generated: '2026-07-15' method: generated source: openapi/aserto-authorizer-openapi.yml, openapi/aserto-decision-logs-openapi.yml, openapi/aserto-directory-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 36 by_action_class: acting: 21 connected: 15 by_consequence: write: 21 read: 15 human_in_the_loop_required: 0 operations: - path: /api/v2/authz/compile method: post operationId: authorizer.compile x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/authz/decisiontree method: post operationId: authorizer.decision_tree x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/authz/is method: post operationId: authorizer.is x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/authz/query method: post operationId: authorizer.query x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/info method: get operationId: info.get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/policies method: get operationId: policies.list x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/policies/{id} method: get operationId: policies.get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/decision_logs/decision_logs method: get operationId: decision_logs.list_decision_logs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/decision_logs/decision_logs/{name} method: get operationId: decision_logs.get_decision_log x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/decision_logs/decisions/policy/{policy_name}/{instance_label} method: get operationId: decision_logs.decisions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/decision_logs/query method: post operationId: decision_logs.query x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/decision_logs/users method: get operationId: decision_logs.list_users x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/decision_logs/users/{id} method: get operationId: decision_logs.get_user x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /access/v1/evaluation method: post operationId: openid.authzen.access.v1.evaluation.post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /access/v1/evaluations method: post operationId: openid.authzen.access.v1.evaluations.post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /access/v1/search/action method: post operationId: openid.authzen.access.v1.search.action.post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /access/v1/search/resource method: post operationId: openid.authzen.access.v1.search.post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /access/v1/search/subject method: post operationId: openid.authzen.access.v1.search.subject.post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/assertion method: post operationId: directory.assertion.v3.assertion.set x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/assertion/{id} method: delete operationId: directory.assertion.v3.assertion.delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/assertion/{id} method: get operationId: directory.assertion.v3.assertion.get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v3/directory/assertions method: get operationId: directory.assertion.v3.assertions.list x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v3/directory/check method: post operationId: directory.reader.v3.check x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/check/permission method: post operationId: directory.reader.v3.check.permission x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/check/relation method: post operationId: directory.reader.v3.check.relation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/checks method: post operationId: directory.reader.v3.checks x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/graph/{object_type}/{relation}/{subject_type} method: get operationId: directory.reader.v3.graph x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v3/directory/manifest method: delete operationId: directory.model.v3.manifest.delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/object method: post operationId: directory.writer.v3.object.set x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/object/{object_type}/{object_id} method: delete operationId: directory.writer.v3.object.delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/object/{object_type}/{object_id} method: get operationId: directory.reader.v3.object.get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v3/directory/objects method: get operationId: directory.reader.v3.objects.list x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v3/directory/relation method: delete operationId: directory.writer.v3.relation.delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/relation method: get operationId: directory.reader.v3.relation.get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v3/directory/relation method: post operationId: directory.writer.v3.relation.set x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/directory/relations method: get operationId: directory.reader.v3.relations.list x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none