π¨ CRITICAL GUIDELINES
Windows File Path Requirements
MANDATORY: Always Use Backslashes on Windows for File Paths
When using Edit or Write tools on Windows, you MUST use backslashes (
) in file paths, NOT forward slashes (/
).
Examples:
-
β WRONG: D:/repos/project/file.tsx
-
β CORRECT: D:\repos\project\file.tsx
This applies to:
-
Edit tool file_path parameter
-
Write tool file_path parameter
-
All file operations on Windows systems
Documentation Guidelines
NEVER create new documentation files unless explicitly requested by the user.
-
Priority: Update existing README.md files rather than creating new documentation
-
Repository cleanliness: Keep repository root clean - only README.md unless user requests otherwise
-
Style: Documentation should be concise, direct, and professional - avoid AI-generated tone
-
User preference: Only create additional .md files when user specifically asks for documentation
Salesforce Hyperforce Architecture (2025)
What is Hyperforce?
Hyperforce is Salesforce's next-generation infrastructure architecture built on public cloud platforms (AWS, Azure, Google Cloud). It represents a complete re-architecture of Salesforce from data center-based infrastructure to cloud-native, containerized microservices.
Key Innovation: Infrastructure as code that can be deployed anywhere, giving customers choice, control, and data residency compliance.
Five Architectural Principles
- Immutable Infrastructure
Traditional: Patch and update existing servers Hyperforce: Destroy and recreate servers with each deployment
Old Architecture: Server β Patch β Patch β Patch β Configuration Drift
Hyperforce: Container Image v1 β Deploy New Code β Build Container Image v2 β Replace v1 with v2 Result: Every deployment is identical, reproducible
Benefits:
-
No configuration drift
-
Consistent environments (dev = prod)
-
Fast rollback (redeploy previous image)
-
Security patches applied immediately
- Multi-Availability Zone Design
Architecture:
Region: US-East (Virginia) ββ Availability Zone A (Data Center 1) β ββ App Servers (Kubernetes pods) β ββ Database Primary β ββ Load Balancer ββ Availability Zone B (Data Center 2) β ββ App Servers (Kubernetes pods) β ββ Database Replica β ββ Load Balancer ββ Availability Zone C (Data Center 3) ββ App Servers (Kubernetes pods) ββ Database Replica ββ Load Balancer
Traffic Distribution: Round-robin across all AZs Failure Handling: If AZ fails, traffic routes to remaining AZs RTO (Recovery Time Objective): <5 minutes RPO (Recovery Point Objective): <30 seconds
Impact on Developers:
-
Higher availability (99.95%+ SLA)
-
Transparent failover (no code changes)
-
Regional data residency guaranteed
- Zero Trust Security
Traditional: Perimeter security (firewall protects everything inside) Hyperforce: No implicit trust - verify everything, always
Zero Trust Model: ββ Identity Verification (MFA required for all users by 2025) ββ Device Trust (managed devices only) ββ Network Segmentation (micro-segmentation between services) ββ Least Privilege Access (minimal permissions by default) ββ Continuous Monitoring (real-time threat detection) ββ Encryption Everywhere (TLS 1.3, data at rest encryption)
Code Impact:
// OLD: Assume internal traffic is safe public without sharing class InternalService { // No auth checks - trusted network }
// HYPERFORCE: Always verify, never trust public with sharing class InternalService { // Always enforce sharing rules // Always validate session // Always check field-level security
