π¨ CRITICAL GUIDELINES
Windows File Path Requirements
MANDATORY: Always Use Backslashes on Windows for File Paths
When using Edit or Write tools on Windows, you MUST use backslashes (\) in file paths, NOT forward slashes (/).
Examples:
- β WRONG:
D:/repos/project/file.tsx - β
CORRECT:
D:\repos\project\file.tsx
This applies to:
- Edit tool file_path parameter
- Write tool file_path parameter
- All file operations on Windows systems
Documentation Guidelines
NEVER create new documentation files unless explicitly requested by the user.
- Priority: Update existing README.md files rather than creating new documentation
- Repository cleanliness: Keep repository root clean - only README.md unless user requests otherwise
- Style: Documentation should be concise, direct, and professional - avoid AI-generated tone
- User preference: Only create additional .md files when user specifically asks for documentation
Salesforce Hyperforce Architecture (2025)
What is Hyperforce?
Hyperforce is Salesforce's next-generation infrastructure architecture built on public cloud platforms (AWS, Azure, Google Cloud). It represents a complete re-architecture of Salesforce from data center-based infrastructure to cloud-native, containerized microservices.
Key Innovation: Infrastructure as code that can be deployed anywhere, giving customers choice, control, and data residency compliance.
Five Architectural Principles
1. Immutable Infrastructure
Traditional: Patch and update existing servers Hyperforce: Destroy and recreate servers with each deployment
Old Architecture:
Server β Patch β Patch β Patch β Configuration Drift
Hyperforce:
Container Image v1 β Deploy
New Code β Build Container Image v2 β Replace v1 with v2
Result: Every deployment is identical, reproducible
Benefits:
- No configuration drift
- Consistent environments (dev = prod)
- Fast rollback (redeploy previous image)
- Security patches applied immediately
2. Multi-Availability Zone Design
Architecture:
Region: US-East (Virginia)
ββ Availability Zone A (Data Center 1)
β ββ App Servers (Kubernetes pods)
β ββ Database Primary
β ββ Load Balancer
ββ Availability Zone B (Data Center 2)
β ββ App Servers (Kubernetes pods)
β ββ Database Replica
β ββ Load Balancer
ββ Availability Zone C (Data Center 3)
ββ App Servers (Kubernetes pods)
ββ Database Replica
ββ Load Balancer
Traffic Distribution: Round-robin across all AZs
Failure Handling: If AZ fails, traffic routes to remaining AZs
RTO (Recovery Time Objective): <5 minutes
RPO (Recovery Point Objective): <30 seconds
Impact on Developers:
- Higher availability (99.95%+ SLA)
- Transparent failover (no code changes)
- Regional data residency guaranteed
3. Zero Trust Security
Traditional: Perimeter security (firewall protects everything inside) Hyperforce: No implicit trust - verify everything, always
Zero Trust Model:
ββ Identity Verification (MFA required for all users by 2025)
ββ Device Trust (managed devices only)
ββ Network Segmentation (micro-segmentation between services)
ββ Least Privilege Access (minimal permissions by default)
ββ Continuous Monitoring (real-time threat detection)
ββ Encryption Everywhere (TLS 1.3, data at rest encryption)
Code Impact:
// OLD: Assume internal traffic is safe
public without sharing class InternalService {
// No auth checks - trusted network
}
// HYPERFORCE: Always verify, never trust
public with sharing class InternalService {
// Always enforce sharing rules
// Always validate session
// Always check field-level security
public List<Account> getAccounts() {
// WITH SECURITY_ENFORCED prevents data leaks
return [SELECT Id, Name FROM Account WITH SECURITY_ENFORCED];
}
}
2025 Requirements:
- MFA Mandatory: All users must enable MFA
- Session Security: Shorter session timeouts, IP restrictions
- API Security: JWT with short expiration (15 minutes)
4. Infrastructure as Code (IaC)
Everything defined as code, version-controlled:
# Hyperforce deployment manifest (conceptual)
apiVersion: hyperforce.salesforce.com/v1
kind: SalesforceOrg
metadata:
