OxDeAI demo blocks duplicate executions

This is the right abstraction: most agent failures happen at the execution boundary, not in the prompt. If the check is deterministic and cheap, you get fail-closed control instead of hoping retries, idempotency, or post-hoc cleanup save you.

• –The demo is strong because the request itself does not change; only state changes, and that is enough to flip ALLOW to DENY.
• –Verifiable authorization artifacts matter more than logs here: they turn the decision into something offline-auditable, not just a runtime trace.
• –The repo already looks like infrastructure, not a toy demo: the core guard sits under thin adapters for LangGraph, OpenAI Agents SDK, CrewAI, AutoGen, and OpenClaw.
• –This does not replace idempotency keys or transaction safety, but it can stop the second side effect before it ever reaches the tool.
• –The real adoption test is policy design and state modeling, especially for legitimate retries, budgets, and concurrency limits.