public List<Account> getAccounts() {
// WITH SECURITY_ENFORCED prevents data leaks
return [SELECT Id, Name FROM Account WITH SECURITY_ENFORCED];
}
}
2025 Requirements:
-
MFA Mandatory: All users must enable MFA
-
Session Security: Shorter session timeouts, IP restrictions
-
API Security: JWT with short expiration (15 minutes)
- Infrastructure as Code (IaC)
Everything defined as code, version-controlled:
Hyperforce deployment manifest (conceptual)
apiVersion: hyperforce.salesforce.com/v1 kind: SalesforceOrg metadata: name: production-org region: aws-us-east-1 spec: edition: enterprise features: - agentforce - dataCloud - einstein compute: pods: 50 autoScaling: min: 10 max: 100 targetCPU: 70% storage: size: 500GB replication: 3 backup: frequency: hourly retention: 30days networking: privateLink: enabled ipWhitelist: - 203.0.113.0/24
Benefits for Developers:
-
Reproducible: Recreate exact environment anytime
-
Version Controlled: Track all infrastructure changes in Git
-
Testable: Validate infrastructure before deployment
-
Automated: No manual configuration, eliminates human error
- Clean Slate (No Legacy Constraints)
Hyperforce rebuilt from scratch:
-
Modern Kubernetes orchestration
-
Cloud-native services (managed databases, object storage)
-
API-first design (everything accessible via API)
-
Microservices architecture (independent scaling)
-
No legacy code or technical debt
Public Cloud Integration
AWS Hyperforce Architecture
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β AWS Region (us-east-1) β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β VPC (Virtual Private Cloud) β β ββ Public Subnets (3 AZs) β β β ββ Application Load Balancer (ALB) β β ββ Private Subnets (3 AZs) β β β ββ EKS Cluster (Kubernetes) β β β β ββ Salesforce App Pods (autoscaling) β β β β ββ Metadata Service Pods β β β β ββ API Gateway Pods β β β β ββ Background Job Pods (Batch, Scheduled) β β β ββ RDS Aurora PostgreSQL (multi-AZ) β β β ββ ElastiCache Redis (session storage) β β β ββ S3 Buckets (attachments, documents) β β ββ Database Subnets (3 AZs) β β ββ Aurora Database Cluster β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β Additional Services β β ββ CloudWatch (monitoring, logs) β β ββ CloudTrail (audit logs) β β ββ AWS Shield (DDoS protection) β β ββ AWS WAF (web application firewall) β β ββ KMS (encryption key management) β β ββ PrivateLink (secure connectivity) β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
AWS Services Used:
-
Compute: EKS (Elastic Kubernetes Service)
-
Database: Aurora PostgreSQL (multi-master)
-
Storage: S3 (object storage), EBS (block storage)
-
Networking: VPC, ALB, Route 53, CloudFront CDN
-
Security: IAM, KMS, Shield, WAF, Certificate Manager
Azure Hyperforce Architecture
Azure Region (East US) ββ Virtual Network (VNet) β ββ AKS (Azure Kubernetes Service) β β ββ Salesforce workloads β ββ Azure Database for PostgreSQL (Hyperscale) β ββ Azure Cache for Redis β ββ Azure Blob Storage ββ Azure Front Door (CDN + Load Balancer) ββ Azure Monitor (logging, metrics) ββ Azure Active Directory (identity) ββ Azure Key Vault (secrets, encryption)
Google Cloud Hyperforce Architecture
GCP Region (us-central1) ββ VPC Network β ββ GKE (Google Kubernetes Engine) β ββ Cloud SQL (PostgreSQL) β ββ Memorystore (Redis) β ββ Cloud Storage (GCS) ββ Cloud Load Balancing ββ Cloud Armor (DDoS protection) ββ Cloud Monitoring (Stackdriver) ββ Cloud KMS (encryption)
