generated: '2026-07-15' method: generated source: openapi/controlplane-cpapi-openapi.yml, openapi/controlplane-discovery-application-openapi.yml, openapi/controlplane-discovery-event-openapi.yml, openapi/controlplane-discovery-stargate-openapi.yml, openapi/controlplane-file-manager-openapi.yml, openapi/controlplane-identity-openapi.yml, openapi/controlplane-rover-server-openapi.yml, openapi/controlplane-secret-manager-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 366 by_action_class: acting: 187 connected: 179 by_consequence: write: 177 read: 179 safety-critical: 6 physical: 4 human_in_the_loop_required: 6 operations: - path: /remoteSubscriptions/{remoteSubscriptionId} method: put operationId: createOrUpdateRemoteSubscription x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /remoteSubscriptions/{remoteSubscriptionId} method: delete operationId: deleteRemoteSubscription x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /remoteSubscriptions/{remoteSubscriptionId}/status method: put operationId: updateRemoteSubscriptionStatus x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications method: get operationId: getAllApplications x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications method: post operationId: createApplication x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId} method: get operationId: getApplication x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId} method: put operationId: updateApplication x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId} method: delete operationId: deleteApplication x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId}/status method: get operationId: getApplicationStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /eventtypes method: get operationId: getAllEventTypes x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:read - tardis:user:obfuscated token: max-ttl: 3600 audit: none - path: /eventtypes/{eventTypeId} method: get operationId: getEventType x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /eventtypes/{eventTypeId}/status method: get operationId: getEventTypeStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /eventtypes/{eventTypeName}/active method: get operationId: getActiveEventType x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/eventexposures method: get operationId: getAllEventExposures x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:read - tardis:user:obfuscated token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/eventexposures/{eventExposureName} method: get operationId: getEventExposure x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:read - tardis:user:obfuscated token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/eventexposures/{eventExposureName}/status method: get operationId: getEventExposureStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/eventexposures/{eventExposureName}/eventsubscriptions method: get operationId: getAllExposureEventSubscriptions x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/eventsubscriptions method: get operationId: getAllEventSubscriptions x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:read - tardis:user:obfuscated token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/eventsubscriptions/{eventSubscriptionName} method: get operationId: getEventSubscription x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:read - tardis:user:obfuscated token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/eventsubscriptions/{eventSubscriptionName}/status method: get operationId: getEventSubscriptionStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/apiexposures method: get operationId: getAllApiExposures x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/apiexposures method: post operationId: createApiExposure x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId}/apiexposures/{apiExposureName} method: get operationId: getApiExposure x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/apiexposures/{apiExposureName} method: put operationId: updateApiExposure x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId}/apiexposures/{apiExposureName} method: delete operationId: deleteApiExposure x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId}/apiexposures/{apiExposureName}/status method: get operationId: getApiExposureStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/apisubscriptions method: get operationId: getAllApiSubscriptions x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/apisubscriptions method: post operationId: createApiSubscription x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId}/apisubscriptions/{apiSubscriptionName} method: get operationId: getApiSubscription x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/apisubscriptions/{apiSubscriptionName} method: put operationId: updateApiSubscription x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId}/apisubscriptions/{apiSubscriptionName} method: delete operationId: deleteApiSubscription x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId}/apisubscriptions/{apiSubscriptionName}/status method: get operationId: getApiSubscriptionStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /applications/{applicationId}/apiexposures/{apiExposureName}/apisubscriptions method: get operationId: getAllExposureApiSubscriptions x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /v1/files/{fileId} method: put operationId: uploadFile x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/files/{fileId} method: get operationId: downloadFile x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/files/{fileId} method: delete operationId: deleteFile x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: / method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: / method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{id}/name method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/admin-events method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/admin-events method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/attack-detection/brute-force/users method: delete x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /{realm}/attack-detection/brute-force/users/{userId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/attack-detection/brute-force/users/{userId} method: delete x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /{realm}/authentication/authenticator-providers method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/client-authenticator-providers method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/config-description/{providerId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/config/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/config/{id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/config/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/executions method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/executions/{executionId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/executions/{executionId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/executions/{executionId}/config method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/executions/{executionId}/lower-priority method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/executions/{executionId}/raise-priority method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/flows method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/flows method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/flows/{flowAlias}/copy method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/flows/{flowAlias}/executions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/flows/{flowAlias}/executions method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/flows/{flowAlias}/executions/execution method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/flows/{flowAlias}/executions/flow method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/flows/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/flows/{id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/flows/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/form-action-providers method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/form-providers method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/per-client-config-description method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/register-required-action