That’s an interesting way to frame it.

What we kept running into is that even when the agent output itself is correct and admissible, distributed systems behavior can still produce duplicate mutations once execution starts — retries, worker restarts, async scheduling, etc.

So the layer we focus on is the execution boundary itself: once a tool call or API mutation is approved, ensuring that action commits exactly once.

Pre-execution validation definitely helps reduce bad decisions upstream. Our assumption is that even with good validation, the execution layer still needs deterministic guarantees because infrastructure failures are unavoidable.