generated: '2026-07-15' method: generated source: openapi/casdoor-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 24 by_action_class: connected: 11 acting: 13 by_consequence: read: 11 write: 13 human_in_the_loop_required: 0 operations: - path: /.well-known/openid-configuration method: get operationId: getOidcDiscovery x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /.well-known/jwks method: get operationId: getJwks x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /.well-known/webfinger method: get operationId: getWebfinger x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/login method: post operationId: login x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/signup method: post operationId: signup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/logout method: post operationId: logout x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/device-auth method: post operationId: deviceAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/get-users method: get operationId: getUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/get-global-users method: get operationId: getGlobalUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/get-user method: get operationId: getUser x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/add-user method: post operationId: addUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/update-user method: post operationId: updateUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/delete-user method: post operationId: deleteUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/check-user-password method: post operationId: checkUserPassword x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/get-organizations method: get operationId: getOrganizations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/add-organization method: post operationId: addOrganization x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/get-applications method: get operationId: getApplications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/get-application method: get operationId: getApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/add-application method: post operationId: addApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/get-roles method: get operationId: getRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/add-role method: post operationId: addRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/enforce method: post operationId: enforce x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/batch-enforce method: post operationId: batchEnforce x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/get-permissions method: get operationId: getPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none