Rita Nunes

We understand the importance of data security, and to ensure the utmost protection of your information, AllAi has implemented a comprehensive set of security measures. To provide you with a clear understanding of our commitment to data security, we have compiled a list of frequently asked questions that will address any concerns you may have. ➡️ Q: Where does Customer Data reside? Who has access to the data? What security controls applied? Answer: Data about your customer, which resides in Salesforce, remains in Salesforce and is never transferred to or through the LLM. Metadata, such as code, object structures, and similar elements, is stored. For data storage, in a code repository (GitHub): standard access restrictions apply, meaning only the team members allocated to the project have access to it. Regarding data storage in a private embedding index (Milvus): by private we mean that the index is accessible solely by the subscriber who created it. The subscriber is protected through Auth0 for both creation and retrieval processes. Retrieval is safeguarded before reaching the LLM. As for the data processor, the relevant segments of metadata, combined with the Developer’s Prompt, are sent directly to one of two OpenAI endpoints (/v1/chat/completions or /v1/completions), both of which adhere to OpenAI's zero-retention policies. ➡️ Q: Are user requests and AI answers or completions stored and shared? Answer: Customer queries (and the associated outputs) are considered confidential information and OSF agrees to protect such information under our agreement We securely store user requests and responses to provide users with access to their conversation history in certain services, such as Chat. The queries entered by users and the answers provided by AllAi are not used by OSF to further train the AI, except for the customer's benefit when agreed upon, nor will they be shared or become public information. Note that if the user utilizes the code indexing feature (available in the Pro and Enterprise plan), we host the indexed data. The servers hosting this data can only be accessed through the application's IPs within a restricted Virtual Private Cloud (VPC). Even for this specific feature, where we host the indexed data, we do not use it to train the AI, and it is not shared. ➡️ Q: What security controls are in place to protect data and any IP imported/processed into/by the AllAi? Answer: "Private" embeddings are secured via Auth0 authentication. We ensure secure user authentication through integration with Auth0, an identity management system. We employ "ZeroCopy" policies for the LLM itself. As an enterprise customer of OpenAI, our agreement prohibits OpenAI from using input or outputs for any other purposes, including for training their AI. We adhere to the policy outlined in Enterprise privacy, and we have explicitly opted out of allowing API data to be used for training or improving OpenAI's models. We have implemented a protected data retrieval system to ensure the verification of private customer data within the workspace. We categorize information based on its sensitivity into two main types: public data, such as Salesforce documentation and GitHub repositories, and other data categories. Public data sources are accessible to everyone, whereas company-specific data is private and limited to their specific database. When a customer decides to leave, we delete their database after a period that is defined in terms of use. We use encryption techniques to secure data and make it unreadable to unauthorized users. Our database is encrypted using industry standards (We use Atlas DB for managing databases) and TLS encryption for prompts via HTTPS. Additionally, we offer a toxicity detection system that can be tailored to specific use cases. But by default, we utilize OpenAI's abuse monitoring system. ➡️ Q: What specific Data privacy laws are covered by security implementations within AllAi Productivity Platform and how are these applied and fulfilled (in a partner model)? Answer: OSF have implemented compliance controls for our teams meet their compliance obligations and adhere to industry regulations, depending on the nature of the product and the data it handles. (PO-OSF-09_A4_Security Statements for OSF IT Systems processing PII.docx ) We have abbreviated technical and privacy documentation for our customers, detailing our compliance with GDPR, and guides to help enable secure and compliant use of our products and services. Company emails are stored by OSF middleware during the usage contract time to collect behavioral analytics. On customer request after termination, OSF can delete these emails hey can be deleted by request. ➡️ Q: How are developers/ team members trained in security best practices when using AllAi capabilities to run their work. How is malicious use prevented? Answer: The same guidelines that typically apply to maintaining intellectual property in a code repository (GitHub) are enforced. This ranges from code isolation between teams to best practices for not storing credentials and secrets within the code. There is a human in the loop when code is produced, which reduces the risk of unsupervised malicious code generation. The standard delivery process includes a code review by a senior developer, thereby reducing the risk of unintentionally deploying malicious code. We also maintain internal policies to assess outputs for accuracy, biases, appropriateness, and usefulness before relying on and utilizing them. (MC-OSF-03_P08_AI Code of Conduct.docx) ➡️ Q: Do other OSF customers have access to the customer code/data touched by AllAi? Answer: The codebase is not stored in the shared LLM; rather, it is kept in a "private" knowledge base. Access to these is restricted to the team assigned to the project. The retrieval of the codebase occurs before it reaches the LLM for generation. We have some default data sources (Salesforce Docs, B2C Commerce, etc.) that are shared with everyone, but custom data that is specific to a company will remain private and scoped exclusively to that