We have cases of not great puppet code that apply some change to a host at each puppet run. This is usually a symptom that something is wrong and we should detect it. It's true that we have some particular case in which this is expected but we should try to fix it.
My proposal is to add a check that ensure that during the last N runs (with a large enough N, say 48 to account for 24h) of Puppet, at least once it was a noop. The check could run once an hour or even less frequently.
I don't recall if that data is available locally on the hosts but is surely available on puppetdb (see puppetboard).