generated: '2026-07-15' method: generated source: openapi/codefresh-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 27 by_action_class: connected: 16 acting: 11 by_consequence: read: 16 safety-critical: 3 write: 7 physical: 1 human_in_the_loop_required: 3 operations: - path: /audit/download method: get operationId: downloadAudit x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /abac method: get operationId: listAbacRules x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /abac method: post operationId: createAbacRule x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /abac/batch method: post operationId: batchAbacRules x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /abac/resource/{resource} method: get operationId: getAbacByResource x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /abac/tags/rule/{rule} method: post operationId: updateAbacRuleTags x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /accounts/{id}/users method: get operationId: listAccountUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /accounts/{id}/users method: post operationId: addAccountUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/accounts method: get operationId: listAdminAccounts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /admin/accounts method: post operationId: createAdminAccount x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /admin/accounts/{id} method: get operationId: getAdminAccount x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /annotations method: get operationId: listAnnotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /annotations method: post operationId: createAnnotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /auth/key method: post operationId: createAuthKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /auth/keys method: get operationId: listAuthKeys x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /builds/{serviceId} method: post operationId: triggerBuild x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /builds/{buildId} method: get operationId: getBuild x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /workflow method: get operationId: listWorkflows x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /clusters method: get operationId: listClusters x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /contexts method: get operationId: listContexts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /contexts method: post operationId: createContext x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /environments method: get operationId: listEnvironments x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /features/{accountId} method: get operationId: getFeatures x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /helm/boards method: get operationId: listHelmBoards x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /helm/boards method: post operationId: createHelmBoard x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /helm/charts method: get operationId: listHelmCharts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /helm/charts method: post operationId: createHelmChart x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required