Data Residency and Compliance
Geographic Regions (2025)
Available Hyperforce Regions:
Americas: ββ US East (Virginia) - AWS, Azure ββ US West (Oregon) - AWS ββ US Central (Iowa) - GCP ββ Canada (Toronto) - AWS ββ Brazil (SΓ£o Paulo) - AWS
Europe: ββ UK (London) - AWS ββ Germany (Frankfurt) - AWS, Azure ββ France (Paris) - AWS ββ Ireland (Dublin) - AWS ββ Switzerland (Zurich) - AWS
Asia Pacific: ββ Japan (Tokyo) - AWS ββ Australia (Sydney) - AWS ββ Singapore - AWS ββ India (Mumbai) - AWS ββ South Korea (Seoul) - AWS
Middle East: ββ UAE (Dubai) - AWS
Data Residency Guarantees
What stays in region:
-
All customer data (records, attachments, metadata)
-
Database backups
-
Transaction logs
-
Audit logs
What may leave region:
-
Telemetry data (anonymized performance metrics)
-
Security threat intelligence
-
Platform health monitoring
Code Implication:
// Data residency automatically enforced // No code changes needed - Hyperforce handles it
// Example: File stored in org's region ContentVersion cv = new ContentVersion( Title = 'Customer Contract', PathOnClient = 'contract.pdf', VersionData = Blob.valueOf('contract data') ); insert cv;
// File automatically stored in: // - AWS S3 in org's region // - Encrypted at rest (AES-256) // - Replicated across 3 AZs in region // - Never leaves region boundary
Compliance Certifications
Hyperforce maintains:
-
SOC 2 Type II: Security, availability, confidentiality
-
ISO 27001: Information security management
-
GDPR: EU data protection compliance
-
HIPAA: Healthcare data protection (BAA available)
-
PCI DSS: Payment card data security
-
FedRAMP: US government cloud security (select regions)
Performance Improvements
Latency Reduction
Old Architecture (data center-based):
User (Germany) β Transatlantic cable β US Data Center β Response Latency: 150-200ms
Hyperforce:
User (Germany) β Frankfurt Hyperforce Region β Response Latency: 10-30ms
Result: 5-10x faster for regional users
Auto-Scaling
Traditional: Fixed capacity, must provision for peak load Hyperforce: Dynamic scaling based on demand
Business Hours (9 AM - 5 PM): ββ High user load ββ Kubernetes scales up pods: 50 β 150 ββ Response times maintained
Off Hours (6 PM - 8 AM): ββ Low user load ββ Kubernetes scales down pods: 150 β 30 ββ Cost savings (pay for what you use)
Black Friday (peak event): ββ Extreme load ββ Kubernetes scales to maximum: 30 β 500 pods in minutes ββ No downtime, no performance degradation
Governor Limits - No Change:
// Hyperforce does NOT change governor limits // Limits remain the same as classic Salesforce: // - 100 SOQL queries per transaction // - 150 DML statements // - 6 MB heap size (sync), 12 MB (async)
// But: Infrastructure scales to handle more concurrent users
Migration to Hyperforce
Migration Process
Salesforce handles migration (no customer action required):
Phase 1: Assessment (Salesforce internal) ββ Analyze org size, customizations ββ Identify any incompatible features ββ Plan migration window
Phase 2: Pre-Migration (Customer notified) ββ Salesforce sends notification (90 days notice) ββ Customer tests in sandbox (migrated first) ββ Customer validates functionality
Phase 3: Migration (Weekend maintenance window) ββ Backup all data ββ Replicate data to Hyperforce ββ Cutover DNS (redirect traffic) ββ Validate migration success
Phase 4: Post-Migration ββ Monitor performance ββ Support customer issues ββ Decommission old infrastructure
Downtime: Typically <2 hours
What Changes for Developers?
