Clayton Help Center

Rule documentation

Learn everything about our rules, and how to leverage them drive absolute quality in your development team.

Common Weakness Enumeration mapping

What types of rules are supported by Clayton?

Avoid Inline CSS Styles

Use native ZIP functions over Zippex

Coding best practices

Multiple automation on the same object

Multiple record-triggered flows on the same object

Call to blocklisted method

Missing fault path in Flows

Identify methods with global visibility

Asynchronous methods in loops

Boundaries on SOQL statements

Bulkification of triggers

Business logic in triggers

Metadata API recency

Multiple triggers per object

Number of arguments per method

Number of methods per class

Send email in loops

Inefficient calls to Schema.getGlobalDescribe

Use of spaces in attribute class selectors

Database operations

Non-selective SOQL queries on large objects

Database changes in Flow loop paths

Direct access utility class

Data manipulation utility class

CRUD and Field-Level Security

Data access in loops

Data manipulation in constructors

Exception handling

Transaction control

Flows without description

Description on custom objects

Description on custom fields

Hardcoded IDs in code

Hardcoded ID (flows)

Hardcoded IDs in configuration

Lightning best practices

Inline JavaScript

Unsafe JavaScript

Naming conventions

Naming conventions on Aura Controller Property

Naming conventions on Apex inner classes

Naming conventions on Apex test classes

Naming conventions on Apex test inner classes

Naming conventions on sObjects

Naming conventions on sObjects fields

Naming conventions on Apex classes

Naming conventions on Apex triggers

Naming conventions on Apex methods

Naming conventions for Apex variables

Inactive Workflow Rules

Inactive Workflows

Optimized loading of resources

Unnecessary code detection

Use of JSON serialization of exceptions

Testing best practices

Identify test coverage cheats

Untested Lightning Web Components

Assertions with comments

Minimum number of assertions

Test data isolation

Untested methods

Use of @IsTest annotation

Use of test data factories

Visualforce best practices

Salesforce1 compatibility in Visualforce

User-friendly messages in Visualforce

Visualforce view state optimization

Vulnerability protection

Vulnerable third-party component

No autocompletion on password fields

No insecure cookies

Arbitrary Page Redirect

Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF)

Insecure Direct Object References

SOQL/SOSL Injection

Maintainability

Inactive flows and processes

Nulls/Empty checks after lookups in Flows

Inactive validation rules

Objects with an excessive number of custom fields

High complex flows and processes

High complex Apex methods

High complex Apex files

Use of outdated API version for ICU locale

Scan PRs only when destination is a tracked branch

Release readiness

Retirement of AccountInsights and OpportunityInsights Settings

Retirement of Streaming API versions

Deprecated methods in URL Class

Deprecated SiteSettings

Changed behaviour on Type.forName

Retirement of Salesforce Functions

JsonAccess Annotation

Use of deprecated list view resources

Use of retired Workflows and Process Builders

Missed opportunity: Static SOQL for Data Cloud DMOs

Missed opportunity: defaultValue and placeholderText modifiers

Use of JavaScript in WebLinks

Breaking change in LWC host access

Breaking change in LWC import and export statements

Breaking change in LWC style access

Missed opportunity: Null Coalescing Operator