Best Practices for SuiteCloud Developer Assistant
These guidelines reduce errors and improve output quality. AI-generated results may still be incomplete or incorrect; always validate before use. Use SuiteCloud Developer Assistant in accordance with Oracle corporate policies, including applicable security, privacy, and compliance requirements.
Security, Privacy, and Compliance
Never share sensitive credentials. Don't include passwords, private keys, confidential internal information, or other sensitive data in prompts to the SuiteCloud Developer Assistant. Store authentication IDs (auth IDs) securely and never share them in chat, code comments, or public repositories.
Use approved, secure setups. Follow company network and security guidelines (for example, VPN and firewall requirements). Install extensions only from authorized sources (for example, approved marketplaces or internal repositories) and keep SuiteCloud Developer Assistant, SuiteCloud Extension for Visual Studio Code, and Cline up to date.
Incident response. Immediately report security incidents, data exposure, or suspected issues using Oracle incident reporting channels.
Use least privilege for automation and integration. When deploying or testing code in NetSuite, avoid using Administrator or full-privilege roles for routine tasks. Instead, use dedicated roles with only the permissions required for development or deployment. Regularly review and reduce permissions.
Intended use and limitations. Use the SuiteCloud Developer Assistant feature only for its intended business or development purposes. Unethical, illegal, or out-of-scope requests may be blocked and usage limits may apply.
Prompting for Accurate Results
Be specific in prompts. Clearly describe what you need (for example, script type, SDF custom object names, and expected error-handling). Specificity improves code quality and accuracy.
Iterate on unclear outputs. If generated content isn't accurate, refine your prompt for clarity or context and submit it again.
Include project context. Provide context (for example, SDF structure) so the assistant can better tailor its responses.
Code and Solution Quality
Review before use. Treat generated code or configuration like a draft. Never deploy assistant-generated code directly to a production environment.
Documentation. Accompany generated code with necessary comments and documentation.
Version control. Commit all generated artifacts to version control systems following branch and environment naming guidelines to avoid accidental overwriting.
Life cycle security. Maintain and update security practices throughout the entire software life cycle, from design to deployment and maintenance.
Logging and traceability. Ensure all automation, integration, and AI tool actions are logged, including who, what, and when, to support traceability and accountability.
Integration and Configuration
Auth IDs and target environments. Use separate, clearly named auth IDs for each NetSuite account/environment (Sandbox vs. Production). Verify the auth ID configured for the SDA service and the auth ID used for deployments before running the service or deploying code.
Change default ports carefully. When changing ports (to resolve conflicts), communicate with your team and document the new configuration.
Monitor service status. Regularly check extension status in Visual Studio Code, check logs for errors, and resolve promptly.
Troubleshooting and Support
Use official docs and support. Reference the official documentation in the Help Center for help and updates, and review the latest release notes before starting work to ensure you are informed about current features, updates, and important changes.
Error states and feedback mechanism. If you encounter an issue, follow the provided troubleshooting steps. Check the extension settings, Cline settings, and NetSuite prerequisites. If you identify bugs, inaccuracies, or missing capabilities, submit feedback as outlined. For more information, see Providing Feedback.
Unit Testing Best Practices
Review and refine generated tests. Always read and understand the generated tests. Update the tests for accuracy and completeness.
Validate test coverage. Use code coverage tools to verify that generated tests adequately cover business logic, including edge and error cases. Edit automated tests for clear names, structure, and comments.
Keep tests up to date. If production code changes, revisit and regenerate tests as needed, then review changes for correctness.
Check for sensitive information. Ensure the tool does not insert hardcoded credentials, PII, or confidential business data in any test code, mock, or test data.