company. Additionally, a single "Private" knowledge base can be activated at any given time, which prevents developers assigned to multiple projects from unintentionally merging the information during generation. Queries that users enter and the responses provided by AllAi are not being used by OSF to further train the AI, nor will they be shared or become public information. There are some initiatives, agreed upon with the customer, that use their code to improve AllAi's specialization, but this is done through a back-channel agreement and is not associated with the AllAi productivity enhancements. ➡️ Q: How does OSF protect against a threat actor in the context of AllAi usage on the customer side? Answer: The main, and most effective safeguard remains the human in the loop and the traditional deployment processes requiring Code Review. Malicious attempt at modifying or injecting into the generated code base would requires bypassing the vigilance of the Developer (human in the loop) and Code Review processes. Malicious Actors with access to the LLM still don’t have access to the Codebase as it is stored in a “private” knowledge base. Malicious attempt at reverse understanding the codebase would require access to (Milvus) which is shielded by single user authentication. There is also a per-client authentication where Retrieval operations from RAG are restricted to the content indexed by the user, preventing information leakage. Retrieval happening before ever hitting the LLM to be less subject to typical injections. For protection against prompt injection, we primarily rely on OpenAI's security measures. Nevertheless, it is important to acknowledge that there is no method to completely safeguard against potential prompt injections in certain services, such as Chat. Non-chat applications such as inline code completion and Devops are significantly less susceptible to these risks. This is due to the fact that users do not have the capability to iteratively prompt the system, which effectively reduces the likelihood of most prompt attack strategies. ➡️ Q: Do you have a SOC 2 certification for AllAi Productivity Platform? SOC 2 certification is in progress but not supported yet.

Code what you enjoy most.Let AllAi Code do the rest. AllAi Code is an AI-powered productivity tool, acting as a VS Code extension, helping users write better and faster code. It uses GPT-3, a large language model by OpenAI. AllAi has been training on billions of lines of code preparing to help on any Salesforce Development task. Technology: All Salesforce Clouds (Sales Cloud, Service Cloud, Marketing Cloud, Commerce Cloud, Experience Cloud, Analytics Cloud) Digital Apps Other Languages (JavaScript, .NET, HTML, Java, Python, SQL, CSS etc.) Target User: All Salesforce developers in any industry 🚀 What’s in it for you 🔸 SAVE YOUR TIME It makes you think and write faster code suggesting you inline code completions on the go and generating a code block when you ask it to. You don’t like the suggestion? Generate alternatives to a code snippet and choose one. 🔸 LEARN EFFORTLESSLY It helps you understand badly documented code and get familiar with languages and frameworks you have not worked with before by giving you a short and simple explanation of code blocks in plain English. 🔸 PERFORM BEST It improves the quality of your code, prevents frustration and rework, finding bugs that are easy to miss and can cause serious headaches. It also suggest you how to fix them. 🔸 FOCUS ON SATISFYING WORK It lets you concentrate on fulfilling tasks, avoids you tedious and repetitive tasks like generating comments and writing code documentation (docstrings and comments generation). ✅ Skills 🔸 CHAT AllAi Code understands the code in your editor and selected parts, offering context-aware tailored responses. Engage in a conversation with AllAi Code to find solutions to your coding issues. The suggested solutions can be easily integrated into your working file with just one click. 🔸 CODE COMPLETION AllAi Code will try to complete your code and comments as you type. If you’re not satisfied with the first completion, you can generate a list of different variations of the same code and choose one. 🔸 CODE EXPLANATION Select a piece of code you want to understand and AllAi Code will give you a short and simple explanation of code blocks in plain English. 🔸 CODE GENERATION Ask AllAi Code what function you want and it will generate it based on the code you already have in your editor. Even turn TODO comments into code. 🔸 DOCSTRING GENERATION AllAi Code can also understand what your function is doing and even infers its return type to generate a detailed docstring. It works for multiple functions. 🔸 BUG DETECTION & FIXING AllAi Code spots and provides fixes for small bugs and logic mistakes that are easy to miss. Keep a human touch on bugs that require large refactors. Getting started 1. Install AllAi Code by clicking here. 2. Read the User Guide carefully. 3. Discover all features (hint: it’s not just code completion!) 💡Resources USER GUIDES: Learn all the features of AllAi Code and the best practices for the features – Here. CHEAT SHEETS: One short page document with all commands and features – Here. FAQ: Find answers to further specific questions inside the documentation – Here. ✒️ What users say "I've been using AllAi Code for some months and I want to thank everyone involved in the development/improvement of this amazing tool! It's not only helpful to remember me how to call a remote action or create a specific JS function, but also helps me to choose the best expressions to answer our clients! That's awesome!" "I was skeptic first about the use case of AllAi Code with all the tools already out there. However, after using AllAi Code I must say it is an awesome tool." "I started using AllAi Code after the webinars and it has helped out a lot with boilerplate and simple algorithms [...]. Great work!" " Hi team, I just wanted to say that having tried AllAi Code for some small development in a "real life" example, it worked extremely well. It's an amazing tool so, congratulations!"

