Deterministic execution guard for AI agents: request-id dedup + finality gating + durable state.
Project description
SafeAgent
Exactly-once execution guard for AI agent side effects.
SafeAgent prevents duplicate, replayed, or premature irreversible actions triggered by LLM-based agents.
It provides:
- request-id (nonce) deduplication
- deterministic state transitions
- exactly-once execution semantics
- durable state persistence with SQLite
SafeAgent sits between an agent decision and the irreversible side effect.
Typical protected actions include:
- emails
- payments
- tickets
- trades
Install
pip install safeagent-exec-guard
Requires Python 3.10+.
Why SafeAgent
AI agents frequently retry tool calls when:
- APIs time out
- orchestration layers restart
- network calls fail
- workflows replay events
Without protection, this can cause duplicate side effects such as repeated emails, payouts, tickets, or trades.
SafeAgent ensures irreversible actions run exactly once for a given request_id.
Exactly-once Tool Execution
from safeagent_exec_guard import SettlementRequestRegistry
registry = SettlementRequestRegistry()
def send_email(payload):
print("SENDING EMAIL to", payload["to"])
receipt = registry.execute(
request_id="email:C123:invoice",
action="send_email",
payload={"to": "c123@example.com"},
execute_fn=send_email,
)
print(receipt)
If the same request_id is replayed, SafeAgent returns the original receipt instead of executing the side effect again.
OpenAI-style Tool Example
from safeagent_exec_guard import SettlementRequestRegistry
registry = SettlementRequestRegistry()
def send_email(payload):
print("REAL SIDE EFFECT: sending email to", payload["to"])
receipt = registry.execute(
request_id="email:user123:invoice",
action="send_email",
payload={
"to": "user123@example.com",
"template": "invoice_reminder",
},
execute_fn=send_email,
)
print(receipt)
Example output:
FIRST CALL
REAL SIDE EFFECT: sending email to user123@example.com
SECOND CALL WITH SAME request_id
dedup_same_request_id
same execution_id returned
LangChain-style Tool Example
from safeagent_exec_guard import SettlementRequestRegistry
registry = SettlementRequestRegistry()
def send_email(payload):
print("REAL SIDE EFFECT: LangChain email to", payload["to"])
return {"status": "sent", "to": payload["to"]}
def safe_langchain_tool(request_id, payload):
return registry.execute(
request_id=request_id,
action="send_email",
payload=payload,
execute_fn=send_email,
)
print(safe_langchain_tool("langchain_email_1", {"to": "user@example.com"}))
print(safe_langchain_tool("langchain_email_1", {"to": "user@example.com"}))
SafeAgent ensures retries do not execute the side effect twice.
CrewAI-style Tool Example
from safeagent_exec_guard import SettlementRequestRegistry
registry = SettlementRequestRegistry()
def crew_send_email(payload):
print("REAL SIDE EFFECT: CrewAI email to", payload["to"])
return {"status": "sent", "to": payload["to"]}
def crew_safe_action(request_id, payload):
return registry.execute(
request_id=request_id,
action="send_email",
payload=payload,
execute_fn=crew_send_email,
)
print(crew_safe_action("crew_email_1", {"to": "crew@example.com"}))
print(crew_safe_action("crew_email_1", {"to": "crew@example.com"}))
CrewAI agents can retry actions safely because SafeAgent deduplicates execution.
Agent Retry Demo
Simulate an AI agent retrying a payment action:
python examples/agent_retry_demo.py
The customer is charged only once even if the agent retries.
State Machine
SafeAgent enforces deterministic finality:
OPEN
→ RESOLVED_PROVISIONAL
→ IN_RECONCILIATION
→ FINAL
→ SETTLED
Properties:
- ambiguous signals enter reconciliation
- execution allowed only in
FINAL - replay-safe execution
- late signals ignored after finality
Demos
Duplicate execution prevention:
python examples/safe_agent_demo.py
AI outcome simulation:
python examples/simulate_ai.py
Persistence demo:
python examples/persist_demo.py
OpenAI tool example:
python examples/openai_tool_safeagent.py
LangChain example:
python examples/langchain_safeagent.py
CrewAI example:
python examples/crewai_safeagent.py
Project Structure
models.py
state_machine.py
reconciliation.py
gate.py
store.py
policy.py
settlement_requests.py
examples/
safe_agent_demo.py
simulate_ai.py
persist_demo.py
nonce_demo.py
openai_tool_safeagent.py
langchain_safeagent.py
crewai_safeagent.py
License
Apache-2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file safeagent_exec_guard-0.1.10.tar.gz.
File metadata
- Download URL: safeagent_exec_guard-0.1.10.tar.gz
- Upload date:
- Size: 24.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d8f28c3c33470b164ec9ae9d899430bc1fc2e187e46f1c7c3ed1981d98ac166c
|
|
| MD5 |
b5b504a09ad1fc0b7391f6b98515a921
|
|
| BLAKE2b-256 |
52da12f034f867bfdb8e2a0bd46b188f650c3740994d81c7604d58062565dd54
|
File details
Details for the file safeagent_exec_guard-0.1.10-py3-none-any.whl.
File metadata
- Download URL: safeagent_exec_guard-0.1.10-py3-none-any.whl
- Upload date:
- Size: 21.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f19953164ad766d53e6488bba2a15c1b8fa5fa0d2074f89127b394cf64253f57
|
|
| MD5 |
63e51b5b5948c39d64c515bf21fe89cb
|
|
| BLAKE2b-256 |
00775c1c8bf24164458644b7e9d13ea85ba772127e8efb1e0761462f51a3c252
|
