generated: '2026-07-15' method: generated source: openapi/certificate-enrolment-protocols-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 11 by_action_class: connected: 2 acting: 9 by_consequence: read: 2 write: 5 physical: 3 safety-critical: 1 human_in_the_loop_required: 1 operations: - path: /directory method: get operationId: getDirectory x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /acme/new-nonce method: head operationId: newNonce x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /acme/new-account method: post operationId: newAccount x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /acme/new-order method: post operationId: newOrder x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /acme/order/{id} method: post operationId: getOrder x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /acme/order/{id}/finalize method: post operationId: finalizeOrder x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /acme/authz/{id} method: post operationId: getAuthorization x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /acme/chall/{id} method: post operationId: respondToChallenge x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /acme/cert/{id} method: post operationId: downloadCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /acme/revoke-cert method: post operationId: revokeCertificate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /acme/key-change method: post operationId: keyChange x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required