docs(blog): Agentic Guardrails and Controls #6329
Conversation
| }, | ||
| blog: { | ||
| showReadingTime: true, | ||
| readingTime: ({ content, frontMatter, defaultReadingTime }) => |
There was a problem hiding this comment.
Allows this to be provided (optionally) as metadata on the post
There was a problem hiding this comment.
Pull request overview
This PR adds a blog post about applying the CORS security model to agentic AI systems and MCP tool calling. The post discusses content injection attacks against LLMs and proposes guardrails similar to browser CORS protections.
- Adds custom reading time support in Docusaurus configuration to override automatic reading time calculations
- Adds new author Clinton Carpene and updates Alex Rosenzweig's profile image URL
- Includes new blog post dated 2026-01-05 covering agent security guardrails
Reviewed changes
Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| documentation/docusaurus.config.ts | Adds readingTime function to allow front matter override of calculated reading time |
| documentation/blog/authors.yml | Adds clinton author entry and updates alex's LinkedIn profile image URL with permanent link |
| documentation/blog/2026-01-05/index.md | New blog post on applying CORS security model to agent tool calling (not shown in diff but present in PR) |
| documentation/blog/2026-01-05/agentic_guardrails_header.png | Header image for the new blog post (not shown in diff but present in PR) |
There was a problem hiding this comment.
this directory should be named something like documentation/blog/2026-01-05-agentic-guardrails-and-controls
|
this needs to change to your actual image url address.. <meta property="og:image" content="http://block.github.io/goose/assets/images/agent-guardrails-header.png" />I think it should be this <meta property="og:image" content="http://block.github.io/goose/assets/images/agentic_guardrails_header-bb29f4bf9535195b45a0483af23feb14.png" />same with this <meta name="twitter:image" content="http://block.github.io/goose/assets/images/agent-guardrails-header.png" /> |
|
why hard code the reading time? |
The reading time estimate is incorrect due to it interpreting the images as additional text to read |
|
remove the first header sorry the diff is too large so Im not able to see it and comment on particular lines. I just checked out the branch on my side |
|
Oh I think you need to add a truncate tag! :D You can do it here In [our previous blog post](https://block.github.io/goose/blog/2025/03/31/securing-mcp/) we detailed the Model Context Protocol (MCP) system and discussed some security concerns and mitigations. As a brief recap, MCP provides agents with a means to accomplish tasks using defined tools; reducing the burden of using complex and varied APIs and integrations on the agent.
<!--truncate--> |
|
Numbering/lettering is mixed up a little here 
|
| clinton: | ||
| name: Clinton Carpene | ||
| title: Staff Security Engineer | ||
| image_url: https://avatars.githubusercontent.com/u/244417824?v=4 |
There was a problem hiding this comment.
The GitHub avatar user ID '244417824' appears unusually high for a standard GitHub user ID pattern. GitHub user IDs are typically sequential integers that are much lower in value. Verify this is the correct user ID by checking the GitHub profile directly, as an incorrect ID will result in a broken profile image.
| image_url: https://avatars.githubusercontent.com/u/244417824?v=4 | |
| image_url: https://github.com/ccarpene-blk.png |
There was a problem hiding this comment.
Our original link works and aligns with the convention of other links
This was expected. I could add Q: in front of the first bits? |
|
hmm many of the headings are using h1 like # Caveats and Limitations , but they may need ## or ### . Because it didnt generate a Table of Contents for you all, which would be super helpful. also when i click : If you already know all this stuff feel free to skip forward >>, it doesnt scroll to the thread model paragraph for me |
ohhhhhh hmmmm..possible suggestion |
Let me make that change really quickly |
Sure! All changed |
|
im thinking you can make the blog post more skimmable if you wrap the json in a details tag like this <details>
<summary>Example: Agent conversation with tool calls</summary>
```json
[
{
"type": "tool_definition",
"tool": {
"name": "read_email",
"description": "Read the user's email.",
"input_schema": {
"type": "object",
"properties": {
"folder": { "type": "string" },
"unread_only": { "type": "boolean" },
"limit": { "type": "integer" }
},
"required": ["folder"]
}
}
},
{
"type": "content",
"role": "system",
"content": [
{
"type": "text",
"text": "You are an assistant that helps the user manage their email. Use tools whenever needed."
}
]
},
{
"type": "content",
"role": "user",
"content": [
{
"type": "text",
"text": "Can you check my unread emails and tell me if any mention security?"
}
]
},
{
"type": "action",
"action": "read_email",
"action_id": "act_001",
"parameters": {
"folder": "INBOX",
"unread_only": true,
"limit": 10
}
},
{
"type": "action_result",
"action_id": "act_001",
"result": {
"emails": [
{
"id": "msg_1",
"subject": "Team update",
"from": "[email protected]",
"body": "Hey team,\nJust a quick note: security rocks.\nThanks,\nEng Leads"
},
{
"id": "msg_2",
"subject": "Lunch",
"from": "[email protected]",
"body": "Hey, want to grab lunch tomorrow?"
}
]
}
},
{
"type": "content",
"role": "assistant",
"content": [
{
"type": "text",
"text": "I checked your unread emails. One email titled \"Team update\" mentions security and says: \"security rocks.\" Another unread email does not mention security."
}
]
}
] |
Love this idea! Pushing the change now |
2 participants
Summary
This PR adds the Blog Post relating to MCP (and general agentic tool usage security) based on the CORS model.
A minor change has been made to the hosting engine to allow specification of reading time. This was due to the reading time not being accurately estimated with Google Docs style image markdown conversions.
Type of Change
AI Assistance
Testing