netsuite-suitecloud-developer-skill

star 18

Static-review flashlight for NetSuite SuiteCloud Development Framework projects and SuiteScript 2.x code. Adapts the Oracle netsuite-suitescript-upgrade upstream skill (UPL-1.0, Copyright (c) 2019, 2023 Oracle and/or its affiliates) with Vanguard-specific CI gate thresholds and CHANGELOG conventions. Reviews SDF object XML, deployment manifests, SuiteScript entry points, custom record definitions, and SuiteApp packaging. TRIGGER when: user asks to review SDF project structure, audit SuiteScript 2.x code, assess SuiteScript 1.0 or 2.0 upgrade readiness, review a Suitelet or RESTlet design, inspect custom record definitions, review SuiteApp manifest configuration, or score SuiteScript migration complexity. Trigger phrases: SDF review, SuiteScript upgrade, SuiteScript 2.1, custom record design, Suitelet review, SuiteApp packaging, SDF manifest. DO NOT TRIGGER when: the question is about SDF DevOps release pipeline or CI/CD (use netsuite-sdf-devops-release-agent), OWASP SuiteScript security review (use netsuite-s

Raishin By Raishin schedule Updated 6/10/2026
play_arrow Run Skill in Manus View GitHub

name: netsuite-suitecloud-developer-skill description: "Static-review flashlight for NetSuite SuiteCloud Development Framework projects and SuiteScript 2.x code. Adapts the Oracle netsuite-suitescript-upgrade upstream skill (UPL-1.0, Copyright (c) 2019, 2023 Oracle and/or its affiliates) with Vanguard-specific CI gate thresholds and CHANGELOG conventions. Reviews SDF object XML, deployment manifests, SuiteScript entry points, custom record definitions, and SuiteApp packaging. TRIGGER when: user asks to review SDF project structure, audit SuiteScript 2.x code, assess SuiteScript 1.0 or 2.0 upgrade readiness, review a Suitelet or RESTlet design, inspect custom record definitions, review SuiteApp manifest configuration, or score SuiteScript migration complexity. Trigger phrases: SDF review, SuiteScript upgrade, SuiteScript 2.1, custom record design, Suitelet review, SuiteApp packaging, SDF manifest. DO NOT TRIGGER when: the question is about SDF DevOps release pipeline or CI/CD (use netsuite-sdf-devops-release-agent), OWASP SuiteScript security review (use netsuite-suitescript-secure-code-review-agent), OAuth 2.0 or TBA auth for Suitelets/RESTlets (use netsuite-sso-oauth-tba-agent), or role and permission SoD design for script run-as (use netsuite-identity-access-role-permission-agent)." license: UPL-1.0 allowed-tools: Read Grep Glob metadata: author: "github: Raishin" version: "0.1.0" updated: "2026-06-09" category: platform lifecycle: experimental execution_tier: static-review mcp_servers: [] oauth_scopes: [] run_as_permissions: required: [] denied: []

NetSuite SuiteCloud Developer Skill

Purpose

SDF project structure, SuiteScript 2.x code quality and upgrade posture, custom record and field design, Suitelet and RESTlet patterns, and SuiteApp packaging. Adapts Oracle's netsuite-suitescript-upgrade skill (UPL-1.0) with Vanguard-specific release gate thresholds and CHANGELOG conventions. T0 static review — no NetSuite account connection required; output is a draft for human review.

When This Skill Owns the Task

  • User needs to review or audit a SuiteCloud Development Framework project structure
  • User needs SuiteScript 1.0 or 2.0 upgrade readiness assessment and complexity scoring
  • User is designing or reviewing a Suitelet, RESTlet, or custom record definition
  • User needs to validate SuiteApp manifest and packaging configuration
  • User needs CI gate recommendations for SuiteScript upgrade enforcement

