generated: '2026-07-15' method: generated source: openapi/azure-container-registry-openapi.yaml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 25 by_action_class: connected: 9 acting: 16 by_consequence: read: 9 write: 16 human_in_the_loop_required: 0 operations: - path: /providers/Microsoft.ContainerRegistry/operations method: get operationId: Operations_List x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - user_impersonation - path: /subscriptions/{subscriptionId}/providers/Microsoft.ContainerRegistry/checkNameAvailability method: post operationId: Registries_CheckNameAvailability x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/providers/Microsoft.ContainerRegistry/registries method: get operationId: Registries_List x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries method: get operationId: Registries_ListByResourceGroup x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName} method: delete operationId: Registries_Delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName} method: get operationId: Registries_Get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName} method: patch operationId: Registries_Update x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName} method: put operationId: Registries_Create x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/importImage method: post operationId: Registries_ImportImage x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/listCredentials method: post operationId: Registries_ListCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/listUsages method: get operationId: Registries_ListUsages x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/regenerateCredential method: post operationId: Registries_RegenerateCredential x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/replications method: get operationId: Replications_List x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/replications/{replicationName} method: delete operationId: Replications_Delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/replications/{replicationName} method: get operationId: Replications_Get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/replications/{replicationName} method: patch operationId: Replications_Update x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/replications/{replicationName} method: put operationId: Replications_Create x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/webhooks method: get operationId: Webhooks_List x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/webhooks/{webhookName} method: delete operationId: Webhooks_Delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/webhooks/{webhookName} method: get operationId: Webhooks_Get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/webhooks/{webhookName} method: patch operationId: Webhooks_Update x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/webhooks/{webhookName} method: put operationId: Webhooks_Create x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/webhooks/{webhookName}/getCallbackConfig method: post operationId: Webhooks_GetCallbackConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/webhooks/{webhookName}/listEvents method: post operationId: Webhooks_ListEvents x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation - path: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}/webhooks/{webhookName}/ping method: post operationId: Webhooks_Ping x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - user_impersonation