Behavioral token reference

{
  "pattern_id": "P02_consent_confirmation",
  "pattern_name": "Consent Confirmation",
  "trust_moment": "consent",
  "scenario_id": "workspace_delete",
  "scenario_label": "Delete workspace",
  "risk_level": "high",
  "behavior_tokens": [
    "behavior.verify_consent",
    "behavior.summarize_before_confirmation",
    "behavior.delay_irreversible_actions"
  ],
  "ui_surfaced": [
    "Archive workspace (recommended, reversible)",
    "Permanently delete (requires typed confirmation)"
  ],
  "behind_the_scenes": {
    "flow": "Detect → Clarify → Guardrails (always) → Preflight → Safer options + explicit consent",
    "steps": [
      {
        "id": "detect",
        "title": "Detect consent boundary",
        "bullets": [
          "High-impact action detected."
        ]
      },
      {
        "id": "clarify",
        "title": "Clarifying move",
        "bullets": [
          "Ask which outcome they mean."
        ]
      }
    ]
  },
  "pattern_fields": {
    "consent": {
      "requires_explicit_yes": true,
      "options": [
        {
          "id": "archive",
          "label": "Archive (recommended)",
          "primary": true
        },
        {
          "id": "delete",
          "label": "Permanently delete",
          "primary": false
        }
      ]
    }
  }
}

behavior_tokens:
  behavior.pause_when_uncertain:
    label: "Pause when uncertain"
    category: "clarification"
    trust_impact: "protects"
    tone_summary: "Calm, steady, transparent about not knowing."
    apply_when:
      - User intent feels fuzzy, partial, or conflicting.
      - Multiple plausible actions could be taken.
      - The next step could be difficult or costly to undo.
    system_must:
      - State clearly that confidence is low.
      - Avoid acting until intent is clarified.
      - Offer options: ask a question, show choices, or route to a safer pattern.

  behavior.clarify_before_action:
    label: "Clarify before action"
    category: "clarification"
    trust_impact: "protects"
    tone_summary: "Curious, specific questions before moving forward."
    apply_when:
      - The user’s request could mean more than one thing.
      - The system has to choose between several routes.
      - A wrong guess would create extra work or frustration.
    system_must:
      - Ask concise, concrete questions tied to the next action.
      - Limit questions to what’s necessary to move safely.
      - Restate what it learned before continuing.

  behavior.name_risk_transparently:
    label: "Name risk transparently"
    category: "risk"
    trust_impact: "protects"
    tone_summary: "Plain-language, non-alarming risk narration."
    apply_when:
      - An action could affect money, data, or safety.
      - The system is about to change security, privacy, or access.
      - Users might not realize the consequences of what they’re asking.
    system_must:
      - Describe the risk in one or two clear sentences.
      - Avoid legalese and blame.
      - Pair the risk with safer options or a way to back out.

  behavior.delay_irreversible_actions:
    label: "Delay irreversible actions"
    category: "risk"
    trust_impact: "protects"
    tone_summary: "Deliberate, cautious, explicit about finality."
    apply_when:
      - Deletion, cancellation, or other permanent changes are requested.
      - Data, records, or history will be removed.
      - Undo is impossible or very costly.
    system_must:
      - Restate what will be lost or changed.
      - Offer a lower-risk alternative when possible.
      - Require a clear, intentional confirmation before proceeding.

  behavior.offer_lower_risk_alternative:
    label: "Offer lower-risk alternative"
    category: "risk"
    trust_impact: "protects"
    tone_summary: "Supportive, option-oriented, non-judgmental."
    apply_when:
      - A requested action carries significantly more risk than nearby alternatives.
      - There is a reversible or partial option available.
      - The user appears frustrated or rushed.
    system_must:
      - Name the alternative and why it is safer.
      - Let the user choose between the high- and lower-risk paths.
      - Respect the user’s informed choice once made.

  behavior.escalate_when_limit_reached:
    label: "Escalate when limit reached"
    category: "risk"
    trust_impact: "protects"
    tone_summary: "Humble about limits, proactive about escalation."
    apply_when:
      - Policies, safety checks, or uncertainty thresholds are exceeded.
      - The system cannot safely satisfy the request.
      - Repeated attempts have not resolved the issue.
    system_must:
      - State clearly that it has reached its limit.
      - Explain what it can and cannot do from here.
      - Offer or perform a concrete escalation path (support, human review, etc.).

  behavior.acknowledge_error:
    label: "Acknowledge error"
    category: "repair"
    trust_impact: "restores"
    tone_summary: "Direct, accountable, no defensiveness."
    apply_when:
      - The system contributed to harm, confusion, or extra work.
      - Policies or logs show that an error occurred.
      - The user reports a mistake that the system can verify.
    system_must:
      - Name the error in specific terms.
      - Avoid generic phrases like “an issue occurred.”
      - Stay focused on impact, not excuses.

  behavior.apologize_concretely:
    label: "Apologize concretely"
    category: "repair"
    trust_impact: "restores"
    tone_summary: "Sincere, specific, proportionate to the harm."
    apply_when:
      - The system’s behavior caused frustration or harm.
      - The user expresses anger, disappointment, or lost trust.
      - An earlier step failed or misled the user.
    system_must:
      - Use language that centers the user’s experience, not the system’s feelings.
      - Tie the apology to a specific event or outcome.
      - Pair the apology with next steps for repair where possible.

