Do not include flows without version number suffix in destructive changes

[Damecek]

Summary

The sf project deploy start command currently fails an entire deployment if a Flow should be deleted in the target org and cannot be deleted due to platform limitations (Known Issue W-10538057). This behavior blocks CI/CD pipelines, as a common scenario is removing a flow from a Git repository, which then gets added to the destructive manifest.

This is a feature request to ignore destructive changes on flows for the sf project deploy start command and or to not include them in destructive changes during sf project retrieve start. It is possible that there is more metadata which cannot be deleted via Metadata API.

Steps To Reproduce

IMPORTANT
A sample repository is not strictly necessary as this can be reproduced in any Salesforce project.

1. Create a new Salesforce project (sf project generate -n ignore-flow-test).
2. In the project, create a simple Screen Flow named MyTestFlow.
3. Authorize to a sandbox or scratch org (sf org login web or sf org create scratch).
4. Deploy the project to the target org: sf project deploy start.
5. Manually delete the flow "MyTestFlow" from the metadata.
6. run sf project deploy start

Expected result

Deployment is successful, without flow removal.

Actual result

fails with "error": "insufficient access rights on cross-reference id"

{
  "status": 1,
  "result": {
    "checkOnly": false,
    "completedDate": "2025-09-19T12:21:42.000Z",
    "createdBy": "005MI000008oTjs",
    "createdByName": "Adam Štěpánek",
    "createdDate": "2025-09-19T12:21:41.000Z",
    "details": {
      "componentFailures": [
        {
          "changed": false,
          "componentType": "Flow",
          "created": false,
          "createdDate": "2025-09-19T12:21:42.000Z",
          "deleted": false,
          "fileName": "flows/Task_Before_Trigger.flow",
          "fullName": "Task_Before_Trigger",
          "problem": "insufficient access rights on cross-reference id",
          "problemType": "Error",
          "success": false
        }
      ],
      "componentSuccesses": [
        {
          "changed": true,
          "componentType": "",
          "created": false,
          "createdDate": "2025-09-19T12:21:41.000Z",
          "deleted": false,
          "fileName": "package.xml",
          "fullName": "package.xml",
          "success": true
        }
      ],
      "runTestResult": {
        "numFailures": 0,
        "numTestsRun": 0,
        "totalTime": 0,
        "codeCoverage": [],
        "codeCoverageWarnings": [],
        "failures": [],
        "flowCoverage": [],
        "flowCoverageWarnings": [],
        "successes": []
      }
    },
    "done": true,
    "id": "0AfAP00000UHekY0AT",
    "ignoreWarnings": true,
    "lastModifiedDate": "2025-09-19T12:21:42.000Z",
    "numberComponentErrors": 1,
    "numberComponentsDeployed": 0,
    "numberComponentsTotal": 1,
    "numberFiles": "2",
    "numberTestErrors": 0,
    "numberTestsCompleted": 0,
    "numberTestsTotal": 0,
    "rollbackOnError": false,
    "runTestsEnabled": false,
    "startDate": "2025-09-19T12:21:41.000Z",
    "status": "Failed",
    "success": false,
    "zipSize": 533,
    "files": [
      {
        "fullName": "Task_Before_Trigger",
        "type": "Flow",
        "state": "Failed",
        "problemType": "Error",
        "filePath": "force-app/main/default/flows/Task_Before_Trigger.flow-meta.xml",
        "error": "insufficient access rights on cross-reference id"
      }
    ],
    "zipFileCount": 2,
    "deployUrl": "https://.....apexp"                     
  },
  "warnings": []
}

Additional information

System Information

CLI:
@salesforce/cli/2.105.6 darwin-arm64 node-v22.18.0

Plugin Version:
@oclif/plugin-autocomplete 3.2.34 (core)
@oclif/plugin-commands 4.1.32 (core)
@oclif/plugin-help 6.2.32 (core)
@oclif/plugin-not-found 3.2.67 (core)
@oclif/plugin-plugins 5.4.46 (core)
@oclif/plugin-search 1.2.28 (core)
@oclif/plugin-update 4.7.4 (core)
@oclif/plugin-version 2.2.32 (core)
@oclif/plugin-warn-if-update-available 3.1.46 (core)
@oclif/plugin-which 3.2.39 (core)
@salesforce/cli 2.105.6 (core)
agent 1.24.7 (core)
apex 3.6.19 (core)
api 1.3.3 (core)
auth 3.9.1 (core)
code-analyzer 5.4.0 (user)
data 4.0.55 (core)
deploy-retrieve 3.23.0 (core)
info 3.4.84 (core)
limits 3.3.66 (core)
marketplace 1.3.8 (core)
org 5.9.27 (core)
packaging 2.19.8 (core)
schema 3.3.80 (core)
settings 2.4.45 (core)
sobject 1.4.70 (core)
telemetry 3.6.55 (core)
templates 56.3.63 (core)
trust 3.7.113 (core)
user 3.6.36 (core)

SF ENV. VARS.
SF_BINPATH,/Users/adam/.local/share/sf/client/bin/sf
SF_AUTOUPDATE_DISABLE,false

Windows: false
Shell: zsh
Channel: stable

---

Diagnostics

✅ pass - salesforcedx plugin isn’t installed
✅ pass - you don't have any linked plugins
✅ pass - [@salesforce/plugin-trust] can ping: https://registry.npmjs.org
✅ pass - [@salesforce/plugin-trust] can ping: https://registry.yarnpkg.com
✅ pass - [@salesforce/plugin-trust] can ping: https://registry.npmjs.org/
❌ fail - using latest or latest-rc CLI version
✅ pass - [@salesforce/plugin-deploy-retrieve] sourceApiVersion matches apiVersion
❌ warn - [@salesforce/plugin-deploy-retrieve] default target DevHub max apiVersion matches default target org max apiVersion
❌ warn - [@salesforce/plugin-deploy-retrieve] sourceApiVersion matches default target org max apiVersion
✅ pass - can access: https://test.salesforce.com
✅ pass - can access: https://appexchange.salesforce.com/services/data
✅ pass - [@salesforce/plugin-auth] CLI supports v2 crypto
✅ pass - can access: https://developer.salesforce.com/media/salesforce-cli/sf/channels/stable/sf-win32-x64-buildmanifest