Governance Deep Dive: Designing for Replayed Agent Actions

Governance design should assume actions will be replayed and define how the system distinguishes safe repetition from duplicated harm.

Replay is not always malicious. It can come from retries, duplicated events, or a human operator repeating a step under stress. Governance has to make those situations safe anyway.

The design question

How will the system tell the difference between a legitimate repeat and a duplicated harmful action?

Useful controls

• Action identity and deduplication.
• Version-aware write checks.
• Audit evidence that shows whether the action already happened.

Use the trust levels, AuthGuardian, and audit schema to define replay-safe controls.