Features
One map, built from source, drives every view. Explore the graph, grade the org, plan a clean deploy, audit access, and find what is fragile or dead. In the Studio, the CLI, or as a tool any agent can call.
Dependency graph
Focus any component to see its neighbourhood, coloured by type and sized by impact. Lay it out different ways, filter to the types you care about, and right-click a node to trace it, bundle it, or derive its access.
Deploy bundle
Pick a component and Skemia computes its full dependency closure, groups it into a sensible deploy order, draws the bundle, and hands you a ready package.xml to copy or download.
Permissions
A clear matrix of object and field access across permission sets, profiles, and groups. Spot dangerous system permissions, overlap, and over-grants, and look up which personas reach any component.
Access kit
Pick a feature, app, component, flow, or controller and Skemia derives the exact permission set a user needs to run it. Every grant is earned and explained, with a confidence and a reason, ready to deploy.
Everything else
The whole org, as one interactive map.
Lay the org out different ways, filter the noise to the types you care about, and focus any component to see its neighbourhood. Right-click a node to jump straight to its details, trace, deploy bundle, or access kit.
One read on how healthy the org is.
A single grade summarises the org, with the factors that moved it: missing references, circular dependencies, and the fragile high-coupling hubs that make change risky. Headline counts across components, Apex, flows, and more.
If I move this, what has to come with it.
Pick any component and Skemia computes its full dependency closure, groups it into a sensible deploy order, and hands you a ready package.xml. A focused diagram of the bundle, copy or download the manifest, and go.
See the blast radius before you touch anything.
Walk a dependency chain level by level. Choose downstream to see what a component relies on, or upstream to see what relies on it, and Skemia expands the tree so the full reach of a change is visible up front.
Who can access what, read straight from metadata.
Read across permission sets, profiles, and groups. Object and field access, dangerous system permissions, and least-privilege risks, laid out. Look up a component and see which personas reach it, and where grants overlap or over-reach.
The least-privilege permission set, derived from source.
Pick a feature, app, component, flow, or controller, and Skemia derives the exact permission set a user needs to run it. Every grant is earned and explained, with a confidence and a reason, and the deployable set is ready to copy.
Do not just read permissions. Build them.
Compose a permission set or group from objects, fields, Apex, and user permissions, and preview exactly what the result grants before anything is created. When it is right, generate the deployable metadata.
Keep the org honest.
Risks collects everything fragile in one list: missing references, circular dependencies, and high-coupling hubs. Unused and cleanup finds orphaned metadata and superseded OmniStudio versions, and hands you a destructiveChanges manifest.
Drift, made visible.
Diff one scan against another, id by id, to see exactly what changed between two environments, or against the same org over time. Change-by-type up top, then added, removed, and changed components, and the risks that appeared or resolved.
Query the map however you work.
The same map drives a CLI, an MCP server so any agent can ask it questions as a tool, and a read-only SQL console over every component, dependency, and risk. Built once per project and cached, with a PR impact gate for CI.
One map, every view
Download Skemia free and scan a local project or a metadata zip. No account, no org connection.