generated: '2026-07-15' method: generated source: openapi/armosec-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 53 by_action_class: acting: 39 connected: 14 by_consequence: write: 36 read: 14 safety-critical: 3 human_in_the_loop_required: 3 operations: - path: /vulnerability/scan method: post operationId: issueVulnerabilityScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/scanResults/summary method: post operationId: getVulnerabilityScanSummary x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/scanResults/details method: post operationId: getVulnerabilityScanDetails x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/severity method: post operationId: getVulnerabilitySeverity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/topVulnerabilities method: post operationId: getTopVulnerabilities x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerabilities/list method: post operationId: listVulnerabilities x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerabilities/components/list method: post operationId: listVulnerabilitiesByComponent x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerabilities/images/list method: post operationId: listVulnerabilitiesByImage x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/exception method: get operationId: listVulnerabilityExceptions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /vulnerability/exception method: post operationId: createVulnerabilityException x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/exception method: put operationId: updateVulnerabilityException x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/exception method: delete operationId: deleteVulnerabilityException x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /posture/frameworks method: post operationId: getPostureFrameworks x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /posture/controls method: post operationId: getPostureControls x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /posture/controls/sections method: post operationId: getPostureControlSections x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /posture/resources method: post operationId: getPostureResources x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /posture/exception method: get operationId: listPostureExceptions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /posture/exception method: post operationId: createPostureException x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /posture/exception method: put operationId: updatePostureException x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /posture/exception method: delete operationId: deletePostureException x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /repositoryPosture/repositories method: post operationId: getRepositoryPostureRepositories x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /repositoryPosture/failedControls method: post operationId: getRepositoryPostureFailedControls x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /clusters/overtime method: post operationId: getClustersOvertime x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /workload/list method: post operationId: listWorkloads x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /security/risks method: get operationId: listSecurityRisks x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /security/risks/resources method: get operationId: listSecurityRiskResources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /security/risks/severities method: get operationId: getSecurityRiskSeverities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /attack/chains method: get operationId: getAttackChains x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /runtime/incidents method: get operationId: listRuntimeIncidents x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /runtime/incidents/severity method: get operationId: getRuntimeIncidentsSeverity x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /runtime/incidents/{incidentGUID}/alerts method: get operationId: getRuntimeIncidentAlerts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /runtime/incidents/{incidentGUID}/explain method: post operationId: explainRuntimeIncident x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /runtime/incidents/{incidentGUID}/resolve method: post operationId: resolveRuntimeIncident x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /runtime/incidents/{incidentGUID}/unresolve method: post operationId: unresolveRuntimeIncident x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /network/policies method: get operationId: listNetworkPolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /network/policies/generate method: post operationId: generateNetworkPolicies x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /runtime/seccomp/list method: get operationId: listSeccompProfiles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /runtime/seccomp/generate method: post operationId: generateSeccompProfiles x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /runtime/policy/create method: post operationId: createRuntimePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /runtime/policy/exception/create method: post operationId: createRuntimePolicyException x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /registry/scan method: post operationId: issueRegistryScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /registry/scan method: put operationId: updateRegistryScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /registry/scan method: delete operationId: deleteRegistryScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /integrations/jira/config method: get operationId: getJiraConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /integrations/jira/config method: post operationId: saveJiraConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /integrations/jira/issueV2 method: post operationId: createJiraIssue x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /collaboration/config method: post operationId: createCollaborationConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /collaboration/share method: post operationId: shareCollaboration x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /authentication/accessKeys method: get operationId: listAccessKeys x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /authentication/accessKeys method: post operationId: createAccessKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /authentication/accessKeys method: put operationId: updateAccessKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /authentication/accessKeys/{guid} method: get operationId: getAccessKey x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /authentication/accessKeys/{guid} method: delete operationId: deleteAccessKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required