Back to Documentation

Authorization & Capability Gaps

Principal, Action, Resource, Context — one shape for every decision, and the gaps derived from it.

One authorization shape

Every autonomous action maps to Principal, Action, Resource, and Context. DeepSweep adopts that single shape across the whole platform, evaluated by a deterministic reference evaluator (ADR-RGOV-010). One shape used everywhere is the mental model the product reasons over, and it mirrors established permission engines so it stays portable as the engine grows.

Permission, not yet enforcement

At the Authorization tier the effect set is scoped to allow, deny, and require_approval. Authorization decides permission — permit, refuse, or escalate to a human. Enforcement effects (rewrite, redact, read_only, quarantine, terminate) are deliberately introduced later, in Protect, so the permission boundary and the enforcement boundary stay distinct.

How a gap is derived

An authorization gap is the deterministic difference between what Review detected an agent can do and what Identity granted it. If an agent can read secrets but no grant authorizes secret.read on a secret, that is a gap — surfaced as a finding with a severity and a recommended control. Nothing is invented: gaps fall straight out of capabilities minus granted scope.

See it on a real review

The homepage example review runs this exact derivation against one Claude Code agent: six detected capabilities, one authorized (repository read), five ungranted — each rendered as a finding with a recommended protection. Install the extension to run the same review against your own workspace.

Website install extension Agent Environment Review findings upgrade

Govern your own environment

Install the extension, run an Agent Environment Review, and act on the findings — upgrade when you want unlimited reviews.