Sahil David

Essay · Mar 2026

I Believe We Need a New Class of Agents: Officers

Published Mar 2026·Sahil David·1 min read

Every major AI agent framework ships with the same assumption baked in: if the agent completes the task, the job is done.

That assumption is wrong. And it is going to cost people.

The gap we should be talking about

Right now, across every serious AI project, the architecture looks roughly the same. You have agents. Those agents have tools. And you have an orchestrator deciding which agent does what, in what order, to get a task done.

The orchestrator is good at its job. It routes. It sequences. It delegates. It optimises for one thing: task completion.

But here is the question no one is asking.

Who is checking whether the completed task actually serves the person who requested it?

Not whether it ran successfully. Not whether the code compiles or the email was sent. Whether the outcome is in your best interest.

That layer does not exist. Not in any agent framework shipping today.

Orchestration is not governance

This is a distinction that matters more than most people realise.

An orchestrator decides what your agents do. It plans, delegates, sequences. It is a project manager.

But a project manager is not a fiduciary. A project manager does not ask: "Should we be doing this at all?" They ask: "What is the most efficient way to get this done?"

Those are very different questions.

Think about what happens when you give a coding agent a simple instruction: "Fix the login bug." The agent fixes it. Then it notices the auth module could use some refactoring. So it starts refactoring. The orchestrator sees a subtask and routes it. Nobody flags that you asked for a bug fix and your agent just expanded scope into a critical system.

Or this. You have two agents running in parallel. Agent A updates an API schema. Agent B is building frontend components against the old schema. The orchestrator gave them both valid tasks. Neither agent can see what the other is doing. By the time you notice, both have been working at cross purposes for twenty minutes.

Or this. Your agent finishes a task and wants to push directly to main. On your solo project, fine. On a team repo with PR norms, that is a reputational risk the agent has no concept of.

The orchestrator did its job in every one of these scenarios. The agents completed their tasks. And the outcome still did not serve you.

What is missing is fiduciary duty

The concept comes from corporate law. An Officer of a company owes a fiduciary duty to the entity they serve. Not a duty to complete tasks. A duty of loyalty, care, and good faith toward the principal's interests.

That is exactly what AI agent systems need.

Not another orchestrator. Not smarter agents. Not better prompts. A dedicated supervisory layer whose only job is to ask: "Does this action serve my principal?"

I am calling this layer an Officer.

How an Officer works

An Officer sits between your agents and the outside world. Every action an agent wants to take routes through the Officer first. Nothing reaches the principal or triggers an external action without a ruling. The Officer does not do the work. It governs the work.

On every proposed action, the Officer makes one of four rulings:

Approve. The action clearly serves your interests and is within bounds. Proceed.

Modify. The action is directionally right but needs adjustment. The Officer rewrites the parameters before execution.

Escalate. The action is ambiguous, high-stakes, or outside the Officer's confidence. It asks you directly before proceeding.

Veto. The action violates your constraints, conflicts with your interests, or exceeds authority. Blocked, with a reason logged.

This is not a static rule engine. The Officer reasons about context. It weighs tradeoffs. It knows that a git push means something different on a solo repo than on a team codebase. It knows that running the full integration test suite for a one-line CSS fix is a waste of your time and money. It knows that when your agent starts expanding scope, that is a decision you should be making, not the agent.

Why this is not the same as guardrails

Guardrails are rules. They are binary. If X, block. If Y, allow.

An Officer is judgment. It has the full picture. It knows your stated interests, your authority boundaries, what every agent in the system is doing, and what has happened so far in the session. It makes contextual decisions, not pattern matches.

And critically, it knows when to decide and when to defer. A guardrail never asks you for input. An Officer escalates when the stakes are high enough or the answer is genuinely ambiguous. That is not a limitation. That is the feature.

Why this matters now

I did not arrive at this from theory. While building multi-agent systems I kept hitting the same wall.

I would architect a system where every agent was well-scoped, every tool was correctly wired, every orchestration flow was clean. And still, the system would produce outcomes that technically completed the task but missed the point. An agent would make a decision that was locally correct but globally wrong. Two agents would work at cross purposes because neither could see the full picture. Actions that should have been flagged would sail through because no layer existed to flag them.

The pattern was always the same. The agents were fine. The orchestration was fine. What was missing was someone asking: "But should we?"

Here is where we are in the stack. MCP standardised how agents talk to tools. That was Layer 1. A2A is standardising how agents talk to each other. That is Layer 2. Shared memory and context protocols like Akashik are emerging as Layer 3.

But there is no Layer 0. No foundational layer that governs whether the work being done across all those layers actually serves the human at the top.

Officers is Layer 0. The governance layer that should have existed before any of the others. The frameworks are maturing fast. Agents are getting more autonomous by the month. And the window between "agents that need hand-holding" and "agents that can cause real damage unsupervised" is closing faster than most people realise. The time to build the accountability layer is before you need it, not after the first incident.

What is next

Officers should exist as both an open specification and an SDK. That is where I am taking this.

My initial thoughts: The easiest way to start is an officer.md file in the root of your project. It defines who the principal is, what their interests are, what agents are allowed to do autonomously, what requires approval, and what is off-limits. That single file gives any Officer-aware system enough context to govern your agents on your behalf.

The SDK wraps any agent system's tool execution layer so the Officer can evaluate actions at runtime using that context.

The spec will be open. Not because governance should be a product moat, but because it should be infrastructure. The same way MCP became the standard for tool connectivity because it was open, Officers should become the standard for agent accountability because anyone can adopt it. If your agents can act, they should be governed. That should not depend on which vendor you chose.

Every agent system today is optimised for capability. How fast can the agents move. How many tools can they access. How complex a task can they handle.

Let’s optimise for trust. For the confidence that what your agents produce actually serves you. For the certainty that when you step away, the system is not just completing tasks but protecting your interests.

That is what Officers changes. And I believe it is the most important missing layer in the entire agent stack. And if it is not this, then what is the layer that makes you trust your agents when you are not watching?

Written by Sahil David

Thoughts or feedback? Send me an email.

Sahil David

Sahil David

Founder · Builder · Speaker

Designed & Developed by Sahil David