---
title: Optimax-agent
emoji: 🛡️
colorFrom: blue
colorTo: purple
sdk: gradio
sdk_version: 6.3.0
app_file: app.py
pinned: false
license: apache-2.0
---

# 🛡️ Optimax Security Agent

AI-powered Salesforce security analysis API that receives metadata from Salesforce orgs and returns comprehensive security assessments.

## Architecture

```
Salesforce Org → Sends Metadata → Optimax Agent API → Returns Analysis
```

**Key Feature:** This API processes **ONLY METADATA** - no credentials are ever received or stored.

## Features

- 🤖 **AI-Powered Analysis** using Salesforce CodeGen 350M
- 🔍 **Permission Vulnerability Detection**
- 👤 **Identity & Access Management Analysis**
- 🔐 **Sharing Model Security Assessment**
- 📊 **Risk Scoring & Prioritization**
- 💡 **Actionable Recommendations**

## API Endpoints

### POST `/api/analyze`

Main analysis endpoint for Salesforce integration.

**Request:**
```json
{
  "org_id": "00Dxx0000001234",
  "org_name": "Your Organization",
  "users": [...],
  "profiles": [...],
  "permission_sets": [...],
  "login_history": [...],
  "sharing_settings": {...}
}
```

**Response:**
```json
{
  "success": true,
  "overall_risk_score": 45,
  "risk_level": "MEDIUM",
  "critical_findings": [...],
  "high_findings": [...],
  "ai_executive_summary": "...",
  "ai_recommendations": [...]
}
```

## Usage

### From Salesforce Apex:

```apex
// 1. Collect metadata
Map<String, Object> metadata = MetadataExtractor.collectOrgMetadata();

// 2. Call Optimax Agent
HttpRequest req = new HttpRequest();
req.setEndpoint('callout:Optimax_Agent/api/analyze');
req.setMethod('POST');
req.setHeader('Content-Type', 'application/json');
req.setBody(JSON.serialize(metadata));

Http http = new Http();
HttpResponse res = http.send(req);

// 3. Parse response
Map<String, Object> analysis = (Map<String, Object>)JSON.deserializeUntyped(res.getBody());
```

### Using cURL:

```bash
curl -X POST https://m8077anya-vishwakarma-optimax-agent.hf.space/api/analyze \
  -H "Content-Type: application/json" \
  -d @metadata.json
```

## Testing

Visit the app in your browser to use the interactive testing interface.

## Security

- ✅ No credential processing
- ✅ Metadata-only analysis
- ✅ Stateless operation
- ✅ Private space (access controlled)

## Technical Details

- **Framework:** Gradio + FastAPI
- **AI Model:** Salesforce CodeGen 350M (350 million parameters)
- **Analysis:** Hybrid (AI + rule-based)
- **Deployment:** Hugging Face Spaces

---

**Version:** 2.0.0  
**Last Updated:** January 2026