Get ready for an epic release from AllAi DevOps. Today we introduce you to the new Bitbucket integration, empowering Solution Architects and Developers across all Salesforce Technologies, for seamless collaboration and great efficiency. Besides that, we've got an update in a Placeholder for Salesforce Core, and we've refined the docstring generation process for a smoother experience. Want to know more about this? Keep on reading then 😉 🚀 What’s New: A great new integration of Bitbucket for AllAi DevOps is now available! Whether you are using an internal Bitbucket repository or the one from your customer, you can finally use our AllAi Platform to boost your code review process! 🚀🚀🚀 ▶️ How to get started: To install the Bitbucket version of our AllAi Productivity in your repository, make sure to check out the process in the following Installation Guide. At the end of the process, you will need to get in touch with @Renato Jacobiski Alcantara Fusco, @Douglas Souza or @Daniel Anechitoaie to enable the solution on the repository. For more info about how to use AllAi on Bitbucket, check the User Guide. 😉 🔧 Improvements: Salesforce Technology: Salesforce Core | Impacted Users: SA’s, Developers, consultants. Check out the Placeholder Update, here’s what you need to know about it! 🤖 [allai:permissions-summary] Since it is highly important to verify if the metadata is using the right permissions, we’ve updated the placeholder from [allai:consultants-summary] to [allai:permissions-summary] to enhance clarity and accurately reflect the feature's broad utility. This change ensures the terminology is not limited to a single role, emphasizing that the functionality is available to all user roles within the system. The feature presents a list with all the permissions related to the Permissions Sets and Profiles for all metadata created or changed in the Pull Request, providing a more intuitive experience to check for any issues related to access before the deployment. 🐞 Bug Fixes: Salesforce Technology: All | Impacted Users: SA, Developers Based on feedback we received in our feedback form, we have refined the docstring generation process to ensure that the feature now intelligently verifies the presence of existing code documentation within code snippets that reference external libraries. This enhancement prevents the unnecessary duplication of docstrings suggestions, enhancing the efficiency of the Generate Docstring feature 🗒️. The feature's improved logic accurately identifies and preserves original docstrings, streamlining developer workflow and contributing to better code maintainability. Stay tunned for more news and updates from AllAi!

We are thrilled to announce the launch of a new integration with GitLab for AllAi via DevOps! This integration brings a host of exciting features and improvements to enhance your development and your code versioning, enhancing the documentation process and the quality validation of the development. Whether you’re a Developer, have a Technical Managing Role, like a Solution Architect, Technical Director, Technical Lead or a Consultant/Business Analyst, working with SFCC, SF Core or B2B/D2C Commerce, this new integration is definitely for you. We believe that it will greatly enhance your productivity and efficiency, specially through the Testing Phase! 📌 Here's what you need to know: 👉 New Integration with GitLab: We have introduced a new Repository type in AllAi DevOps, allowing you to seamlessly integrate with GitLab. This integration is available for both internal and external usage, and we are proud to present our Version 1.0. 👉 Installation Guide: To get access to our AllAi Productivity in your GitLab Repo, check our Installation Guide in here. If you have any questions, feel free to reach out! 👉User Guide for GitLab: To help you get started, we have prepared a User Guide specifically for GitLab. You can access it here - User guide We are very excited about this new integration and the possibilities it brings. If you have any questions or need further assistance, please don't hesitate to reach out to us. You can either contact @Renato Jacobiski Alcantara Fusco, leave a comment or send us an email to [email protected]. Let's keep in touch!