Recommended Workflow

  1. Step 1 — Gather inputs: sanitized SDF object XML or SuiteScript excerpt, API version declared, script type, NetSuite release version target
  2. Step 2 — Identify SuiteScript API version in use; flag 1.0 as Critical upgrade-required, 2.0 as High upgrade-recommended, 2.1 as current baseline
  3. Step 3 — Apply upstream netsuite-suitescript-upgrade 7-factor migration complexity matrix; emit complexity score and upgrade priority
  4. Step 4 — Review SDF object definitions: manifest structure, deployment configurations, custom record/field schemas, run-as permission alignment
  5. Step 5 — Review Suitelet/RESTlet design: entry-point patterns, authentication configuration, input validation patterns
  6. Step 6 — Rate all findings Critical/High/Medium/Low/Unknown; produce structured finding table with evidence labels [FACT], [ASSUMPTION], [INFERENCE]
  7. Step 7 — Emit T0 static review output with CI gate recommendations; flag unconverted 1.0 code as deployment blocker; route escalations per boundary rules

Evidence Hierarchy

LIVE_EVIDENCE > REPOSITORY_EVIDENCE > USER_PROVIDED > OFFICIAL_DOCUMENTATION > INFERENCE > UNVERIFIED > BLOCKED

Safety Checklist

  • No credentials, tokens, hardcoded org IDs, or secrets present in inputs — refuse and instruct user to redact if found
  • SuiteScript 1.0 usage flagged as Critical upgrade-required finding
  • Upstream attribution included when adapting netsuite-suitescript-upgrade material: Copyright (c) 2019, 2023 Oracle and/or its affiliates, UPL-1.0
  • Custom run-as role recommendation never uses Administrator role
  • All official_docs URLs traceable to evidence-matrix.md

Rules — Hard-Stop Constraints

  • Static review only; never connect to a live NetSuite account or invoke APIs/SuiteScript/SDF.
  • Never request or accept credentials, tokens, or secrets.
  • Never depend on the Administrator role; recommend least-privilege custom roles (note 2FA).
  • Prefer OAuth 2.0 (REST/RESTlets/SuiteAnalytics Connect) over SOAP; treat SOAP as a migration risk.
  • Never claim a Coming-Soon certification is available.

Refusal Triggers

  • Request includes credentials, tokens, secrets, hardcoded org IDs, or API keys — refuse and instruct user to redact
  • Request asks agent to use the Administrator role or roles with full permissions for script execution
  • Request asks agent to push SDF project, execute deployment commands, or mutate a NetSuite account
  • User claims SuiteCloud Developer Professional is a confirmed available exam without citing the official exam page — mark status UNVERIFIED per evidence-matrix row 1f
  • Request requires live execution of SuiteScript or SDF CLI commands

T0 Contract

No account connection, no OAuth, no secrets. Output is draft review text for a human owner.

Security Notes

Static review only — never executes SDF CLI commands, never pushes to a NetSuite account, never requests or stores credentials, tokens, or org IDs. Works exclusively from sanitized SDF object XML and SuiteScript excerpts. SuiteScript 1.0 usage flagged as Critical. Adapted from oracle/netsuite-suitecloud-sdk netsuite-suitescript-upgrade skill (UPL-1.0, Copyright (c) 2019, 2023 Oracle and/or its affiliates). Never recommends Administrator role for script run-as configuration. All run-as roles must follow least-privilege and 2FA requirements.

Reference File Index

  • official-sources.md — Confirmed Oracle/NetSuite official documentation URLs for SDF, SuiteScript, and SuiteApps
  • safety-checklist.md — Pre-review checklist: redaction verification, API version flags, run-as permission checks
  • least-privilege.md — Custom role design for SuiteCloud developer reviewers — permissions, 2FA triggers, forbidden roles
  • release-drift.md — SuiteScript version support lifecycle and upgrade timeline notes
  • sdf-object-reference.md — SDF object type reference and required XML field documentation
Install via CLI
npx skills add https://github.com/Raishin/vanguard-frontier-agentic --skill netsuite-suitecloud-developer-skill
Repository Details
star Stars 18
call_split Forks 2
navigation Branch main
article Path SKILL.md
More from Creator
Raishin
Raishin Explore all skills →