2 docs tagged with "revocation-rehearsal"

Revocation Rehearsal answers 'what breaks if you revoke this access?' before anyone revokes — a deterministic, read-only dry-run that masks a role grant and diffs the resulting access paths against observed execution evidence

Deep-dive on Revocation Rehearsal across four axes — applicability, feasibility, ease of implementation, ease of integration. Answers the founder's hard questions: how to rehearse what we haven't scanned (declared-delta overlay on the real scanned graph — not cross-env correlation), what the customer interaction model is, and whether an MCP front-end is realistic without violating the no-ML rule (yes: deterministic engine behind a conversational surface, the pattern AWS itself ships).