generated: '2026-07-15' method: generated source: openapi/chef-automate-api-openapi.yml, openapi/chef-habitat-builder-api-openapi.yml, openapi/chef-infra-server-api-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 22 by_action_class: connected: 16 acting: 6 by_consequence: read: 16 write: 6 human_in_the_loop_required: 0 operations: - path: /compliance/profiles method: get operationId: listComplianceProfiles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance/scanner/jobs method: post operationId: createScanJob x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /compliance/reporting/reports method: post operationId: searchReports x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /cfgmgmt/nodes method: get operationId: listManagedNodes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /apis/iam/v2/users method: get operationId: listIamUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /depot/origins/{origin}/pkgs method: get operationId: listOriginPackages x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /depot/pkgs/{origin}/{pkg} method: get operationId: getPackage x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /depot/channels/{origin} method: get operationId: listChannels x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /nodes method: get operationId: listNodes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /nodes method: post operationId: createNode x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /nodes/{nodeName} method: get operationId: getNode x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /nodes/{nodeName} method: put operationId: updateNode x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /nodes/{nodeName} method: delete operationId: deleteNode x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /cookbooks method: get operationId: listCookbooks x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /cookbooks/{cookbookName} method: get operationId: getCookbook x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /roles method: get operationId: listRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /roles method: post operationId: createRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /roles/{roleName} method: get operationId: getRole x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /environments method: get operationId: listEnvironments x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /data method: get operationId: listDataBags x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /clients method: get operationId: listClients x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /users method: get operationId: listUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none