generated: '2026-07-15' method: generated source: openapi/docker-hub-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 54 by_action_class: acting: 27 connected: 27 by_consequence: write: 26 read: 27 physical: 1 human_in_the_loop_required: 0 operations: - path: /v2/users/login method: post operationId: PostUsersLogin x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/users/2fa-login method: post operationId: PostUsers2FALogin x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/auth/token method: post operationId: AuthCreateAccessToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/access-tokens method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/access-tokens method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/access-tokens/{uuid} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/access-tokens/{uuid} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/access-tokens/{uuid} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/auditlogs/{account}/actions method: get operationId: AuditLogs_ListAuditActions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/auditlogs/{account} method: get operationId: AuditLogs_ListAuditLogs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{name}/settings method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{name}/settings method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{name}/access-tokens method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{name}/access-tokens method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{org_name}/access-tokens/{access_token_id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{org_name}/access-tokens/{access_token_id} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{org_name}/access-tokens/{access_token_id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/namespaces/{namespace}/repositories/{repository}/tags method: get operationId: ListRepositoryTags x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/namespaces/{namespace}/repositories/{repository}/tags method: head x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/namespaces/{namespace}/repositories/{repository}/tags/{tag} method: get operationId: GetRepositoryTag x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/namespaces/{namespace}/repositories/{repository}/tags/{tag} method: head x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/namespaces/{namespace}/repositories/{repository}/immutabletags method: patch operationId: UpdateRepositoryImmutableTags x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/namespaces/{namespace}/repositories/{repository}/immutabletags/verify method: post operationId: VerifyRepositoryImmutableTags x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/repositories/{namespace}/{repository}/groups method: post operationId: CreateRepositoryGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/namespaces/{namespace}/repositories method: get operationId: listNamespaceRepositories x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/namespaces/{namespace}/repositories method: post operationId: CreateRepository x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/namespaces/{namespace}/repositories/{repository} method: get operationId: GetRepository x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/namespaces/{namespace}/repositories/{repository} method: head operationId: CheckRepository x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{org_name}/members method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{org_name}/members/export method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{org_name}/members/{username} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{org_name}/members/{username} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{org_name}/invites method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{org_name}/groups method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{org_name}/groups method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{org_name}/groups/{group_name} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{org_name}/groups/{group_name} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{org_name}/groups/{group_name} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{org_name}/groups/{group_name} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{org_name}/groups/{group_name}/members method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/orgs/{org_name}/groups/{group_name}/members method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/orgs/{org_name}/groups/{group_name}/members/{username} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/invites/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/invites/{id}/resend method: patch x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/invites/bulk method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/scim/2.0/ServiceProviderConfig method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/scim/2.0/ResourceTypes method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/scim/2.0/ResourceTypes/{name} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/scim/2.0/Schemas method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/scim/2.0/Schemas/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/scim/2.0/Users method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/scim/2.0/Users method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v2/scim/2.0/Users/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/scim/2.0/Users/{id} method: put x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required