# Agent Consent Patterns > UX patterns for AI agent permissions, consent, and human-in-the-loop control. A reference taxonomy of 12 named patterns plus a headless, accessible React implementation (@agentconsent/react). This file and the linked Markdown mirrors are the agent-readable view of the site. Every pattern documents the problem it solves, its anatomy, when (not) to use it, real-world examples, accessibility notes, anti-patterns, and code. The linked `.md` files are plain-Markdown mirrors of each human page. The human site offers each prose block at three reading levels (Caveman / Human / Academic); these mirrors carry the canonical Human copy. ## Patterns - [Scoped Grant](https://agentconsent.dev/patterns/scoped-grant.md): OAuth-era scope screens don't show what an agent can actually do with access. Reading a single message and exporting an entire inbox look the same on the consent screen. - [Progressive Scope](https://agentconsent.dev/patterns/progressive-scope.md): Asking for every permission upfront forces users to consent to hypotheticals. Agents should start minimal and ask for more only when the task needs it. - [Connection Card](https://agentconsent.dev/patterns/connection-card.md): Once granted, connections become invisible. Users need a surface that shows the current grant state, when it was last used, and a way to revoke it. - [Action Preview](https://agentconsent.dev/patterns/action-preview.md): "The agent wants to send an email" isn't enough to approve. Users need to see the exact action: the recipient, the content, and the amount, before it runs. - [Irreversibility Gate](https://agentconsent.dev/patterns/irreversibility-gate.md): Uniform confirmation friction trains users to click through. Weight the gate to the consequence instead. - [Batch Approval](https://agentconsent.dev/patterns/batch-approval.md): Reviewing agent work item by item causes approval fatigue. Queues need a way to triage without collapsing into rubber-stamping. - [Consent Memory](https://agentconsent.dev/patterns/consent-memory.md): "Always allow" is a standing grant made in a moment of task focus. Each memory option needs consequences the user can actually read. - [Authority Boundary](https://agentconsent.dev/patterns/authority-boundary.md): Users need one settings surface that answers: what may this agent ever do on its own, and what must it always ask about? - [Spend & Rate Limits](https://agentconsent.dev/patterns/spend-rate-limits.md): Numeric guardrails (budget caps, action counts, time windows) are consent primitives, not billing features. - [Injection Flag](https://agentconsent.dev/patterns/injection-flag.md): When instructions arrive from untrusted content, the agent must show users where the instruction came from and ask whether to proceed. - [Action Receipt](https://agentconsent.dev/patterns/action-receipt.md): Consent doesn't end at approval; users need a post-hoc record of what the agent did, under what authority, with undo where possible. - [Credential Handoff](https://agentconsent.dev/patterns/credential-handoff.md): Agents should never see passwords or payment details; sign-in and payment delegate to a password manager or scoped token flow. ## Background - [Principles of agent consent](https://agentconsent.dev/principles.md): the ten principles the pattern library is built on. - [Glossary](https://agentconsent.dev/glossary.md): shared vocabulary for agent consent UX. - [About](https://agentconsent.dev/about.md): why the project exists and how to contribute. - [Overview](https://agentconsent.dev/index.md): the full taxonomy on one page. ## Optional - [Full text](https://agentconsent.dev/llms-full.txt): every pattern and page concatenated into one document.