Tool Revocation: Access Control and Observability

[david-martin]

Jira: https://issues.redhat.com/browse/CONNLINK-808

Overview

Tool revocation refers to the ability to prevent a user or group from accessing specific MCP tools, along with visibility into revocation enforcement and attempted access.

Requirements

The following capabilities should be supported:

1. Revocation Management

   • How do I revoke a tool?
   • How do I specify who it's revoked for (user/group)?
   • Will it be revoked immediately?

2. Runtime Behavior

   • What happens to in-flight tool calls when a tool is revoked?

3. Observability (currently missing)

   • How do I know if a revoked tool is still being used or attempted to be used?
   • Metrics/logs for revocation events and access denials

Current State

• Basic revocation may already be achievable using AuthPolicy for access control
• Missing observability layer to track revocation enforcement and violations

Potential Approach

Leverage AuthPolicy for access control combined with new observability features to track:

• Revocation events
• Denied access attempts
• Tool usage patterns per user/group