Problem: AgentWrit audits what's issued (24 event types in a hash chain) but not what's used at the resource server. An agent with calendar.readonly trying to write events gets silent 403s — nobody notices until the workflow breaks.
Proposed: A scope-usage audit that compares granted scopes vs actually-exercised scopes. Catches:
- Agents requesting scopes they never use (over-permissioned)
- Agents getting denied scopes they need (under-permissioned)
- Silent failure spirals before they become incidents
Depends on: #39 (Resource server) — scope drift detection requires the resource server to report usage events back to the broker.
Design questions:
- Does the resource server report back to the broker?
- Or does the agent report its own usage?
- Can this be inferred from audit events + external logs?
Why this matters: Scope attenuation is only half the story. Knowing whether the scope was right is the other half.
Inspired by community feedback — real practitioner running calendar agents.
Problem: AgentWrit audits what's issued (24 event types in a hash chain) but not what's used at the resource server. An agent with
calendar.readonlytrying to write events gets silent 403s — nobody notices until the workflow breaks.Proposed: A scope-usage audit that compares granted scopes vs actually-exercised scopes. Catches:
Depends on: #39 (Resource server) — scope drift detection requires the resource server to report usage events back to the broker.
Design questions:
Why this matters: Scope attenuation is only half the story. Knowing whether the scope was right is the other half.
Inspired by community feedback — real practitioner running calendar agents.