generated: '2026-07-15' method: generated source: openapi/aikido-security-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 50 by_action_class: connected: 26 acting: 24 by_consequence: read: 26 write: 24 human_in_the_loop_required: 0 operations: - path: /repositories/code method: get operationId: listCodeRepos x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /repositories/code/{id} method: get operationId: getCodeRepoDetail x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /repositories/code/{id} method: delete operationId: deleteCodeRepo x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /repositories/code/{id}/scan method: post operationId: scanCodeRepo x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /repositories/code/{id}/sbom method: get operationId: exportCodeRepoLicenses x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /containers method: get operationId: listContainerRepos x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /containers/{id} method: get operationId: getContainerRepo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /containers/{id} method: delete operationId: deleteContainer x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /containers/{id}/scan method: post operationId: scanContainer x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clouds method: get operationId: listClouds x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /clouds/{id} method: delete operationId: removeCloud x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clouds/aws method: post operationId: connectAwsCloud x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clouds/azure method: post operationId: connectAzureCloud x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clouds/gcp method: post operationId: connectGcpCloud x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clouds/kubernetes method: post operationId: createKubernetesCloud x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clouds/assets method: post operationId: listCloudAssets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /domains method: get operationId: listDomains x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /domains method: post operationId: createDomain x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /domains/{id} method: delete operationId: removeDomain x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /domains/{id}/scan method: post operationId: startDomainScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /issues method: get operationId: exportIssues x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /issues/{id} method: get operationId: getIssueDetail x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /issues/{id}/ignore method: post operationId: ignoreIssue x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /issues/{id}/snooze method: post operationId: snoozeIssue x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /issues/groups/open method: get operationId: listOpenIssueGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /issues/groups/{id} method: get operationId: getIssueGroupDetails x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance/cis method: get operationId: getCisComplianceOverview x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance/cis-aws method: get operationId: getCisAwsComplianceOverview x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance/iso27001 method: get operationId: getIsoComplianceOverview x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance/nis2 method: get operationId: getNis2ComplianceOverview x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance/soc2 method: get operationId: getSoc2ComplianceOverview x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /custom-rules method: get operationId: listCustomRules x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /custom-rules method: post operationId: createCustomRule x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-rules/{id} method: get operationId: getCustomRule x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /custom-rules/{id} method: delete operationId: removeCustomRule x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /teams method: get operationId: listTeams x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /teams method: post operationId: createTeam x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /teams/{id} method: put operationId: updateTeam x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /teams/{id} method: delete operationId: deleteTeam x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users method: get operationId: listUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /users/{id} method: get operationId: getUser x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /webhooks method: get operationId: listWebhooks x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /webhooks method: post operationId: addWebhook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /webhooks/{id} method: delete operationId: removeWebhook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /zen/apps method: get operationId: listApps x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /zen/apps method: post operationId: createApp x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /zen/apps/{id} method: get operationId: getApp x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /zen/apps/{id} method: delete operationId: deleteApp x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /workspace method: get operationId: getWorkspaceInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openapi method: get operationId: getOpenApiSpec x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none