generated: '2026-07-15' method: generated source: openapi/barndoor-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 26 by_action_class: connected: 13 acting: 13 by_consequence: read: 13 write: 12 safety-critical: 1 human_in_the_loop_required: 1 operations: - path: /api/agents/counts method: get operationId: getAgentCounts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/agents/{agent_id} method: delete operationId: unregisterAgent x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/agents/{agent_id} method: get operationId: getAgent x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/agents method: get operationId: listAgents x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/agents method: post operationId: registerAgent x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/servers/{server_id}/connection method: delete operationId: deleteConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/servers/{server_id}/connection method: get operationId: getConnectionStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/servers/{server_id}/connect method: post operationId: initiateConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /mcp/{mcp_server_name} method: get operationId: proxyMcpRequest x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/policies/{policy_id}/clone method: post operationId: clone_policy_admin_v2_policies__policy_id__clone_post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/policy method: post operationId: publish_cerbos_policy_admin_policy_post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/policies/restrictions/disable/{restriction_name} method: put operationId: disable_restriction_admin_policies_restrictions_disable__restriction_name__put x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/policies/restrictions/enable/{restriction_name} method: put operationId: enable_restriction_admin_policies_restrictions_enable__restriction_name__put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/policies/filter-definitions method: get operationId: get_filter_definitions_admin_v2_policies_filter_definitions_get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/policies/summary method: get operationId: get_policies_summary_admin_v2_policies_summary_get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/policies/{policy_id} method: get operationId: get_policy_admin_v2_policies__policy_id__get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/policies/{policy_id} method: patch operationId: update_policy_admin_v2_policies__policy_id__patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/policies method: get operationId: list_policies_admin_v2_policies_get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/policies/{policy_id}/revisions method: get operationId: list_policy_revisions_admin_v2_policies__policy_id__revisions_get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/policies/validate method: post operationId: validate_policy_admin_v2_policies_validate_post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/servers method: post operationId: createServer x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/servers method: get operationId: listServers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/servers/{server_id} method: delete operationId: deleteServer x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/servers/{server_id} method: get operationId: getServer x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/servers/{server_id} method: put operationId: updateServer x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /sse/{mcp_server_name} method: get operationId: proxySSERequest x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none