name: production-org
region: aws-us-east-1
spec:
edition: enterprise
features:
- agentforce
- dataCloud
- einstein
compute:
pods: 50
autoScaling:
min: 10
max: 100
targetCPU: 70%
storage:
size: 500GB
replication: 3
backup:
frequency: hourly
retention: 30days
networking:
privateLink: enabled
ipWhitelist:
- 203.0.113.0/24
Benefits for Developers:
- Reproducible: Recreate exact environment anytime
- Version Controlled: Track all infrastructure changes in Git
- Testable: Validate infrastructure before deployment
- Automated: No manual configuration, eliminates human error
5. Clean Slate (No Legacy Constraints)
Hyperforce rebuilt from scratch:
- Modern Kubernetes orchestration
- Cloud-native services (managed databases, object storage)
- API-first design (everything accessible via API)
- Microservices architecture (independent scaling)
- No legacy code or technical debt
Public Cloud Integration
AWS Hyperforce Architecture
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AWS Region (us-east-1) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β VPC (Virtual Private Cloud) β
β ββ Public Subnets (3 AZs) β
β β ββ Application Load Balancer (ALB) β
β ββ Private Subnets (3 AZs) β
β β ββ EKS Cluster (Kubernetes) β
β β β ββ Salesforce App Pods (autoscaling) β
β β β ββ Metadata Service Pods β
β β β ββ API Gateway Pods β
β β β ββ Background Job Pods (Batch, Scheduled) β
β β ββ RDS Aurora PostgreSQL (multi-AZ) β
β β ββ ElastiCache Redis (session storage) β
β β ββ S3 Buckets (attachments, documents) β
β ββ Database Subnets (3 AZs) β
β ββ Aurora Database Cluster β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Additional Services β
β ββ CloudWatch (monitoring, logs) β
β ββ CloudTrail (audit logs) β
β ββ AWS Shield (DDoS protection) β
β ββ AWS WAF (web application firewall) β
β ββ KMS (encryption key management) β
β ββ PrivateLink (secure connectivity) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
AWS Services Used:
- Compute: EKS (Elastic Kubernetes Service)
- Database: Aurora PostgreSQL (multi-master)
- Storage: S3 (object storage), EBS (block storage)
- Networking: VPC, ALB, Route 53, CloudFront CDN
- Security: IAM, KMS, Shield, WAF, Certificate Manager
Azure Hyperforce Architecture
Azure Region (East US)
ββ Virtual Network (VNet)
β ββ AKS (Azure Kubernetes Service)
β β ββ Salesforce workloads
β ββ Azure Database for PostgreSQL (Hyperscale)
β ββ Azure Cache for Redis
β ββ Azure Blob Storage
ββ Azure Front Door (CDN + Load Balancer)
ββ Azure Monitor (logging, metrics)
ββ Azure Active Directory (identity)
ββ Azure Key Vault (secrets, encryption)
Google Cloud Hyperforce Architecture
GCP Region (us-central1)
ββ VPC Network
β ββ GKE (Google Kubernetes Engine)
β ββ Cloud SQL (PostgreSQL)
β ββ Memorystore (Redis)
β ββ Cloud Storage (GCS)
ββ Cloud Load Balancing
ββ Cloud Armor (DDoS protection)
ββ Cloud Monitoring (Stackdriver)
ββ Cloud KMS (encryption)
Data Residency and Compliance
Geographic Regions (2025)
Available Hyperforce Regions:
Americas:
ββ US East (Virginia) - AWS, Azure
ββ US West (Oregon) - AWS
ββ US Central (Iowa) - GCP
ββ Canada (Toronto) - AWS
ββ Brazil (SΓ£o Paulo) - AWS
Europe:
ββ UK (London) - AWS
ββ Germany (Frankfurt) - AWS, Azure
ββ France (Paris) - AWS
ββ Ireland (Dublin) - AWS
ββ Switzerland (Zurich) - AWS
Asia Pacific:
ββ Japan (Tokyo) - AWS
ββ Australia (Sydney) - AWS
ββ Singapore - AWS
ββ India (Mumbai) - AWS
ββ South Korea (Seoul) - AWS
Middle East:
ββ UAE (Dubai) - AWS
Data Residency Guarantees
What stays in region:
- All customer data (records, attachments, metadata)
- Database backups
- Transaction logs
- Audit logs
What may leave region:
- Telemetry data (anonymized performance metrics)
- Security threat intelligence
- Platform health monitoring
Code Implication:
// Data residency automatically enforced
// No code changes needed - Hyperforce handles it
// Example: File stored in org's region
ContentVersion cv = new ContentVersion(
Title = 'Customer Contract',
PathOnClient = 'contract.pdf',
VersionData = Blob.valueOf('contract data')
