CCM
/MCP
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

SafeAgent

azender1/safeagent
6STDIOregistry active
Summary

This is an exactly-once execution guard that prevents AI agents from firing duplicate tool calls when Claude retries after errors or crashes. It exposes a /claim endpoint that returns PROCEED on the first call for a given request_id and SKIP on any repeat, blocking double charges, duplicate emails, or repeated orders. The server runs on Railway with pay-per-call pricing via x402 ($0.001 per claim), plus a free /claim/test endpoint for integration testing. Also includes a local SQLite guard you can embed directly in Python agents. The repo shows a real trading bot that prevented duplicate buy orders across 23 executions using stable keys derived from symbol, side, quantity, and bar timestamp. Useful when you're building agents that interact with payment APIs, email services, webhooks, or any broker where firing the same action twice causes real problems.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →

SafeAgent — Execution Guard for AI Agents

Mycelium Provider SafeAgent — Exactly-Once Execution for AI Agents

POST /claim · safeagent-production.up.railway.app
Dashboard: safeagent-dashboard-2.vercel.app

# Claim an action — free, no payment header required
curl -s -X POST https://safeagent-production.up.railway.app/claim \
  -H "Content-Type: application/json" \
  -d '{"request_id":"order:TQQQ:buy:6:2026-05-19T13:31:00-04:00","action":"order"}'
# → {"status":"PROCEED","request_id":"..."}

# Settle after the action fires
curl -s -X POST https://safeagent-production.up.railway.app/settle/order:TQQQ:buy:6:2026-05-19T13:31:00-04:00 \
  -H "Content-Type: application/json" \
  -d '{"result":{"status":"completed"}}'
# → {"status":"committed","request_id":"..."}

# Retry with the same request_id — returns SKIP
curl -s -X POST https://safeagent-production.up.railway.app/claim \
  -H "Content-Type: application/json" \
  -d '{"request_id":"order:TQQQ:buy:6:2026-05-19T13:31:00-04:00","action":"order"}'
# → {"status":"SKIP","request_id":"...","existing":{...}}

# Free test endpoint — same logic, limited to 10 calls per IP
curl -s -X POST https://safeagent-production.up.railway.app/claim/test \
  -H "Content-Type: application/json" \
  -d '{"agent_id":"bot-1","action_type":"order","scope":"TQQQ:buy:bar:2026-05-19T13:31:00-04:00"}'
# → {"status":"PROCEED","request_id":"...","test":true,"calls_remaining":9}

Indexed on Bazaar.


Mycelium Trails

This implementation is a Mycelium Provider. Each completed action submits a trail to ARGENTUM with a content-addressed action_ref (JCS+SHA-256 over the four preimage fields). The returned mycelium_trail_id is included in every receipt for independent verification.


Verified on Soma

SafeAgent is the first verified external integrator on Soma — the Mycelium agent catalog. Every production execution is anchored on-chain via Mycelium Trails and independently verifiable without going through the operator.

  • Integrator badge — verified external client running Mycelium Trails in production
  • Live trails — https://argentum-api.rgiskard.xyz/dashboard/trails?client=safeagent-prod
  • Public audit — any auditor can verify SafeAgent executions independently

What it does

SafeAgent is an exactly-once execution guard. It prevents AI agents and SaaS applications from firing the same action twice — on crash-retry, duplicate signal, webhook replay, or concurrent execution across multiple instances.

Every action gets a stable request_id derived from what the agent is doing and when. The first call commits. Every subsequent call with the same key returns SKIP and the original result. No double charges. No double emails. No double orders. No duplicate webhooks.

State machine: PENDING → COMMITTED | SKIP

Common failure modes SafeAgent prevents:

ScenarioWithout SafeAgentWith SafeAgent
Stripe charge times out, retry firesCustomer charged twiceSecond charge returns SKIP
Welcome email on signup retriedUser gets two welcome emailsSecond send returns SKIP
Webhook delivered twice (Stripe/GitHub/Twilio guarantee at-least-once)Event processed twiceSecond processing returns SKIP
Workspace provisioned on retryTwo workspaces createdSecond provision returns SKIP
AI agent tool call retried after crashDuplicate side effectSecond call returns SKIP

The stack

SafeAgent is the exactly-once enforcement layer in a formally specified agent execution integrity stack:

Polaris (commit-gated authorization)
└── AgentGraph safety verdict (pre-execution safety gate)
    └── SafeAgent (exactly-once execution guard)  ← you are here
        └── Mycelium Trails (on-chain anchor)

Each layer is independently authored and independently verifiable. None trusts the others.


API

POST /claim

Gate an action. Returns PROCEED on first call, SKIP on any repeat.

