generated: '2026-07-15' method: generated source: openapi/hathora-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 36 by_action_class: acting: 17 connected: 19 by_consequence: write: 14 read: 19 physical: 1 safety-critical: 2 human_in_the_loop_required: 2 operations: - path: /auth/v1/{appId}/login/anonymous method: post operationId: LoginAnonymous x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /auth/v1/{appId}/login/nickname method: post operationId: LoginNickname x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /auth/v1/{appId}/login/google method: post operationId: LoginGoogle x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apps/v2/list method: get operationId: GetApps x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /apps/v2/create method: post operationId: CreateApp x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apps/v2/update/{appId} method: post operationId: UpdateApp x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /apps/v2/info/{appId} method: get operationId: GetApp x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /apps/v2/delete/{appId} method: delete operationId: DeleteApp x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /builds/v3/{appId}/list method: get operationId: GetBuilds x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /builds/v3/{appId}/create method: post operationId: CreateBuild x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /builds/v3/{appId}/run/{buildId} method: post operationId: RunBuild x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /builds/v3/{appId}/info/{buildId} method: get operationId: GetBuild x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /builds/v3/{appId}/delete/{buildId} method: delete operationId: DeleteBuild x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /deployments/v3/{appId}/list method: get operationId: GetDeployments x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /deployments/v3/{appId}/create/{buildId} method: post operationId: CreateDeployment x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /deployments/v3/{appId}/latest method: get operationId: GetLatestDeployment x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /deployments/v3/{appId}/info/{deploymentId} method: get operationId: GetDeployment x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /processes/v3/{appId}/list/latest method: get operationId: GetLatestProcesses x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /processes/v3/{appId}/create method: post operationId: CreateProcess x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /processes/v3/{appId}/info/{processId} method: get operationId: GetProcess x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /processes/v3/{appId}/stop/{processId} method: post operationId: StopProcess x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /rooms/v2/{appId}/create method: post operationId: CreateRoom x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /rooms/v2/{appId}/info/{roomId} method: get operationId: GetRoomInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /rooms/v2/{appId}/connectioninfo/{roomId} method: get operationId: GetConnectionInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /rooms/v2/{appId}/destroy/{roomId} method: post operationId: DestroyRoom x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /discovery/v2/ping method: get operationId: GetPingServiceEndpoints x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /logs/v1/{appId}/process/{processId} method: get operationId: GetLogsForProcess x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /logs/v1/{appId}/process/{processId}/download method: get operationId: DownloadLogForProcess x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /metrics/v1/{appId}/process/{processId} method: get operationId: GetMetrics x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /billing/v1/balance method: get operationId: GetBalance x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /billing/v1/invoices method: get operationId: GetInvoices x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /billing/v1/paymentmethod method: get operationId: GetPaymentMethod x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /billing/v1/customerportalurl method: post operationId: InitStripeCustomerPortalUrl x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /tokens/v1/{orgId}/list method: get operationId: GetOrgTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /tokens/v1/{orgId}/create method: post operationId: CreateOrgToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /tokens/v1/{orgId}/revoke/{orgTokenId} method: put operationId: RevokeOrgToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required