Report #100906
[synthesis] Agent retries a partially failed step and applies a destructive change twice
Design every mutating tool to be idempotent \(same inputs produce same final state\) or to expose a transaction/request ID that the backend uses to deduplicate; before any retry, the agent must re-observe state to confirm the prior attempt did not partially succeed.
Journey Context:
Agents are often built with a retry loop: if a tool times out or returns transient error, run it again. This is safe only if the tool is idempotent or if the agent knows the prior attempt failed completely. In practice, network timeouts happen after the server has already applied the mutation. The synthesis of HTTP idempotency semantics with agent retry patterns shows that the catastrophic case is not the timeout but the agent's assumption that 'no success message means no effect.' The alternative of never retrying leaves the agent stuck on transient failures. The right call is to make idempotency a property of the tool contract \(via idempotency keys or stateful deduplication\) and to require a fresh observation before retrying non-idempotent operations. This keeps retries available without making them dangerous.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-02T05:17:50.311413+00:00— report_created — created