generated: '2026-07-15' method: generated source: openapi/infisical-infisical-api-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 1996 by_action_class: acting: 1172 connected: 824 by_consequence: write: 1122 read: 824 physical: 43 safety-critical: 7 human_in_the_loop_required: 7 operations: - path: /api/v1/organization/roles method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organization/roles method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organization/roles/{roleId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organization/roles/{roleId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organization/roles/{roleId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organization/roles/slug/{roleSlug} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/sub-organizations method: post operationId: createSubOrganization x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/sub-organizations method: get operationId: listSubOrganizations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/sub-organizations/{subOrgId} method: patch operationId: updateSubOrganization x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/sub-organizations/{subOrgId} method: delete operationId: deleteSubOrganization x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/sub-organizations/{subOrgId}/memberships method: post operationId: createSubOrganizationMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{workspaceId}/secret-snapshots method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/roles method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/roles method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/roles/{roleId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/roles/{roleId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/roles/slug/{roleSlug} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/secret-snapshots method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/dynamic-secrets method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/dynamic-secrets method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/dynamic-secrets/{name} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/dynamic-secrets/{name} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/dynamic-secrets/{name} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/dynamic-secrets/{name}/leases method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/dynamic-secrets/leases method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/dynamic-secrets/leases/{leaseId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/dynamic-secrets/leases/{leaseId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/dynamic-secrets/leases/{leaseId}/renew method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/dynamic-secrets/leases/kubernetes method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/relays method: get operationId: getRelays x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/acme/profiles/{profileId}/directory method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/acme/profiles/{profileId}/new-nonce method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/acme/profiles/{profileId}/new-account method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/acme/profiles/{profileId}/accounts/{accountId} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/acme/profiles/{profileId}/new-order method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/acme/profiles/{profileId}/orders/{orderId} method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/acme/profiles/{profileId}/orders/{orderId}/finalize method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/acme/profiles/{profileId}/accounts/{accountId}/orders method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/acme/profiles/{profileId}/orders/{orderId}/certificate method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/acme/profiles/{profileId}/authorizations/{authzId} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/acme/profiles/{profileId}/authorizations/{authzId}/challenges/{challengeId} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/acme/applications/{applicationId}/profiles/{profileId}/directory method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/acme/applications/{applicationId}/profiles/{profileId}/new-account method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/discovery-jobs/config method: get operationId: getPkiDiscoveryConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/discovery-jobs method: post operationId: createPkiDiscovery x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/discovery-jobs method: get operationId: listPkiDiscoveries x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/discovery-jobs/{discoveryId} method: get operationId: getPkiDiscovery x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/discovery-jobs/{discoveryId} method: patch operationId: updatePkiDiscovery x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/discovery-jobs/{discoveryId} method: delete operationId: deletePkiDiscovery x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/discovery-jobs/{discoveryId}/scan method: post operationId: triggerPkiDiscoveryScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/discovery-jobs/{discoveryId}/latest-scan method: get operationId: getPkiDiscoveryLatestScan x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/discovery-jobs/{discoveryId}/scans method: get operationId: listPkiDiscoveryScans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/installations method: get operationId: listPkiInstallations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/installations/{installationId} method: get operationId: getPkiInstallation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/installations/{installationId} method: patch operationId: updatePkiInstallation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/installations/{installationId} method: delete operationId: deletePkiInstallation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/ca method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/ca/{sshCaId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/ca/{sshCaId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/ca/{sshCaId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/ca/{sshCaId}/public-key method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/ca/{sshCaId}/certificate-templates method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/certificates/sign method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/certificates/issue method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/certificate-templates/{certificateTemplateId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/certificate-templates/{certificateTemplateId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/certificate-templates/{certificateTemplateId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/certificate-templates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/hosts method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/hosts method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/hosts/{sshHostId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/hosts/{sshHostId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/hosts/{sshHostId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/hosts/{sshHostId}/issue-user-cert method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/hosts/{sshHostId}/issue-host-cert method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/hosts/{sshHostId}/user-ca-public-key method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/hosts/{sshHostId}/host-ca-public-key method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/host-groups/{sshHostGroupId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/host-groups/{sshHostGroupId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/host-groups/{sshHostGroupId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/host-groups method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/host-groups/{sshHostGroupId}/hosts method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ssh/host-groups/{sshHostGroupId}/hosts/{hostId} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ssh/host-groups/{sshHostGroupId}/hosts/{hostId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/sso/config method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/sso/config method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/sso/config method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/sso/oidc/config method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/sso/oidc/config method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/sso/oidc/config method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ldap/config method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/ldap/config method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/ldap/config method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/groups method: post operationId: createGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/groups method: get operationId: listGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/groups/{id} method: get operationId: getGroupById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/groups/{id} method: patch operationId: updateGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/groups/{id} method: delete operationId: deleteGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/groups/{id}/users method: get operationId: listGroupUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/groups/{id}/machine-identities method: get operationId: listGroupMachineIdentities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/groups/{id}/members method: get operationId: listGroupMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/groups/{id}/projects method: get operationId: listGroupProjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/groups/{id}/users/{username} method: post operationId: addUserToGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/groups/{id}/users/{username} method: delete operationId: removeUserFromGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/groups/{id}/machine-identities/{machineIdentityId} method: post operationId: addMachineIdentityToGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/groups/{id}/machine-identities/{machineIdentityId} method: delete operationId: removeMachineIdentityFromGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/additional-privilege/identity/permanent method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/additional-privilege/identity/temporary method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/additional-privilege/identity method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/additional-privilege/identity method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/additional-privilege/identity method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/additional-privilege/identity/{privilegeSlug} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/identity-templates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/identity-templates method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/identity-templates/{templateId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/identity-templates/{templateId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/identity-templates/{templateId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/identity-templates/search method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/identity-templates/{templateId}/usage method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/identity-templates/{templateId}/delete-usage method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/project-templates method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/project-templates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/project-templates/{templateId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/project-templates/{templateId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/project-templates/{templateId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/token-auth/identities/{identityId} method: post operationId: attachTokenAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/token-auth/identities/{identityId} method: patch operationId: updateTokenAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/token-auth/identities/{identityId} method: get operationId: getTokenAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/token-auth/identities/{identityId} method: delete operationId: deleteTokenAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/token-auth/identities/{identityId}/tokens method: post operationId: createTokenAuthToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/token-auth/identities/{identityId}/tokens method: get operationId: getTokenAuthTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/token-auth/tokens/{tokenId} method: get operationId: getTokenAuthTokenById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/token-auth/tokens/{tokenId} method: patch operationId: updateTokenAuthToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/token-auth/tokens/{tokenId}/revoke method: post operationId: revokeTokenAuthToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/auth/universal-auth/login method: post operationId: loginWithUniversalAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/universal-auth/identities/{identityId} method: post operationId: attachUniversalAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/universal-auth/identities/{identityId} method: patch operationId: updateUniversalAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/universal-auth/identities/{identityId} method: get operationId: getUniversalAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/universal-auth/identities/{identityId} method: delete operationId: deleteUniversalAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/universal-auth/identities/{identityId}/client-secrets method: post operationId: createUniversalAuthClientSecret x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/universal-auth/identities/{identityId}/client-secrets method: get operationId: listUniversalAuthClientSecrets x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/universal-auth/identities/{identityId}/client-secrets/{clientSecretId} method: get operationId: getUniversalAuthClientSecret x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/universal-auth/identities/{identityId}/client-secrets/{clientSecretId}/revoke method: post operationId: revokeUniversalAuthClientSecret x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/auth/universal-auth/identities/{identityId}/clear-lockouts method: post operationId: clearUniversalAuthLockouts x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/kubernetes-auth/login method: post operationId: loginWithKubernetesAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/kubernetes-auth/identities/{identityId} method: post operationId: attachKubernetesAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/kubernetes-auth/identities/{identityId} method: patch operationId: updateKubernetesAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/kubernetes-auth/identities/{identityId} method: get operationId: getKubernetesAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/kubernetes-auth/identities/{identityId} method: delete operationId: deleteKubernetesAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/gcp-auth/login method: post operationId: loginWithGcpAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/gcp-auth/identities/{identityId} method: post operationId: attachGcpAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/gcp-auth/identities/{identityId} method: patch operationId: updateGcpAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/gcp-auth/identities/{identityId} method: get operationId: getGcpAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/gcp-auth/identities/{identityId} method: delete operationId: deleteGcpAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/token/renew method: post operationId: renewIdentityAccessToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/token/revoke method: post operationId: revokeIdentityAccessToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/auth/alicloud-auth/login method: post operationId: loginWithAlicloudAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/alicloud-auth/identities/{identityId} method: post operationId: attachAlicloudAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/alicloud-auth/identities/{identityId} method: patch operationId: updateAlicloudAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/alicloud-auth/identities/{identityId} method: get operationId: getAlicloudAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/alicloud-auth/identities/{identityId} method: delete operationId: deleteAlicloudAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/aws-auth/login method: post operationId: loginWithAwsAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/aws-auth/identities/{identityId} method: post operationId: attachAwsAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/aws-auth/identities/{identityId} method: patch operationId: updateAwsAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/aws-auth/identities/{identityId} method: get operationId: getAwsAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/aws-auth/identities/{identityId} method: delete operationId: deleteAwsAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/tls-cert-auth/login method: post operationId: loginWithTlsCertAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/tls-cert-auth/identities/{identityId} method: post operationId: attachTlsCertAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/tls-cert-auth/identities/{identityId} method: patch operationId: updateTlsCertAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/tls-cert-auth/identities/{identityId} method: get operationId: getTlsCertAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/tls-cert-auth/identities/{identityId} method: delete operationId: deleteTlsCertAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/azure-auth/login method: post operationId: loginWithAzureAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/azure-auth/identities/{identityId} method: post operationId: attachAzureAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/azure-auth/identities/{identityId} method: patch operationId: updateAzureAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/azure-auth/identities/{identityId} method: get operationId: getAzureAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/azure-auth/identities/{identityId} method: delete operationId: deleteAzureAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/oci-auth/login method: post operationId: loginWithOciAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/oci-auth/identities/{identityId} method: post operationId: attachOciAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/oci-auth/identities/{identityId} method: patch operationId: updateOciAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/oci-auth/identities/{identityId} method: get operationId: getOciAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/oci-auth/identities/{identityId} method: delete operationId: deleteOciAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/oidc-auth/login method: post operationId: loginWithOidcAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/oidc-auth/identities/{identityId} method: post operationId: attachOidcAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/oidc-auth/identities/{identityId} method: patch operationId: updateOidcAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/oidc-auth/identities/{identityId} method: get operationId: getOidcAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/oidc-auth/identities/{identityId} method: delete operationId: deleteOidcAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/jwt-auth/login method: post operationId: loginWithJwtAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/jwt-auth/identities/{identityId} method: post operationId: attachJwtAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/jwt-auth/identities/{identityId} method: patch operationId: updateJwtAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/jwt-auth/identities/{identityId} method: get operationId: getJwtAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/jwt-auth/identities/{identityId} method: delete operationId: deleteJwtAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/spiffe-auth/login method: post operationId: loginWithSpiffeAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/spiffe-auth/identities/{identityId} method: post operationId: attachSpiffeAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/spiffe-auth/identities/{identityId} method: patch operationId: updateSpiffeAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/spiffe-auth/identities/{identityId} method: get operationId: getSpiffeAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/spiffe-auth/identities/{identityId} method: delete operationId: deleteSpiffeAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/spiffe-auth/identities/{identityId}/refresh-bundle method: post operationId: refreshSpiffeBundle x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/ldap-auth/login method: post operationId: loginWithLdapAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/ldap-auth/identities/{identityId} method: post operationId: attachLdapAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/ldap-auth/identities/{identityId} method: patch operationId: updateLdapAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/ldap-auth/identities/{identityId} method: get operationId: getLdapAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/auth/ldap-auth/identities/{identityId} method: delete operationId: deleteLdapAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/auth/ldap-auth/identities/{identityId}/clear-lockouts method: post operationId: clearLdapAuthLockouts x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organization/audit-logs method: get operationId: listOrganizationAuditLogs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organization/available-identities method: get operationId: listAvailableOrganizationIdentities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organization/available-groups method: get operationId: listAvailableOrganizationGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/memberships/groups method: get operationId: listOrganizationGroupMemberships x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/memberships/groups/{groupId} method: post operationId: createOrganizationGroupMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/memberships/groups/{groupId} method: get operationId: getOrganizationGroupMembership x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/memberships/groups/{groupId} method: patch operationId: updateOrganizationGroupMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/memberships/groups/{groupId} method: delete operationId: deleteOrganizationGroupMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/admin/bootstrap method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-imports method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-imports method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-imports/{secretImportId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-imports/{secretImportId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-imports/{secretImportId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-imports/secrets/raw method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/folders method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/folders method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/folders/{folderId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/folders/batch method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/folders/{folderIdOrName} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/folders/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/workspace/{workspaceId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/workspace/{workspaceId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{workspaceId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{workspaceId}/integrations