We has an implementation at T375115: Automatically revoke temporary-account-viewer group from users when they have not made an edit or logged action in the last year, but we may want a solution that can be applied to different user groups per community needs.

That probably answers my dejavu feeling

At least this also applies to CheckUser, Oversight across wikis and many global user groups (so we may also want an equvalent feature for global groups).

Note the removal should be logged (and for CU/OS, logs be replicated to Meta), so we can not just dynamically "disable" user group membership of inactive users.

Also note:

• User group should only be removed at least after the defined timespan after granting (e.g. if sysop has 6-month activity requirement, then sysop should only be removed 6 months after granting, not earlier). It is quite possible that IPBE (local or global) is granted to a user with zero edits.
• Should we have some mechanism to opt-out individual users?
• Before we start to apply activity requirements to sysops in any wikis (e.g. based on a community request), we should resolve T212268: Make the abusefilter-blocker user not be a sysop first, to prevent user right logs from being spammed.

I was thinking of it more being on a case by case basis, rather than a blanket restriction to a specific group (which there are probably use cases for this too).

Like, you can grant someone group X, you could expire it in a year (current group expiration method), or you could say it expires after Y time of no usage, but membership remains permenant if you're active.

I was thinking of it more being on a case by case basis, rather than a blanket restriction to a specific group (which there are probably use cases for this too).

So there are two features, one is expiring individual user group of individual user after inactivity for specific time, another is apply an inactivity rule to an entire group. T375115 can only be replaced by the latter feature.

Also, for some user groups like CU and OS, we need a way to let stewards (and other community members) know the loss of permission. This is already useful nowadays, given CU and OS of some wikis are termed role and granted with expiry.