method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/required-actions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/required-actions/{alias} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/authentication/required-actions/{alias} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/required-actions/{alias} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/required-actions/{alias}/lower-priority method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/required-actions/{alias}/raise-priority method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/authentication/unregistered-required-actions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clear-keys-cache method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clear-realm-cache method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clear-user-cache method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-description-converter method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-policies/policies method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-policies/policies method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-policies/profiles method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-policies/profiles method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-registration-policy/providers method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id}/protocol-mappers/add-models method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id}/protocol-mappers/models method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id}/protocol-mappers/models method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id}/scope-mappings method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id}/scope-mappings/clients/{client} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id}/scope-mappings/clients/{client} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id}/scope-mappings/clients/{client} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id}/scope-mappings/realm method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id}/scope-mappings/realm method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id}/scope-mappings/realm method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/client-scopes/{id}/scope-mappings/realm/available method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-scopes/{id}/scope-mappings/realm/composite method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/client-session-stats method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients-initial-access method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients-initial-access method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients-initial-access/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id1}/protocol-mappers/models/{id2} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id1}/protocol-mappers/models/{id2} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id1}/protocol-mappers/models/{id2} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/certificates/{attr} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/certificates/{attr}/download method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/certificates/{attr}/generate method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/certificates/{attr}/generate-and-download method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/certificates/{attr}/upload method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/certificates/{attr}/upload-certificate method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/client-secret method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/client-secret method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/client-secret/rotated method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/client-secret/rotated method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/default-client-scopes method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/default-client-scopes/{clientScopeId} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/default-client-scopes/{clientScopeId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/evaluate-scopes/generate-example-access-token method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/evaluate-scopes/protocol-mappers method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/installation/providers/{providerId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/management/permissions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/management/permissions method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/nodes method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/nodes/{node} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/offline-session-count method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/offline-sessions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/optional-client-scopes method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/optional-client-scopes/{clientScopeId} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/optional-client-scopes/{clientScopeId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/protocol-mappers/add-models method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/protocol-mappers/models method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/protocol-mappers/models method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/protocol-mappers/protocol/{protocol} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/push-revocation method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/registration-access-token method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/roles method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/roles method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/roles/{role-name} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/roles/{role-name} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/roles/{role-name} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/roles/{role-name}/composites method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/roles/{role-name}/composites method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/roles/{role-name}/composites method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/roles/{role-name}/composites/clients/{client} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/roles/{role-name}/composites/realm method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/roles/{role-name}/groups method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/roles/{role-name}/management/permissions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/roles/{role-name}/management/permissions method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/roles/{role-name}/users method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/scope-mappings method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/scope-mappings/clients/{client} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/scope-mappings/clients/{client} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/scope-mappings/clients/{client} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/scope-mappings/clients/{client}/available method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/scope-mappings/clients/{client}/composite method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/scope-mappings/realm method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/scope-mappings/realm method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/scope-mappings/realm method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/clients/{id}/scope-mappings/realm/available method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/scope-mappings/realm/composite method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/service-account-user method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/session-count method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/test-nodes-available method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/clients/{id}/user-sessions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/components method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/components method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/components/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/components/{id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/components/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/components/{id}/sub-component-types method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/credential-registrators method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/default-default-client-scopes