generated: '2026-07-15' method: generated source: openapi/forgerock-access-management-openapi.yml, openapi/forgerock-autonomous-identity-openapi.yml, openapi/forgerock-directory-services-openapi.yml, openapi/forgerock-identity-cloud-openapi.yml, openapi/forgerock-identity-gateway-openapi.yml, openapi/forgerock-identity-governance-openapi.yml, openapi/forgerock-identity-management-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 122 by_action_class: acting: 49 connected: 73 by_consequence: write: 49 read: 73 human_in_the_loop_required: 0 operations: - path: /json/realms/root/realms/{realm}/authenticate method: post operationId: authenticate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/realms/root/realms/{realm}/sessions method: get operationId: querySessions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /json/realms/root/realms/{realm}/sessions method: post operationId: sessionAction x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/realms/root/realms/{realm}/policies method: get operationId: listPolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /json/realms/root/realms/{realm}/policies method: post operationId: createPolicyOrEvaluate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/realms/root/realms/{realm}/policies/{policyName} method: get operationId: getPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /json/realms/root/realms/{realm}/policies/{policyName} method: put operationId: updatePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/realms/root/realms/{realm}/policies/{policyName} method: delete operationId: deletePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/realms/root/realms/{realm}/resourcetypes method: get operationId: listResourceTypes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /json/realms/root/realms/{realm}/resourcetypes method: post operationId: createResourceType x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId} method: get operationId: getResourceType x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId} method: put operationId: updateResourceType x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId} method: delete operationId: deleteResourceType x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/global-config/realms method: get operationId: listRealms x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /json/global-config/realms method: post operationId: createRealm x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/global-config/realms/{realmName} method: get operationId: getRealm x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /json/global-config/realms/{realmName} method: put operationId: updateRealm x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/global-config/realms/{realmName} method: delete operationId: deleteRealm x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /json/realms/root/realms/{realm}/scripts method: get operationId: listScripts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /json/realms/root/realms/{realm}/scripts/{scriptId} method: get operationId: getScript x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /oauth2/realms/root/realms/{realm}/authorize method: get operationId: oAuth2Authorize x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /oauth2/realms/root/realms/{realm}/access_token method: post operationId: oAuth2Token x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /oauth2/realms/root/realms/{realm}/tokeninfo method: get operationId: oAuth2TokenInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /oauth2/realms/root/realms/{realm}/userinfo method: get operationId: oidcUserInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /.well-known/openid-configuration method: get operationId: oidcDiscovery x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/entitlements method: get operationId: listEntitlements x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/entitlements/{entitlementId} method: get operationId: getEntitlement x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/entitlements/{entitlementId}/users method: get operationId: listEntitlementUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/entitlements/{entitlementId}/recommendations method: get operationId: getEntitlementRecommendations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/rules method: get operationId: listRules x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/rules/{ruleId} method: get operationId: getRule x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/applications method: get operationId: listApplications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/applications/{applicationId} method: get operationId: getApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/users/{userId}/entitlements method: get operationId: listUserEntitlements x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/users/{userId}/recommendations method: get operationId: getUserRecommendations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/companyview method: get operationId: getCompanyView x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/analytics/status method: get operationId: getAnalyticsStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/analytics/reports method: get operationId: listAnalyticsReports x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/users method: get operationId: listUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/users method: post operationId: createUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/users/{userId} method: post operationId: userAction x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/groups method: get operationId: listGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/groups method: post operationId: createGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/groups/{groupId} method: get operationId: getGroup x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/groups/{groupId} method: put operationId: updateGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/groups/{groupId} method: patch operationId: patchGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/groups/{groupId} method: delete operationId: deleteGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/{collection} method: get operationId: listEntries x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /alive method: get operationId: healthCheck x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /healthy method: get operationId: detailedHealthCheck x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /am/json/realms/root/realms/{realm}/authenticate method: post operationId: authenticateUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /am/json/realms/root/realms/{realm}/sessions method: post operationId: manageSessions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openidm/managed/{realm}_user method: get operationId: listManagedUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openidm/managed/{realm}_user method: post operationId: createManagedUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openidm/managed/{realm}_user/{userId} method: get operationId: getManagedUser x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openidm/managed/{realm}_user/{userId} method: put operationId: updateManagedUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openidm/managed/{realm}_user/{userId} method: patch operationId: patchManagedUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openidm/managed/{realm}_user/{userId} method: delete operationId: deleteManagedUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openidm/managed/{realm}_role method: get operationId: listManagedRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openidm/managed/{realm}_role method: post operationId: createManagedRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openidm/managed/{realm}_role/{roleId} method: get operationId: getManagedRole x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /am/json/realms/root/realms/{realm}/serverinfo/* method: get operationId: getServerInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /am/oauth2/realms/root/realms/{realm}/authorize method: get operationId: authorizeOAuth2 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /am/oauth2/realms/root/realms/{realm}/access_token method: post operationId: getAccessToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openig/api/system/objects method: get operationId: listObjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openig/api/system/objects/{objectType}/{objectId} method: get operationId: getObject x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openig/api/system/objects/router-handler/routes method: get operationId: listRoutes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openig/api/system/objects/router-handler/routes method: post operationId: createRoute x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openig/api/system/objects/router-handler/routes/{routeId} method: get operationId: getRoute x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openig/api/system/objects/router-handler/routes/{routeId} method: put operationId: updateRoute x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openig/api/system/objects/router-handler/routes/{routeId} method: delete operationId: deleteRoute x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /openig/api/system/monitoring method: get operationId: getMonitoringSummary x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openig/api/system/monitoring/{endpointId} method: get operationId: getEndpointMonitoring x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openig/api/system/health method: get operationId: getHealthStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openig/api/studio/routes method: get operationId: listStudioRoutes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /openig/api/studio/routes method: post operationId: createStudioRoute x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /governance/certification method: get operationId: listCertifications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/certification method: post operationId: createCertification x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /governance/certification/{certificationId} method: get operationId: getCertification x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/certification/{certificationId} method: patch operationId: patchCertification x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /governance/certification/{certificationId}/items method: get operationId: listCertificationItems x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/certification/{certificationId}/items/{itemId} method: get operationId: getCertificationItem x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/certification/{certificationId}/items/{itemId} method: patch operationId: reviewCertificationItem x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /governance/request method: get operationId: listAccessRequests x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/request method: post operationId: createAccessRequest x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /governance/request/{requestId} method: get operationId: getAccessRequest x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/request/{requestId} method: post operationId: accessRequestAction x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /governance/entitlement method: get operationId: listEntitlements x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/entitlement/{entitlementId} method: get operationId: getEntitlement x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/role method: get operationId: listGovernanceRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/violation method: get operationId: listViolations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/violation/{violationId} method: get operationId: getViolation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /governance/violation/{violationId} method: post operationId: violationAction x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /managed/{objectType} method: get operationId: listManagedObjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /managed/{objectType} method: post operationId: createManagedObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /managed/{objectType}/{objectId} method: get operationId: getManagedObject x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /managed/{objectType}/{objectId} method: put operationId: updateManagedObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /managed/{objectType}/{objectId} method: patch operationId: patchManagedObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /managed/{objectType}/{objectId} method: delete operationId: deleteManagedObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /system/{systemName}/{objectType} method: get operationId: listSystemObjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /system/{systemName}/{objectType}/{objectId} method: get operationId: getSystemObject x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /config method: get operationId: listConfigurations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /config/{configId} method: get operationId: getConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /config/{configId} method: put operationId: updateConfiguration x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /config/{configId} method: delete operationId: deleteConfiguration x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /recon/{mappingName} method: post operationId: triggerReconciliation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /recon method: get operationId: listReconciliations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /recon/{reconId} method: get operationId: getReconciliation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /sync method: post operationId: triggerSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /audit/{auditTopic} method: get operationId: queryAuditLogs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /audit/{auditTopic}/{auditId} method: get operationId: getAuditLogEntry x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /scheduler/job method: get operationId: listScheduledJobs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /scheduler/job method: post operationId: createScheduledJob x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /scheduler/job/{jobId} method: get operationId: getScheduledJob x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /scheduler/job/{jobId} method: put operationId: updateScheduledJob x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /scheduler/job/{jobId} method: delete operationId: deleteScheduledJob x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /workflow/processdefinition method: get operationId: listProcessDefinitions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /workflow/processinstance method: get operationId: listProcessInstances x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /workflow/processinstance method: post operationId: createProcessInstance x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /workflow/taskinstance method: get operationId: listTaskInstances x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /workflow/taskinstance/{taskId} method: get operationId: getTaskInstance x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /workflow/taskinstance/{taskId} method: put operationId: completeTaskInstance x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required