I built agent-ledger to prevent agents from running the same tool calls multiple times (after a crash, a webhook retry, or LLM retry after a timeout). Without it, you can get duplicate side effects (emails sent twice, tickets created twice) and no way to tell what already executed.

It's a small Python library that sits at the tool call boundary. It hashes (workflow_id, tool, args) into an idempotency key and keeps it in a ledger. It runs the handler once, replays the stored result on retry.

It also supports human-in-the-loop approval flows. The approval is bound to the exact payload hash, so you can't approve one action and execute a different one. And since every effect has a lifecycle (processing → succeeded/failed/denied), you can see exactly what changes the agent has made to your external systems/APIs.

Key features: - Deduplication of tool calls by hashing them into a stable idempotency key - Exactly-once execution if downstream APIs support idempotency keys (pass effect.idem_key to Stripe, etc.) - Human-in-the-loop approvals (intent-bound to exact tool call args) - Queryable effect receipts — what ran, what failed, what's pending approval - Postgres for production, in-memory for prototyping

Github: https://github.com/rune0-dev/agent-ledger Website: https://rune0.com

Would love feedback on the lib, edge cases you've hit with agents doing real side effects, or any feature ideas.