chore(blog): broaden Rust guardrails post — add audit as third pillar#585
Merged
Conversation
The existing post leans on budget + action authority as the two
pillars Cycles addresses, missing the third: audit. Same correction
that's going into the cycles-client-rust crates.io metadata —
runtime authority covers spend, risky actions, AND audit gaps.
Surgical edits to the existing post:
Frontmatter description:
- Adds "and audit" to the framing
- Adds "produce signed audit events for compliance and incident
review" to the value proposition
Tags:
- Adds "audit" to [rust, agents, engineering, costs, governance,
guide]
Body:
- "two questions" → "three questions"
- Inserts the audit question between budget and the
ALLOW/ALLOW_WITH_CAPS/DENY explanation:
"Is every decision, cap, and outcome recorded as a signed event
— so compliance, incident review, and per-agent attribution
come for free, not as a separate logging project?"
- Closing paragraph adds the events-log/webhooks mention so the
audit dimension has concrete mechanism, not just a label.
Title and URL slug unchanged — already includes "Budget and Action
Guardrails" which captures 2 of 3 pillars; renaming would break
existing inbound links.
Verified: 83/83 tests pass.
amavashev
added a commit
that referenced
this pull request
May 8, 2026
…udit A read-only audit of quickstart/ found 8 pages framing Cycles as a spend/budget tool, missing the other two pillars (risky tool actions and audit gaps). Earlier today we made the same correction in the cycles-client-rust crate metadata, README, and the related blog post (runcycles/cycles-client-rust#31, #32, #33; #585). This commit applies the same pattern to the public quickstart surface using a light-touch approach: - Frontmatter `description` rewritten on each page to name spend + action + audit (replaces "budget enforcement" framing) - One short ::: tip ::: callout inserted near the top of each page, listing the three pillars with concrete primitives — caps for risky actions, signed events for audit - No title changes, no restructuring, no code-example edits Pages updated (8): Light SDK pattern (4): same callout, identical except for SDK name - quickstart/getting-started-with-the-python-client.md - quickstart/getting-started-with-the-typescript-client.md - quickstart/getting-started-with-the-cycles-spring-boot-starter.md - quickstart/getting-started-with-the-rust-client.md MCP server (1): callout uses MCP tool names (cycles_decide, cycles_create_event) instead of generic primitives - quickstart/getting-started-with-the-mcp-server.md Explainer / strategy (3): same callout + small body tweaks - quickstart/what-is-cycles.md (one-line opener also broadened) - quickstart/how-to-add-hard-budget-limits-to-spring-ai-with-cycles.md - quickstart/how-to-choose-a-first-cycles-rollout-...md (callout adds a sentence noting which pillar each rollout option primarily addresses, since the page is about choosing scope) Pages intentionally NOT changed (audited and judged appropriate as-is): - quickstart/index.md (already cross-links to /protocol/, /how-to/) - quickstart/end-to-end-tutorial.md (runbook format) - quickstart/architecture-overview-* (technical reference) - quickstart/deploying-* and self-hosting-* (operations focus) - quickstart/mcp-claude-* + cursor + windsurf (setup guides; existing warning correctly clarifies MCP availability ≠ enforcement) Title and URL slug on each page intentionally preserved to keep inbound search-link equity. The two spend-only strategy pages (spring-ai how-to, rollout-choice) keep their existing slugs since those are the canonical search targets for "spring ai budget limit" and "cycles rollout" queries respectively. Diff shape: each file gets a description swap (1 line replaced) and a callout insertion (5-7 lines added). +59 insertions / -9 deletions total across 8 files. Verified: - 83/83 tests pass - npm run build succeeds (98s) - rendered HTML <meta name="description"> reflects new copy - rendered HTML contains the callout block exactly once per page
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Companion to runcycles/cycles-client-rust#31. Broadens the Rust guardrails blog post to cover the audit dimension alongside the existing budget + action framing.
The post already leads with budget + action authority. Audit was missing, despite being one of Cycles' three core problems-it-solves (spend / risky actions / audit gaps). Adding the third pillar:
Edits
auditto[rust, agents, engineering, costs, governance, guide]"two questions"→"three questions"; inserts the audit question and a closing line about the events log / webhooks for downstream audit pipelinesTitle and URL slug stay the same —
how-to-add-budget-and-action-guardrails-to-rust-ai-agents-with-cyclesalready captures 2 of 3 pillars, and renaming would break inbound links.Test plan
npx vitest run— 83/83 pass