generated: '2026-07-15' method: generated source: openapi/factorial-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 30 by_action_class: connected: 12 acting: 18 by_consequence: read: 12 write: 17 safety-critical: 1 human_in_the_loop_required: 1 operations: - path: /resources/employees/employees method: get operationId: listEmployees x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/employees/employees method: post operationId: createEmployee x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/employees/employees/{id} method: get operationId: getEmployee x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/employees/employees/{id} method: put operationId: updateEmployee x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/employees/employees/{id}/invite method: post operationId: inviteEmployee x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/employees/employees/{id}/terminate method: post operationId: terminateEmployee x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required scope: - read - write - path: /resources/contracts/contract_versions method: get operationId: listContractVersions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/contracts/contract_versions method: post operationId: createContractVersion x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/contracts/contract_versions/{id} method: get operationId: getContractVersion x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/contracts/contract_versions/{id} method: put operationId: updateContractVersion x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/contracts/contract_versions/{id} method: delete operationId: deleteContractVersion x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/attendance/shifts method: get operationId: listShifts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/attendance/shifts method: post operationId: createShift x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/attendance/shifts/{id} method: get operationId: getShift x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/attendance/shifts/{id} method: put operationId: updateShift x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/attendance/shifts/{id} method: delete operationId: deleteShift x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/attendance/shifts/clock_in method: post operationId: clockIn x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/attendance/shifts/clock_out method: post operationId: clockOut x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/time_off/leaves method: get operationId: listLeaves x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/time_off/leaves method: post operationId: createLeave x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/time_off/leaves/{id} method: get operationId: getLeave x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/time_off/leaves/{id} method: put operationId: updateLeave x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/time_off/leaves/{id} method: delete operationId: deleteLeave x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/payroll/supplements method: get operationId: listSupplements x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/payroll/supplements method: post operationId: createSupplement x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/companies/locations method: get operationId: listLocations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/companies/locations method: post operationId: createLocation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write - path: /resources/employees/employee_updates method: get operationId: listEmployeeUpdates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/documents/documents method: get operationId: listDocuments x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none scope: - read - write - path: /resources/documents/documents method: post operationId: uploadDocument x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required scope: - read - write