method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/default-default-client-scopes/{clientScopeId} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/default-default-client-scopes/{clientScopeId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/default-groups method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/default-groups/{groupId} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/default-groups/{groupId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/default-optional-client-scopes method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/default-optional-client-scopes/{clientScopeId} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/default-optional-client-scopes/{clientScopeId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/events method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/events method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/events/config method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/events/config method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/group-by-path/{_path} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/groups/count method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/groups/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/groups/{id}/children method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/groups/{id}/management/permissions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id}/management/permissions method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/groups/{id}/members method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id}/role-mappings method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id}/role-mappings/clients/{client} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id}/role-mappings/clients/{client} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/groups/{id}/role-mappings/clients/{client} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/groups/{id}/role-mappings/clients/{client}/available method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id}/role-mappings/clients/{client}/composite method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id}/role-mappings/realm method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id}/role-mappings/realm method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/groups/{id}/role-mappings/realm method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/groups/{id}/role-mappings/realm/available method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/groups/{id}/role-mappings/realm/composite method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/identity-provider/import-config method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/identity-provider/instances method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/identity-provider/instances method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/identity-provider/instances/{alias} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/identity-provider/instances/{alias} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/identity-provider/instances/{alias} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/identity-provider/instances/{alias}/export method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/identity-provider/instances/{alias}/management/permissions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/identity-provider/instances/{alias}/management/permissions method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/identity-provider/instances/{alias}/mapper-types method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/identity-provider/instances/{alias}/mappers method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/identity-provider/instances/{alias}/mappers method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/identity-provider/instances/{alias}/mappers/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/identity-provider/instances/{alias}/mappers/{id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/identity-provider/instances/{alias}/mappers/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/identity-provider/providers/{provider_id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/keys method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/logout-all method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/partial-export method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/partialImport method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/push-revocation method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles-by-id/{role-id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles-by-id/{role-id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles-by-id/{role-id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles-by-id/{role-id}/composites method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles-by-id/{role-id}/composites method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles-by-id/{role-id}/composites method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles-by-id/{role-id}/composites/clients/{client} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles-by-id/{role-id}/composites/realm method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles-by-id/{role-id}/management/permissions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles-by-id/{role-id}/management/permissions method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles/{role-name} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles/{role-name} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles/{role-name} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles/{role-name}/composites method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles/{role-name}/composites method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles/{role-name}/composites method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles/{role-name}/composites/clients/{client} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles/{role-name}/composites/realm method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles/{role-name}/groups method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles/{role-name}/management/permissions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/roles/{role-name}/management/permissions method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/roles/{role-name}/users method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/sessions/{session} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/testLDAPConnection method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/testSMTPConnection method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/user-storage/{id}/name method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/user-storage/{id}/remove-imported-users method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/user-storage/{id}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/user-storage/{id}/unlink-users method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/user-storage/{parentId}/mappers/{id}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users-management-permissions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users-management-permissions method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/count method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/configured-user-storage-credential-types method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/consents method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/consents/{client} method: delete x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /{realm}/users/{id}/credentials method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/credentials/{credentialId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/credentials/{credentialId}/moveToFirst method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/credentials/{credentialId}/userLabel method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/disable-credential-types method: put x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /{realm}/users/{id}/execute-actions-email method: put x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/federated-identity method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/federated-identity/{provider} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/federated-identity/{provider} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/groups method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/groups/count