Governing Salesforce Agentforce Engagements with the SAISA

Salesforce Agentforce provides the runtime. Your CRM provides the data. But what governs the engagement itself? The SAISA provides the contractual layer that wraps any runtime, including Agentforce.

Runtime Agnostic by Design

The SAISA does not specify where the agent runs. Article 1 defines the Runtime Provider as "the entity whose infrastructure executes the Agent" - but the Runtime Provider is NOT a party to the agreement.

text

SAISA Parties:
- Buyer (you)
- Developer (agent creator)

NOT Parties:
- Platform Operator (facilitates but doesn't contract)
- Settlement Provider (holds escrow but doesn't contract)
- Runtime Provider (executes but doesn't contract)
- AI Provider (inference but doesn't contract)

This means the same Paper can govern an agent running on Salesforce Agentforce, NVIDIA NemoClaw, Docker, Kubernetes, AWS Lambda, WebAssembly, or any MCP server. Runtimes execute. The Paper governs.

Agentforce Integration Pattern

A typical SAISA integration with Agentforce:

json

{
  "paper": {
    "id": "paper_agentforce_001",
    "runtime": {
      "provider": "salesforce_agentforce",
      "version": "2026.1",
      "region": "us-west-2"
    },
    "executionManifest": {
      "maxCostCents": 250000,
      "timelineDays": 5,
      "completionCriteria": [
        "All leads in Exhibit A scored and ranked",
        "Top 20% flagged for immediate follow-up",
        "Scoring rationale documented per lead"
      ],
      "permissionScopes": [
        "read_salesforce_leads",
        "write_salesforce_lead_scores",
        "read_salesforce_accounts"
      ],
      "allowedEgressUrls": [
        "api.salesforce.com",
        "login.salesforce.com"
      ]
    }
  }
}

Salesforce Data Considerations

When agents access Salesforce data, additional considerations apply:

Data Controller Status

The Buyer remains Data Controller for Salesforce data. The Developer processes data as a Processor under instructions implicit in the Paper. Salesforce's own DPA governs their role as a sub-processor.

Exhibit References

Rather than exporting Salesforce data, the Paper can reference Salesforce objects directly. The agent accesses data via API using Buyer-provided credentials.

Egress Controls

The allowedEgressUrls in the Execution Manifest should include only Salesforce API endpoints. This prevents data exfiltration to unauthorized destinations.

Liability Allocation

The SAISA's bipartite liability framework applies regardless of runtime:

Developer liability - Agent Logic, prompts, configuration, output quality
Buyer liability - Salesforce data accuracy, access grants, usage of output
Salesforce liability - Governed by Salesforce MSA, not the SAISA

If Salesforce Agentforce itself causes an error (platform bug, API failure), that is governed by your Salesforce agreement, not the SAISA. The SAISA governs the engagement between you and the Developer.

Acceptance Criteria for Salesforce Agents

Good acceptance criteria for Salesforce-integrated agents:

json

{
  "completionCriteria": [
    // Coverage
    "Processes all records matching SOQL filter in Exhibit A",
    "No records skipped due to agent errors",

    // Output quality
    "All updated fields conform to picklist values",
    "No data validation errors on save",

    // Business logic
    "Scoring algorithm matches specification in Exhibit B",
    "Edge cases in Exhibit C handled correctly",

    // Audit trail
    "All modifications logged with agent attribution",
    "Summary report generated in specified format"
  ]
}

Enterprise Considerations

For enterprise Salesforce deployments:

Sandbox testing - Specify sandbox vs. production in Paper
Change management - Reference Salesforce release calendar in timeline
User permissions - Document required Salesforce permissions in Execution Manifest
Rate limits - Account for Salesforce API limits in budget calculations

Example Use Cases

SAISA-governed agents on Agentforce:

Lead ScoringAnalyze and rank leads based on engagement data

Data EnrichmentAugment contact records with external data

Opportunity AnalysisIdentify at-risk deals and recommend actions

Case RoutingIntelligent case assignment based on content analysis

Forecast AdjustmentAI-driven pipeline forecasting with explanations

Key Takeaways

-The SAISA is runtime-agnostic - the same Paper governs agents on any platform
-Salesforce Agentforce provides execution; the SAISA provides the contract
-Bipartite liability applies: Developer for logic, Buyer for data and access
-Egress controls should whitelist only Salesforce API endpoints

Salesforce Agentforce provides the runtime. Your CRM provides the data. But what governs the engagement itself? The SAISA provides the contractual layer that wraps any runtime, including Agentforce.

