From ad9c6c50c3586517456c260e16d4924ff97e5584 Mon Sep 17 00:00:00 2001 From: Albert Mavashev Date: Fri, 8 May 2026 07:38:52 -0400 Subject: [PATCH] =?UTF-8?q?chore(blog):=20broaden=20Rust=20guardrails=20po?= =?UTF-8?q?st=20=E2=80=94=20add=20audit=20as=20third=20pillar?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The existing post leans on budget + action authority as the two pillars Cycles addresses, missing the third: audit. Same correction that's going into the cycles-client-rust crates.io metadata — runtime authority covers spend, risky actions, AND audit gaps. Surgical edits to the existing post: Frontmatter description: - Adds "and audit" to the framing - Adds "produce signed audit events for compliance and incident review" to the value proposition Tags: - Adds "audit" to [rust, agents, engineering, costs, governance, guide] Body: - "two questions" → "three questions" - Inserts the audit question between budget and the ALLOW/ALLOW_WITH_CAPS/DENY explanation: "Is every decision, cap, and outcome recorded as a signed event — so compliance, incident review, and per-agent attribution come for free, not as a separate logging project?" - Closing paragraph adds the events-log/webhooks mention so the audit dimension has concrete mechanism, not just a label. Title and URL slug unchanged — already includes "Budget and Action Guardrails" which captures 2 of 3 pillars; renaming would break existing inbound links. Verified: 83/83 tests pass. --- ...nd-action-guardrails-to-rust-ai-agents-with-cycles.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/blog/how-to-add-budget-and-action-guardrails-to-rust-ai-agents-with-cycles.md b/blog/how-to-add-budget-and-action-guardrails-to-rust-ai-agents-with-cycles.md index a68eb883..7d3e31ed 100644 --- a/blog/how-to-add-budget-and-action-guardrails-to-rust-ai-agents-with-cycles.md +++ b/blog/how-to-add-budget-and-action-guardrails-to-rust-ai-agents-with-cycles.md @@ -2,8 +2,8 @@ title: "How to Add Budget and Action Guardrails to Rust AI Agents with Cycles" date: 2026-03-31 author: Albert Mavashev -tags: [rust, agents, engineering, costs, governance, guide] -description: "Add budget and action authority to Rust AI agents — control spend, tool access, token limits, and step counts with compile-time safety." +tags: [rust, agents, engineering, costs, governance, audit, guide] +description: "Add budget, action, and audit authority to Rust AI agents — control spend, tool access, token limits, step counts, and produce signed audit events for compliance and incident review, with compile-time safety." blog: true sidebar: false featured: false @@ -15,12 +15,13 @@ A retry loop on a Rust agent service hit a transient 503 from the LLM provider. -This is the gap that Cycles fills. It's not just a billing meter — it's a **[runtime authority](/glossary#runtime-authority)** for both **budget** and **action control**. Before an agent calls an LLM, Cycles answers two questions: +This is the gap that Cycles fills. It's not just a billing meter — it's a **[runtime authority](/glossary#runtime-authority)** for **budget, action control, and audit**. Before an agent calls an LLM and after every decision settles, Cycles answers three questions: 1. **Budget:** Does this agent have enough budget for this operation? 2. **Action:** Is this agent *allowed* to take this action right now? (Which tools? How many [tokens](/glossary#tokens)? How many steps remaining? Is there a cooldown?) +3. **Audit:** Is every decision, cap, and outcome recorded as a signed event — so compliance, incident review, and per-agent attribution come for free, not as a separate logging project? -The server returns either ALLOW, ALLOW_WITH_CAPS (proceed but with constraints), or DENY — and the client enforces it before the expensive call happens. +The server returns either ALLOW, ALLOW_WITH_CAPS (proceed but with constraints), or DENY — and the client enforces it before the expensive call happens. Every reservation, commit, release, and decision drops into an append-only event log that the events service streams to webhooks for downstream audit pipelines. The `runcycles` crate brings this to Rust with an API designed around ownership semantics and compile-time safety. This post shows how to integrate it into existing Rust agent code at three levels of control.