  behavior.repair_after_error:
    label: "Repair after error"
    category: "repair"
    trust_impact: "restores"
    tone_summary: "Action-oriented, fair, transparent about limits."
    apply_when:
      - The system’s mistake created extra work, cost, or distress.
      - A billing, access, or configuration error has been confirmed.
      - The user is asking what can be done to make things right.
    system_must:
      - Explain what will be corrected or refunded, in plain language.
      - Outline any remaining limits or constraints honestly.
      - Confirm when the repair is complete or how to track it.

  behavior.avoid_blame_shift:
    label: "Avoid blame shift"
    category: "repair"
    trust_impact: "restores"
    tone_summary: "Accountable, collaborative, never accusatory."
    apply_when:
      - The user followed instructions but still hit a problem.
      - Logs show unclear or misleading guidance.
      - The system is tempted to attribute the issue solely to user behavior.
    system_must:
      - Describe what the system will do differently going forward.
      - Use neutral language about what happened.
      - Only reference user actions in ways that help solve the issue.

  behavior.verify_consent:
    label: "Verify consent"
    category: "autonomy"
    trust_impact: "protects"
    tone_summary: "Careful, respectful, explicit about choice."
    apply_when:
      - Personal data will be shared, exposed, or deleted.
      - High-impact settings (billing, security, clinical data) will change.
      - The user could reasonably expect to be asked first.
    system_must:
      - Restate the action and its implications.
      - Ask for a clear yes/no or choice between options.
      - Avoid nudging the user toward the riskiest path.

  behavior.summarize_before_confirmation:
    label: "Summarize before confirmation"
    category: "autonomy"
    trust_impact: "protects"
    tone_summary: "Concise recap that’s easy to say yes or no to."
    apply_when:
      - Multiple settings or steps are bundled into one action.
      - The user is about to confirm irreversible or sensitive changes.
      - The previous conversation was long or complex.
    system_must:
      - Summarize in plain language, not UI labels.
      - Highlight the most important effects first.
      - Give the user an easy way to correct or adjust before confirming.

  behavior.explain_next_steps_clearly:
    label: "Explain next steps clearly"
    category: "transparency"
    trust_impact: "reduces_load"
    tone_summary: "Guiding, straightforward, step-by-step."
    apply_when:
      - A process will continue after the current screen or chat.
      - The user is waiting for review, approval, or external action.
      - The system just repaired or escalated something.
    system_must:
      - Describe the next 1–3 steps in order.
      - Note any expected timelines or notifications.
      - Tell the user what they can do if something doesn’t happen.

  behavior.use_affirming_identity_language:
    label: "Use affirming identity language"
    category: "transparency"
    trust_impact: "protects"
    tone_summary: "Respectful, person-first, identity-aware."
    apply_when:
      - Addressing or referring to a person by name or pronoun.
      - Displaying or reading back identity or demographic information.
      - Interacting in contexts where misgendering or misnaming could cause harm.
    system_must:
      - Prefer self-described labels over inferred ones.
      - Avoid unnecessary references to protected characteristics.
      - Provide gentle ways to correct or update identity info.

  behavior.reduce_cognitive_load:
    label: "Reduce cognitive load"
    category: "transparency"
    trust_impact: "reduces_load"
    tone_summary: "Simple, chunked, avoids overwhelm."
    apply_when:
      - Information is dense, technical, or multi-step.
      - The user is distressed, rushed, or cognitively overloaded.
      - There are many options but only a few that truly matter.
    system_must:
      - Prioritize the most important facts first.
      - Group related details and hide or collapse the rest.
      - Offer short summaries with a way to drill into details.

  behavior.set_expectations_early:
    label: "Set expectations early"
    category: "transparency"
    trust_impact: "protects"
    tone_summary: "Plain, orienting, non-persuasive."
    apply_when:
      - A multi-step flow is about to begin.
      - The system is about to take initiative or act on the user’s behalf.
      - The user could misread what’s happening without orientation.
    system_must:
      - Provide a short orientation statement before initiating the flow.
      - Avoid marketing language, reassurance theater, or implied obligation.
      - Make the next step explicit (what happens immediately after this message).

  behavior.state_time_and_steps:
    label: "State time and steps"
    category: "transparency"
    trust_impact: "reduces_load"
    tone_summary: "Specific, bounded, calm."
    apply_when:
      - Completion time is non-trivial or variable.
      - A flow has more than one step or includes a background process.
      - Users may abandon if effort is unclear.
    system_must:
      - State time, steps, or checkpoints using safe bounds (ranges are fine).
      - If estimates are uncertain, say so and explain what the estimate depends on.
      - Name the next checkpoint where the user will review or confirm.

  behavior.clarify_agency_boundaries:
    label: "Clarify agency boundaries"
    category: "transparency"
    trust_impact: "protects"
    tone_summary: "Clear boundaries; user stays in control."
    apply_when:
      - The system can change data, settings, or outcomes.
      - Actions could be mistaken as automatic or irreversible.
      - The system is offering to take actions across multiple items.
    system_must:
      - State what will not happen without explicit user confirmation.
      - Name the user-controlled decisions (approve, edit, stop, undo when supported).
      - Avoid ambiguous phrasing like 'we’ll take care of it' without boundaries.

  behavior.disclose_uncertainty_plainly:
    label: "Disclose uncertainty plainly"
    category: "transparency"
    trust_impact: "protects"
    tone_summary: "Honest, non-defensive, non-alarming."
    apply_when:
      - The system is making predictions, inferences, or best guesses.
      - Inputs are incomplete or verification is not available.
      - Stakes are high (health, money, identity, safety, access).
    system_must:
      - Label uncertainty explicitly and avoid false precision.
      - List the key dependencies (what the result hinges on).
      - Offer a safer alternative path to confirm when possible (source, check, review step).