);
insert cv;
// File automatically stored in:
// - AWS S3 in org's region
// - Encrypted at rest (AES-256)
// - Replicated across 3 AZs in region
// - Never leaves region boundary
Compliance Certifications
Hyperforce maintains:
- SOC 2 Type II: Security, availability, confidentiality
- ISO 27001: Information security management
- GDPR: EU data protection compliance
- HIPAA: Healthcare data protection (BAA available)
- PCI DSS: Payment card data security
- FedRAMP: US government cloud security (select regions)
Performance Improvements
Latency Reduction
Old Architecture (data center-based):
User (Germany) β Transatlantic cable β US Data Center β Response
Latency: 150-200ms
Hyperforce:
User (Germany) β Frankfurt Hyperforce Region β Response
Latency: 10-30ms
Result: 5-10x faster for regional users
Auto-Scaling
Traditional: Fixed capacity, must provision for peak load Hyperforce: Dynamic scaling based on demand
Business Hours (9 AM - 5 PM):
ββ High user load
ββ Kubernetes scales up pods: 50 β 150
ββ Response times maintained
Off Hours (6 PM - 8 AM):
ββ Low user load
ββ Kubernetes scales down pods: 150 β 30
ββ Cost savings (pay for what you use)
Black Friday (peak event):
ββ Extreme load
ββ Kubernetes scales to maximum: 30 β 500 pods in minutes
ββ No downtime, no performance degradation
Governor Limits - No Change:
// Hyperforce does NOT change governor limits
// Limits remain the same as classic Salesforce:
// - 100 SOQL queries per transaction
// - 150 DML statements
// - 6 MB heap size (sync), 12 MB (async)
// But: Infrastructure scales to handle more concurrent users
Migration and Developer Workflow
Detailed Hyperforce migration phases, readiness checks, pre/post-migration testing, rollback considerations, developer workflow changes, CLI/API notes, sandbox strategy, endpoint handling, and deployment considerations live in references/migration-and-developer-workflow.md. Load that reference when planning or executing a Hyperforce move.
Best Practices for Hyperforce
Security
- Enable MFA: Required for all users in 2025
- Use WITH SECURITY_ENFORCED: Field-level security in SOQL
- Implement IP whitelisting: Restrict access to known IPs
- Monitor audit logs: Setup β Event Monitoring
- Rotate credentials: API keys, certificates, passwords regularly
Performance
- Leverage caching: Platform Cache for frequently accessed data
- Optimize queries: Use indexed fields, selective queries
- Async processing: Use @future, Queueable for non-critical work
- Bulkification: Always design for 200+ records
- Monitor limits: Use Limits class to track governor limit usage
Data Residency
- Understand requirements: Know your compliance obligations
- Choose correct region: Select region meeting your needs
- Validate configurations: Ensure integrations respect boundaries
- Document decisions: Maintain records of data residency choices
Cost Optimization
- Right-size storage: Archive old data, delete unnecessary records
- Optimize API calls: Batch API calls, use composite APIs
- Schedule batch jobs efficiently: Run during off-peak hours
- Monitor usage: Track API calls, storage, compute usage
Resources
- Hyperforce Trust Site: https://trust.salesforce.com/en/infrastructure/hyperforce/
- Hyperforce FAQ: Salesforce Help documentation
- Available Regions: https://help.salesforce.com/s/articleView?id=sf.getstart_domain_overview.htm
- Migration Guide: Provided by Salesforce 90 days before migration
- Trust & Compliance: https://compliance.salesforce.com/
Future Roadmap (2025+)
Expected Enhancements:
- More regions (Africa, additional Asia Pacific)
- Bring Your Own Cloud (BYOC) - use your own AWS/Azure account
- Multi-region active-active (write to multiple regions simultaneously)
- Edge computing (Salesforce at CDN edge locations)
- Kubernetes cluster API (direct pod management for enterprises)
Hyperforce represents Salesforce's commitment to modern, cloud-native infrastructure that scales globally while meeting the most stringent compliance and performance requirements.