method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/workspace/{workspaceId}/authorizations method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/workspace/{workspaceId}/environments/{envId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/workspace/environments/{envId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/workspace/{workspaceId}/environments method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{workspaceId}/environments/{id} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{workspaceId}/environments/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{workspaceId}/memberships method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/workspace/{workspaceId}/memberships/details method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{workspaceId}/memberships/{membershipId} method: patch x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{projectId}/tags method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/workspace/{projectId}/tags method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{projectId}/tags/{tagId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/workspace/{projectId}/tags/{tagId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{projectId}/tags/{tagId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/workspace/{projectId}/tags/slug/{tagSlug} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects method: post operationId: createProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects method: get operationId: listProjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId} method: get operationId: getProjectById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId} method: delete operationId: deleteProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId} method: patch operationId: updateProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/slug/{slug} method: get operationId: getProjectBySlug x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/integrations method: get operationId: listProjectIntegrations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/authorizations method: get operationId: listProjectIntegrationAuthorizations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/cas method: get operationId: listProjectCertificateAuthorities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/certificates/search method: post operationId: searchProjectCertificates x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/pki-alerts method: get operationId: listProjectPkiAlerts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/pki-collections method: get operationId: listProjectPkiCollections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/pki-subscribers method: get operationId: listProjectPkiSubscribers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/certificate-templates method: get operationId: listProjectCertificateTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/ssh-certificate-templates method: get operationId: listProjectSshCertificateTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/ssh-cas method: get operationId: listProjectSshCertificateAuthorities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/ssh-hosts method: get operationId: listProjectSshHosts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/ssh-host-groups method: get operationId: listProjectSshHostGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/memberships method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/memberships method: post operationId: inviteProjectMembers x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/memberships method: delete operationId: removeProjectMembers x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/memberships/details method: post operationId: getProjectMembershipByUsername x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/memberships/{membershipId} method: patch operationId: updateProjectMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/identities method: post operationId: createProjectMachineIdentity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/identities method: get operationId: listProjectMachineIdentities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/identities/{identityId} method: patch operationId: updateProjectMachineIdentity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/identities/{identityId} method: delete operationId: deleteProjectMachineIdentity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/identities/{identityId} method: get operationId: getProjectMachineIdentityById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/environments/{envId} method: get operationId: getEnvironmentById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/environments method: post operationId: createEnvironment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/environments/{id} method: patch operationId: updateEnvironment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/environments/{id} method: delete operationId: deleteEnvironment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/environments/{id}/restore method: post operationId: restoreEnvironment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/tags method: get operationId: listSecretTags x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/tags method: post operationId: createSecretTag x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/tags/{tagId} method: get operationId: getSecretTagById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/tags/{tagId} method: patch operationId: updateSecretTag x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/tags/{tagId} method: delete operationId: deleteSecretTag x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/tags/slug/{tagSlug} method: get operationId: getSecretTagBySlug x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/secret-validation-rules method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/secret-validation-rules method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/secret-validation-rules/{ruleId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/secret-validation-rules/{ruleId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/groups/{groupIdOrName} method: post operationId: addGroupToProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/groups/{groupId} method: patch operationId: updateProjectGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/groups/{groupId} method: delete operationId: removeGroupFromProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/groups/{groupId} method: get operationId: getProjectGroup x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/groups method: get operationId: listProjectGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/identity-memberships/{identityId} method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/identity-memberships/{identityId} method: patch x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/identity-memberships/{identityId} method: delete x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/identity-memberships/{identityId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/identity-memberships method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/identity-memberships/{identityMembershipId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/memberships/identities/{identityId} method: post operationId: createProjectIdentityMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/memberships/identities/{identityId} method: patch operationId: updateProjectIdentityMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/memberships/identities/{identityId} method: delete operationId: deleteProjectIdentityMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/memberships/identities/{identityId} method: get operationId: getProjectIdentityMembershipById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/memberships/identities method: get operationId: listProjectIdentityMemberships x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/memberships/available-identities method: get operationId: listAvailableProjectIdentities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/memberships/groups method: get operationId: listProjectGroupMemberships x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/memberships/groups/{groupId} method: post operationId: createProjectGroupMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/memberships/groups/{groupId} method: get operationId: getProjectGroupMembership x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/projects/{projectId}/memberships/groups/{groupId} method: patch operationId: updateProjectGroupMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/projects/{projectId}/memberships/groups/{groupId} method: delete operationId: removeProjectGroupMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal method: get operationId: listInternalCertificateAuthoritiesV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal method: post operationId: createInternalCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{id} method: get operationId: getInternalCertificateAuthorityV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal/{id} method: patch operationId: updateInternalCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{id} method: delete operationId: deleteInternalCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{caId}/csr method: get operationId: getCaCsr x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal/{caId}/renew method: post operationId: renewCaCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{caId}/certificate method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{caId}/certificate method: get operationId: getCaCertificate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal/{caId}/ca-certificates method: get operationId: getCaCertificates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal/{caId}/certificate/{certId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal/{caId}/sign-intermediate method: post operationId: signIntermediateCa x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{caId}/import-certificate method: post operationId: importCaCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{caId}/crls method: get operationId: getCaCrls x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal/{caId}/certificates/{caCertId}/der method: get operationId: getCaCertificateDer x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal/{caId}/install-certificate-venafi method: post operationId: installCaCertificateVenafi x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{caId}/install-certificate-adcs method: post operationId: installCaCertificateAdcs x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{caId}/signing-config method: post operationId: createCaSigningConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{caId}/signing-config method: get operationId: getCaSigningConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal/{caId}/signing-config method: patch operationId: updateCaSigningConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/internal/{caId}/auto-renewal method: get operationId: getCaAutoRenewalConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/internal/{caId}/auto-renewal method: patch operationId: updateCaAutoRenewalConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/acme method: get operationId: listAcmeCertificateAuthoritiesV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/acme method: post operationId: createAcmeCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/acme/{id} method: get operationId: getAcmeCertificateAuthorityV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/acme/{id} method: patch operationId: updateAcmeCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/acme/{id} method: delete operationId: deleteAcmeCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/azure-ad-cs method: get operationId: listAzureAdCsCertificateAuthoritiesV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/azure-ad-cs method: post operationId: createAzureAdCsCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/azure-ad-cs/{id} method: get operationId: getAzureAdCsCertificateAuthorityV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/azure-ad-cs/{id} method: patch operationId: updateAzureAdCsCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/azure-ad-cs/{id} method: delete operationId: deleteAzureAdCsCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/azure-ad-cs/{caId}/templates method: get operationId: getAzureAdcsTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/aws-pca method: get operationId: listAwsPcaCertificateAuthoritiesV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/aws-pca method: post operationId: createAwsPcaCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/aws-pca/{id} method: get operationId: getAwsPcaCertificateAuthorityV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/aws-pca/{id} method: patch operationId: updateAwsPcaCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/aws-pca/{id} method: delete operationId: deleteAwsPcaCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/digicert method: get operationId: listDigicertCertificateAuthoritiesV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/digicert method: post operationId: createDigicertCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/digicert/{id} method: get operationId: getDigicertCertificateAuthorityV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/digicert/{id} method: patch operationId: updateDigicertCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/digicert/{id} method: delete operationId: deleteDigicertCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/godaddy method: get operationId: listGodaddyCertificateAuthoritiesV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/godaddy method: post operationId: createGodaddyCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/godaddy/{id} method: get operationId: getGodaddyCertificateAuthorityV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/godaddy/{id} method: patch operationId: updateGodaddyCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/godaddy/{id} method: delete operationId: deleteGodaddyCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/aws-acm-public-ca method: get operationId: listAwsAcmPublicCaCertificateAuthoritiesV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/aws-acm-public-ca method: post operationId: createAwsAcmPublicCaCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/aws-acm-public-ca/{id} method: get operationId: getAwsAcmPublicCaCertificateAuthorityV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/aws-acm-public-ca/{id} method: patch operationId: updateAwsAcmPublicCaCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/aws-acm-public-ca/{id} method: delete operationId: deleteAwsAcmPublicCaCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/venafi-tpp method: get operationId: listVenafiTppCertificateAuthoritiesV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/venafi-tpp method: post operationId: createVenafiTppCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/venafi-tpp/{id} method: get operationId: getVenafiTppCertificateAuthorityV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/ca/venafi-tpp/{id} method: patch operationId: updateVenafiTppCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca/venafi-tpp/{id} method: delete operationId: deleteVenafiTppCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/ca method: get operationId: listCertificateAuthoritiesV1General x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificates method: post operationId: createCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/certificate-requests/{requestId} method: get operationId: getCertificateRequest x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificates/certificate-requests/{requestId}/trigger-validation method: post operationId: triggerCertificateRequestValidation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/certificate-requests/search method: post operationId: searchCertificateRequests x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/certificate-requests/{requestId}/cancel method: post operationId: cancelCertificateRequest x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/{id}/renew method: post operationId: renewCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/{id}/config method: patch operationId: updateCertificateRenewalConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/{id} method: get operationId: getCertificate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificates/{id} method: patch operationId: updateCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/{id} method: delete operationId: deleteCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/{id}/private-key method: get operationId: getCertificatePrivateKey x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificates/{id}/bundle method: get operationId: getCertificateBundle x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificates/import-certificate method: post operationId: importCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/{id}/revoke method: post operationId: revokeCertificate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/cert-manager/certificates/{id}/application method: post operationId: assignCertificateToApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificates/{id}/certificate method: get operationId: getCertificateBody x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificate-policies method: post operationId: createCertificatePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificate-policies method: get operationId: listCertificatePolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificate-policies/{id} method: get operationId: getCertificatePolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificate-policies/{id} method: patch operationId: updateCertificatePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificate-policies/{id} method: delete operationId: deleteCertificatePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificate-profiles method: post operationId: createCertificateProfile x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificate-profiles method: get operationId: listCertificateProfiles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificate-profiles/{id} method: get operationId: getCertificateProfile x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificate-profiles/{id} method: patch operationId: updateCertificateProfile x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificate-profiles/{id} method: delete operationId: deleteCertificateProfile x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificate-profiles/slug/{slug} method: get operationId: getCertificateProfileBySlug x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificate-profiles/{id}/certificates method: get operationId: listCertificateProfileCertificates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificate-profiles/{id}/certificates/latest-active-bundle method: get operationId: getCertificateProfileLatestActiveBundle x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificate-profiles/{id}/acme/eab-secret/reveal method: get operationId: revealCertificateProfileAcmeEabSecret x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/alerts method: post operationId: createPkiAlertV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/alerts method: get operationId: listPkiAlertsV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/alerts/{alertId} method: get operationId: getPkiAlertV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/alerts/{alertId} method: patch operationId: updatePkiAlertV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/alerts/{alertId} method: delete operationId: deletePkiAlertV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/alerts/{alertId}/certificates method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/alerts/preview/certificates method: post operationId: previewPkiAlertCertificatesV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications method: post operationId: createPkiApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications method: get operationId: listPkiApplications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId} method: get operationId: getPkiApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId} method: patch operationId: updatePkiApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId} method: delete operationId: deletePkiApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/by-name/{name} method: get operationId: getPkiApplicationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId}/permissions method: get operationId: getPkiApplicationPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId}/profiles method: get operationId: listPkiApplicationProfiles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId}/profiles method: post operationId: attachPkiApplicationProfiles x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId} method: delete operationId: detachPkiApplicationProfile x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/users method: get operationId: listPkiApplicationUserMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId}/users method: post operationId: addPkiApplicationUserMembers x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/users/{userId} method: patch operationId: updatePkiApplicationUserMemberRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/users/{userId} method: delete operationId: removePkiApplicationUserMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/identities method: get operationId: listPkiApplicationIdentityMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId}/identities/{identityId} method: post operationId: addPkiApplicationIdentityMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/identities/{identityId} method: patch operationId: updatePkiApplicationIdentityMemberRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/identities/{identityId} method: delete operationId: removePkiApplicationIdentityMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/groups method: get operationId: listPkiApplicationGroupMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId}/groups/{groupId} method: post operationId: addPkiApplicationGroupMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/groups/{groupId} method: patch operationId: updatePkiApplicationGroupMemberRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/groups/{groupId} method: delete operationId: removePkiApplicationGroupMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment method: get operationId: getPkiApplicationEnrollment x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/api method: put operationId: setPkiApplicationApiEnrollment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/api method: delete operationId: clearPkiApplicationApiEnrollment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/est method: put operationId: setPkiApplicationEstEnrollment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/est method: delete operationId: clearPkiApplicationEstEnrollment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/acme method: put operationId: setPkiApplicationAcmeEnrollment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/acme method: delete operationId: clearPkiApplicationAcmeEnrollment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/acme/eab/reveal method: post operationId: revealPkiApplicationAcmeEabSecret x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/acme/eab/rotate method: post operationId: rotatePkiApplicationAcmeEabSecret x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/scep method: put operationId: setPkiApplicationScepEnrollment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/profiles/{profileId}/enrollment/scep method: delete operationId: clearPkiApplicationScepEnrollment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/alerts method: get operationId: listPkiApplicationAlerts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/applications/{applicationId}/alerts method: post operationId: createPkiApplicationAlert x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/alerts/{alertId} method: patch operationId: updatePkiApplicationAlert x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/applications/{applicationId}/alerts/{alertId} method: delete operationId: deletePkiApplicationAlert x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers method: post operationId: createSigner x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers method: get operationId: listSigners x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId} method: get operationId: getSignerById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId} method: patch operationId: updateSigner x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId} method: delete operationId: deleteSigner x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/permissions method: get operationId: getSignerPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/status method: patch operationId: updateSignerStatus x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/sign method: post operationId: signData x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/public-key method: get operationId: getSignerPublicKey x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/certificate/reissue method: post operationId: reissueSignerCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/certificate method: get operationId: exportSignerCertificate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/approval-policy method: get operationId: getSignerApprovalPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/approval-policy method: put operationId: updateSignerApprovalPolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/requests method: get operationId: listSignerRequests x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/requests method: post operationId: requestToSign x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/requests/pre-approve method: post operationId: preApproveSigning x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/requests/{requestId}/revoke method: post operationId: revokeSignerRequest x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/cert-manager/signers/{signerId}/operations method: get operationId: listSigningOperations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/users method: get operationId: listSignerUserMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/users method: post operationId: addSignerUserMembers x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/users/{userId} method: patch operationId: updateSignerUserRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/users/{userId} method: delete operationId: removeSignerUserMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/effective-users method: get operationId: listSignerEffectiveUserMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/identities method: get operationId: listSignerIdentityMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/identities method: post operationId: addSignerIdentityMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/identities/{identityId} method: patch operationId: updateSignerIdentityRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/identities/{identityId} method: delete operationId: removeSignerIdentityMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/effective-identities method: get operationId: listSignerEffectiveIdentityMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/groups method: get operationId: listSignerGroupMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/signers/{signerId}/groups method: post operationId: addSignerGroupMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/groups/{groupId} method: patch operationId: updateSignerGroupRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/signers/{signerId}/groups/{groupId} method: delete operationId: removeSignerGroupMember x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/certificate-cleanup method: get operationId: getCertificateCleanupConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/certificate-cleanup method: put operationId: updateCertificateCleanupConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/access/users method: get operationId: listCertManagerUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/access/users method: post operationId: inviteCertManagerUsers x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/options method: get operationId: listPkiSyncOptions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs method: get operationId: listPkiSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/{pkiSyncId} method: get operationId: getPkiSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/{pkiSyncId}/certificates method: get operationId: listPkiSyncCertificates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/{pkiSyncId}/certificates method: post operationId: addCertificatesToPkiSync x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/cert-manager/syncs/{pkiSyncId}/certificates method: delete operationId: removeCertificatesFromPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/azure-key-vault method: get operationId: listAzureKeyVaultPkiSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/azure-key-vault method: post operationId: createAzureKeyVaultPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/azure-key-vault/{pkiSyncId} method: get operationId: getAzureKeyVaultPkiSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/azure-key-vault/{pkiSyncId} method: patch operationId: updateAzureKeyVaultPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/azure-key-vault/{pkiSyncId} method: delete operationId: deleteAzureKeyVaultPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/azure-key-vault/{pkiSyncId}/sync method: post operationId: syncAzureKeyVaultPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/azure-key-vault/{pkiSyncId}/remove-certificates method: post operationId: removeAzureKeyVaultPkiSyncCertificates x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-certificate-manager method: get operationId: listAwsCertificateManagerPkiSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/aws-certificate-manager method: post operationId: createAwsCertificateManagerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-certificate-manager/{pkiSyncId} method: get operationId: getAwsCertificateManagerPkiSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/aws-certificate-manager/{pkiSyncId} method: patch operationId: updateAwsCertificateManagerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-certificate-manager/{pkiSyncId} method: delete operationId: deleteAwsCertificateManagerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-certificate-manager/{pkiSyncId}/sync method: post operationId: syncAwsCertificateManagerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-certificate-manager/{pkiSyncId}/remove-certificates method: post operationId: removeAwsCertificateManagerPkiSyncCertificates x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-secrets-manager method: get operationId: listAwsSecretsManagerPkiSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/aws-secrets-manager method: post operationId: createAwsSecretsManagerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-secrets-manager/{pkiSyncId} method: get operationId: getAwsSecretsManagerPkiSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/aws-secrets-manager/{pkiSyncId} method: patch operationId: updateAwsSecretsManagerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-secrets-manager/{pkiSyncId} method: delete operationId: deleteAwsSecretsManagerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-secrets-manager/{pkiSyncId}/sync method: post operationId: syncAwsSecretsManagerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-secrets-manager/{pkiSyncId}/remove-certificates method: post operationId: removeAwsSecretsManagerPkiSyncCertificates x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer method: get operationId: listAwsElasticLoadBalancerPkiSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer method: post operationId: createAwsElasticLoadBalancerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer/{pkiSyncId} method: get operationId: getAwsElasticLoadBalancerPkiSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer/{pkiSyncId} method: patch operationId: updateAwsElasticLoadBalancerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer/{pkiSyncId} method: delete operationId: deleteAwsElasticLoadBalancerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer/{pkiSyncId}/sync method: post operationId: syncAwsElasticLoadBalancerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer/{pkiSyncId}/remove-certificates method: post operationId: removeAwsElasticLoadBalancerPkiSyncCertificates x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer/load-balancers method: get operationId: listAwsElasticLoadBalancers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer/listeners method: get operationId: listAwsElasticLoadBalancerListeners x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer/{pkiSyncId}/certificates/default method: post operationId: setAwsElbCertificateAsDefault x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/aws-elastic-load-balancer/{pkiSyncId}/certificates/default method: delete operationId: clearAwsElbDefaultCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/chef method: get operationId: listChefPkiSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/chef method: post operationId: createChefPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/chef/{pkiSyncId} method: get operationId: getChefPkiSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/chef/{pkiSyncId} method: patch operationId: updateChefPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/chef/{pkiSyncId} method: delete operationId: deleteChefPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/chef/{pkiSyncId}/sync method: post operationId: syncChefPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/chef/{pkiSyncId}/remove-certificates method: post operationId: removeChefPkiSyncCertificates x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/cloudflare-custom-certificate method: get operationId: listCloudflareCustomCertificatePkiSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/cloudflare-custom-certificate method: post operationId: createCloudflareCustomCertificatePkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/cloudflare-custom-certificate/{pkiSyncId} method: get operationId: getCloudflareCustomCertificatePkiSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/cloudflare-custom-certificate/{pkiSyncId} method: patch operationId: updateCloudflareCustomCertificatePkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/cloudflare-custom-certificate/{pkiSyncId} method: delete operationId: deleteCloudflareCustomCertificatePkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/cloudflare-custom-certificate/{pkiSyncId}/sync method: post operationId: syncCloudflareCustomCertificatePkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/cloudflare-custom-certificate/{pkiSyncId}/remove-certificates method: post operationId: removeCloudflareCustomCertificatePkiSyncCertificates x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/netscaler method: get operationId: listNetscalerPkiSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/netscaler method: post operationId: createNetscalerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/netscaler/{pkiSyncId} method: get operationId: getNetscalerPkiSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/netscaler/{pkiSyncId} method: patch operationId: updateNetscalerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/netscaler/{pkiSyncId} method: delete operationId: deleteNetscalerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/netscaler/{pkiSyncId}/sync method: post operationId: syncNetscalerPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/netscaler/{pkiSyncId}/remove-certificates method: post operationId: removeNetscalerPkiSyncCertificates x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/f5-big-ip method: get operationId: listF5BigIpPkiSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/f5-big-ip method: post operationId: createF5BigIpPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/f5-big-ip/{pkiSyncId} method: get operationId: getF5BigIpPkiSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/cert-manager/syncs/f5-big-ip/{pkiSyncId} method: patch operationId: updateF5BigIpPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/f5-big-ip/{pkiSyncId} method: delete operationId: deleteF5BigIpPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/f5-big-ip/{pkiSyncId}/sync method: post operationId: syncF5BigIpPkiSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/cert-manager/syncs/f5-big-ip/{pkiSyncId}/remove-certificates method: post operationId: removeF5BigIpPkiSyncCertificates x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca method: post operationId: createCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/{caId} method: get operationId: getCertificateAuthorityV1 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/{caId} method: patch operationId: updateCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/{caId} method: delete operationId: deleteCertificateAuthorityV1 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/{caId}/certificates/{caCertId}/der method: get operationId: getCertificateAuthorityDerCertificate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/{caId}/csr method: get operationId: getCertificateAuthorityCsr x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/{caId}/renew method: post operationId: renewCertificateAuthority x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/{caId}/ca-certificates method: get operationId: listCertificateAuthorityCertificates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/{caId}/certificate method: get operationId: getCertificateAuthorityCertificate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/{caId}/sign-intermediate method: post operationId: signIntermediateCertificateAuthority x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/{caId}/import-certificate method: post operationId: importCertificateAuthorityCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/internal method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/internal method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/internal/{caName} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/internal/{caName} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/internal/{caName} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/acme method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/acme method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/acme/{caName} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/acme/{caName} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/acme/{caName} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/azure-ad-cs method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/azure-ad-cs method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/azure-ad-cs/{caName} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/ca/azure-ad-cs/{caName} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/azure-ad-cs/{caName} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/ca/azure-ad-cs/{caId}/templates method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificates/{serialNumber} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificates/{serialNumber} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificates/{serialNumber}/private-key method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificates/{serialNumber}/bundle method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificates/issue-certificate method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificates/import-certificate method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificates/sign-certificate method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificates/{serialNumber}/revoke method: post x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/pki/certificates/{serialNumber}/certificate method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificate-templates/{certificateTemplateId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificate-templates/{certificateTemplateId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificate-templates/{certificateTemplateId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificate-templates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificate-templates/{certificateTemplateId}/est-config method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificate-templates/{certificateTemplateId}/est-config method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificate-templates/{certificateTemplateId}/est-config method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificate-profiles method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificate-profiles method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificate-profiles/{id} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificate-profiles/{id} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificate-profiles/{id} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/certificate-profiles/slug/{slug} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificate-profiles/{id}/certificates method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificate-profiles/{id}/certificates/latest-active-bundle method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/certificate-profiles/{id}/acme/eab-secret/reveal method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/collections method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/collections/{collectionId} method: get operationId: getPkiCollection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/collections/{collectionId} method: patch operationId: updatePkiCollection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/collections/{collectionId} method: delete operationId: deletePkiCollection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/collections/{collectionId}/items method: get operationId: listPkiCollectionItems x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/collections/{collectionId}/items method: post operationId: addItemToPkiCollection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/collections/{collectionId}/items/{collectionItemId} method: delete operationId: removeItemFromPkiCollection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/subscribers/{subscriberName} method: get operationId: getPkiSubscriber x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/subscribers/{subscriberName} method: patch operationId: updatePkiSubscriber x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/subscribers/{subscriberName} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/subscribers method: post operationId: createPkiSubscriber x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/subscribers/{subscriberName}/order-certificate method: post operationId: orderPkiSubscriberCertificate x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/subscribers/{subscriberName}/issue-certificate method: post operationId: issuePkiSubscriberCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/subscribers/{subscriberName}/sign-certificate method: post operationId: signPkiSubscriberCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/subscribers/{subscriberName}/latest-certificate-bundle method: get operationId: getPkiSubscriberLatestCertificateBundle x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/subscribers/{subscriberName}/certificates method: get operationId: listPkiSubscriberCertificates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/options method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/{pkiSyncId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/{pkiSyncId}/certificates method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/{pkiSyncId}/certificates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/{pkiSyncId}/certificates method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/azure-key-vault method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/azure-key-vault method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/azure-key-vault/{pkiSyncId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/azure-key-vault/{pkiSyncId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/azure-key-vault/{pkiSyncId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/azure-key-vault/{pkiSyncId}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/azure-key-vault/{pkiSyncId}/remove-certificates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-certificate-manager method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/aws-certificate-manager method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-certificate-manager/{pkiSyncId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/aws-certificate-manager/{pkiSyncId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-certificate-manager/{pkiSyncId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-certificate-manager/{pkiSyncId}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-certificate-manager/{pkiSyncId}/remove-certificates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-secrets-manager method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/aws-secrets-manager method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId}/remove-certificates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-elastic-load-balancer method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/aws-elastic-load-balancer method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-elastic-load-balancer/{pkiSyncId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/aws-elastic-load-balancer/{pkiSyncId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-elastic-load-balancer/{pkiSyncId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-elastic-load-balancer/{pkiSyncId}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-elastic-load-balancer/{pkiSyncId}/remove-certificates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-elastic-load-balancer/load-balancers method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/aws-elastic-load-balancer/listeners method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/aws-elastic-load-balancer/{pkiSyncId}/certificates/default method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/aws-elastic-load-balancer/{pkiSyncId}/certificates/default method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/chef method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/chef method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/chef/{pkiSyncId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/chef/{pkiSyncId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/chef/{pkiSyncId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/chef/{pkiSyncId}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/chef/{pkiSyncId}/remove-certificates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/cloudflare-custom-certificate method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/cloudflare-custom-certificate method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/cloudflare-custom-certificate/{pkiSyncId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/cloudflare-custom-certificate/{pkiSyncId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/cloudflare-custom-certificate/{pkiSyncId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/cloudflare-custom-certificate/{pkiSyncId}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/cloudflare-custom-certificate/{pkiSyncId}/remove-certificates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/netscaler method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/netscaler