method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/groups/{groupId} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/groups/{groupId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/impersonation method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/logout method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/offline-sessions/{clientId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/reset-password method: put x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /{realm}/users/{id}/role-mappings method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/role-mappings/clients/{client} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/role-mappings/clients/{client} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/role-mappings/clients/{client} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/role-mappings/clients/{client}/available method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/role-mappings/clients/{client}/composite method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/role-mappings/realm method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/role-mappings/realm method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/role-mappings/realm method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/role-mappings/realm/available method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/role-mappings/realm/composite method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /{realm}/users/{id}/send-verify-email method: put x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /{realm}/users/{id}/sessions method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /rovers method: get operationId: getAllRovers x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /rovers method: post operationId: createRover x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /rovers/info method: get operationId: getApplicationsInfo x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /rovers/{roverId} method: get operationId: getRover x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /rovers/{roverId} method: put operationId: updateRover x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /rovers/{roverId} method: delete operationId: deleteRover x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /rovers/{roverId}/info method: get operationId: getApplicationInfo x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /rovers/{roverId}/secret method: patch operationId: resetRoverSecret x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /rovers/{roverId}/secret/status method: get operationId: getRoverSecretRotationStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all - tardis:user:read token: max-ttl: 3600 audit: none - path: /rovers/{roverId}/status method: get operationId: getRoverStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /apispecifications method: get operationId: getAllApiSpecifications x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /apispecifications method: post operationId: createApiSpecification x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apispecifications/{apiSpecificationId}/status method: get operationId: getApiSpecificationStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read token: max-ttl: 3600 audit: none - path: /apispecifications/{apiSpecificationId} method: get operationId: getApiSpecifications x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /apispecifications/{apiSpecificationId} method: put operationId: updateApiSpecification x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apispecifications/{apiSpecificationId} method: delete operationId: deleteApiSpecification x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /eventspecifications method: get operationId: getAllEventSpecifications x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /eventspecifications method: post operationId: createEventSpecification x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /eventspecifications/{eventSpecificationId} method: get operationId: getEventSpecification x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /eventspecifications/{eventSpecificationId} method: put operationId: updateEventSpecification x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /eventspecifications/{eventSpecificationId} method: delete operationId: deleteEventSpecification x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all - tardis:user:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /eventspecifications/{eventSpecificationId}/status method: get operationId: getEventSpecificationStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:obfuscated - tardis:admin:read - tardis:hub:all - tardis:hub:obfuscated - tardis:hub:read - tardis:supervisor:read - tardis:team:all - tardis:team:obfuscated - tardis:team:read - tardis:user:all - tardis:user:obfuscated - tardis:user:read token: max-ttl: 3600 audit: none - path: /apiroadmaps method: get operationId: getAllApiRoadmaps x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:read - tardis:hub:all - tardis:hub:read - tardis:team:all - tardis:team:read token: max-ttl: 3600 audit: none - path: /apiroadmaps method: post operationId: createApiRoadmap x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apiroadmaps/{apiRoadmapId} method: get operationId: getApiRoadmap x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:read - tardis:hub:all - tardis:hub:read - tardis:team:all - tardis:team:read token: max-ttl: 3600 audit: none - path: /apiroadmaps/{apiRoadmapId} method: put operationId: updateApiRoadmap x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apiroadmaps/{apiRoadmapId} method: delete operationId: deleteApiRoadmap x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apiroadmaps/{apiRoadmapId}/status method: get operationId: getApiRoadmapStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:read - tardis:hub:all - tardis:hub:read - tardis:team:all - tardis:team:read token: max-ttl: 3600 audit: none - path: /apichangelogs method: get operationId: getAllApiChangelogs x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:read - tardis:hub:all - tardis:hub:read - tardis:team:all - tardis:team:read token: max-ttl: 3600 audit: none - path: /apichangelogs method: post operationId: createApiChangelog x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apichangelogs/{apiChangelogId} method: get operationId: getApiChangelog x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:read - tardis:hub:all - tardis:hub:read - tardis:team:all - tardis:team:read token: max-ttl: 3600 audit: none - path: /apichangelogs/{apiChangelogId} method: put operationId: updateApiChangelog x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apichangelogs/{apiChangelogId} method: delete operationId: deleteApiChangelog x-agentic-access: action-class: acting consequence: write subject: required scope: - tardis:admin:all - tardis:hub:all - tardis:team:all audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apichangelogs/{apiChangelogId}/status method: get operationId: getApiChangelogStatus x-agentic-access: action-class: connected consequence: read subject: optional scope: - tardis:admin:all - tardis:admin:read - tardis:hub:all - tardis:hub:read - tardis:team:all - tardis:team:read token: max-ttl: 3600 audit: none - path: /v1/onboarding/environments/{envId} method: put operationId: upsertEnvironment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/onboarding/environments/{envId} method: delete operationId: deleteEnvironment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/onboarding/environments/{envId}/teams/{teamId} method: put operationId: upsertTeam x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/onboarding/environments/{envId}/teams/{teamId} method: delete operationId: deleteTeam x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/onboarding/environments/{envId}/teams/{teamId}/apps/{appId} method: put operationId: upsertApp x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/onboarding/environments/{envId}/teams/{teamId}/apps/{appId} method: delete operationId: deleteApp x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/secrets method: get operationId: listSecrets x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/secrets/{secretId} method: get operationId: getSecret x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/secrets/{secretId} method: put operationId: putSecret x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required