Skip to main content
Before you turn on a schedule or trigger and hand an agent over to your team, run through this guide. It covers the decisions and steps that builders most often skip — and regret later. The path from a tested build to a stable production agent follows a predictable flow.

Pre-Promotion Checklist

Work through this list before enabling any schedule or trigger. Each item represents a category of surprise that commonly appears in the first week of production use.

Testing signed off

  • At least three end-to-end test Runs have run without unexpected failures.
  • HITL approval gates have been exercised — you have seen real approval requests, denied one, and confirmed the agent handles denial gracefully.
  • Edge cases identified during testing have been handled in the AOP or accepted as known gaps.
  • The run debugger shows no unexplained errors in recent Runs.
See Guardrails for High-Risk Automations for risk scoring and shadow-mode testing guidance before going live with high-stakes agents.

Connections scoped to production Logins

  • All connections in the agent point to production accounts, not personal or sandbox accounts.
  • Logins and Secrets used by the agent belong to a service account or shared Login where appropriate — not a personal user account that could be disabled.
  • Connection permissions are scoped to the minimum required. An agent that only reads data from Salesforce does not need write permissions.

Human-in-the-Loop coverage validated

  • Every action that is irreversible, expensive, or externally visible has an approval gate.
  • Approval descriptions give reviewers enough context to decide without opening another system.
  • Escalation paths are defined: what happens if a request is ignored for 24 hours, or denied twice.

Cost and latency within target

  • Estimated cost per Run is acceptable for the expected Run frequency.
  • Typical Run duration fits within the business process SLA (for example, a nightly report that takes four hours is a problem if stakeholders expect it before 08:00).
  • If cost or duration is higher than expected, investigate before going live rather than hoping it improves.

Owner and escalation contact named

  • One named person is responsible for this agent in production.
  • That person knows they are the owner and understands what the agent does.
  • A backup contact is identified for when the primary owner is unavailable.

Rollback path documented

  • The previous working revision is identified and accessible via Agent Versions.
  • The team knows how to pause the schedule or trigger — and who is allowed to do it.

Switching On the Trigger or Schedule

Enable the schedule or trigger only after the checklist above is complete.

Open the agent

Open the agent.

Open the schedule controls

Click the Schedule button (or calendar icon) in the agent header.

Set the frequency

Set the frequency. See Scheduling Agents for all options.

Save the schedule

Click Add schedule to save.
The agent now runs automatically. Scheduled Runs appear in the Runs list with a clock icon so you can distinguish them from manual runs.

Soft-launch options

Running at full volume immediately is rarely the right move. Consider these options for the first days of production: Volume cap — Add an explicit cap to the AOP to limit how many records or actions the agent processes per Run. Once you are confident it is behaving correctly, remove the cap.
Time-window restriction — Limit write operations to business hours so a human can respond quickly if something goes wrong.
Restricted source — If the agent handles inbound events (emails, Slack messages, file drops), configure the trigger to accept events from one team or channel before expanding to all.

Toggling off in seconds

If something goes wrong, you can stop the agent immediately:
  • Disable a schedule: Open the agent, go to Schedule, and toggle the schedule off. Runs already running continue to completion; no new Runs start.
  • Disable a trigger: Open the agent, go to Triggers, and disable the trigger. No new Runs are created from that trigger.
  • Revoke a connection: Go to the Connections page, find the connection, and disconnect it. The agent fails immediately if it tries to use that connection — the fastest way to stop a write-heavy agent when you are not sure whether damage is still occurring.

Sharing Access with Your Team

Roles required

See Roles and Permissions for the full permissions matrix.

Memory scope decisions

If the agent uses Agent Memory, decide before going live whether memory should be per-user or shared across the team:
  • Per-user memory: Each person who runs the agent starts from their own memory context. Best for personal productivity agents where each user’s context is independent.
  • Shared memory: All runs read from and write to the same memory context. Best for team workflows where state needs to persist across different users triggering the agent.
Changing memory scope after an agent has been running in production can cause unexpected behavior. Make this decision before the first production run.

Logins and Secrets access

  • Logins and Secrets used by the agent must be accessible when the agent runs — not locked to a personal account.
  • If operators will trigger the agent manually, confirm they can see the agent in their workspace.
  • If the agent uses a login stored in your personal vault, consider moving it to a shared or service Login before going live.

Onboarding operators

The people who will trigger and monitor the agent — but did not build it — need a short handoff. Cover:

Explain what the agent does

What the agent does and what triggers it.

Show where to find Runs

Where to find Runs and how to read the status indicators.

Show how to respond to HITL requests

How to respond to HITL requests in Requests.

Name the escalation contact

Who to contact if something looks wrong.

Show the emergency pause

How to pause the agent in an emergency (see above).

Notifications and Runbook

Where alerts go

Configure at least one notification path before going live. Options include:
  • Slack: Have the agent post a summary to a team channel after each run.
  • Email: Use a Gmail or Outlook connection to send a status email to the owner.
  • HITL escalation: Set a fallback in the AOP to create a HITL request if the Run fails, so the owner sees it in Requests.
Add the notification step directly to the AOP so it runs automatically.

Runbook template

Copy and fill in this template before the agent goes live. Keep it somewhere the whole team can find it.

Assigning Owners

Every production agent needs a named owner. Ownership is not the same as the team role — it is an informal accountability designation that complements the permissions model.

Owner types

Escalation when the owner is unavailable

Define the escalation path before the agent goes live:
  1. Primary owner — first contact for any issue.
  2. Backup owner — covers when the primary is OOO. Must have at least Manager role.
  3. Escalation Manager — for issues the backup cannot resolve. Has permission to pause, revert, or disable the agent.
The “owner of last resort” pattern: designate one Administrator who can take emergency action on any agent regardless of who built it. This person does not need to be involved day to day — they exist so there is always someone who can act.

When ownership changes

When the build owner changes roles or leaves the team:

Transfer Logins and Secrets

Transfer the relevant Logins and Secrets to the new owner’s access or to a shared Login.

Update the runbook

Update the runbook with the new owner’s contact details.

Schedule a handoff session

Schedule a handoff session so the new owner understands the agent’s AOP and known edge cases.

Have the new owner run a manual Run

Have the new owner run at least one manual Run before the next scheduled run.

What’s Next?

Your agent is live. The first week is the highest-risk period — monitor it closely before settling into a routine cadence.

Test Safely Before Going Live

The testing checklist and environment separation patterns that feed into this guide.

Guardrails for High-Risk Automations

Apply the right controls before enabling autonomous write operations.

Agent Versions

How to review and revert to a previous revision.

Designing Human-in-the-Loop Workflows

Risk tiers, approval shapes, and escalation chains.

Requests

Where HITL requests land and how to respond.

Team Insights

Run volume, failure rates, and cost trends across your team.