method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/netscaler/{pkiSyncId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/netscaler/{pkiSyncId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/netscaler/{pkiSyncId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/netscaler/{pkiSyncId}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/netscaler/{pkiSyncId}/remove-certificates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/f5-big-ip method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/f5-big-ip method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/f5-big-ip/{pkiSyncId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/pki/syncs/f5-big-ip/{pkiSyncId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/f5-big-ip/{pkiSyncId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/f5-big-ip/{pkiSyncId}/sync method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/pki/syncs/f5-big-ip/{pkiSyncId}/remove-certificates method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/integration method: post operationId: createIntegration x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/integration/{integrationId} method: patch operationId: updateIntegration x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/integration/{integrationId} method: get operationId: getIntegration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/integration/{integrationId} method: delete operationId: deleteIntegration x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/integration/{integrationId}/sync method: post operationId: syncIntegration x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/integration-auth/integration-options method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/integration-auth/{integrationAuthId} method: get operationId: getIntegrationAuth x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/integration-auth/{integrationAuthId} method: patch operationId: updateIntegrationAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/integration-auth/{integrationAuthId} method: delete operationId: deleteIntegrationAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/integration-auth method: delete operationId: deleteIntegrationAuths x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/integration-auth/access-token method: post operationId: createIntegrationAuth x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/identities method: post operationId: createMachineIdentity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/identities method: get operationId: listMachineIdentities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/identities/{identityId} method: patch operationId: updateMachineIdentity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/identities/{identityId} method: delete operationId: deleteMachineIdentity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/identities/{identityId} method: get operationId: getMachineIdentityById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/identities/search method: post operationId: searchMachineIdentities x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/shared-secrets method: get operationId: listSharedSecrets x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/shared-secrets method: post operationId: createSharedSecret x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/shared-secrets/{id} method: get operationId: getSharedSecretById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/shared-secrets/{id} method: delete operationId: deleteSharedSecret x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/shared-secrets/{id}/access method: post operationId: accessSharedSecret x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/kms/keys method: post operationId: createKmsKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/kms/keys method: get operationId: listKmsKeys x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/kms/keys/{keyId} method: patch operationId: updateKmsKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/kms/keys/{keyId} method: delete operationId: deleteKmsKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/kms/keys/{keyId} method: get operationId: getKmsKeyById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/kms/keys/key-name/{keyName} method: get operationId: getKmsKeyByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/kms/keys/{keyId}/encrypt method: post operationId: encryptWithKmsKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/kms/keys/{keyId}/public-key method: get operationId: getKmsKeyPublicKey x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/kms/keys/{keyId}/private-key method: get operationId: getKmsKeyPrivateKey x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/kms/keys/bulk-import method: post operationId: bulkImportKmsKeys x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/kms/keys/bulk-export-private-keys method: post operationId: bulkExportKmsKeyPrivateKeys x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/kms/keys/{keyId}/signing-algorithms method: get operationId: listKmsKeySigningAlgorithms x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/kms/keys/{keyId}/sign method: post operationId: signWithKmsKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/kms/keys/{keyId}/verify method: post operationId: verifyWithKmsKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/kms/keys/{keyId}/decrypt method: post operationId: decryptWithKmsKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/scim/group-org-role-mappings method: get operationId: listExternalGroupOrgRoleMappings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/scim/group-org-role-mappings method: put operationId: updateExternalGroupOrgRoleMappings x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/options method: get operationId: listAppConnectionOptions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections method: get operationId: listAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/aws method: get operationId: listAwsAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/aws method: post operationId: createAwsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/aws/available method: get operationId: listAwsAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/aws/{connectionId} method: get operationId: getAwsAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/aws/{connectionId} method: patch operationId: updateAwsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/aws/{connectionId} method: delete operationId: deleteAwsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/aws/connection-name/{connectionName} method: get operationId: getAwsAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/aws/{connectionId}/rotate-credentials method: post operationId: rotateAwsAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/github method: get operationId: listGitHubAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/github method: post operationId: createGitHubAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/github/available method: get operationId: listGitHubAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/github/{connectionId} method: get operationId: getGitHubAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/github/{connectionId} method: patch operationId: updateGitHubAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/github/{connectionId} method: delete operationId: deleteGitHubAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/github/connection-name/{connectionName} method: get operationId: getGitHubAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/github/{connectionId}/rotate-credentials method: post operationId: rotateGitHubAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/github-radar method: get operationId: listGitHubRadarAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/github-radar method: post operationId: createGitHubRadarAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/github-radar/available method: get operationId: listGitHubRadarAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/github-radar/{connectionId} method: get operationId: getGitHubRadarAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/github-radar/{connectionId} method: patch operationId: updateGitHubRadarAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/github-radar/{connectionId} method: delete operationId: deleteGitHubRadarAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/github-radar/connection-name/{connectionName} method: get operationId: getGitHubRadarAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/github-radar/{connectionId}/rotate-credentials method: post operationId: rotateGitHubRadarAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/gcp method: get operationId: listGcpAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/gcp method: post operationId: createGcpAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/gcp/available method: get operationId: listGcpAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/gcp/{connectionId} method: get operationId: getGcpAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/gcp/{connectionId} method: patch operationId: updateGcpAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/gcp/{connectionId} method: delete operationId: deleteGcpAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/gcp/connection-name/{connectionName} method: get operationId: getGcpAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/gcp/{connectionId}/rotate-credentials method: post operationId: rotateGcpAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-key-vault method: get operationId: listAzureKeyVaultAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-key-vault method: post operationId: createAzureKeyVaultAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-key-vault/available method: get operationId: listAzureKeyVaultAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-key-vault/{connectionId} method: get operationId: getAzureKeyVaultAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-key-vault/{connectionId} method: patch operationId: updateAzureKeyVaultAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-key-vault/{connectionId} method: delete operationId: deleteAzureKeyVaultAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-key-vault/connection-name/{connectionName} method: get operationId: getAzureKeyVaultAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-key-vault/{connectionId}/rotate-credentials method: post operationId: rotateAzureKeyVaultAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-app-configuration method: get operationId: listAzureAppConfigurationAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-app-configuration method: post operationId: createAzureAppConfigurationAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-app-configuration/available method: get operationId: listAzureAppConfigurationAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-app-configuration/{connectionId} method: get operationId: getAzureAppConfigurationAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-app-configuration/{connectionId} method: patch operationId: updateAzureAppConfigurationAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-app-configuration/{connectionId} method: delete operationId: deleteAzureAppConfigurationAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-app-configuration/connection-name/{connectionName} method: get operationId: getAzureAppConfigurationAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-app-configuration/{connectionId}/rotate-credentials method: post operationId: rotateAzureAppConfigurationAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-client-secrets method: get operationId: listAzureClientSecretsAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-client-secrets method: post operationId: createAzureClientSecretsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-client-secrets/available method: get operationId: listAzureClientSecretsAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-client-secrets/{connectionId} method: get operationId: getAzureClientSecretsAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-client-secrets/{connectionId} method: patch operationId: updateAzureClientSecretsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-client-secrets/{connectionId} method: delete operationId: deleteAzureClientSecretsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-client-secrets/connection-name/{connectionName} method: get operationId: getAzureClientSecretsAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-client-secrets/{connectionId}/rotate-credentials method: post operationId: rotateAzureClientSecretsAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-devops method: get operationId: listAzureDevopsAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-devops method: post operationId: createAzureDevopsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-devops/available method: get operationId: listAzureDevopsAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-devops/{connectionId} method: get operationId: getAzureDevopsAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-devops/{connectionId} method: patch operationId: updateAzureDevopsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-devops/{connectionId} method: delete operationId: deleteAzureDevopsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-devops/connection-name/{connectionName} method: get operationId: getAzureDevopsAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-devops/{connectionId}/rotate-credentials method: post operationId: rotateAzureDevopsAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-adcs method: get operationId: listAzureAdcsAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-adcs method: post operationId: createAzureAdcsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-adcs/available method: get operationId: listAzureAdcsAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-adcs/{connectionId} method: get operationId: getAzureAdcsAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-adcs/{connectionId} method: patch operationId: updateAzureAdcsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-adcs/{connectionId} method: delete operationId: deleteAzureAdcsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-adcs/connection-name/{connectionName} method: get operationId: getAzureAdcsAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-adcs/{connectionId}/rotate-credentials method: post operationId: rotateAzureAdcsAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-dns method: get operationId: listAzureDnsAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-dns method: post operationId: createAzureDnsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-dns/available method: get operationId: listAzureDnsAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-dns/{connectionId} method: get operationId: getAzureDnsAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-dns/{connectionId} method: patch operationId: updateAzureDnsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-dns/{connectionId} method: delete operationId: deleteAzureDnsAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-dns/connection-name/{connectionName} method: get operationId: getAzureDnsAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-dns/{connectionId}/rotate-credentials method: post operationId: rotateAzureDnsAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/databricks method: get operationId: listDatabricksAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/databricks method: post operationId: createDatabricksAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/databricks/available method: get operationId: listDatabricksAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/databricks/{connectionId} method: get operationId: getDatabricksAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/databricks/{connectionId} method: patch operationId: updateDatabricksAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/databricks/{connectionId} method: delete operationId: deleteDatabricksAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/databricks/connection-name/{connectionName} method: get operationId: getDatabricksAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/databricks/{connectionId}/rotate-credentials method: post operationId: rotateDatabricksAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/humanitec method: get operationId: listHumanitecAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/humanitec method: post operationId: createHumanitecAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/humanitec/available method: get operationId: listHumanitecAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/humanitec/{connectionId} method: get operationId: getHumanitecAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/humanitec/{connectionId} method: patch operationId: updateHumanitecAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/humanitec/{connectionId} method: delete operationId: deleteHumanitecAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/humanitec/connection-name/{connectionName} method: get operationId: getHumanitecAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/humanitec/{connectionId}/rotate-credentials method: post operationId: rotateHumanitecAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/terraform-cloud method: get operationId: listTerraformCloudAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/terraform-cloud method: post operationId: createTerraformCloudAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/terraform-cloud/available method: get operationId: listTerraformCloudAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/terraform-cloud/{connectionId} method: get operationId: getTerraformCloudAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/terraform-cloud/{connectionId} method: patch operationId: updateTerraformCloudAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/terraform-cloud/{connectionId} method: delete operationId: deleteTerraformCloudAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/terraform-cloud/connection-name/{connectionName} method: get operationId: getTerraformCloudAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/terraform-cloud/{connectionId}/rotate-credentials method: post operationId: rotateTerraformCloudAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/vercel method: get operationId: listVercelAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/vercel method: post operationId: createVercelAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/vercel/available method: get operationId: listVercelAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/vercel/{connectionId} method: get operationId: getVercelAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/vercel/{connectionId} method: patch operationId: updateVercelAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/vercel/{connectionId} method: delete operationId: deleteVercelAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/vercel/connection-name/{connectionName} method: get operationId: getVercelAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/vercel/{connectionId}/rotate-credentials method: post operationId: rotateVercelAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/postgres method: get operationId: listPostgresAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/postgres method: post operationId: createPostgresAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/postgres/available method: get operationId: listPostgresAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/postgres/{connectionId} method: get operationId: getPostgresAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/postgres/{connectionId} method: patch operationId: updatePostgresAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/postgres/{connectionId} method: delete operationId: deletePostgresAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/postgres/connection-name/{connectionName} method: get operationId: getPostgresAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/postgres/{connectionId}/rotate-credentials method: post operationId: rotatePostgresAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mssql method: get operationId: listMsSqlAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mssql method: post operationId: createMsSqlAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mssql/available method: get operationId: listMsSqlAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mssql/{connectionId} method: get operationId: getMsSqlAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mssql/{connectionId} method: patch operationId: updateMsSqlAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mssql/{connectionId} method: delete operationId: deleteMsSqlAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mssql/connection-name/{connectionName} method: get operationId: getMsSqlAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mssql/{connectionId}/rotate-credentials method: post operationId: rotateMsSqlAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mysql method: get operationId: listMySqlAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mysql method: post operationId: createMySqlAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mysql/available method: get operationId: listMySqlAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mysql/{connectionId} method: get operationId: getMySqlAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mysql/{connectionId} method: patch operationId: updateMySqlAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mysql/{connectionId} method: delete operationId: deleteMySqlAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mysql/connection-name/{connectionName} method: get operationId: getMySqlAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mysql/{connectionId}/rotate-credentials method: post operationId: rotateMySqlAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/camunda method: get operationId: listCamundaAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/camunda method: post operationId: createCamundaAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/camunda/available method: get operationId: listCamundaAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/camunda/{connectionId} method: get operationId: getCamundaAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/camunda/{connectionId} method: patch operationId: updateCamundaAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/camunda/{connectionId} method: delete operationId: deleteCamundaAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/camunda/connection-name/{connectionName} method: get operationId: getCamundaAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/camunda/{connectionId}/rotate-credentials method: post operationId: rotateCamundaAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/windmill method: get operationId: listWindmillAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/windmill method: post operationId: createWindmillAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/windmill/available method: get operationId: listWindmillAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/windmill/{connectionId} method: get operationId: getWindmillAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/windmill/{connectionId} method: patch operationId: updateWindmillAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/windmill/{connectionId} method: delete operationId: deleteWindmillAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/windmill/connection-name/{connectionName} method: get operationId: getWindmillAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/windmill/{connectionId}/rotate-credentials method: post operationId: rotateWindmillAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/auth0 method: get operationId: listAuth0AppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/auth0 method: post operationId: createAuth0AppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/auth0/available method: get operationId: listAuth0AvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/auth0/{connectionId} method: get operationId: