Skip to content
Cordum
Cordum
Guide

AI Agent Exactly-Once Is Mostly a Myth

Reliability comes from idempotent design, not one checkbox in a queue service.

Guide10 min readMar 2026
TL;DR
  • -Exactly-once guarantees are usually scoped and conditional, not universal.
  • -At-least-once plus idempotent consumers is the practical baseline for agent actions.
  • -A 0.5% duplicate rate on 20,000 daily actions still means 100 duplicate side effects per day.
  • -Assume duplicate delivery and design each side effect to be replay-safe.
Scope matters

Guarantees vary by region, subscription type, and transaction scope

Idempotent actions

Use stable keys and dedupe ledgers for side-effecting operations

Layered reliability

Combine retries, dedupe, and governance instead of one magic setting

On this page
Scope

This guide focuses on autonomous agent systems that consume messages and trigger external side effects, where duplicate processing creates real operational risk.

The production problem

Teams hear “exactly once” and assume duplicates disappear. Then a retry path or region boundary appears, and the same action runs twice.

In agent systems, duplicate side effects are expensive. One replay can open duplicate incidents, create duplicate PRs, or push duplicate infrastructure changes.

A small duplicate rate still hurts at scale. At 20,000 side-effecting operations per day, 0.5% duplicate execution means roughly 100 duplicate actions every day.

What top results miss

SourceStrong coverageMissing piece
Google Pub/Sub exactly-once deliveryClear exactly-once semantics and constraints (pull subscriptions, regional scope).No guidance for cross-system side effects in autonomous workflows.
Amazon SQS at-least-once deliveryDirect explanation that duplicates can occur and consumers must be idempotent.No framework for policy-gated replay in agent control planes.
Kafka delivery semantics (Confluent docs)Strong description of at-most-once, at-least-once, and exactly-once tradeoffs.Does not cover external side-effect systems outside topic-to-topic transactions.

Delivery semantics model

LayerRequired ruleFailure if missing
Transport deliveryAssume at-least-once unless your exact platform mode says otherwise.Duplicate message handling not implemented.
Processing semanticsStore idempotency keys and processed markers at operation boundaries.Repeated execution of state-changing actions.
External side effectsUse per-action dedupe in destination system when possible.Duplicate tickets, PRs, payments, or infrastructure changes.
Governance layerRun policy checks on replay path too, not just first execution.Unsafe retries bypass runtime controls.

Cordum runtime implications

ImplicationCurrent behaviorWhy it matters
Message bus behaviorJetStream durable subjects with explicit ack/nak and a default 10m AckWaitRedelivery is expected when a handler fails or misses the ack deadline.
Scheduler retry budgetUp to 50 scheduling attempts with 1s-30s backoff before terminal DLQRetries are finite, so replay and dedupe need explicit operator workflows.
Run idempotencyRun creation supports `Idempotency-Key` headerDuplicate submission requests map to one logical run.
DLQ and replayTerminal failures emit DLQ entries for controlled retry/replayAcknowledges that failures and duplicates are operationally normal.
Policy checksSubmit-time and dispatch-time safety evaluationReplay path still passes governance controls before side effects.

Implementation examples

Idempotent consumer skeleton (Go)

consumer.go
Go
func HandleMessage(msg Message) error {
  if alreadyProcessed(msg.IdempotencyKey) {
    return nil
  }

  if err := applySideEffect(msg.Payload); err != nil {
    return err
  }

  markProcessed(msg.IdempotencyKey)
  return nil
}

Delivery policy defaults (YAML)

delivery.yaml
YAML
delivery_semantics:
  default: at_least_once
  replay:
    require_policy_check: true
    require_idempotency_key: true
    deny_if_missing_key: true

Duplicate handling audit event (JSON)

dedupe-event.json
JSON
{
  "message_id": "msg_9041",
  "idempotency_key": "run_18:step_5:create_pr",
  "delivery_attempt": 3,
  "duplicate_detected": true,
  "side_effect_executed": false,
  "decision": "dedupe_skip"
}

Limitations and tradeoffs

  • - Idempotency ledgers add state and storage overhead to consumers.
  • - Strict dedupe windows can reject legitimate replays after long outages.
  • - Exactly-once modes can reduce duplicate work and increase latency/cost in some paths.
  • - Cross-system side effects still need compensation for non-idempotent destinations.

Next step

Run this in one sprint:

  1. 1. Classify each workflow edge as at-most-once, at-least-once, or scoped exactly-once.
  2. 2. Add idempotency keys to every side-effecting operation path.
  3. 3. Track duplicate-detected rate and replay success in dashboards.
  4. 4. Test one forced redelivery scenario per critical workflow.

Continue with AI Agent Idempotency Keys and AI Agent Transactional Outbox Pattern.

Related posts
AI Agent Transactional Outbox Pattern: Avoid Dual-Write Failures (2026)

How to use the transactional outbox pattern for autonomous AI agent systems to avoid inconsistent state between database writes and event dispatch.

AI Agent Idempotency Keys: Stop Duplicate Actions in Production (2026)

How to design idempotency keys for autonomous AI agents with replay-safe retries, parameter checks, and auditable execution lineage.

AI Agent DLQ and Replay Patterns: Production Failure Recovery (2026)

How to design dead-letter queue triage and replay for autonomous AI agents with policy checks, idempotency, and audit-ready evidence.

Design for duplicates

Reliability improves when duplicate delivery is treated as expected behavior, not as an edge case.

QuickstartArchitectureView on GitHub