Compensating Action

also known as Saga, Undo Step, Rollback Action

Pair every irreversible-looking agent action with a compensating action that can undo or counteract it.

This pattern helps complete certain larger patterns —

used-byKill Switch★— Provide an out-of-band control plane to halt running agent instances without redeploy.
used-byInterruptible Agent Execution★— Treat pause, resume, and cancel as a first-class control surface on every long-running agent so users can halt expensive or off-track trajectories mid-task while state is preserved for resumption.

Context

An agent is executing a multi-step plan that writes to several systems in sequence — book a flight, then a hotel, then a car, or charge a card, then provision an account, then send a welcome email. Each step succeeds or fails independently, and the agent is operating across services that have no shared transactional boundary. Some of the early steps will have already landed in the real world by the time a later step fails.

Problem

Most agent tool palettes do not offer distributed transactions across the third-party systems the agent talks to, so there is no built-in mechanism to roll back a multi-step plan when one step fails. Without an explicit undo strategy, a failure halfway through the plan leaves the world in an inconsistent state: the flight is booked but the hotel is not, the card has been charged but the account does not exist. The agent then either retries blindly and double-books, or stops and leaves a human to clean up by hand.

Forces

Not every action has a clean compensator.
Compensation logic is a separate code path.
Idempotency matters: compensating an already-compensated action must be safe.

Example

A booking agent reserves a flight, then a hotel, then realises the dates conflict with the user's calendar. There's no two-phase commit across these vendors. The team requires every irreversible-looking action to be paired with a compensating action: book_flight registers cancel_flight(reservation_id) on a stack, book_hotel pairs with cancel_hotel. When the agent detects the conflict, it walks the stack and undoes the steps in reverse order, leaving the user where they started.

Diagram

flowchart TD P[Plan: A1, A2, A3] --> A1[Action A1<br/>+ compensator C1] A1 --> A2[Action A2<br/>+ compensator C2] A2 --> A3[Action A3<br/>+ compensator C3] A2 -.fails.-> RB[Run compensators<br/>in reverse] RB --> C2[C2] C2 --> C1[C1] C1 --> S[Prior state restored]

Solution

Therefore:

For each forward action, define a compensating action (delete-after-create, refund-after-charge, archive-after-publish). On failure mid-plan, run compensators in reverse order to restore the prior state. Idempotent compensators.

What this pattern forbids. Forward actions cannot be invoked without a registered compensator; uncompensable actions need explicit operator approval.

The smaller patterns that complete this one —

usesProvenance Ledger★★— Log every agent decision and state change with enough metadata to explain or reverse it later.

And the patterns that stand alongside it, or against it —

complementsHuman-in-the-Loop★★— Require explicit human approval at defined points before the agent performs an action.
complementsApproval Queue★★— Queue agent-proposed actions for asynchronous human review while the agent continues other work.
alternative-toSimulate Before Actuate★— Before issuing an irreversible action, run a deterministic simulation that computes pre-conditions, invariants, and expected deltas; require a verifier — automated or human — to green-light the simulated outcome before the real command is sent.
complementsRace Conditions on Shared Tool Resources✕— Anti-pattern: let concurrent agents perform read-modify-write on shared external resources without locking, producing silent data corruption.
complementsMissing Idempotency on Agent Calls✕— Anti-pattern: retry state-mutating agent tool calls without idempotency keys, so retries multiply real-world side effects.
complementsDry-Run Harness★— Simulate planned actions (and their projected side effects) without committing them, surfacing a reviewable diff before any commit.
complementsStochastic-Deterministic Boundary (SDB)★— Formalize the seam between an LLM proposal and a system action as a four-part contract — proposer, verifier, commit step, reject signal — so the contract itself, not the agent's good intent, gates side-effects.
complementsScatter-Gather Plus Saga★— Distribute tasks across worker agents and aggregate results while maintaining distributed-transaction semantics via compensating actions on partial failure.

Neighbourhood

Click any neighbour to follow the language. Scroll to zoom, drag to pan.

Used in recipes

Used in frameworks

Temporal
first-class10 patternsWorkflow Engines★★ mature
Saga pattern documented as a list of compensating Activities executed in reverse order on failure.

References

Sagas (Garcia-Molina, Salem)
paper

Provenance

Source: patterns/compensating-action.md on GitHub · commit 4fa1213 · view history
Added to catalog: 2026-04-30
Last updated: 2026-05-22
Contribute: open an issue or PR at github.com/agentpatternscatalog/patterns.