yeah, there isn't a reflection API for permissions as it currently stands. you'd have to write one. typically it is the responsibility of the service to know what permissions it's checking, because development of the authz for an endpoint is tightly coupled to the development of the schema for that authz.