No Code Changes Required:
// Your Apex code works identically on Hyperforce public class MyController { public List<Account> getAccounts() { return [SELECT Id, Name FROM Account LIMIT 10]; } }
// No changes needed // Same APIs, same limits, same behavior
Potential Performance Improvements:
-
Faster API responses (lower latency)
-
Better handling of concurrent users
-
Improved batch job processing (parallel execution)
Backward Compatibility: 100% compatible with existing code
Testing Pre-Migration
Use Sandbox Migration:
-
Salesforce migrates your sandbox first
-
Test all critical functionality: ββ Custom Apex classes ββ Triggers and workflows ββ Integrations (API callouts) ββ Lightning components ββ Reports and dashboards
-
Validate performance: ββ Run load tests ββ Check API response times ββ Verify batch jobs complete
-
Report any issues to Salesforce
-
Production migration scheduled after sandbox validated
Hyperforce for Developers
Enhanced APIs
Hyperforce exposes infrastructure APIs:
// Query org's Hyperforce region (API 62.0+) Organization org = [SELECT Id, InstanceName, InfrastructureRegion__c FROM Organization LIMIT 1]; System.debug('Region: ' + org.InfrastructureRegion__c); // 'aws-us-east-1'
// Check if org is on Hyperforce System.debug('Is Hyperforce: ' + org.IsHyperforce__c); // true
Private Connectivity
AWS PrivateLink / Azure Private Link:
Traditional: Salesforce API β Public Internet β Your API Security: TLS encryption, but still public internet
Hyperforce PrivateLink: Salesforce API β Private Network β Your API Security: Never touches public internet, lower latency
Setup:
- Create VPC Endpoint (AWS) or Private Endpoint (Azure)
- Salesforce provides service endpoint name
- Configure Named Credential in Salesforce with private endpoint
- API calls route over private network
Configuration:
// Named Credential uses PrivateLink endpoint // Setup β Named Credentials β External API (PrivateLink) // URL: https://api.internal.example.com (private endpoint)
// Apex callout HttpRequest req = new HttpRequest(); req.setEndpoint('callout:ExternalAPIPrivateLink/data'); req.setMethod('GET');
Http http = new Http(); HttpResponse res = http.send(req);
// Callout never leaves private network // Lower latency, higher security
Monitoring
CloudWatch / Azure Monitor Integration:
Salesforce publishes metrics to your cloud account: ββ API request volume ββ API response times ββ Error rates ββ Governor limit usage ββ Batch job completion times
Benefits:
- Unified monitoring (Salesforce + your apps)
- Custom alerting (CloudWatch Alarms)
- Cost attribution (AWS Cost Explorer)
Best Practices for Hyperforce
Security
-
Enable MFA: Required for all users in 2025
-
Use WITH SECURITY_ENFORCED: Field-level security in SOQL
-
Implement IP whitelisting: Restrict access to known IPs
-
Monitor audit logs: Setup β Event Monitoring
-
Rotate credentials: API keys, certificates, passwords regularly
Performance
-
Leverage caching: Platform Cache for frequently accessed data
-
Optimize queries: Use indexed fields, selective queries
-
Async processing: Use @future, Queueable for non-critical work
-
Bulkification: Always design for 200+ records
-
Monitor limits: Use Limits class to track governor limit usage
Data Residency
-
Understand requirements: Know your compliance obligations
-
Choose correct region: Select region meeting your needs
-
Validate configurations: Ensure integrations respect boundaries
-
Document decisions: Maintain records of data residency choices
Cost Optimization
-
Right-size storage: Archive old data, delete unnecessary records
-
Optimize API calls: Batch API calls, use composite APIs
-
Schedule batch jobs efficiently: Run during off-peak hours
-
Monitor usage: Track API calls, storage, compute usage
Resources
-
Hyperforce Trust Site: https://trust.salesforce.com/en/infrastructure/hyperforce/
-
Hyperforce FAQ: Salesforce Help documentation
-
Available Regions: https://help.salesforce.com/s/articleView?id=sf.getstart_domain_overview.htm
-
Migration Guide: Provided by Salesforce 90 days before migration
-
Trust & Compliance: https://compliance.salesforce.com/
Future Roadmap (2025+)
Expected Enhancements:
-
More regions (Africa, additional Asia Pacific)
-
Bring Your Own Cloud (BYOC) - use your own AWS/Azure account
-
Multi-region active-active (write to multiple regions simultaneously)
-
Edge computing (Salesforce at CDN edge locations)
-
Kubernetes cluster API (direct pod management for enterprises)
Hyperforce represents Salesforce's commitment to modern, cloud-native infrastructure that scales globally while meeting the most stringent compliance and performance requirements.