Designing Scopes for AI Tool Calls
How to define permissions that are strict enough for safety and simple enough for developers to adopt.
Scope design fails when it is either too coarse or too granular.
A practical middle ground is to model scopes around user intent and data boundary, not around internal microservice names.
Checklist
- Name scopes by outcome (
read:billing-summary) instead of endpoint names. - Add deny-by-default behavior for tool adapters.
- Include reason codes in auth-denied logs to speed up debugging.