Best Practices for SuiteCloud Developer Assistant
These guidelines reduce errors and improve output quality. AI-generated results may still be incomplete or incorrect; always validate before use. Use SuiteCloud Developer Assistant in accordance with Oracle corporate policies, including applicable security, privacy, and compliance requirements.
Security, Privacy, and Compliance
Never share sensitive credentials. Don't include passwords, private keys, confidential internal information, or other sensitive data in prompts to the SuiteCloud Developer Assistant. Store authentication IDs (auth IDs) securely and never share them in chat, code comments, or public repositories.
Use approved, secure setups. Follow company network and security guidelines (for example, VPN and firewall requirements). Install extensions only from authorized sources (for example, approved marketplaces or internal repositories) and keep SuiteCloud Developer Assistant, SuiteCloud Extension for Visual Studio Code, and Cline up to date.
Incident response. Immediately report security incidents, data exposure, or suspected issues using Oracle incident reporting channels.
Use least privilege for automation and integration. When deploying or testing code in NetSuite, avoid using Administrator or full-privilege roles for routine tasks. Instead, use dedicated roles with only the permissions required for development or deployment. Regularly review and reduce permissions.
Intended use and limitations. Use the SuiteCloud Developer Assistant feature only for its intended business or development purposes. Unethical, illegal, or out-of-scope requests may be blocked and usage limits may apply.
Example:
Prompt to SuiteCloud Developer Assistant: "My SDF deploy fails with INVALID_LOGIN in non-production environments using a least-privilege integration role. Use the details below to help diagnose likely causes and remediation steps. I am including the exact error message and a sanitized suitecloud.config.js snippet (no tokens or auth IDs)."
Prompting for Accurate Results
Be specific in prompts. Clearly describe what you need (for example, script type, SDF custom object names, and expected error-handling). Specificity improves code quality and accuracy.
Iterate on unclear outputs. If generated content isn't accurate, refine your prompt for clarity or context and submit it again.
Include project context. Provide context (for example, SDF structure) so the assistant can better tailor its responses.
Example:
Prompt to SuiteCloud Developer Assistant: "Generate a SuiteScript 2.1 User Event script that prevents editing Sales Orders when status=Closed. Include clear user-facing error messaging, governance-safe patterns, and brief assumptions. Context: record type salesorder; deployment target is non-production environments. Also, outline a unit testing approach."
Code and Solution Quality
Review before use. Treat generated code or configuration like a draft. Never deploy assistant-generated code directly to a production environment.
Documentation. Accompany generated code with necessary comments and documentation.
Version control. Commit all generated artifacts to version control systems following branch and environment naming guidelines to avoid accidental overwriting.
Life cycle security. Maintain and update security practices throughout the entire software life cycle, from design to deployment and maintenance.
Logging and traceability. Ensure all automation, integration, and AI tool actions are logged, including who, what, and when, to support traceability and accountability.
Example:
Before merging or deploying assistant-generated code to production: run it in a non-production environment, test with empty inputs and large datasets, review governance usage and error handling, and request a peer review. Commit the final changes to version control with a clear message (for example, "feat: block edits on closed sales orders").
Integration and Configuration
Auth IDs and target environments. Use separate, clearly named auth IDs for each NetSuite account/environment (non-production vs. production environments). Verify the auth ID configured for the SDA service and the auth ID used for deployments before running the service or deploying code.
Change default ports carefully. When changing ports (to resolve conflicts), communicate with your team and document the new configuration.
Monitor service status. Regularly check extension status in Visual Studio Code, check logs for errors, and resolve promptly.
Example:
Use separate auth IDs per environment (for example, sdf_sbx_deploy and sdf_prod_deploy). If you change a default port to resolve a conflict, document the new value and notify the team.
Troubleshooting and Support
Use official docs and support. Reference the official documentation in the Help Center for help and updates, and review the latest release notes before starting work to ensure you are informed about current features, updates, and important changes.
Error states and feedback mechanism. If you encounter an issue, follow the provided troubleshooting steps. Check the extension settings, Cline settings, and NetSuite prerequisites. If you identify bugs, inaccuracies, or missing capabilities, submit feedback as outlined. For more information, see Providing Feedback.
Example:
When filing an issue, include: extension versions (SuiteCloud Developer Assistant/SuiteCloud Extension for Visual Studio Code/Cline), NetSuite environment (non-production/production environments), exact error message, steps to reproduce, and a sanitized log snippet (no tokens, auth IDs, PII, or confidential data).
Unit Testing Best Practices
Review and refine generated tests. Always read and understand the generated tests. Update the tests for accuracy and completeness.
Validate test coverage. Use code coverage tools to verify that generated tests adequately cover business logic, including edge and error cases. Edit automated tests for clear names, structure, and comments.
Keep tests up to date. If production code changes, revisit and regenerate tests as needed, then review changes for correctness.
Check for sensitive information. Ensure the tool does not insert hardcoded credentials, PII, or confidential business data in any test code, mock, or test data.
Example:
If a script expects customerId, add tests for null/undefined and an invalid value. Assert that the script returns the expected error (or safely skips processing) and that no records are created/updated in the failure path.