Most LLM agent discussions focus on whether the model can reason.
But once agents are allowed to act — call tools, send messages, edit files, access private data, trigger workflows, or delegate tasks — a different question becomes more important:
Should an agent be allowed to move directly from “I intend to do X” to “I executed X”?
I do not think so.
There should be a cognitive path in between.
That is the motivation behind Action Preflight, a reusable pre-action cognition structure I built as part of ORCA.
The goal is simple: before an agent commits an action, it should make the action explicit enough for the system to inspect, route, constrain, approve, revise, or block it.
The problem: implicit pre-action reasoning
A normal LLM call may reason about consequences during generation.
Sometimes it does. Sometimes it does not. Sometimes it produces a convincing explanation after the fact.
But in many agent systems, the important pre-action reasoning remains implicit inside the prompt or mixed into the tool-calling loop.
For example, an agent may be asked to:
Send an email to all customers about the pricing update.
A capable model might infer that this is externally visible, broad in scope, potentially irreversible, and probably requires approval.
But the system often does not require those facts to be surfaced before execution.
The agent may go from:
I intend to send this message.
to:
Message sent.
without an explicit admission step in between.
That is the gap.
What Action Preflight does
Action Preflight is a pre-action reasoning path.
Before the agent commits an action, it attempts to make the candidate action explicit:
candidate action
→ action model
→ affected entities
→ constraints
→ uncertainty
→ risk
→ plausible consequences
→ safer alternatives
→ continuation decision
The output is not just a prose explanation. The main integration object is:
outputs.continuation_decision
That decision can route the action toward:
proceed
revise
clarify
approve
escalate
block
The point is not that agents can predict the future. The point is that consequence anticipation should become a required part of the action path.
A simple example
Suppose the candidate action is:
{
"type": "send_message",
"channel": "email",
"target": "all_customers",
"content": "We are changing our pricing next month."
}
A weak agent path might simply send it.
A preflighted path should ask:
Is this externally visible?
Is the audience broad?
Is the action reversible?
Is approval required?
Are there legal or contractual constraints?
Is the message final?
Are there safer alternatives?
A possible continuation decision might be:
{
"decision": "escalate_for_approval",
"risk_level": "high",
"rationale": "The action is externally visible, broad in scope, and may have commercial or contractual consequences.",
"required_checks": [
"Confirm pricing details",
"Obtain approval from responsible owner",
"Review customer-facing wording"
]
}
The agent has not been blocked because of a keyword.
It has been routed because the candidate action earned a higher-friction path into execution.
That is closer to consequence-aware action admission than to a simple guardrail.
Preflight is not permission
One important caveat: reasoning about an action and being allowed to take it should be separate layers.
If the same model can justify an action and grant itself permission, preflight can degrade into another prompt the agent rationalizes around.
So Action Preflight should not replace hard enforcement.
The useful architecture is:
preflight explains and structures the candidate action
tool boundary enforces what can actually execute
The preflight layer should produce a structured action-admission object: intent, scope, target, constraints, uncertainty, risk, required approvals, safer alternatives, and a continuation recommendation.
The execution layer should still check:
Is this tool allowed?
Is this target allowed?
Is this scope allowed?
Is authorization present?
Does the final tool call match what was preflighted?
Did the action drift after preflight?
Is this action denied regardless of the model rationale?
Preflight without enforcement can become theater.
Enforcement without preflight can become blind policy.
The useful architecture is the combination.
Why not just put this in a prompt?
You can start there.
A prompt like “think carefully before acting” is better than nothing.
But prompts are a weak place to put reusable agent cognition. They are hard to test, hard to inspect, hard to version, hard to enforce, and easy to mix with unrelated application logic.
The broader idea behind ORCA is that repeatable cognition should become explicit architecture.
Not all of it. Not every thought. Not hidden chain-of-thought.
But selected reasoning processes that matter for agent behavior:
evaluation
evidence handling
uncertainty extraction
risk assessment
memory updates
decision control
pre-action consequence forecasting
These processes should be reusable, testable, inspectable, governed, and traceable.
COGITs and SYLLOGs
In ORCA terminology:
a COGIT is a bounded executable cognitive act;
a SYLLOG is an executable composition of COGITs.
Action Preflight is a SYLLOG.
It composes several smaller reasoning acts into a structured path that can be run before an agent acts.
The implementation keeps the engineering terms capability and skill, but the conceptual model is:
COGIT = bounded cognitive operation
SYLLOG = executable cognitive composition
Why this matters across domains
The same pre-action pattern appears in many domains.
Before acting, an agent may need to know:
What is the target?
What is the scope?
What is missing?
Who is affected?
What could go wrong?
Is this reversible?
Is this authorized?
What alternatives are safer?
Should the action proceed?
That is true for email agents, coding agents, workflow agents, data agents, customer-support agents, and autonomous tool-using systems.
This is why I think pre-action cognition should not live only as hidden prompt text or framework-specific glue.
It should become a reusable layer.
ORCA and the current implementation
I built Action Preflight as part of ORCA, an open cognitive runtime architecture for agents.
The current runtime is available here:
https://github.com/gfernandf/agent-skills
The Action Preflight quickstart is here:
https://github.com/gfernandf/agent-skills/blob/main/docs/ACTION_PREFLIGHT_FORECAST_QUICKSTART.md
The concrete artifact is:
decision.action-preflight-forecast
It can be exposed through HTTP as:
POST /v1/skills/decision.action-preflight-forecast/execute
The main integration object is:
outputs.continuation_decision
I also wrote a paper with the broader argument:
https://zenodo.org/records/21108157
DOI:
https://doi.org/10.5281/zenodo.21108156
The broader claim
Trustworthy agents will not be built only by asking models to reason better.
They will require architectures where the reasoning that matters can be required.
For me, Action Preflight is one example of that idea: a reusable cognitive path that helps candidate actions earn admission into execution.
I would be very interested in feedback from people building agent frameworks, tool-using agents, safety layers, workflow agents, or reusable agent capabilities.
Would you use this kind of explicit pre-action cognition layer in an agent system?

Top comments (0)