitHub (installation tokens via GitHub App or PAT) and Azure DevOps (PAT or Service Principal). The token is cached for 50 minutes to avoid unnecessary API calls. This endpoint requires an application token and the repository must be registered as a project.

Returns an HTTPS clone URL with embedded authentication token. Supports GitHub and Azure DevOps repositories. This URL can be used directly with git clone without additional authentication. The token is scoped to the repository and has the same expiration as the auth token (cached for 50 minutes). Useful for automated workflows, CI/CD pipelines, or services like Windmill that need to clone repositories programmatically.

Returns authenticated .npmrc file content for npm package registry access. Supports GitHub Packages (via integration), JFrog Artifactory, GitLab Package Registry, and custom npm registries. Content is cached for 50 minutes. Use this endpoint to generate .npmrc files for CI/CD workflows and Windmill flows that need to install private npm packages.

Downloads a repository snapshot and extracts all domain/release configurations from the config directory. Returns both a simple array of domain names and full release config details. Results are cached for 30 minutes. The config directory location defaults to "config" but can be customized in project configuration.

Downloads a repository snapshot and extracts all package information from sfdx-project.json. Returns both a simple array of package names and detailed package metadata including paths, versions, types, and dependencies. Results are cached for 30 minutes.

Retrieves details of an issue or pull request including title, body, author, labels, and state. Works with GitHub issues/PRs and Azure DevOps work items/PRs.

Retrieves all comments on an issue or pull request.

Posts a new comment to an issue or pull request. Supports GitHub and Azure DevOps repositories.

Creates a reaction on a specific comment. Supports standard reactions like +1, -1, laugh, confused, heart, hooray, rocket, eyes.

Adds one or more labels to an issue or pull request.

Deletes the specified branch from the remote repository. Protected branches cannot be deleted.

Removes a label from an issue or pull request. Works with GitHub and Azure DevOps.