generated: '2026-07-15' method: generated source: openapi/cerbos-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 22 by_action_class: acting: 12 connected: 10 by_consequence: write: 11 read: 10 safety-critical: 1 human_in_the_loop_required: 1 operations: - path: /api/check/resources method: post operationId: checkResources x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/plan/resources method: post operationId: planResources x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/server_info method: get operationId: serverInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /schema/swagger.json method: get operationId: swaggerSpec x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /.well-known/authzen-configuration method: get operationId: authzenConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /access/v1/evaluation method: post operationId: authzenEvaluation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /access/v1/evaluations method: post operationId: authzenEvaluations x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/policy method: post operationId: adminAddOrUpdatePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/policy method: put operationId: adminAddOrUpdatePolicyPut x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/policy method: get operationId: adminGetPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /admin/policies method: get operationId: adminListPolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /admin/policies/inspect method: get operationId: adminInspectPolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /admin/policy/delete method: post operationId: adminDeletePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/policy/disable method: post operationId: adminDisablePolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /admin/policy/enable method: post operationId: adminEnablePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/schema method: post operationId: adminAddOrUpdateSchema x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/schema method: get operationId: adminGetSchema x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /admin/schema method: delete operationId: adminDeleteSchema x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/schemas method: get operationId: adminListSchemas x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /admin/auditlog/list/{kind} method: get operationId: adminListAuditLog x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /admin/store/revisions method: delete operationId: adminPurgeStoreRevisions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/store/reload method: get operationId: adminReloadStore x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none