Request body:

{
  "request_id": "order:TQQQ:buy:6:2026-05-19T13:31:00-04:00",
  "action": "order"
}
  • request_id — stable identifier derived from what the agent is doing. Same inputs = same key.
  • action — the action type being gated (e.g. payment.send, email, trade, order)

Response:

{ "status": "PROCEED", "request_id": "order:TQQQ:buy:6:2026-05-19T13:31:00-04:00" }

Retry with the same payload:

{ "status": "SKIP", "request_id": "order:TQQQ:buy:6:2026-05-19T13:31:00-04:00", "existing": {...} }

POST /settle/{request_id}

Settle a claim after the action fires. Advances status from PENDING to COMMITTED.

curl -s -X POST https://safeagent-production.up.railway.app/settle/order:TQQQ:buy:6:2026-05-19T13:31:00-04:00 \
  -H "Content-Type: application/json" \
  -d '{"result":{"status":"completed","txid":"abc123"}}'
{ "status": "committed", "request_id": "..." }

POST /claim/test

Free test endpoint — same logic, no payment required. Limited to 10 calls per IP total.

curl -s -X POST https://safeagent-production.up.railway.app/claim/test \
  -H "Content-Type: application/json" \
  -d '{"agent_id":"bot-1","action_type":"order","scope":"TQQQ:buy:6:bar:2026-05-19T13:31:00-04:00"}'
{ "status": "PROCEED", "request_id": "...", "test": true, "calls_remaining": 9 }

GET /audit

Full claim history. Filter by agent_id, action, status, or timestamp range.

curl "https://safeagent-production.up.railway.app/audit?agent_id=bot-1&status=COMMITTED"
{"items": [...], "total": 5, "limit": 100, "offset": 0}

Parameters: agent_id, action, status, from_ts, to_ts, limit (max 1000), offset.


Integration

Python

import requests

def claim(request_id: str, action: str) -> dict:
    r = requests.post(
        "https://safeagent-production.up.railway.app/claim",
        headers={"Content-Type": "application/json"},
        json={"request_id": request_id, "action": action}
    )
    return r.json()  # {"status": "PROCEED"|"SKIP", "request_id": "..."}

def settle(request_id: str, result: dict) -> dict:
    r = requests.post(
        f"https://safeagent-production.up.railway.app/settle/{request_id}",
        headers={"Content-Type": "application/json"},
        json={"result": result}
    )
    return r.json()

# Usage
response = claim("payment:customer-123:invoice-456", "payment.send")
if response["status"] == "PROCEED":
    result = send_payment(...)
    settle("payment:customer-123:invoice-456", {"status": "completed"})
elif response["status"] == "SKIP":
    print("Already executed, skipping")

SaaS (Stripe / email / webhooks)

import requests

def safe_stripe_charge(customer_id, amount, idempotency_key):
    request_id = f"stripe:charge:{customer_id}:{idempotency_key}"

    response = requests.post(
        "https://safeagent-production.up.railway.app/claim",
        headers={"Content-Type": "application/json"},
        json={"request_id": request_id, "action": "stripe_charge"}
    ).json()

    if response["status"] == "SKIP":
        return response.get("existing")

    charge = stripe.PaymentIntent.create(amount=amount, customer=customer_id)
    requests.post(
        f"https://safeagent-production.up.railway.app/settle/{request_id}",
        headers={"Content-Type": "application/json"},
        json={"result": {"charge_id": charge.id}}
    )
    return charge

Webhook deduplication — Stripe, GitHub, and Twilio all guarantee at-least-once delivery. SafeAgent turns at-least-once into exactly-once:

def handle_stripe_webhook(event):
    response = requests.post(
        "https://safeagent-production.up.railway.app/claim",
        headers={"Content-Type": "application/json"},
        json={"request_id": event["id"], "action": "stripe_event"}
    ).json()

    if response["status"] == "SKIP":
        return {"ok": True}

    provision_subscription(event)
    requests.post(
        f"https://safeagent-production.up.railway.app/settle/{event['id']}",
        headers={"Content-Type": "application/json"},
        json={"result": {"processed": True}}
    )

CrewAI

from crewai import Agent
import sqlite3

guard_con = sqlite3.connect("safeagent_orders.db", check_same_thread=False)
# ... same guard pattern, keyed on tool_name + input hash + session_id

PR crewAIInc/crewAI#5822 adds pluggable idempotency backends. SafeAgent's SQLite schema is compatible.

WisePick

WisePick is a deterministic routing layer for agent runtimes. The integration splits capability selection from durable, idempotent execution — WisePick answers what and which provider, SafeAgent answers whether this logical work already ran.

