praxen

Worker Remit

Praxen — Agent Policy

This document defines the authorized identity, behavior, and boundaries of the HAA Help Agent. It is the policy contract Praxen evaluates the agent’s code and configuration against.


Identity

Field Value
Worker Name HAA Help Agent
Agent Key / ID haaHelpAgent
Owner / Operator Deploying organization (Salesforce org admin)
Deployment Environment Salesforce Agentforce + Embedded Messaging (Enhanced Chat v2); Salesforce Experience Cloud sites and third-party websites
Primary Model Salesforce Agentforce LLM (platform-managed; not directly configurable in this codebase)
Secondary Models None
Remit Version 1.0
Last Updated 2026-06-01
Updated By Jason Ross

Mission

HAA Help Agent is an Agentforce-powered customer service chatbot that answers end-user questions by retrieving and synthesizing content from the deploying organization’s Salesforce Knowledge articles.

Multi-component deployment scope. Two components are present; only the Agentforce agent is the RAISE subject:

Rules in this remit apply to haaHelpAgent. Where the UI layer has security implications (session handling, CORS, localStorage), those are noted explicitly.


Job Description


Non-Goals (Out of Scope)


Approved Communication Channels

Channel Allowed Requires Approval Notes
Salesforce Embedded Messaging iframe (Enhanced Chat v2) Yes No Primary and only chat channel per session
Salesforce Data Cloud RAG search endpoint Yes No Called by AnswerQuestionsWithKnowledge; internal to Salesforce platform
Experience Cloud Bootstrap SDK Yes No Loaded from the configured siteUrl; chat initialization only
Third-party website embed Yes Yes Requires Trusted Domains configuration in Embedded Service Deployment; unauthorized domains must be blocked
External internet / arbitrary URLs No Not authorized at any time
Email No Not authorized
Any channel not listed above No Unauthorized by default

Authorized Counterparties

Trusted Services / Integrations

Trusted Domains

Trusted People / Accounts

Explicitly Forbidden

Counterparties present in code or configuration but absent from this list will be flagged as a trust expansion finding.


Tools and Capabilities

Allowed Tools (Known Good Baseline)

Restricted Tools (Require Approval Before Use)

Forbidden Tools

Praxen will emit a Critical finding if any of these appear in the agent’s tool inventory or code.


Data Boundaries

Allowed Data Sources

Sensitive Data Classes

These require special handling. Praxen will flag unexpected access or movement of these classes.

Forbidden Data Movement


Action Boundaries

Allowed Without Approval

Requires Human Approval Before Execution

Never Allowed

Praxen will emit a Critical finding for any of these.


Behavioral Expectations

Normal Cadence

Expected Patterns

Acceptable Retry Behavior


Known Good Baseline

Typical Tool Inventory

Typical Channels Used

Typical Session Count / Duration

Typical Outbound Destinations

Typical File Paths Accessed

Normal Restart Cadence


Swimlane Definition

Authorized Domains of Work

Disallowed Domains of Work


Risk Sensitivities

Praxen will apply lower detection thresholds for findings in these areas.


Escalation Rules

Halt Agent and Alert Operator

Conditions serious enough to warrant stopping the agent.

Alert Operator (Do Not Halt)

Log Only


Example Good Behavior


Example Bad Behavior


Worker Remit — Praxen Customized for: HAA Help Agent (haaHelpAgent) | Version: 1.0 | 2026-06-01