Runtime Agnostic by Design

text

SAISA Parties:
- Buyer (you)
- Developer (agent creator)

NOT Parties:
- Platform Operator (facilitates but doesn't contract)
- Settlement Provider (holds escrow but doesn't contract)
- Runtime Provider (executes but doesn't contract)
- AI Provider (inference but doesn't contract)

This means the same Paper can govern an agent running on Salesforce Agentforce, NVIDIA NemoClaw, Docker, Kubernetes, AWS Lambda, WebAssembly, or any MCP server. Runtimes execute. The Paper governs.

Agentforce Integration Pattern

A typical SAISA integration with Agentforce:

json

{
  "paper": {
    "id": "paper_agentforce_001",
    "runtime": {
      "provider": "salesforce_agentforce",
      "version": "2026.1",
      "region": "us-west-2"
    },
    "executionManifest": {
      "maxCostCents": 250000,
      "timelineDays": 5,
      "completionCriteria": [
        "All leads in Exhibit A scored and ranked",
        "Top 20% flagged for immediate follow-up",
        "Scoring rationale documented per lead"
      ],
      "permissionScopes": [
        "read_salesforce_leads",
        "write_salesforce_lead_scores",
        "read_salesforce_accounts"
      ],
      "allowedEgressUrls": [
        "api.salesforce.com",
        "login.salesforce.com"
      ]
    }
  }
}

Salesforce Data Considerations

When agents access Salesforce data, additional considerations apply:

Data Controller Status

Exhibit References

Rather than exporting Salesforce data, the Paper can reference Salesforce objects directly. The agent accesses data via API using Buyer-provided credentials.

Egress Controls

The allowedEgressUrls in the Execution Manifest should include only Salesforce API endpoints. This prevents data exfiltration to unauthorized destinations.

Liability Allocation

The SAISA's bipartite liability framework applies regardless of runtime:

Developer liability - Agent Logic, prompts, configuration, output quality
Buyer liability - Salesforce data accuracy, access grants, usage of output
Salesforce liability - Governed by Salesforce MSA, not the SAISA

Acceptance Criteria for Salesforce Agents

Good acceptance criteria for Salesforce-integrated agents:

json

{
  "completionCriteria": [
    // Coverage
    "Processes all records matching SOQL filter in Exhibit A",
    "No records skipped due to agent errors",

    // Output quality
    "All updated fields conform to picklist values",
    "No data validation errors on save",

    // Business logic
    "Scoring algorithm matches specification in Exhibit B",
    "Edge cases in Exhibit C handled correctly",

    // Audit trail
    "All modifications logged with agent attribution",
    "Summary report generated in specified format"
  ]
}

Enterprise Considerations

For enterprise Salesforce deployments:

Sandbox testing - Specify sandbox vs. production in Paper
Change management - Reference Salesforce release calendar in timeline
User permissions - Document required Salesforce permissions in Execution Manifest
Rate limits - Account for Salesforce API limits in budget calculations

Example Use Cases

SAISA-governed agents on Agentforce:

Lead ScoringAnalyze and rank leads based on engagement data

Data EnrichmentAugment contact records with external data

Opportunity AnalysisIdentify at-risk deals and recommend actions

Case RoutingIntelligent case assignment based on content analysis

Forecast AdjustmentAI-driven pipeline forecasting with explanations

Key Takeaways

-The SAISA is runtime-agnostic - the same Paper governs agents on any platform
-Salesforce Agentforce provides execution; the SAISA provides the contract
-Bipartite liability applies: Developer for logic, Buyer for data and access
-Egress controls should whitelist only Salesforce API endpoints

Governing Salesforce Agentforce Engagements with the SAISA

Runtime Agnostic by Design

Agentforce Integration Pattern

Salesforce Data Considerations

Data Controller Status

Exhibit References

Egress Controls

Liability Allocation

Acceptance Criteria for Salesforce Agents

Enterprise Considerations

Example Use Cases

Key Takeaways

Ready to standardize your AI agent contracts?

Governing Salesforce Agentforce Engagements with the SAISA

Runtime Agnostic by Design

Agentforce Integration Pattern

Salesforce Data Considerations

Data Controller Status

Exhibit References

Egress Controls

Liability Allocation

Acceptance Criteria for Salesforce Agents

Enterprise Considerations

Example Use Cases

Key Takeaways

Ready to standardize your AI agent contracts?