Show HN: SafeAgent – exactly-once execution guard for AI agent side effects

3 points by Lions2026 ↗ HN
I built a small Python library called SafeAgent that protects real-world side effects when AI agents retry tool calls.

One issue we ran into while experimenting with agent workflows is that retries can trigger irreversible actions multiple times:

agent calls tool ↓ network timeout ↓ agent retries ↓ side effect happens twice

Examples:

• duplicate payment • duplicate email • duplicate ticket • duplicate trade

Most systems solve this ad-hoc using idempotency keys scattered around different services.

SafeAgent centralizes this into a small execution guard.

The idea is simple:

1. every tool execution gets a request_id 2. SafeAgent records the execution receipt 3. retries return the original receipt instead of running the side effect again

Example:

FIRST CALL REAL SIDE EFFECT: sending email

SECOND CALL WITH SAME request_id SafeAgent returns the original execution receipt (no second side effect)

The project is early but includes examples for:

• OpenAI tool calls • LangChain style tools • CrewAI actions

PyPI: https://pypi.org/project/safeagent-exec-guard/

GitHub: https://github.com/azender1/SafeAgent

Curious how other people are handling retry safety for agent side effects.

2 comments

[ 3.0 ms ] story [ 32.1 ms ] thread
A bit more context on why I built this.

While experimenting with LLM agents calling tools, I ran into a reliability problem: retries can easily trigger irreversible actions more than once.

For example:

agent → call tool network timeout → retry agent retries tool call side effect runs twice

That can mean:

duplicate payment

duplicate email

duplicate ticket

duplicate trade

Most systems solve this locally with idempotency keys, but in agent workflows the retries can come from multiple layers (agent loops, orchestration frameworks, API retries, etc.).

SafeAgent is a small execution guard that sits between the agent and the side effect. Every tool call gets a request_id, and SafeAgent records a durable execution receipt. If the same request is replayed, it returns the original receipt instead of executing again.