Hi there! 👋 Welcome to our the new AllAi DevOps Release! Today we introduce you to a brand-new feedback mechanism for AllAi on GitHub and GitLab. Whether you're a Developer, a Solution Architect, a Technical lead, or an Admin/ Consultant, this new feature is for you! Besides, we’re bringing some exciting Improvements and Bug Fixes. Let's dive into it! ⚡New Features 💻 Salesforce technologies: All Technologies 👥 Impacted Users: Developers, Solution Architects, Technical Leads & Admin/Consultants ➡️ We're excited to introduce a brand-new feedback mechanism for AllAi on GitHub and GitLab, aimed at enhancing the quality of our recommendations and enriching your overall experience. Following your interaction with AllAi, you'll be presented with a distinctive link directing you to a brief survey. ❓Quick Survey: Rate the Suggestion (1-5): Share how helpful our suggestion was. Feedback Description: Provide any additional comments. Optional Email: Leave your email if you'd like us to follow up. 🗨️ Why Feedback Matters: Refine Accuracy: Help us tailor AllAi to be more precise. Boost Performance: Your insights lead to a smoother experience. Enhance User Experience: Influence the evolution of AllAi DevOps. Your feedback is a major step towards excellence for AllAi Productivity Platform. It's quick, impactful, and shapes the tool for all users, so make sure to use this new feature as much as possible. 🔧 Improvements: 💻 Salesforce technologies: Salesforce Core, Salesforce B2B and D2C Commerce 👥 Impacted Users: Developers, Solution Architects, Technical Leads ➡️ Factory file for unit tests: Now you can let AllAi know about your routines for creating test data and other utility methods you use in your unit tests! Simply add the path to the file you would like AllAi to know about in the config file. You can do that by adding `factory-file-path` field under testgen. code-checks: testgen: run-on-push: false ignore-paths: - "**/*.min.js" ignore-branches: - "*release*" factory-file-path: "force-app/main/default/classes/PLDataFactoryTest.cls" Support for external files for unit tests is available only on AllAi for GitHub. 🐞 Bug Fixes: 💻 Salesforce technologies: All Technologies 👥 Impacted Users: Developers, Solution Architects, Technical Leads & Admin/Consultants Checks stuck on queued: fixed an issue on very specific cases where checks might be stuck queued and never executed on GitHub. 📡Give us Feedback! Don’t forget to drop us a line and connect with other AllAi users in osf-allai Slack channel. Create a new topic in our forum AllAi Connect and get help from the AllAi support team and community members. Or just send an email to [email protected]. See you soon!

We are delighted to announce the release of fantastic new features of AllAi Platform via Code! We are taking AllAi Code to new heights, empowering users with enhanced features and capabilities. Our dedicated team has been hard at work, listening to feedback and incorporating your suggestions to make AllAi the ultimate productivity platform. If you’re a Solution Architect or a Developer working with the OMS, these are definitely for you! ⚡New Features 1️⃣ Say hello to our brand new feedback interface! 📣 Whether you absolutely love or hate an AllAi Code chat message, now you can let us know why! Simply hover over the last message in the chat and click on the thumbs up 👍 or thumbs down 👎 icons. Fill in the form and share your thoughts with us! 👥User suggestion: Solution Architects & Developers 2️⃣ Introducing the OMS knowledge base! 📚 AllAi Code can now search through OMS documentation to provide even more comprehensive responses to your queries. To enable OMS enhanced support, just click on the "Default" button at the bottom right of your VS Code and select OMS from the drop-down list. Get ready to explore a whole new level of knowledge! 👥User suggestion: Solution Architects & Developers 3️⃣ Enhanced OMS support mode! 🚀 When working in an OMS workspace, select the enhanced support mode to receive more relevant and helpful answers related to OMS. It's like having a personal OMS expert right at your fingertips! The OMS knowledge base will be automatically enabled once you've activated the OMS enhanced support. You can also manually toggle the OMS Documentation knowledge base by clicking on the Knowledge bases button in chat. Get ready to supercharge your OMS experience! 👥User suggestion: Solution Architects & Developers 🔧 Improvements: ➡️ No more automatic settings.json! 🚫 AllAi Code will no longer create a .vscode/settings.json page upon opening VS Code. The settings file will only be generated if you index a workspace. Less clutter, more simplicity! ➡️ Upgraded AI models! 🤖 Our AI models have been updated to more recent versions, resulting in faster and more accurate suggestions for docstrings and bug fixes. Get ready to experience the power of cutting-edge AI technology! 🐞 Bug Fixes: The unresponsive chat when Salesforce knowledge bases are enabled is fixed! Say goodbye to any chat-related hiccups and enjoy a smooth and seamless experience! 🎉 We're thrilled to bring you these exciting updates and enhancements to AllAi Platform via Code. We hope they make your coding journey even more enjoyable and productive! Give them a try and let us know what you think. Your feedback is extremely appreciated! Happy coding! 💻✨ 📡Give us Feedback! Leave a comment or create a new topic here in AllAi Connect to get help from the AllAi support team and community members. Or just send us an email to [email protected]. Let’s keep in touch!