Research · 2026-04-15

Explainable authorization: dry-run and capability preview

design-docmcpg

Deny-by-default is only operable if "why was this denied?" has a fast answer. The explainability RFCs give MCPG policy decisions a trace, a dry-run mode, and a per-caller capability preview.

Deny-by-default policy is the right posture and a support burden: the moment an agent's tool call fails closed, someone needs to know which rule fired, what identity was evaluated, and what would have satisfied the policy. The explainability RFC pair makes those first-class queries instead of log archaeology.

Decision traces. Every authorization verdict can carry its reasoning: the policy engine consulted (OPA, Cedar, or Casbin), the rule path that matched, the identity attributes in scope, and the effect. The trace is structured — it lands in the audit ledger alongside the call, so an incident review sees the decision and its justification as one record.

Dry-run. Policy changes are the riskiest routine edit a gateway operator makes. Dry-run mode evaluates a proposed policy against live traffic without enforcing it, reporting the delta: which calls that passed would now fail, and vice versa. Deploying a policy becomes a diff-review rather than a leap.

Capability preview. The inverse question — "what can this caller actually do?" — gets a direct answer: for a given identity, enumerate the tools, resources, and argument constraints the current policy admits. Useful for onboarding (show the new agent its real surface), for audits (prove least-privilege), and for debugging the eternal "it works for me."

The shared principle: a governance layer earns its keep not by saying no, but by making every no legible — to the operator, to the caller, and to the auditor reading the ledger a year later.

Canonical: mcpg repo · docs/rfcs-archive/mcpg/ (authorization explainability + dry-run RFCs)