Agentic Execution Flow · 01

Pre-Execution Disclosure

Surface what the agent will do before it starts. Consent is required when scope exceeds prior authorization.

Problem it solves

Users don't know what an agent will do before it runs. Undisclosed scope creates accountability gaps and erodes trust.

When to use

Before any autonomous agent run that will access data, call external systems, or take actions on behalf of the user.

When not to use

For lightweight suggestions or read-only actions where no consequential autonomy is exercised.

Governing principle

Consent is per-run, not per-session. Each new agent execution requires its own disclosure unless the user has explicitly pre-authorized recurring access.

Required Components

TD01 Disclosure Alert HC04 Consent & Scope Gate

Interaction Flow

1

Agent requests execution

The system determines what the agent will access, what tools it will use, and what data it will touch.

2

Disclosure surface appears

A Disclosure Alert shows the agent's intended scope, data sources, and authority boundary before any action is taken.

3

Scope check

If the requested scope exceeds what the user has previously authorized, a Consent & Scope Gate interrupts and requires explicit approval.

4

User approves or declines

The user confirms the scope or narrows it. Declined execution does not proceed.

5

Execution begins

Only after disclosure is acknowledged does the agent begin its run.

Governance requirements

Every consent event must be logged with timestamp, user identity, and scope granted. Consent records are immutable and must be available in the post-run audit trail.

Accessibility notes

The disclosure surface must be announced via role="dialog" with a descriptive aria-label. Consent actions must be keyboard-navigable. Do not auto-dismiss consent gates on timeout.