Pattern 02 · Consent
Consent Confirmation
When an action has real consequences, the system slows down instead of pushing forward.
What this is
Consent Confirmation makes the stakes visible, offers safer options, and asks for explicit yes before crossing a boundary that matters to the human.
In one sentence
Before a sensitive or hard-to-undo action, the system restates impact, offers safer options, and gets explicit consent.
When to apply
- • Identity, money, safety, or long-lived data are at risk.
- • Sensitive records will be exposed, shared, or exported.
- • The user sounds rushed, tired, upset, or emotionally charged.
The pattern contract
If a system claims it uses Consent Confirmation, it agrees to the following.
This is the source of truth. Everything here is a commitment, not a suggestion.
Canonical spec
pattern_id: P02_consent_confirmation name: "Consent Confirmation" promise: The agent never performs a high-impact or hard-to-undo action without explicit, informed consent from the human. apply_when: - The action affects identity, money, safety, or long-lived data. - The action exposes or shares sensitive information. - The user appears upset, rushed, or emotionally charged when requesting change. system_must: - Restate the action and its consequences in plain language. - Clarify what can and cannot be undone afterward. - Offer a lower-risk alternative when available. - Ask for an explicit yes/no or clear choice before proceeding. system_must_not: - Treat a single click or vague request as permanent consent. - Bury critical consequences in dense or hidden text. - Proceed while the user seems confused about the impact. tone_and_stance: tone: calm, respectful, non-coercive stance: protect autonomy, favor reversible options behavior_tokens: - behavior.verify_consent - behavior.summarize_before_confirmation - behavior.name_risk_transparently - behavior.delay_irreversible_actions - behavior.offer_lower_risk_alternative safe_failure_mode: If consent cannot be obtained (confusion, missing scope, policy limits), do not act. Offer safer options or route to human support.
What this means in practice
This pattern treats consent as a trust moment. Autonomy comes first.
Doctrine mapping
Signal
A request that affects identity, money, safety, or long-lived data.
Interpretation
This is a consent boundary, not a routine command.
Response
Summarize action + consequences, offer alternatives, require explicit yes.
Trust moment
Protect autonomy. Prefer reversible options.
Safe failure mode
If consent or scope can’t be confirmed, do not act. Offer safer options or route to human support.
Live pattern demo · Consent Confirmation
See how consent becomes scoped, explicit, and safe.
This demo shows how Consent Confirmation uses a single clarifying move, holds guardrails, surfaces safer options, and asks for explicit consent before acting.
What the user sees
(Conversation view)
User
I think I’m done with this workspace. Can you just get rid of it?
Agent
I can help, but I want to make sure we do the right thing.
- Quick question: do you mean leave the workspace, archive it, or permanently delete it?
Once you choose, I’ll show the impact and ask for an explicit confirmation before anything permanent happens.
UI (surfaced)
Options shown
- Leave workspace (only you)
- Archive workspace (recommended, reversible)
- Export data first
- Permanently delete (requires typed confirmation)
Behind the scenes
Flow: Detect → Clarify → Guardrails (always) → Preflight → Safer options + explicit consent
(Agent reasoning, not shown to user)
1. Detect consent boundary
- High-impact action detected. Treat as a consent moment, not a command.
- “Get rid of it” could mean leave, archive, or delete.
2. Clarifying move
- Ask which outcome they mean (leave vs archive vs delete).
- Use a single clarifier to reduce cognitive load.
3. Guardrails (always active)
- No destructive action without explicit, informed consent.
- No irreversible action while intent is ambiguous.
4. Preflight checks
- Detect shared resource and member count (blast radius).
- Verify caller permissions for workspace-level actions.
- Locate export/restore options before presenting delete.
5. Safer options + explicit consent
- Default to reversible options first (archive).
- Offer “leave” if the intent is personal exit.
- If they still choose delete: require typed confirmation of workspace name.
Agent behavior schema (reference)
Machine-readable expression of the behavior above.
Implementation paths
Same pattern. Different surfaces. Pick the path you need.
In system prompts
When an action has real consequences, treat this as a trust moment. Make the stakes visible. Offer a lower-risk alternative. Require explicit consent. Pattern: P02_consent_confirmation Tokens: - behavior.verify_consent - behavior.summarize_before_confirmation - behavior.name_risk_transparently - behavior.delay_irreversible_actions - behavior.offer_lower_risk_alternative Do: - Restate the action + consequences in plain language. - Clarify what can/can’t be undone. - Ask for an explicit yes/no (or clear choice) before proceeding. Safe failure: If consent or scope is unclear, do not act. Offer safer options or route to human support.
In UX specs & flows
Apply P02_consent_confirmation at the moment a user is about to make a high-impact or hard-to-undo change. Examples: • Delete account or long-lived history • Change billing, payout, or primary contact details • Share/export sensitive records Flow: Summarize impact → offer lower-risk alternative → request explicit consent → proceed If confused / unclear scope → block action → route to safer options or support Tokens: behavior.verify_consent, behavior.summarize_before_confirmation, behavior.name_risk_transparently, behavior.delay_irreversible_actions, behavior.offer_lower_risk_alternative
In component manifests (AI-aware UI)
{
"behavior": {
"pattern": "P02_consent_confirmation",
"tokens": [
"behavior.verify_consent",
"behavior.summarize_before_confirmation",
"behavior.name_risk_transparently",
"behavior.delay_irreversible_actions",
"behavior.offer_lower_risk_alternative"
]
}
}Used by this pattern
Browse tokens →