← Back

Designing for Irreversibility

In 1858, Hymen Lipman patented the pencil with an attached eraser. Rubber had been used to lift graphite from paper since at least the 1770s, but as a separate object — something you kept nearby, or didn’t. Before it became common, mistakes in graphite were corrected with soft white bread, which absorbs carbon particles without tearing the paper. What Lipman’s patent did was collapse the writing tool and its corrective into one. The eraser didn’t replace the bread because it was more elegant. It replaced it because it was more reliable: a dedicated tool for a dedicated problem, the problem being that humans make mistakes and the written record should accommodate that.

Every technology that followed reinforced this premise. The typewriter gave us correction fluid. The word processor gave us backspace, then delete, then undo — Ctrl+Z, introduced on the original Macintosh in 1984, now so reflexive that people reach for it offline, in notebooks, at whiteboards. The internet gave us edit buttons, refund windows, deactivation flows, the legally mandated cooling-off period. Amazon built a logistics empire partly on the logic that a frictionless return is a precondition of a frictionless purchase. Every institution that handles human decisions at scale — banks, courts, insurance companies, the postal service — has developed some version of the appeal, the reversal, the do-over.

Digital product design inherited this philosophy so completely that it became invisible. Undo. Cancel. Go back. Save draft. Restore from backup. The entire grammar of modern UX is built on a single premise: a user’s choice should be held loosely, because the user might have been mistaken, might not have meant what they appeared to mean. Irreversibility is treated as a failure condition — something to be avoided, mitigated, surrounded with warnings and friction and confirmation screens.

Then blockchain arrived and made irreversibility a virtue.

A transaction on-chain is final. Not policy-final, the way a wire transfer is merely difficult to reverse. Final in a different register — cryptographically settled, immutable by design, with no institution that can intervene if the user made a mistake. Send funds to the wrong address: they’re gone. Sign a bad smart contract: the contract executes. Approve a permission you didn’t mean to: that permission is live until you revoke it, and by then something may have already happened.

This isn’t a bug the industry hasn’t gotten around to fixing. Irreversibility is the feature. It’s what makes the system trustless. You can’t ask for a chargeback because there’s no one to ask. The same property that makes the network resistant to censorship makes it resistant to your customer service call.

The first instinct is to protect by adding friction – more confirmations, bigger warnings, more prominent red text. The design pattern most teams reach for is inherited directly from banking: the confirmation screen. Review your transaction. Click to confirm. You’ve been warned.

The problem is that the confirmation screen was designed for a system with recourse. In traditional finance, the confirmation screen says: “Are you sure?” with the implicit understanding that if you said yes and you shouldn’t have, you can make a phone call. The confirmation screen in crypto says “Are you sure?” with no such understanding – and most users don’t know the difference. They’ve been trained by a decade of single-click e-commerce to treat confirmation screens as a formality. One more tap before the thing happens.

So you add friction and it doesn’t do the work you need it to do. The user confirms. The transaction executes. The mistake was real. The friction didn’t help because the friction didn’t communicate anything the user actually processed.

Irreversibility is a qualitatively different condition, not a higher-stakes version of a familiar one. The design problem follows from that distinction, not from the failure of confirmation screens.

The distinction worth designing for is between informing users and changing how they experience the weight of a decision. Most confirmation screens do the first and assume it achieves the second. They surface information. They don’t produce understanding. A user who reads “this transaction cannot be reversed” and taps confirm hasn’t necessarily understood anything – they’ve processed text and moved on, the same way they move through every other modal in their day.

Designing for irreversibility means designing for the experience of finality, not just the disclosure of it.

Some teams are working on this seriously. Progressive trust patterns that require users to demonstrate understanding before high-risk actions – not just confirm but interact with what they’re confirming. Address verification that forces engagement, not just display. Transaction simulation that shows what will happen before it happens, making the outcome concrete instead of abstract. None of these are solved. All of them are better questions than “how do we make the warning more visible.”

What “irreversibility” actually means varies across actions, and the design that ignores this distinction does damage. Sending funds to a wrong address is irreversible. Approving an allowance you didn’t mean to approve is recoverable – if you catch it and revoke before it’s exploited. Connecting a wallet is almost always safe to disconnect. The design that treats all of these with identical gravity is crying wolf: you numb the user to friction until the one moment when the friction actually mattered.

Designers who’ve spent years in consumer products are trained to reduce friction. Every unnecessary tap is a UX failure. The entire history of good design trends toward getting people to their goal faster with less obstruction.

That training is right for most products. It needs to be interrogated before you apply it here. Because in a system with no safety net, the question isn’t just how quickly can the user accomplish their intent – it’s whether the user understood what their intent would cost them.

Those aren’t the same question. They haven’t been in traditional UX either, but the consequences of conflating them are different in kind.


Now add AI agents to this, and the problem changes shape entirely.

Everything described so far assumes a human at the moment of execution. A flawed, distracted, undertrained human — one who taps confirm without reading, who has been conditioned by ten years of e-commerce to treat friction as a formality. But a human nonetheless. Someone who can, however poorly, experience the weight of what they’re about to do. The discomfort of a large number. The hesitation before a one-way door. The biological flinch that high-stakes decisions can still trigger, even in people who should know better.

