FOUNDATION · ONBOARDING PATTERNS

Onboarding Patterns

The first-contact moment when an AI agent introduces itself to a new user. These patterns govern capability disclosure, incremental trust escalation, and task completion tracking — the UX that makes agentic authority legible and human override always possible.

AgentIntroductionCard ProgressivePermissionFlow OnboardingChecklist

COLOR SEMANTICS

--ds-color-agency

Agent-initiated action, authority, ACTIVATE state. Red = the agent is asserting something.

--ds-color-validation

Human validation required. Gold = a person must decide before this proceeds.

--ds-color-temporal

Processing / in-progress states. Blue = the agent or system is working on this.

01 · COMPONENT

AgentIntroductionCard

The first thing a user sees when an AI agent enters their workspace. Discloses identity, trust tier, and every capability the agent will use — before it does anything. The single most important trust moment in the agentic lifecycle.

PURPOSE

Capability disclosure

Every read, write, and transact action is listed before the agent takes any action.

Trust tier communication

The 5-tier trust system tells the user exactly what precedent backs this agent's authority.

Approval gating

Actions requiring explicit approval are badged in gold — no surprise executions.

Context signaling

Agent-initiated vs human-initiated flows have distinct visual treatment so the user always knows who initiated contact.

LIVE DEMO

AGENT INTRODUCTION

Treasury AnalystSTANDARD

Cash Management Agent

Monitors cash positions, drafts payment instructions, and produces 7-day forecasts. Operates under your approval thresholds — all write and transact actions require your explicit sign-off.

TRUST TIER 3Established trust. Standard read/write with approval gates.

CAPABILITY SUMMARY

○READ

◑WRITE

●TRANSACT

○ READ (3)

Read cash positions

Read transaction history

◑ WRITE (2)

Draft payment instructionsAPPROVAL REQUIRED

Update forecast modelsAPPROVAL REQUIRED

● TRANSACT (2)

Execute FX conversionsAPPROVAL REQUIRED

Submit wire transfersAPPROVAL REQUIRED

⚑ 4 APPROVAL-GATED ACTIONSYour explicit approval required before execution.

ANATOMY

Context header

Red (agency-initiated) or inverse-surface (human-initiated) bar. States who initiated this introduction. var(--ds-color-agency) or var(--ds-surface-inverse)

Monogram avatar

Geometric two-letter monogram. Square geometry signals non-human entity. Never use a face or photograph. var(--ds-color-agency) border

Trust tier badge

Tier label (UNTRUSTED → ORCHESTRATOR) with tier-appropriate color. Color escalates with authority. Tier-specific

Capability groups

Read (○), Write (◑), Transact (●) capability rows. Icon weight conveys risk level. Meta color per class

Approval gate badge

Gold APPROVAL REQUIRED tag on any action requiring explicit human consent before execution. var(--ds-color-validation)

Action row

DISMISS (secondary) + ACTIVATE AGENT (primary agency). The primary is agency red — it is an agent authority action. var(--ds-color-agency)

ANTI-PATTERNS

✗ DO NOT

Use a human face or photo avatar for the agent. Users will mistake it for a human.

✓ DO

Always use the geometric monogram system. Two-letter square = non-human entity, always.

✗ DO NOT

Skip the capability disclosure and show only a summary ('This agent can help you with treasury tasks').

✓ DO

List every read, write, and transact action explicitly before the user approves. No surprises post-activation.

✗ DO NOT

Show the activation button before the user has scrolled through all capabilities.

✓ DO

Display the full capability list (with expand for long lists). The ACTIVATE AGENT button is always visible, but all approval-gated items are prominently labeled.

✗ DO NOT

Use the same visual treatment for agent-initiated and human-initiated introductions.

✓ DO

Agent-initiated uses the agency red header (the agent is seeking authority). Human-initiated uses surface-inverse (a human is summoning a tool). Different semantics, different appearance.

PROPS

Prop	Type	Default	Description
agentName	string	—	Full display name of the agent.
agentRole	string	—	Short role label (e.g. 'Treasury Analyst').
agentDescription	string	—	1–2 sentence plain-language explanation of what the agent does and why the user should trust it.
trustTier	1 \| 2 \| 3 \| 4 \| 5	—	Current trust tier from 1 (UNTRUSTED) to 5 (ORCHESTRATOR). Determines the tier badge color and description.
capabilities	AgentCapabilityItem[]	—	List of capabilities grouped by class: read / write / transact. Items with requiresApproval=true display a gold APPROVAL REQUIRED badge.
surface	'card' \| 'panel' \| 'modal'	'card'	Adjusts layout width. Panel/modal stretch to full width of their container.
context	'agent-initiated' \| 'human-initiated'	'agent-initiated'	Changes the header label. Agent-initiated uses agency red; human-initiated uses surface-inverse.
onApprove	() => void	—	Called when the user clicks ACTIVATE AGENT.
onDismiss	() => void	—	Called when the user dismisses the introduction.

02 · COMPONENT

ProgressivePermissionFlow

Trust is earned incrementally. This pattern models the read → write → transact escalation path, making each step visible and each approval an explicit human decision. The agent can never claim a higher capability class without passing through every preceding step.

CAPABILITY CLASS MODEL

Class	Icon	Color token	Examples	Default approval gate
read	○	--ds-text-secondary	View balances, query history, read FX rates	None — implicit on activation
write	◑	--ds-color-temporal	Draft payments, update forecasts, create proposals	Required per escalation step
transact	●	--ds-color-agency	Execute FX, submit wires, initiate settlements	Required per transaction

LIVE DEMO

PERMISSION ESCALATION — TREASURY ANALYST

○READ-ONLY

◑READ + WRITE

●FULL ACCESS

○Read accessAPPROVED

Required to analyze cash positions and produce accurate forecasts. No data is modified.

