Synchronous Execution-Plan Confirmation

also known as Pre-Execution Plan Confirm, Sync Plan + Async Audit

Agent synchronously emits its full execution plan for user confirmation before any side-effect step, and provides asynchronous operation recordings for post-hoc review.

This pattern helps complete certain larger patterns —

specialisesHuman-in-the-Loop★★— Require explicit human approval at defined points before the agent performs an action.

Context

A user-facing agent (especially in regulated industries like Taiwan finance 2026) takes consequential actions on the user's behalf. Users are uncomfortable with opaque agentic execution; regulators require demonstrable user intent capture.

Problem

When the agent executes silently and only shows results after the fact, users cannot verify that the agent understood the request correctly until damage is done. Post-hoc transcripts help audit but cannot prevent. Differs from approval-queue by being agent-driven (the agent emits the plan up front) rather than human-driven (the human writes the plan).

Forces

Synchronous confirmation adds latency on every consequential request.
Users may skim the plan and approve without reading.
Async recordings are necessary for audit but insufficient for prevention.

Example

A wealth-management agent receives 'rebalance my portfolio'. Agent emits plan: 'sell 30 shares NVDA, buy 200 shares VOO, transfer $5,000 to bond fund'. User reviews each line, confirms. Execution proceeds. Operation recording (every API call, every state change) is persisted to the user's vault for later review. Regulator audit at year 2 reconstructs the user's confirmation timestamp + the executed actions.

Diagram

flowchart TD User[User request] --> Plan[Agent generates plan] Plan --> Show[Sync: render plan to user] Show --> Confirm{User confirms?} Confirm -->|no| Cancel[Cancel] Confirm -->|yes| Exec[Execute side-effects] Exec --> Record[(Async: full operation recording)] Record --> Review[User can review later]

Solution

Therefore:

At the boundary between planning and execution, the agent renders the plan in plain language (or structured form the user can review). User must explicitly confirm (button press, signed message) before execution starts. During and after execution, full operation recordings are persisted to a user-visible log for asynchronous review. Pair with human-in-the-loop, dry-run-harness, decision-log, policy-gated-agent-action.

What this pattern forbids. No side-effect step executes without explicit user confirmation of the plan; the plan shown to the user must match what executes.

And the patterns that stand alongside it, or against it —

complementsApproval Queue★★— Queue agent-proposed actions for asynchronous human review while the agent continues other work.
complementsDry-Run Harness★— Simulate planned actions (and their projected side effects) without committing them, surfacing a reviewable diff before any commit.
complementsDecision Log★★— Persist the agent's reasoning trace alongside its actions so post-hoc review can explain why.
complementsPolicy-Gated Agent Action (KRITIS)★— Each agent action passes through a policy gate (NIS2, EU the agent Act, BSI rules) and is tagged with Run ID + Model Digest + Policy Hash for WORM-audit reconstruction.
complementsTwo Human Touchpoints★— Place exactly two human-in-the-loop checkpoints in agentic pipelines: one at content selection and one at final review before publication.

Neighbourhood

Click any neighbour to follow the language. Scroll to zoom, drag to pan.

References

2026 企業如何導入 AI？解析 2026 必知的 5 大模型趨勢
blog

Provenance

Source: patterns/sync-execution-plan-confirmation.md on GitHub · commit 0f962e5 · view history
Added to catalog: 2026-05-23
Last updated: 2026-05-23
Contribute: open an issue or PR at github.com/agentpatternscatalog/patterns.