Stack:

WisePick /v1/decide → DashClaw → SafeAgent → Mycelium Trails → Base/Arbitrum
  • Adapter: adapters/safeagent_adapter.py
  • Integration docs: docs/integrations/safeagent.md
  • Integration thread: SafeAgent #9

Local guard (embedded SQLite)

The same guarantee without the network call. Drop this into any Python agent:

import sqlite3

_SA_DB = "safeagent_orders.db"
_sa_con = sqlite3.connect(_SA_DB, check_same_thread=False)
_sa_con.execute("""CREATE TABLE IF NOT EXISTS orders (
    request_id TEXT PRIMARY KEY,
    result     TEXT,
    status     TEXT DEFAULT 'PENDING',
    created_at TEXT DEFAULT (datetime('now'))
)""")
_sa_con.commit()

def place_order_with_guard(symbol, qty, side, bar_ts):
    request_id = f"order:{symbol}:{side}:{qty}:{bar_ts}"

    _sa_con.execute(
        "INSERT OR IGNORE INTO orders (request_id, status) VALUES (?, 'PENDING')",
        (request_id,)
    )
    _sa_con.commit()

    row = _sa_con.execute(
        "SELECT status, result FROM orders WHERE request_id = ?",
        (request_id,)
    ).fetchone()

    if row and row[0] == 'COMMITTED':
        print(f"SAFEAGENT SKIP: {request_id}")
        return row[1]

    result = place_order(symbol, qty, side)

    _sa_con.execute(
        "UPDATE orders SET status='COMMITTED', result=? WHERE request_id=?",
        (json.dumps(str(result)), request_id)
    )
    _sa_con.commit()
    return result

Case study: crash-retry duplicate prevention

A trading bot fires a market order to buy 6 shares of TQQQ. The broker accepts it. The bot crashes before updating state. On restart — same signal, same bar — the bot fires again. The broker fills it twice. The agent now holds 12 shares when it intended to hold 6.

This is not theoretical. It happens on any unhandled exception between order submission and state persistence.

SafeAgent derives a stable key before touching the broker:

request_id = "order:TQQQ:buy:6:2026-05-19T13:31:00-04:00"

First call: PROCEED. Side effect fires. Settle writes COMMITTED.
Crash and retry: SKIP. Broker never touched again.


Case study: live duplicate blocking — May 21, 2026

Six confirmed SKIP events from a live session on the full stack: DashClaw, SafeAgent, Mycelium Trails, Base/Arbitrum, broker Alpaca.

  • 0942 ET: duplicate buy TQQQ qty=6 blocked, $452
  • 0947 ET: duplicate add TQQQ qty=6 blocked, $452
  • 0949 ET: duplicate sell TQQQ qty=12 on flip, $902
  • 1000 ET: duplicate entry TQQQ qty=6 blocked, $454
  • 1014 ET: duplicate sell TQQQ qty=18 on V20 flip, $1,350
  • 1106 ET: duplicate SQQQ add during scale-in, $43

Full session data: https://gist.github.com/azender1/b9112b6519c935df4a75cb05cd250e26


Conformance

SafeAgent participates in the A2A cross-implementation conformance corpus. Byte-verified fixtures across four independent implementations:

  • kenneives (agentgraph) — verifier-attestation-v0: 30/30 ✓
  • evidai (LemonCake) — gated-preflight-v1: 33/33 ✓
  • haroldmalikfrimpong-ops (agentid) — independent verifier ✓
  • SafeAgent — exactly-once-v1.1 ✓

A2A #1920 closed. All four implementations satisfy freshness and replay requirements.


Canonical action_ref derivation

JCS (RFC 8785), aligned with argentum-core, Nobulex, and APS:

import hashlib
import rfc8785

def compute_action_ref(
    agent_id: str,
    action_type: str,
    scope: str,
    timestamp: str,  # RFC 3339 UTC, 3-digit ms: "2026-05-15T10:00:00.123Z"
) -> str:
    payload = {
        "agent_id": agent_id,
        "action_type": action_type,
        "scope": scope,
        "timestamp": timestamp,
    }
    canonical = rfc8785.dumps(payload)
    return hashlib.sha256(canonical).hexdigest()

timestamp is an RFC 3339 UTC string with exactly 3 millisecond digits. The trailing Z is mandatory.

Conformance fixtures: giskard09/argentum-core tag action-ref-v1.0


Deployment

Railway · Serverless OFF · always-on
PyPI: pip install safeagent-exec-guard
npm: npm install n8n-nodes-safeagent
MCP Registry: io.github.azender1/safeagent
Dashboard: safeagent-dashboard-2.vercel.app


License

Apache-2.0

Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
Registryactive
Packagesafeagent-exec-guard
TransportSTDIO
UpdatedApr 26, 2026
View on GitHub