Agents don’t flinch. They execute without affect, at whatever speed the protocol allows — and on x402, that’s 200 milliseconds, settled on-chain, no chargeback risk, no institution to call. The entire surface of UX designed to communicate finality to a human — the warnings, the simulations, the progressive trust patterns that require engagement rather than just confirmation — is built for a mind that can feel stakes. When the agent is the actor at the moment of execution, those design patterns are addressed to the wrong entity. The human is upstream, at the instruction layer, not at the transaction layer. By the time anything happens that the design was trying to prevent, the human isn’t in the room.

The failure surface shifts accordingly. When a human makes a mistake in a system with no recourse, the failure point is legible: they didn’t understand the system, they were rushed, they misread the screen. Their intent was clear enough; the product failed to protect them from their own inattention. When an agent makes a mistake, the failure point is different and sometimes harder to locate. The agent didn’t misread anything. It executed exactly what it was told. The problem is what it was told — not a malicious instruction, not a typo in an address, but the gap between what the human meant and what the agent interpreted as its mandate.

Natural language is full of ambiguities that a human colleague would resolve by asking a question. An agent resolves them silently, in one direction, based on what its training treats as a reasonable interpretation of the instruction it received. “Pay the invoice when it arrives” means something specific to the person who wrote it. It specifies an amount, a counterparty, a context, a judgment about what counts as that invoice and not some other document that resembles one. The agent sees a document that matches the pattern. It executes. On-chain. Irreversible. The instruction was followed. The intent was not.

This isn’t a failure of prompting or of agent intelligence. It’s a structural problem at the instruction layer — the gap between natural language intent and machine-executable mandate is wide enough for consequential errors to fall through, and in a system with no recourse, those errors are permanent. The usability research that would normally surface this — error rates, confusion metrics, support volume, abandonment — assumes a human experiencing something going wrong. An agent executing a mistaken transaction doesn’t experience anything, aside from an error or rate limiting. It reports total failure or success. The feedback signal that design depends on is absent by design.

The design community is already grappling with one version of this. In high-stakes fiat flows, the right answer has been to put the human back in the loop at the moment of transaction — not as a confirmation screen, but as an active approval gate. The agent does the work up to the point of payment: fills the forms, resolves the ambiguity, prepares the execution. Then it holds. Sends the request to the human. Waits for explicit approval before any payment instrument is created. If the human denies it, no card is ever issued, no transaction settles, no mistake becomes permanent. The agent’s autonomy is preserved for the mechanical work; the human’s judgment is preserved for the consequential moment.

That pattern works because fiat has a natural gate — the payment instrument has to be created. On-chain, where settlement is the protocol, there is no equivalent gate unless you design one. The transaction executes the moment the agent signs it. Which means the design work of preserving human judgment has to move entirely upstream, into the instruction layer — into the scoping of agent authority before any transaction is ever attempted.

This is the next generation of the irreversibility problem. Not how do you make a human feel the finality of an action they’re taking themselves, but how do you design permission structures precise enough that the actions an agent takes autonomously are the actions the human actually authorized — not just technically permitted, but genuinely meant. The confirmation screen was always the wrong answer for human users. For agents, it’s not even a wrong answer. It’s addressed to someone who isn’t there.

The problem isn’t the agent’s intelligence or the protocol’s speed. It’s that the interface designed to carry human understanding of consequence — what this action costs, what it means, what it cannot undo — was built for a human hand on a screen. That hand is now two steps removed. The design has to reach it before the instruction is written, not after the transaction settles.

Nobody builds this design work until the cost of not having it becomes obvious. That cost shows up at the company level, not the consumer level. An agent buying a coffee subscription creates an annoyance. An agent handling company spending — software, travel, vendor payments, hundreds of transactions a week that nobody approved individually and no finance tool can make sense of — creates the kind of problem that gets someone fired. Whether agentic commerce grows into that territory, and earns the trust of the companies that would have to adopt it, is the real question. Some teams are already building for it — setting limits on what agents can spend, adding checkpoints where a human approves before money moves, making agent transactions readable to whoever has to sign off on them. It’s early. Whether the demand ever gets big enough to justify it is still unknown.


Design has always been a discipline of accounting for human fallibility. The eraser for the smudge. The undo for the bad decision. The returns window for the impulse buy. The gap between what a person intends and what actually happens has been the animating problem of the field since before anyone seriously called design a field. What agents change is not the existence of that gap but its location. It used to sit between the user and the interface, at the moment of action. Now it sits between the user and the instruction they wrote before the agent went to work — further back in the chain, harder to see, and in a system with no recourse, impossible to recover from.

Five centuries of tools moved toward giving humans a way back to where they began. Blockchain was the first deliberate reversal. Whether agents extend that reversal or eventually build their own architecture of recourse is still being worked out in products that mostly don’t exist yet. The history I can follow. What comes after it, I can only suppose. My best guess is that agentic commerce changes UX, and is changed by it in return.

Originally published on Substack (opens in new tab)