generated: '2026-07-15' method: generated source: openapi/gcp-cloud-storage-json-api-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 38 by_action_class: connected: 12 acting: 26 by_consequence: read: 12 write: 13 safety-critical: 13 human_in_the_loop_required: 13 operations: - path: /b method: get operationId: listBuckets x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b method: post operationId: insertBucket x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket} method: get operationId: getBucket x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket} method: put operationId: updateBucket x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket} method: patch operationId: patchBucket x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket} method: delete operationId: deleteBucket x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/lockRetentionPolicy method: post operationId: lockBucketRetentionPolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/iam method: get operationId: getBucketIamPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/iam method: put operationId: setBucketIamPolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/iam/testPermissions method: get operationId: testBucketIamPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/o method: get operationId: listObjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/o/{object} method: get operationId: getObject x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/o/{object} method: put operationId: updateObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/o/{object} method: patch operationId: patchObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/o/{object} method: delete operationId: deleteObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/o/{object}/compose method: post operationId: composeObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/o/{object}/copyTo/b/{destinationBucket}/o/{destinationObject} method: post operationId: copyObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/o/{object}/rewriteTo/b/{destinationBucket}/o/{destinationObject} method: post operationId: rewriteObject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/o/watchAll method: post operationId: watchAllObjects x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /b/{bucket}/acl method: get operationId: listBucketAccessControls x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/acl method: post operationId: insertBucketAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/acl/{entity} method: get operationId: getBucketAccessControl x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/acl/{entity} method: put operationId: updateBucketAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/acl/{entity} method: patch operationId: patchBucketAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/acl/{entity} method: delete operationId: deleteBucketAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/defaultObjectAcl method: get operationId: listDefaultObjectAccessControls x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/defaultObjectAcl method: post operationId: insertDefaultObjectAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/defaultObjectAcl/{entity} method: get operationId: getDefaultObjectAccessControl x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/defaultObjectAcl/{entity} method: put operationId: updateDefaultObjectAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/defaultObjectAcl/{entity} method: patch operationId: patchDefaultObjectAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/defaultObjectAcl/{entity} method: delete operationId: deleteDefaultObjectAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/o/{object}/acl method: get operationId: listObjectAccessControls x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/o/{object}/acl method: post operationId: insertObjectAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/o/{object}/acl/{entity} method: get operationId: getObjectAccessControl x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /b/{bucket}/o/{object}/acl/{entity} method: put operationId: updateObjectAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/o/{object}/acl/{entity} method: patch operationId: patchObjectAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /b/{bucket}/o/{object}/acl/{entity} method: delete operationId: deleteObjectAccessControl x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /channels/stop method: post operationId: stopChannel x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required