Pre-Promotion Checklist
Work through this list before enabling any schedule or trigger. Each item represents a category of surprise that commonly appears in the first week of production use.Testing signed off
- At least three end-to-end test Runs have run without unexpected failures.
- HITL approval gates have been exercised — you have seen real approval requests, denied one, and confirmed the agent handles denial gracefully.
- Edge cases identified during testing have been handled in the AOP or accepted as known gaps.
- The run debugger shows no unexplained errors in recent Runs.
Connections scoped to production Logins
- All connections in the agent point to production accounts, not personal or sandbox accounts.
- Logins and Secrets used by the agent belong to a service account or shared Login where appropriate — not a personal user account that could be disabled.
- Connection permissions are scoped to the minimum required. An agent that only reads data from Salesforce does not need write permissions.
Human-in-the-Loop coverage validated
- Every action that is irreversible, expensive, or externally visible has an approval gate.
- Approval descriptions give reviewers enough context to decide without opening another system.
- Escalation paths are defined: what happens if a request is ignored for 24 hours, or denied twice.
Cost and latency within target
- Estimated cost per Run is acceptable for the expected Run frequency.
- Typical Run duration fits within the business process SLA (for example, a nightly report that takes four hours is a problem if stakeholders expect it before 08:00).
- If cost or duration is higher than expected, investigate before going live rather than hoping it improves.
Owner and escalation contact named
- One named person is responsible for this agent in production.
- That person knows they are the owner and understands what the agent does.
- A backup contact is identified for when the primary owner is unavailable.
Rollback path documented
- The previous working revision is identified and accessible via Agent Versions.
- The team knows how to pause the schedule or trigger — and who is allowed to do it.
Switching On the Trigger or Schedule
Enable the schedule or trigger only after the checklist above is complete.- Schedule
- Trigger
Open the agent
Open the agent.
Open the schedule controls
Click the Schedule button (or calendar icon) in the agent header.
Set the frequency
Set the frequency. See Scheduling Agents for all options.
Save the schedule
Click Add schedule to save.
Soft-launch options
Running at full volume immediately is rarely the right move. Consider these options for the first days of production: Volume cap — Add an explicit cap to the AOP to limit how many records or actions the agent processes per Run. Once you are confident it is behaving correctly, remove the cap.Toggling off in seconds
If something goes wrong, you can stop the agent immediately:- Disable a schedule: Open the agent, go to Schedule, and toggle the schedule off. Runs already running continue to completion; no new Runs start.
- Disable a trigger: Open the agent, go to Triggers, and disable the trigger. No new Runs are created from that trigger.
- Revoke a connection: Go to the Connections page, find the connection, and disconnect it. The agent fails immediately if it tries to use that connection — the fastest way to stop a write-heavy agent when you are not sure whether damage is still occurring.
Sharing Access with Your Team
Roles required
See Roles and Permissions for the full permissions matrix.
Memory scope decisions
If the agent uses Agent Memory, decide before going live whether memory should be per-user or shared across the team:- Per-user memory: Each person who runs the agent starts from their own memory context. Best for personal productivity agents where each user’s context is independent.
- Shared memory: All runs read from and write to the same memory context. Best for team workflows where state needs to persist across different users triggering the agent.
Logins and Secrets access
- Logins and Secrets used by the agent must be accessible when the agent runs — not locked to a personal account.
- If operators will trigger the agent manually, confirm they can see the agent in their workspace.
- If the agent uses a login stored in your personal vault, consider moving it to a shared or service Login before going live.
Onboarding operators
The people who will trigger and monitor the agent — but did not build it — need a short handoff. Cover:Explain what the agent does
What the agent does and what triggers it.
Show where to find Runs
Where to find Runs and how to read the status indicators.
Show how to respond to HITL requests
How to respond to HITL requests in Requests.
Name the escalation contact
Who to contact if something looks wrong.
Show the emergency pause
How to pause the agent in an emergency (see above).
Notifications and Runbook
Where alerts go
Configure at least one notification path before going live. Options include:- Slack: Have the agent post a summary to a team channel after each run.
- Email: Use a Gmail or Outlook connection to send a status email to the owner.
- HITL escalation: Set a fallback in the AOP to create a HITL request if the Run fails, so the owner sees it in Requests.
Runbook template
Copy and fill in this template before the agent goes live. Keep it somewhere the whole team can find it.Assigning Owners
Every production agent needs a named owner. Ownership is not the same as the team role — it is an informal accountability designation that complements the permissions model.Owner types
Escalation when the owner is unavailable
Define the escalation path before the agent goes live:- Primary owner — first contact for any issue.
- Backup owner — covers when the primary is OOO. Must have at least Manager role.
- Escalation Manager — for issues the backup cannot resolve. Has permission to pause, revert, or disable the agent.
When ownership changes
When the build owner changes roles or leaves the team:Transfer Logins and Secrets
Transfer the relevant Logins and Secrets to the new owner’s access or to a shared Login.
Update the runbook
Update the runbook with the new owner’s contact details.
Schedule a handoff session
Schedule a handoff session so the new owner understands the agent’s AOP and known edge cases.
Have the new owner run a manual Run
Have the new owner run at least one manual Run before the next scheduled run.
What’s Next?
Your agent is live. The first week is the highest-risk period — monitor it closely before settling into a routine cadence.Test Safely Before Going Live
The testing checklist and environment separation patterns that feed into this guide.
Guardrails for High-Risk Automations
Apply the right controls before enabling autonomous write operations.
Agent Versions
How to review and revert to a previous revision.
Designing Human-in-the-Loop Workflows
Risk tiers, approval shapes, and escalation chains.
Requests
Where HITL requests land and how to respond.
Team Insights
Run volume, failure rates, and cost trends across your team.