▸Read account balances

▸Query transaction history

▸Fetch FX rates

▸Access forecast models

Approved 3/25/2026, 10:00:00 AM

◑Write accessPENDING APPROVAL

Allows drafting payment instructions and updating forecast parameters. All write actions are queued for human review before execution.

▸Draft payment orders (queued for approval)

▸Update forecast model parameters

▸Create cash concentration proposals

●Transact accessFUTURE

Enables below-threshold FX conversions and wire initiation. Requests are individually approval-gated.

▸Execute FX conversions < $50,000 equivalent

▸Submit wire transfers (approval required per transaction)

STATES

approved

Step completed. Green check-style border. Shows timestamp and who approved.

active (pending approval)

Gold border. The current step awaiting human decision. APPROVE / DENY buttons visible.

future (pending)

Dimmed. No border highlight. Controls not visible — step is not yet actionable.

denied

Red-bordered. Step was explicitly refused. Agent cannot proceed past this point.

ANTI-PATTERNS

✗ DO NOT

Request all capability classes simultaneously in one approval prompt.

✓ DO

Always use the incremental escalation model. Read first. Write only after read is established. Transact only after write is proven safe.

✗ DO NOT

Skip the flow after initial onboarding — assume the escalation is handled implicitly.

✓ DO

Every capability class upgrade must pass through this flow with explicit human approval, even mid-session.

✗ DO NOT

Use the same gold validation color for both the pending-approval step and approved steps.

✓ DO

Approved steps go green (--ds-color-outcome-positive). Gold is strictly for 'requires human action NOW'. Once decided, the color resolves.

PROPS

Prop	Type	Default	Description
agentName	string	—	Agent display name shown in the header.
steps	PermissionStep[]	—	Ordered list of permission escalation steps. Each step has a level, justification, and actions unlocked.
activeStepIndex	number	—	Zero-based index of the step currently awaiting approval. Renders with a gold validation border.
onApprove	(level: PermissionLevel) => void	—	Called with the approved permission level when user approves the active step.
onDeny	(level: PermissionLevel) => void	—	Called with the denied permission level when user denies the active step.
compact	boolean	false	Hides justifications and action lists. Use in sidebar or constrained-width contexts.

03 · COMPONENT

OnboardingChecklist

Agentic task completion tracker for first-run onboarding sequences. Every completed item carries provenance — evidence of who completed it and why it's valid. Blocked items surface human action requirements without hiding system state.

PURPOSE

Progress transparency

The progress bar and item count give users a clear picture of where they are in the setup flow at all times.

Agent attribution

Items completed by the agent are labeled with the agent's name and timestamp. The user always knows what the agent did.

Provenance linking

Each completed item links to the data, approvals, or agent actions that confirm its completion. Auditable by design.

Blocked state clarity

Blocked items show exactly what is needed to unblock them. No mystery states — the human always knows what to do next.

LIVE DEMO

Treasury Agent Setup

PROGRESS3/6

●

Connect bank accounts

Completed by User· 3/25/2026, 9:15:00 AM

▾

●

Review agent capabilities

Completed by User· 3/25/2026, 9:20:00 AM

▾

●

Grant read access

Completed by Treasury Analyst Agent· 3/25/2026, 10:00:00 AM

▾

◔

Run first cash analysis

Agent working…

▾

⚑

Grant write accessHUMAN ACTION

▾

○

Set approval thresholdsHUMAN ACTION

▾

STATUS REFERENCE

Status	Icon	Color	Meaning
pending	○	--ds-text-muted	Not yet started. MARK DONE / SKIP controls visible if handlers are provided.
in-progress	◔	--ds-color-temporal	Agent is actively working on this item. Pulse animation on the icon.
done	●	--ds-color-outcome-positive	Completed. Agent attribution and timestamp shown. Provenance links expand on click.
skipped	—	--ds-text-muted	User explicitly skipped. Title strikes through. Counted as complete for progress purposes.
blocked	⚑	--ds-color-agency	Cannot proceed. Red flag icon. Expanded detail shows the blocker reason and required human action.

ANTI-PATTERNS

✗ DO NOT

Complete checklist items automatically without surfacing agent attribution.

✓ DO

Every agent-completed item must show completedBy and completedAt. The user must always know what the agent did.

✗ DO NOT

Show a blocked item without explaining what is needed to unblock it.

✓ DO

Always set blockedReason on blocked items. The user must never stare at a blocked state without knowing what action to take.

✗ DO NOT

Count skipped items as incomplete in the progress calculation.

✓ DO

Skipped items count toward completion. A user who chose to skip something has made a deliberate decision — respect it.

PROPS

Prop	Type	Default	Description
title	string	'Onboarding Checklist'	Section heading shown above the progress bar.
items	OnboardingChecklistItem[]	—	Checklist items. Each carries a status, optional agent attribution, completedAt timestamp, and provenance refs.
onMarkDone	(id: string) => void	—	When provided, pending items display a MARK DONE button for human-initiated completion.
onSkip	(id: string) => void	—	When provided, pending items display a SKIP button.
showProvenance	boolean	true	Show provenance references in the expanded item detail. Set false for stripped-down checklists.

← Multi-Agent Coordination Trust & Provenance →