getAuth0AppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/auth0/{connectionId} method: patch operationId: updateAuth0AppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/auth0/{connectionId} method: delete operationId: deleteAuth0AppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/auth0/connection-name/{connectionName} method: get operationId: getAuth0AppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/auth0/{connectionId}/rotate-credentials method: post operationId: rotateAuth0AppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/hashicorp-vault method: get operationId: listHashicorpVaultAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/hashicorp-vault method: post operationId: createHashicorpVaultAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/hashicorp-vault/available method: get operationId: listHashicorpVaultAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/hashicorp-vault/{connectionId} method: get operationId: getHashicorpVaultAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/hashicorp-vault/{connectionId} method: patch operationId: updateHashicorpVaultAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/hashicorp-vault/{connectionId} method: delete operationId: deleteHashicorpVaultAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/hashicorp-vault/connection-name/{connectionName} method: get operationId: getHashicorpVaultAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/hashicorp-vault/{connectionId}/rotate-credentials method: post operationId: rotateHashicorpVaultAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ldap method: get operationId: listLdapAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ldap method: post operationId: createLdapAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ldap/available method: get operationId: listLdapAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ldap/{connectionId} method: get operationId: getLdapAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ldap/{connectionId} method: patch operationId: updateLdapAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ldap/{connectionId} method: delete operationId: deleteLdapAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ldap/connection-name/{connectionName} method: get operationId: getLdapAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ldap/{connectionId}/rotate-credentials method: post operationId: rotateLdapAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/teamcity method: get operationId: listTeamcityAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/teamcity method: post operationId: createTeamcityAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/teamcity/available method: get operationId: listTeamcityAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/teamcity/{connectionId} method: get operationId: getTeamcityAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/teamcity/{connectionId} method: patch operationId: updateTeamcityAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/teamcity/{connectionId} method: delete operationId: deleteTeamcityAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/teamcity/connection-name/{connectionName} method: get operationId: getTeamcityAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/teamcity/{connectionId}/rotate-credentials method: post operationId: rotateTeamcityAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/oci method: get operationId: listOciAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/oci method: post operationId: createOciAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/oci/available method: get operationId: listOciAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/oci/{connectionId} method: get operationId: getOciAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/oci/{connectionId} method: patch operationId: updateOciAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/oci/{connectionId} method: delete operationId: deleteOciAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/oci/connection-name/{connectionName} method: get operationId: getOciAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/oci/{connectionId}/rotate-credentials method: post operationId: rotateOciAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/oracledb method: get operationId: listOracleDbAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/oracledb method: post operationId: createOracleDbAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/oracledb/available method: get operationId: listOracleDbAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/oracledb/{connectionId} method: get operationId: getOracleDbAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/oracledb/{connectionId} method: patch operationId: updateOracleDbAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/oracledb/{connectionId} method: delete operationId: deleteOracleDbAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/oracledb/connection-name/{connectionName} method: get operationId: getOracleDbAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/oracledb/{connectionId}/rotate-credentials method: post operationId: rotateOracleDbAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/1password method: get operationId: listOnePasswordAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/1password method: post operationId: createOnePasswordAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/1password/available method: get operationId: listOnePasswordAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/1password/{connectionId} method: get operationId: getOnePasswordAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/1password/{connectionId} method: patch operationId: updateOnePasswordAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/1password/{connectionId} method: delete operationId: deleteOnePasswordAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/1password/connection-name/{connectionName} method: get operationId: getOnePasswordAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/1password/{connectionId}/rotate-credentials method: post operationId: rotateOnePasswordAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/heroku method: get operationId: listHerokuAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/heroku method: post operationId: createHerokuAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/heroku/available method: get operationId: listHerokuAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/heroku/{connectionId} method: get operationId: getHerokuAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/heroku/{connectionId} method: patch operationId: updateHerokuAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/heroku/{connectionId} method: delete operationId: deleteHerokuAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/heroku/connection-name/{connectionName} method: get operationId: getHerokuAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/heroku/{connectionId}/rotate-credentials method: post operationId: rotateHerokuAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/render method: get operationId: listRenderAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/render method: post operationId: createRenderAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/render/available method: get operationId: listRenderAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/render/{connectionId} method: get operationId: getRenderAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/render/{connectionId} method: patch operationId: updateRenderAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/render/{connectionId} method: delete operationId: deleteRenderAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/render/connection-name/{connectionName} method: get operationId: getRenderAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/render/{connectionId}/rotate-credentials method: post operationId: rotateRenderAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/laravel-forge method: get operationId: listLaravelForgeAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/laravel-forge method: post operationId: createLaravelForgeAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/laravel-forge/available method: get operationId: listLaravelForgeAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/laravel-forge/{connectionId} method: get operationId: getLaravelForgeAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/laravel-forge/{connectionId} method: patch operationId: updateLaravelForgeAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/laravel-forge/{connectionId} method: delete operationId: deleteLaravelForgeAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/laravel-forge/connection-name/{connectionName} method: get operationId: getLaravelForgeAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/laravel-forge/{connectionId}/rotate-credentials method: post operationId: rotateLaravelForgeAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/flyio method: get operationId: listFlyioAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/flyio method: post operationId: createFlyioAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/flyio/available method: get operationId: listFlyioAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/flyio/{connectionId} method: get operationId: getFlyioAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/flyio/{connectionId} method: patch operationId: updateFlyioAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/flyio/{connectionId} method: delete operationId: deleteFlyioAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/flyio/connection-name/{connectionName} method: get operationId: getFlyioAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/flyio/{connectionId}/rotate-credentials method: post operationId: rotateFlyioAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/gitlab method: get operationId: listGitLabAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/gitlab method: post operationId: createGitLabAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/gitlab/available method: get operationId: listGitLabAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/gitlab/{connectionId} method: get operationId: getGitLabAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/gitlab/{connectionId} method: patch operationId: updateGitLabAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/gitlab/{connectionId} method: delete operationId: deleteGitLabAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/gitlab/connection-name/{connectionName} method: get operationId: getGitLabAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/gitlab/{connectionId}/rotate-credentials method: post operationId: rotateGitLabAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/cloudflare method: get operationId: listCloudflareAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/cloudflare method: post operationId: createCloudflareAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/cloudflare/available method: get operationId: listCloudflareAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/cloudflare/{connectionId} method: get operationId: getCloudflareAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/cloudflare/{connectionId} method: patch operationId: updateCloudflareAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/cloudflare/{connectionId} method: delete operationId: deleteCloudflareAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/cloudflare/connection-name/{connectionName} method: get operationId: getCloudflareAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/cloudflare/{connectionId}/rotate-credentials method: post operationId: rotateCloudflareAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/dns-made-easy method: get operationId: listDnsMadeEasyAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/dns-made-easy method: post operationId: createDnsMadeEasyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/dns-made-easy/available method: get operationId: listDnsMadeEasyAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/dns-made-easy/{connectionId} method: get operationId: getDnsMadeEasyAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/dns-made-easy/{connectionId} method: patch operationId: updateDnsMadeEasyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/dns-made-easy/{connectionId} method: delete operationId: deleteDnsMadeEasyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/dns-made-easy/connection-name/{connectionName} method: get operationId: getDnsMadeEasyAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/dns-made-easy/{connectionId}/rotate-credentials method: post operationId: rotateDnsMadeEasyAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/bitbucket method: get operationId: listBitbucketAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/bitbucket method: post operationId: createBitbucketAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/bitbucket/available method: get operationId: listBitbucketAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/bitbucket/{connectionId} method: get operationId: getBitbucketAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/bitbucket/{connectionId} method: patch operationId: updateBitbucketAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/bitbucket/{connectionId} method: delete operationId: deleteBitbucketAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/bitbucket/connection-name/{connectionName} method: get operationId: getBitbucketAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/bitbucket/{connectionId}/rotate-credentials method: post operationId: rotateBitbucketAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/zabbix method: get operationId: listZabbixAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/zabbix method: post operationId: createZabbixAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/zabbix/available method: get operationId: listZabbixAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/zabbix/{connectionId} method: get operationId: getZabbixAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/zabbix/{connectionId} method: patch operationId: updateZabbixAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/zabbix/{connectionId} method: delete operationId: deleteZabbixAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/zabbix/connection-name/{connectionName} method: get operationId: getZabbixAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/zabbix/{connectionId}/rotate-credentials method: post operationId: rotateZabbixAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/railway method: get operationId: listRailwayAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/railway method: post operationId: createRailwayAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/railway/available method: get operationId: listRailwayAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/railway/{connectionId} method: get operationId: getRailwayAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/railway/{connectionId} method: patch operationId: updateRailwayAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/railway/{connectionId} method: delete operationId: deleteRailwayAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/railway/connection-name/{connectionName} method: get operationId: getRailwayAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/railway/{connectionId}/rotate-credentials method: post operationId: rotateRailwayAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/checkly method: get operationId: listChecklyAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/checkly method: post operationId: createChecklyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/checkly/available method: get operationId: listChecklyAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/checkly/{connectionId} method: get operationId: getChecklyAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/checkly/{connectionId} method: patch operationId: updateChecklyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/checkly/{connectionId} method: delete operationId: deleteChecklyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/checkly/connection-name/{connectionName} method: get operationId: getChecklyAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/checkly/{connectionId}/rotate-credentials method: post operationId: rotateChecklyAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/supabase method: get operationId: listSupabaseAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/supabase method: post operationId: createSupabaseAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/supabase/available method: get operationId: listSupabaseAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/supabase/{connectionId} method: get operationId: getSupabaseAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/supabase/{connectionId} method: patch operationId: updateSupabaseAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/supabase/{connectionId} method: delete operationId: deleteSupabaseAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/supabase/connection-name/{connectionName} method: get operationId: getSupabaseAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/supabase/{connectionId}/rotate-credentials method: post operationId: rotateSupabaseAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/digital-ocean method: get operationId: listDigitalOceanAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/digital-ocean method: post operationId: createDigitalOceanAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/digital-ocean/available method: get operationId: listDigitalOceanAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/digital-ocean/{connectionId} method: get operationId: getDigitalOceanAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/digital-ocean/{connectionId} method: patch operationId: updateDigitalOceanAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/digital-ocean/{connectionId} method: delete operationId: deleteDigitalOceanAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/digital-ocean/connection-name/{connectionName} method: get operationId: getDigitalOceanAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/digital-ocean/{connectionId}/rotate-credentials method: post operationId: rotateDigitalOceanAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/netlify method: get operationId: listNetlifyAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/netlify method: post operationId: createNetlifyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/netlify/available method: get operationId: listNetlifyAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/netlify/{connectionId} method: get operationId: getNetlifyAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/netlify/{connectionId} method: patch operationId: updateNetlifyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/netlify/{connectionId} method: delete operationId: deleteNetlifyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/netlify/connection-name/{connectionName} method: get operationId: getNetlifyAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/netlify/{connectionId}/rotate-credentials method: post operationId: rotateNetlifyAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/northflank method: get operationId: listNorthflankAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/northflank method: post operationId: createNorthflankAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/northflank/available method: get operationId: listNorthflankAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/northflank/{connectionId} method: get operationId: getNorthflankAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/northflank/{connectionId} method: patch operationId: updateNorthflankAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/northflank/{connectionId} method: delete operationId: deleteNorthflankAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/northflank/connection-name/{connectionName} method: get operationId: getNorthflankAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/northflank/{connectionId}/rotate-credentials method: post operationId: rotateNorthflankAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/okta method: get operationId: listOktaAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/okta method: post operationId: createOktaAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/okta/available method: get operationId: listOktaAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/okta/{connectionId} method: get operationId: getOktaAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/okta/{connectionId} method: patch operationId: updateOktaAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/okta/{connectionId} method: delete operationId: deleteOktaAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/okta/connection-name/{connectionName} method: get operationId: getOktaAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/okta/{connectionId}/rotate-credentials method: post operationId: rotateOktaAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/redis method: get operationId: listRedisAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/redis method: post operationId: createRedisAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/redis/available method: get operationId: listRedisAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/redis/{connectionId} method: get operationId: getRedisAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/redis/{connectionId} method: patch operationId: updateRedisAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/redis/{connectionId} method: delete operationId: deleteRedisAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/redis/connection-name/{connectionName} method: get operationId: getRedisAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/redis/{connectionId}/rotate-credentials method: post operationId: rotateRedisAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mongodb method: get operationId: listMongoDbAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mongodb method: post operationId: createMongoDbAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mongodb/available method: get operationId: listMongoDbAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mongodb/{connectionId} method: get operationId: getMongoDbAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mongodb/{connectionId} method: patch operationId: updateMongoDbAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mongodb/{connectionId} method: delete operationId: deleteMongoDbAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/mongodb/connection-name/{connectionName} method: get operationId: getMongoDbAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/mongodb/{connectionId}/rotate-credentials method: post operationId: rotateMongoDbAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/chef method: get operationId: listChefAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/chef method: post operationId: createChefAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/chef/available method: get operationId: listChefAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/chef/{connectionId} method: get operationId: getChefAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/chef/{connectionId} method: patch operationId: updateChefAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/chef/{connectionId} method: delete operationId: deleteChefAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/chef/connection-name/{connectionName} method: get operationId: getChefAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/chef/{connectionId}/rotate-credentials method: post operationId: rotateChefAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/octopus-deploy method: get operationId: listOctopusDeployAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/octopus-deploy method: post operationId: createOctopusDeployAppConnection x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/octopus-deploy/available method: get operationId: listOctopusDeployAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/octopus-deploy/{connectionId} method: get operationId: getOctopusDeployAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/octopus-deploy/{connectionId} method: patch operationId: updateOctopusDeployAppConnection x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/octopus-deploy/{connectionId} method: delete operationId: deleteOctopusDeployAppConnection x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/octopus-deploy/connection-name/{connectionName} method: get operationId: getOctopusDeployAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/octopus-deploy/{connectionId}/rotate-credentials method: post operationId: rotateOctopusDeployAppConnectionCredentials x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ssh method: get operationId: listSshAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ssh method: post operationId: createSshAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ssh/available method: get operationId: listSshAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ssh/{connectionId} method: get operationId: getSshAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ssh/{connectionId} method: patch operationId: updateSshAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ssh/{connectionId} method: delete operationId: deleteSshAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ssh/connection-name/{connectionName} method: get operationId: getSshAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ssh/{connectionId}/rotate-credentials method: post operationId: rotateSshAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/dbt method: get operationId: listDbtAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/dbt method: post operationId: createDbtAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/dbt/available method: get operationId: listDbtAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/dbt/{connectionId} method: get operationId: getDbtAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/dbt/{connectionId} method: patch operationId: updateDbtAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/dbt/{connectionId} method: delete operationId: deleteDbtAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/dbt/connection-name/{connectionName} method: get operationId: getDbtAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/dbt/{connectionId}/rotate-credentials method: post operationId: rotateDbtAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/smb method: get operationId: listSmbAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/smb method: post operationId: createSmbAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/smb/available method: get operationId: listSmbAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/smb/{connectionId} method: get operationId: getSmbAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/smb/{connectionId} method: patch operationId: updateSmbAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/smb/{connectionId} method: delete operationId: deleteSmbAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/smb/connection-name/{connectionName} method: get operationId: getSmbAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/smb/{connectionId}/rotate-credentials method: post operationId: rotateSmbAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/open-router method: get operationId: listOpenRouterAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/open-router method: post operationId: createOpenRouterAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/open-router/available method: get operationId: listOpenRouterAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/open-router/{connectionId} method: get operationId: getOpenRouterAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/open-router/{connectionId} method: patch operationId: updateOpenRouterAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/open-router/{connectionId} method: delete operationId: deleteOpenRouterAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/open-router/connection-name/{connectionName} method: get operationId: getOpenRouterAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/open-router/{connectionId}/rotate-credentials method: post operationId: rotateOpenRouterAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/circleci method: get operationId: listCircleciAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/circleci method: post operationId: createCircleciAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/circleci/available method: get operationId: listCircleciAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/circleci/{connectionId} method: get operationId: getCircleciAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/circleci/{connectionId} method: patch operationId: updateCircleciAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/circleci/{connectionId} method: delete operationId: deleteCircleciAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/circleci/connection-name/{connectionName} method: get operationId: getCircleciAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/circleci/{connectionId}/rotate-credentials method: post operationId: rotateCircleciAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-entra-id method: get operationId: listAzureEntraIdAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-entra-id method: post operationId: createAzureEntraIdAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-entra-id/available method: get operationId: listAzureEntraIdAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-entra-id/{connectionId} method: get operationId: getAzureEntraIdAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-entra-id/{connectionId} method: patch operationId: updateAzureEntraIdAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-entra-id/{connectionId} method: delete operationId: deleteAzureEntraIdAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/azure-entra-id/connection-name/{connectionName} method: get operationId: getAzureEntraIdAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/azure-entra-id/{connectionId}/rotate-credentials method: post operationId: rotateAzureEntraIdAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/venafi method: get operationId: listVenafiAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/venafi method: post operationId: createVenafiAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/venafi/available method: get operationId: listVenafiAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/venafi/{connectionId} method: get operationId: getVenafiAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/venafi/{connectionId} method: patch operationId: updateVenafiAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/venafi/{connectionId} method: delete operationId: deleteVenafiAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/venafi/connection-name/{connectionName} method: get operationId: getVenafiAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/venafi/{connectionId}/rotate-credentials method: post operationId: rotateVenafiAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/venafi-tpp method: get operationId: listVenafiTppAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/venafi-tpp method: post operationId: createVenafiTppAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/venafi-tpp/available method: get operationId: listVenafiTppAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/venafi-tpp/{connectionId} method: get operationId: getVenafiTppAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/venafi-tpp/{connectionId} method: patch operationId: updateVenafiTppAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/venafi-tpp/{connectionId} method: delete operationId: deleteVenafiTppAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/venafi-tpp/connection-name/{connectionName} method: get operationId: getVenafiTppAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/venafi-tpp/{connectionId}/rotate-credentials method: post operationId: rotateVenafiTppAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/external-infisical method: get operationId: listExternalInfisicalAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/external-infisical method: post operationId: createExternalInfisicalAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/external-infisical/available method: get operationId: listExternalInfisicalAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/external-infisical/{connectionId} method: get operationId: getExternalInfisicalAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/external-infisical/{connectionId} method: patch operationId: updateExternalInfisicalAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/external-infisical/{connectionId} method: delete operationId: deleteExternalInfisicalAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/external-infisical/connection-name/{connectionName} method: get operationId: getExternalInfisicalAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/external-infisical/{connectionId}/rotate-credentials method: post operationId: rotateExternalInfisicalAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/doppler method: get operationId: listDopplerAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/doppler method: post operationId: createDopplerAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/doppler/available method: get operationId: listDopplerAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/doppler/{connectionId} method: get operationId: getDopplerAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/doppler/{connectionId} method: patch operationId: updateDopplerAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/doppler/{connectionId} method: delete operationId: deleteDopplerAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/doppler/connection-name/{connectionName} method: get operationId: getDopplerAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/doppler/{connectionId}/rotate-credentials method: post operationId: rotateDopplerAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/netscaler method: get operationId: listNetscalerAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/netscaler method: post operationId: createNetscalerAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/netscaler/available method: get operationId: listNetscalerAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/netscaler/{connectionId} method: get operationId: getNetscalerAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/netscaler/{connectionId} method: patch operationId: updateNetscalerAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/netscaler/{connectionId} method: delete operationId: deleteNetscalerAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/netscaler/connection-name/{connectionName} method: get operationId: getNetscalerAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/netscaler/{connectionId}/rotate-credentials method: post operationId: rotateNetscalerAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/anthropic method: get operationId: listAnthropicAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/anthropic method: post operationId: createAnthropicAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/anthropic/available method: get operationId: listAnthropicAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/anthropic/{connectionId} method: get operationId: getAnthropicAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/anthropic/{connectionId} method: patch operationId: updateAnthropicAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/anthropic/{connectionId} method: delete operationId: deleteAnthropicAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/anthropic/connection-name/{connectionName} method: get operationId: getAnthropicAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/anthropic/{connectionId}/rotate-credentials method: post operationId: rotateAnthropicAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ovh method: get operationId: listOvhAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ovh method: post operationId: createOvhAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ovh/available method: get operationId: listOvhAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ovh/{connectionId} method: get operationId: getOvhAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ovh/{connectionId} method: patch operationId: updateOvhAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ovh/{connectionId} method: delete operationId: deleteOvhAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ovh/connection-name/{connectionName} method: get operationId: getOvhAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ovh/{connectionId}/rotate-credentials method: post operationId: rotateOvhAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/devin method: get operationId: listDevinAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/devin method: post operationId: createDevinAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/devin/available method: get operationId: listDevinAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/devin/{connectionId} method: get operationId: getDevinAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/devin/{connectionId} method: patch operationId: updateDevinAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/devin/{connectionId} method: delete operationId: deleteDevinAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/devin/connection-name/{connectionName} method: get operationId: getDevinAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/devin/{connectionId}/rotate-credentials method: post operationId: rotateDevinAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ona method: get operationId: listOnaAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ona method: post operationId: createOnaAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ona/available method: get operationId: listOnaAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ona/{connectionId} method: get operationId: getOnaAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ona/{connectionId} method: patch operationId: updateOnaAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ona/{connectionId} method: delete operationId: deleteOnaAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/ona/connection-name/{connectionName} method: get operationId: getOnaAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/ona/{connectionId}/rotate-credentials method: post operationId: rotateOnaAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/digicert method: get operationId: listDigicertAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/digicert method: post operationId: createDigicertAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/digicert/available method: get operationId: listDigicertAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/digicert/{connectionId} method: get operationId: getDigicertAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/digicert/{connectionId} method: patch operationId: updateDigicertAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/digicert/{connectionId} method: delete operationId: deleteDigicertAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/digicert/connection-name/{connectionName} method: get operationId: getDigicertAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/digicert/{connectionId}/rotate-credentials method: post operationId: rotateDigicertAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/godaddy method: get operationId: listGodaddyAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/godaddy method: post operationId: createGodaddyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/godaddy/available method: get operationId: listGodaddyAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/godaddy/{connectionId} method: get operationId: getGodaddyAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/godaddy/{connectionId} method: patch operationId: updateGodaddyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/godaddy/{connectionId} method: delete operationId: deleteGodaddyAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/godaddy/connection-name/{connectionName} method: get operationId: getGodaddyAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/godaddy/{connectionId}/rotate-credentials method: post operationId: rotateGodaddyAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/travis-ci method: get operationId: listTravisCIAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/travis-ci method: post operationId: createTravisCIAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/travis-ci/available method: get operationId: listTravisCIAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/travis-ci/{connectionId} method: get operationId: getTravisCIAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/travis-ci/{connectionId} method: patch operationId: updateTravisCIAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/travis-ci/{connectionId} method: delete operationId: deleteTravisCIAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/travis-ci/connection-name/{connectionName} method: get operationId: getTravisCIAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/travis-ci/{connectionId}/rotate-credentials method: post operationId: rotateTravisCIAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/salesforce method: get operationId: listSalesforceAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/salesforce method: post operationId: createSalesforceAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/salesforce/available method: get operationId: listSalesforceAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/salesforce/{connectionId} method: get operationId: getSalesforceAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/salesforce/{connectionId} method: patch operationId: updateSalesforceAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/salesforce/{connectionId} method: delete operationId: deleteSalesforceAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/salesforce/connection-name/{connectionName} method: get operationId: getSalesforceAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/salesforce/{connectionId}/rotate-credentials method: post operationId: rotateSalesforceAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/snowflake method: get operationId: listSnowflakeAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/snowflake method: post operationId: createSnowflakeAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/snowflake/available method: get operationId: listSnowflakeAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/snowflake/{connectionId} method: get operationId: getSnowflakeAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/snowflake/{connectionId} method: patch operationId: updateSnowflakeAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/snowflake/{connectionId} method: delete operationId: deleteSnowflakeAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/snowflake/connection-name/{connectionName} method: get operationId: getSnowflakeAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/snowflake/{connectionId}/rotate-credentials method: post operationId: rotateSnowflakeAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/datadog method: get operationId: listDatadogAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/datadog method: post operationId: createDatadogAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/datadog/available method: get operationId: listDatadogAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/datadog/{connectionId} method: get operationId: getDatadogAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/datadog/{connectionId} method: patch operationId: updateDatadogAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/datadog/{connectionId} method: delete operationId: deleteDatadogAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/datadog/connection-name/{connectionName} method: get operationId: getDatadogAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/datadog/{connectionId}/rotate-credentials method: post operationId: rotateDatadogAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/f5-big-ip method: get operationId: listF5BigIpAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/f5-big-ip method: post operationId: createF5BigIpAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/f5-big-ip/available method: get operationId: listF5BigIpAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/f5-big-ip/{connectionId} method: get operationId: getF5BigIpAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/f5-big-ip/{connectionId} method: patch operationId: updateF5BigIpAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/f5-big-ip/{connectionId} method: delete operationId: deleteF5BigIpAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/f5-big-ip/connection-name/{connectionName} method: get operationId: getF5BigIpAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/f5-big-ip/{connectionId}/rotate-credentials method: post operationId: rotateF5BigIpAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/convex method: get operationId: listConvexAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/convex method: post operationId: createConvexAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/convex/available method: get operationId: listConvexAvailableAppConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/convex/{connectionId} method: get operationId: getConvexAppConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/convex/{connectionId} method: patch operationId: updateConvexAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/convex/{connectionId} method: delete operationId: deleteConvexAppConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/app-connections/convex/connection-name/{connectionName} method: get operationId: getConvexAppConnectionByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/app-connections/convex/{connectionId}/rotate-credentials method: post operationId: rotateConvexAppConnectionCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/options method: get operationId: listSecretSyncOptions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs method: get operationId: listSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/aws-parameter-store method: get operationId: listAwsParameterStoreSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/aws-parameter-store method: post operationId: createAwsParameterStoreSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-parameter-store/{syncId} method: get operationId: getAwsParameterStoreSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/aws-parameter-store/{syncId} method: patch operationId: updateAwsParameterStoreSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-parameter-store/{syncId} method: delete operationId: deleteAwsParameterStoreSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-parameter-store/sync-name/{syncName} method: get operationId: getAwsParameterStoreSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/aws-parameter-store/{syncId}/sync-secrets method: post operationId: syncAwsParameterStoreSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-parameter-store/{syncId}/import-secrets method: post operationId: importAwsParameterStoreSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-parameter-store/{syncId}/remove-secrets method: post operationId: removeAwsParameterStoreSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-secrets-manager method: get operationId: listAwsSecretsManagerSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/aws-secrets-manager method: post operationId: createAwsSecretsManagerSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-secrets-manager/{syncId} method: get operationId: getAwsSecretsManagerSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/aws-secrets-manager/{syncId} method: patch operationId: updateAwsSecretsManagerSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-secrets-manager/{syncId} method: delete operationId: deleteAwsSecretsManagerSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-secrets-manager/sync-name/{syncName} method: get operationId: getAwsSecretsManagerSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/aws-secrets-manager/{syncId}/sync-secrets method: post operationId: syncAwsSecretsManagerSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-secrets-manager/{syncId}/import-secrets method: post operationId: importAwsSecretsManagerSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/aws-secrets-manager/{syncId}/remove-secrets method: post operationId: removeAwsSecretsManagerSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/github method: get operationId: listGitHubSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/github method: post operationId: createGitHubSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/github/{syncId} method: get operationId: getGitHubSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/github/{syncId} method: patch operationId: updateGitHubSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/github/{syncId} method: delete operationId: deleteGitHubSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/github/sync-name/{syncName} method: get operationId: getGitHubSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/github/{syncId}/sync-secrets method: post operationId: syncGitHubSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/github/{syncId}/import-secrets method: post operationId: importGitHubSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/github/{syncId}/remove-secrets method: post operationId: removeGitHubSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gcp-secret-manager method: get operationId: listGcpSecretManagerSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/gcp-secret-manager method: post operationId: createGcpSecretManagerSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gcp-secret-manager/{syncId} method: get operationId: getGcpSecretManagerSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/gcp-secret-manager/{syncId} method: patch operationId: updateGcpSecretManagerSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gcp-secret-manager/{syncId} method: delete operationId: deleteGcpSecretManagerSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gcp-secret-manager/sync-name/{syncName} method: get operationId: getGcpSecretManagerSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/gcp-secret-manager/{syncId}/sync-secrets method: post operationId: syncGcpSecretManagerSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gcp-secret-manager/{syncId}/import-secrets method: post operationId: importGcpSecretManagerSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gcp-secret-manager/{syncId}/remove-secrets method: post operationId: removeGcpSecretManagerSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-key-vault method: get operationId: listAzureKeyVaultSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-key-vault method: post operationId: createAzureKeyVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-key-vault/{syncId} method: get operationId: getAzureKeyVaultSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-key-vault/{syncId} method: patch operationId: updateAzureKeyVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-key-vault/{syncId} method: delete operationId: deleteAzureKeyVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-key-vault/sync-name/{syncName} method: get operationId: getAzureKeyVaultSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-key-vault/{syncId}/sync-secrets method: post operationId: syncAzureKeyVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-key-vault/{syncId}/import-secrets method: post operationId: importAzureKeyVaultSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-key-vault/{syncId}/remove-secrets method: post operationId: removeAzureKeyVaultSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-app-configuration method: get operationId: listAzureAppConfigurationSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-app-configuration method: post operationId: createAzureAppConfigurationSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-app-configuration/{syncId} method: get operationId: getAzureAppConfigurationSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-app-configuration/{syncId} method: patch operationId: updateAzureAppConfigurationSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-app-configuration/{syncId} method: delete operationId: deleteAzureAppConfigurationSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-app-configuration/sync-name/{syncName} method: get operationId: getAzureAppConfigurationSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-app-configuration/{syncId}/sync-secrets method: post operationId: syncAzureAppConfigurationSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-app-configuration/{syncId}/import-secrets method: post operationId: importAzureAppConfigurationSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-app-configuration/{syncId}/remove-secrets method: post operationId: removeAzureAppConfigurationSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-devops method: get operationId: listAzureDevopsSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-devops method: post operationId: createAzureDevopsSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-devops/{syncId} method: get operationId: getAzureDevopsSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-devops/{syncId} method: patch operationId: updateAzureDevopsSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-devops/{syncId} method: delete operationId: deleteAzureDevopsSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-devops/sync-name/{syncName} method: get operationId: getAzureDevopsSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-devops/{syncId}/sync-secrets method: post operationId: syncAzureDevopsSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-devops/{syncId}/import-secrets method: post operationId: importAzureDevopsSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-devops/{syncId}/remove-secrets method: post operationId: removeAzureDevopsSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/databricks method: get operationId: listDatabricksSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/databricks method: post operationId: createDatabricksSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/databricks/{syncId} method: get operationId: getDatabricksSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/databricks/{syncId} method: patch operationId: updateDatabricksSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/databricks/{syncId} method: delete operationId: deleteDatabricksSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/databricks/sync-name/{syncName} method: get operationId: getDatabricksSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/databricks/{syncId}/sync-secrets method: post operationId: syncDatabricksSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/databricks/{syncId}/import-secrets method: post operationId: importDatabricksSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/databricks/{syncId}/remove-secrets method: post operationId: removeDatabricksSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/humanitec method: get operationId: listHumanitecSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/humanitec method: post operationId: createHumanitecSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/humanitec/{syncId} method: get operationId: getHumanitecSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/humanitec/{syncId} method: patch operationId: updateHumanitecSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/humanitec/{syncId} method: delete operationId: deleteHumanitecSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/humanitec/sync-name/{syncName} method: get operationId: getHumanitecSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/humanitec/{syncId}/sync-secrets method: post operationId: syncHumanitecSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/humanitec/{syncId}/import-secrets method: post operationId: importHumanitecSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/humanitec/{syncId}/remove-secrets method: post operationId: removeHumanitecSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/terraform-cloud method: get operationId: listTerraformCloudSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/terraform-cloud method: post operationId: createTerraformCloudSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/terraform-cloud/{syncId} method: get operationId: getTerraformCloudSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/terraform-cloud/{syncId} method: patch operationId: updateTerraformCloudSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/terraform-cloud/{syncId} method: delete operationId: deleteTerraformCloudSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/terraform-cloud/sync-name/{syncName} method: get operationId: getTerraformCloudSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/terraform-cloud/{syncId}/sync-secrets method: post operationId: syncTerraformCloudSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/terraform-cloud/{syncId}/import-secrets method: post operationId: importTerraformCloudSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/terraform-cloud/{syncId}/remove-secrets method: post operationId: removeTerraformCloudSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/camunda method: get operationId: listCamundaSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/camunda method: post operationId: createCamundaSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/camunda/{syncId} method: get operationId: getCamundaSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/camunda/{syncId} method: patch operationId: updateCamundaSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/camunda/{syncId} method: delete operationId: deleteCamundaSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/camunda/sync-name/{syncName} method: get operationId: getCamundaSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/camunda/{syncId}/sync-secrets method: post operationId: syncCamundaSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/camunda/{syncId}/import-secrets method: post operationId: importCamundaSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/camunda/{syncId}/remove-secrets method: post operationId: removeCamundaSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/vercel method: get operationId: listVercelSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/vercel method: post operationId: createVercelSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/vercel/{syncId} method: get operationId: getVercelSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/vercel/{syncId} method: patch operationId: updateVercelSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/vercel/{syncId} method: delete operationId: deleteVercelSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/vercel/sync-name/{syncName} method: get operationId: getVercelSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/vercel/{syncId}/sync-secrets method: post operationId: syncVercelSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/vercel/{syncId}/import-secrets method: post operationId: importVercelSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/vercel/{syncId}/remove-secrets method: post operationId: removeVercelSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/windmill method: get operationId: listWindmillSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/windmill method: post operationId: createWindmillSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/windmill/{syncId} method: get operationId: getWindmillSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/windmill/{syncId} method: patch operationId: updateWindmillSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/windmill/{syncId} method: delete operationId: deleteWindmillSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/windmill/sync-name/{syncName} method: get operationId: getWindmillSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/windmill/{syncId}/sync-secrets method: post operationId: syncWindmillSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/windmill/{syncId}/import-secrets method: post operationId: importWindmillSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/windmill/{syncId}/remove-secrets method: post operationId: removeWindmillSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/hashicorp-vault method: get operationId: listHashicorpVaultSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/hashicorp-vault method: post operationId: createHashicorpVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/hashicorp-vault/{syncId} method: get operationId: getHashicorpVaultSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/hashicorp-vault/{syncId} method: patch operationId: updateHashicorpVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/hashicorp-vault/{syncId} method: delete operationId: deleteHashicorpVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/hashicorp-vault/sync-name/{syncName} method: get operationId: getHashicorpVaultSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/hashicorp-vault/{syncId}/sync-secrets method: post operationId: syncHashicorpVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/hashicorp-vault/{syncId}/import-secrets method: post operationId: importHashicorpVaultSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/hashicorp-vault/{syncId}/remove-secrets method: post operationId: removeHashicorpVaultSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/teamcity method: get operationId: listTeamcitySecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/teamcity method: post operationId: createTeamcitySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/teamcity/{syncId} method: get operationId: getTeamcitySecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/teamcity/{syncId} method: patch operationId: updateTeamcitySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/teamcity/{syncId} method: delete operationId: deleteTeamcitySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/teamcity/sync-name/{syncName} method: get operationId: getTeamcitySecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/teamcity/{syncId}/sync-secrets method: post operationId: syncTeamcitySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/teamcity/{syncId}/import-secrets method: post operationId: importTeamcitySecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/teamcity/{syncId}/remove-secrets method: post operationId: removeTeamcitySecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/oci-vault method: get operationId: listOciVaultSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/oci-vault method: post operationId: createOciVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/oci-vault/{syncId} method: get operationId: getOciVaultSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/oci-vault/{syncId} method: patch operationId: updateOciVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/oci-vault/{syncId} method: delete operationId: deleteOciVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/oci-vault/sync-name/{syncName} method: get operationId: getOciVaultSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/oci-vault/{syncId}/sync-secrets method: post operationId: syncOciVaultSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/oci-vault/{syncId}/import-secrets method: post operationId: importOciVaultSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/oci-vault/{syncId}/remove-secrets method: post operationId: removeOciVaultSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/1password method: get operationId: listOnePasswordSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/1password method: post operationId: createOnePasswordSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/1password/{syncId} method: get operationId: getOnePasswordSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/1password/{syncId} method: patch operationId: updateOnePasswordSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/1password/{syncId} method: delete operationId: deleteOnePasswordSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/1password/sync-name/{syncName} method: get operationId: getOnePasswordSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/1password/{syncId}/sync-secrets method: post operationId: syncOnePasswordSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/1password/{syncId}/import-secrets method: post operationId: importOnePasswordSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/1password/{syncId}/remove-secrets method: post operationId: removeOnePasswordSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/heroku method: get operationId: listHerokuSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/heroku method: post operationId: createHerokuSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/heroku/{syncId} method: get operationId: getHerokuSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/heroku/{syncId} method: patch operationId: updateHerokuSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/heroku/{syncId} method: delete operationId: deleteHerokuSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/heroku/sync-name/{syncName} method: get operationId: getHerokuSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/heroku/{syncId}/sync-secrets method: post operationId: syncHerokuSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/heroku/{syncId}/import-secrets method: post operationId: importHerokuSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/heroku/{syncId}/remove-secrets method: post operationId: removeHerokuSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/render method: get operationId: listRenderSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/render method: post operationId: createRenderSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/render/{syncId} method: get operationId: getRenderSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/render/{syncId} method: patch operationId: updateRenderSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/render/{syncId} method: delete operationId: deleteRenderSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/render/sync-name/{syncName} method: get operationId: getRenderSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/render/{syncId}/sync-secrets method: post operationId: syncRenderSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/render/{syncId}/import-secrets method: post operationId: importRenderSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/render/{syncId}/remove-secrets method: post operationId: removeRenderSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/flyio method: get operationId: listFlyioSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/flyio method: post operationId: createFlyioSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/flyio/{syncId} method: get operationId: getFlyioSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/flyio/{syncId} method: patch operationId: updateFlyioSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/flyio/{syncId} method: delete operationId: deleteFlyioSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/flyio/sync-name/{syncName} method: get operationId: getFlyioSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/flyio/{syncId}/sync-secrets method: post operationId: syncFlyioSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/flyio/{syncId}/import-secrets method: post operationId: importFlyioSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/flyio/{syncId}/remove-secrets method: post operationId: removeFlyioSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gitlab method: get operationId: listGitLabSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/gitlab method: post operationId: createGitLabSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gitlab/{syncId} method: get operationId: getGitLabSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/gitlab/{syncId} method: patch operationId: updateGitLabSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gitlab/{syncId} method: delete operationId: deleteGitLabSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gitlab/sync-name/{syncName} method: get operationId: getGitLabSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/gitlab/{syncId}/sync-secrets method: post operationId: syncGitLabSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gitlab/{syncId}/import-secrets method: post operationId: importGitLabSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/gitlab/{syncId}/remove-secrets method: post operationId: removeGitLabSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-pages method: get operationId: listCloudflarePagesSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/cloudflare-pages method: post operationId: createCloudflarePagesSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-pages/{syncId} method: get operationId: getCloudflarePagesSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/cloudflare-pages/{syncId} method: patch operationId: updateCloudflarePagesSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-pages/{syncId} method: delete operationId: deleteCloudflarePagesSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-pages/sync-name/{syncName} method: get operationId: getCloudflarePagesSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/cloudflare-pages/{syncId}/sync-secrets method: post operationId: syncCloudflarePagesSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-pages/{syncId}/import-secrets method: post operationId: importCloudflarePagesSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-pages/{syncId}/remove-secrets method: post operationId: removeCloudflarePagesSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-workers method: get operationId: listCloudflareWorkersSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/cloudflare-workers method: post operationId: createCloudflareWorkersSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-workers/{syncId} method: get operationId: getCloudflareWorkersSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/cloudflare-workers/{syncId} method: patch operationId: updateCloudflareWorkersSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-workers/{syncId} method: delete operationId: deleteCloudflareWorkersSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-workers/sync-name/{syncName} method: get operationId: getCloudflareWorkersSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/cloudflare-workers/{syncId}/sync-secrets method: post operationId: syncCloudflareWorkersSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-workers/{syncId}/import-secrets method: post operationId: importCloudflareWorkersSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/cloudflare-workers/{syncId}/remove-secrets method: post operationId: removeCloudflareWorkersSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/supabase method: get operationId: listSupabaseSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/supabase method: post operationId: createSupabaseSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/supabase/{syncId} method: get operationId: getSupabaseSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/supabase/{syncId} method: patch operationId: updateSupabaseSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/supabase/{syncId} method: delete operationId: deleteSupabaseSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/supabase/sync-name/{syncName} method: get operationId: getSupabaseSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/supabase/{syncId}/sync-secrets method: post operationId: syncSupabaseSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/supabase/{syncId}/import-secrets method: post operationId: importSupabaseSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/supabase/{syncId}/remove-secrets method: post operationId: removeSupabaseSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/zabbix method: get operationId: listZabbixSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/zabbix method: post operationId: createZabbixSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/zabbix/{syncId} method: get operationId: getZabbixSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/zabbix/{syncId} method: patch operationId: updateZabbixSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/zabbix/{syncId} method: delete operationId: deleteZabbixSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/zabbix/sync-name/{syncName} method: get operationId: getZabbixSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/zabbix/{syncId}/sync-secrets method: post operationId: syncZabbixSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/zabbix/{syncId}/import-secrets method: post operationId: importZabbixSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/zabbix/{syncId}/remove-secrets method: post operationId: removeZabbixSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/railway method: get operationId: listRailwaySecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/railway method: post operationId: createRailwaySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/railway/{syncId} method: get operationId: getRailwaySecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/railway/{syncId} method: patch operationId: updateRailwaySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/railway/{syncId} method: delete operationId: deleteRailwaySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/railway/sync-name/{syncName} method: get operationId: getRailwaySecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/railway/{syncId}/sync-secrets method: post operationId: syncRailwaySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/railway/{syncId}/import-secrets method: post operationId: importRailwaySecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/railway/{syncId}/remove-secrets method: post operationId: removeRailwaySecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/checkly method: get operationId: listChecklySecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/checkly method: post operationId: createChecklySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/checkly/{syncId} method: get operationId: getChecklySecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/checkly/{syncId} method: patch operationId: updateChecklySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/checkly/{syncId} method: delete operationId: deleteChecklySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/checkly/sync-name/{syncName} method: get operationId: getChecklySecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/checkly/{syncId}/sync-secrets method: post operationId: syncChecklySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/checkly/{syncId}/import-secrets method: post operationId: importChecklySecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/checkly/{syncId}/remove-secrets method: post operationId: removeChecklySecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/digital-ocean-app-platform method: get operationId: listDigitalOceanAppPlatformSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/digital-ocean-app-platform method: post operationId: createDigitalOceanAppPlatformSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/digital-ocean-app-platform/{syncId} method: get operationId: getDigitalOceanAppPlatformSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/digital-ocean-app-platform/{syncId} method: patch operationId: updateDigitalOceanAppPlatformSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/digital-ocean-app-platform/{syncId} method: delete operationId: deleteDigitalOceanAppPlatformSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/digital-ocean-app-platform/sync-name/{syncName} method: get operationId: getDigitalOceanAppPlatformSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/digital-ocean-app-platform/{syncId}/sync-secrets method: post operationId: syncDigitalOceanAppPlatformSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/digital-ocean-app-platform/{syncId}/import-secrets method: post operationId: importDigitalOceanAppPlatformSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/digital-ocean-app-platform/{syncId}/remove-secrets method: post operationId: removeDigitalOceanAppPlatformSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/netlify method: get operationId: listNetlifySecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/netlify method: post operationId: createNetlifySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/netlify/{syncId} method: get operationId: getNetlifySecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/netlify/{syncId} method: patch operationId: updateNetlifySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/netlify/{syncId} method: delete operationId: deleteNetlifySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/netlify/sync-name/{syncName} method: get operationId: getNetlifySecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/netlify/{syncId}/sync-secrets method: post operationId: syncNetlifySecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/netlify/{syncId}/import-secrets method: post operationId: importNetlifySecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/netlify/{syncId}/remove-secrets method: post operationId: removeNetlifySecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/northflank method: get operationId: listNorthflankSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/northflank method: post operationId: createNorthflankSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/northflank/{syncId} method: get operationId: getNorthflankSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/northflank/{syncId} method: patch operationId: updateNorthflankSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/northflank/{syncId} method: delete operationId: deleteNorthflankSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/northflank/sync-name/{syncName} method: get operationId: getNorthflankSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/northflank/{syncId}/sync-secrets method: post operationId: syncNorthflankSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/northflank/{syncId}/import-secrets method: post operationId: importNorthflankSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/northflank/{syncId}/remove-secrets method: post operationId: removeNorthflankSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/bitbucket method: get operationId: listBitbucketSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/bitbucket method: post operationId: createBitbucketSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/bitbucket/{syncId} method: get operationId: getBitbucketSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/bitbucket/{syncId} method: patch operationId: updateBitbucketSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/bitbucket/{syncId} method: delete operationId: deleteBitbucketSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/bitbucket/sync-name/{syncName} method: get operationId: getBitbucketSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/bitbucket/{syncId}/sync-secrets method: post operationId: syncBitbucketSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/bitbucket/{syncId}/import-secrets method: post operationId: importBitbucketSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/bitbucket/{syncId}/remove-secrets method: post operationId: removeBitbucketSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/laravel-forge method: get operationId: listLaravelForgeSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/laravel-forge method: post operationId: createLaravelForgeSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/laravel-forge/{syncId} method: get operationId: getLaravelForgeSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/laravel-forge/{syncId} method: patch operationId: updateLaravelForgeSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/laravel-forge/{syncId} method: delete operationId: deleteLaravelForgeSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/laravel-forge/sync-name/{syncName} method: get operationId: getLaravelForgeSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/laravel-forge/{syncId}/sync-secrets method: post operationId: syncLaravelForgeSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/laravel-forge/{syncId}/import-secrets method: post operationId: importLaravelForgeSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/laravel-forge/{syncId}/remove-secrets method: post operationId: removeLaravelForgeSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/chef method: get operationId: listChefSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/chef method: post operationId: createChefSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/chef/{syncId} method: get operationId: getChefSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/chef/{syncId} method: patch operationId: updateChefSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/chef/{syncId} method: delete operationId: deleteChefSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/chef/sync-name/{syncName} method: get operationId: getChefSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/chef/{syncId}/sync-secrets method: post operationId: syncChefSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/chef/{syncId}/import-secrets method: post operationId: importChefSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/chef/{syncId}/remove-secrets method: post operationId: removeChefSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/octopus-deploy method: get operationId: listOctopusDeploySecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/octopus-deploy method: post operationId: createOctopusDeploySecretSync x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/octopus-deploy/{syncId} method: get operationId: getOctopusDeploySecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/octopus-deploy/{syncId} method: patch operationId: updateOctopusDeploySecretSync x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/octopus-deploy/{syncId} method: delete operationId: deleteOctopusDeploySecretSync x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/octopus-deploy/sync-name/{syncName} method: get operationId: getOctopusDeploySecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/octopus-deploy/{syncId}/sync-secrets method: post operationId: syncOctopusDeploySecretSync x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/octopus-deploy/{syncId}/import-secrets method: post operationId: importOctopusDeploySecretSyncSecrets x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/octopus-deploy/{syncId}/remove-secrets method: post operationId: removeOctopusDeploySecretSyncSecrets x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/circleci method: get operationId: listCircleciSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/circleci method: post operationId: createCircleciSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/circleci/{syncId} method: get operationId: getCircleciSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/circleci/{syncId} method: patch operationId: updateCircleciSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/circleci/{syncId} method: delete operationId: deleteCircleciSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/circleci/sync-name/{syncName} method: get operationId: getCircleciSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/circleci/{syncId}/sync-secrets method: post operationId: syncCircleciSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/circleci/{syncId}/import-secrets method: post operationId: importCircleciSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/circleci/{syncId}/remove-secrets method: post operationId: removeCircleciSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-entra-id-scim method: get operationId: listAzureEntraIdScimSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-entra-id-scim method: post operationId: createAzureEntraIdScimSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-entra-id-scim/{syncId} method: get operationId: getAzureEntraIdScimSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-entra-id-scim/{syncId} method: patch operationId: updateAzureEntraIdScimSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-entra-id-scim/{syncId} method: delete operationId: deleteAzureEntraIdScimSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-entra-id-scim/sync-name/{syncName} method: get operationId: getAzureEntraIdScimSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/azure-entra-id-scim/{syncId}/sync-secrets method: post operationId: syncAzureEntraIdScimSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-entra-id-scim/{syncId}/import-secrets method: post operationId: importAzureEntraIdScimSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/azure-entra-id-scim/{syncId}/remove-secrets method: post operationId: removeAzureEntraIdScimSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/external-infisical method: get operationId: listExternalInfisicalSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/external-infisical method: post operationId: createExternalInfisicalSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/external-infisical/{syncId} method: get operationId: getExternalInfisicalSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/external-infisical/{syncId} method: patch operationId: updateExternalInfisicalSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/external-infisical/{syncId} method: delete operationId: deleteExternalInfisicalSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/external-infisical/sync-name/{syncName} method: get operationId: getExternalInfisicalSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/external-infisical/{syncId}/sync-secrets method: post operationId: syncExternalInfisicalSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/external-infisical/{syncId}/import-secrets method: post operationId: importExternalInfisicalSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/external-infisical/{syncId}/remove-secrets method: post operationId: removeExternalInfisicalSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ovh method: get operationId: listOvhSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/ovh method: post operationId: createOvhSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ovh/{syncId} method: get operationId: getOvhSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/ovh/{syncId} method: patch operationId: updateOvhSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ovh/{syncId} method: delete operationId: deleteOvhSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ovh/sync-name/{syncName} method: get operationId: getOvhSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/ovh/{syncId}/sync-secrets method: post operationId: syncOvhSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ovh/{syncId}/import-secrets method: post operationId: importOvhSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ovh/{syncId}/remove-secrets method: post operationId: removeOvhSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/devin method: get operationId: listDevinSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/devin method: post operationId: createDevinSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/devin/{syncId} method: get operationId: getDevinSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/devin/{syncId} method: patch operationId: updateDevinSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/devin/{syncId} method: delete operationId: deleteDevinSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/devin/sync-name/{syncName} method: get operationId: getDevinSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/devin/{syncId}/sync-secrets method: post operationId: syncDevinSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/devin/{syncId}/import-secrets method: post operationId: importDevinSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/devin/{syncId}/remove-secrets method: post operationId: removeDevinSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ona method: get operationId: listOnaSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/ona method: post operationId: createOnaSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ona/{syncId} method: get operationId: getOnaSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/ona/{syncId} method: patch operationId: updateOnaSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ona/{syncId} method: delete operationId: deleteOnaSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ona/sync-name/{syncName} method: get operationId: getOnaSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/ona/{syncId}/sync-secrets method: post operationId: syncOnaSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ona/{syncId}/import-secrets method: post operationId: importOnaSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/ona/{syncId}/remove-secrets method: post operationId: removeOnaSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/travis-ci method: get operationId: listTravisCISecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/travis-ci method: post operationId: createTravisCISecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/travis-ci/{syncId} method: get operationId: getTravisCISecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/travis-ci/{syncId} method: patch operationId: updateTravisCISecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/travis-ci/{syncId} method: delete operationId: deleteTravisCISecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/travis-ci/sync-name/{syncName} method: get operationId: getTravisCISecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/travis-ci/{syncId}/sync-secrets method: post operationId: syncTravisCISecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/travis-ci/{syncId}/import-secrets method: post operationId: importTravisCISecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/travis-ci/{syncId}/remove-secrets method: post operationId: removeTravisCISecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/snowflake method: get operationId: listSnowflakeSecretSyncs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/snowflake method: post operationId: createSnowflakeSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/snowflake/{syncId} method: get operationId: getSnowflakeSecretSync x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/snowflake/{syncId} method: patch operationId: updateSnowflakeSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/snowflake/{syncId} method: delete operationId: deleteSnowflakeSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/snowflake/sync-name/{syncName} method: get operationId: getSnowflakeSecretSyncByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/secret-syncs/snowflake/{syncId}/sync-secrets method: post operationId: syncSnowflakeSecretSync x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/snowflake/{syncId}/import-secrets method: post operationId: importSnowflakeSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/secret-syncs/snowflake/{syncId}/remove-secrets method: post operationId: removeSnowflakeSecretSyncSecrets x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/events/subscribe/project-events method: post operationId: subscribeToProjectEvents x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/roles method: post operationId: createProjectRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/roles method: get operationId: listProjectRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/roles/{roleId} method: patch operationId: updateProjectRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/roles/{roleId} method: delete operationId: deleteProjectRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/roles/slug/{roleSlug} method: get operationId: getProjectRoleBySlug x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/identity-project-additional-privilege method: post operationId: createIdentityProjectAdditionalPrivilege x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/identity-project-additional-privilege method: get operationId: listIdentityProjectAdditionalPrivileges x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/identity-project-additional-privilege/{id} method: patch operationId: updateIdentityProjectAdditionalPrivilege x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/identity-project-additional-privilege/{id} method: delete operationId: deleteIdentityProjectAdditionalPrivilege x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/identity-project-additional-privilege/{id} method: get operationId: getIdentityProjectAdditionalPrivilege x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/identity-project-additional-privilege/slug/{privilegeSlug} method: get operationId: getIdentityProjectAdditionalPrivilegeBySlug x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/options method: get operationId: listSecretRotationOptions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations method: get operationId: listSecretRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/postgres-credentials method: get operationId: listPostgreSQLCredentialsRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/postgres-credentials method: post operationId: createPostgreSQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/postgres-credentials/{rotationId} method: get operationId: getPostgreSQLCredentialsRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/postgres-credentials/{rotationId} method: patch operationId: updatePostgreSQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/postgres-credentials/{rotationId} method: delete operationId: deletePostgreSQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/postgres-credentials/rotation-name/{rotationName} method: get operationId: getPostgreSQLCredentialsRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/postgres-credentials/{rotationId}/generated-credentials method: get operationId: getPostgreSQLCredentialsRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/postgres-credentials/{rotationId}/move method: post operationId: movePostgreSQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/postgres-credentials/{rotationId}/rotate-secrets method: post operationId: rotatePostgreSQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/postgres-credentials/{rotationId}/check-credentials method: post operationId: checkPostgreSQLCredentialsRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mssql-credentials method: get operationId: listMicrosoftSQLServerCredentialsRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mssql-credentials method: post operationId: createMicrosoftSQLServerCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mssql-credentials/{rotationId} method: get operationId: getMicrosoftSQLServerCredentialsRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mssql-credentials/{rotationId} method: patch operationId: updateMicrosoftSQLServerCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mssql-credentials/{rotationId} method: delete operationId: deleteMicrosoftSQLServerCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mssql-credentials/rotation-name/{rotationName} method: get operationId: getMicrosoftSQLServerCredentialsRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mssql-credentials/{rotationId}/generated-credentials method: get operationId: getMicrosoftSQLServerCredentialsRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mssql-credentials/{rotationId}/move method: post operationId: moveMicrosoftSQLServerCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mssql-credentials/{rotationId}/rotate-secrets method: post operationId: rotateMicrosoftSQLServerCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mssql-credentials/{rotationId}/check-credentials method: post operationId: checkMicrosoftSQLServerCredentialsRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mysql-credentials method: get operationId: listMySQLCredentialsRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mysql-credentials method: post operationId: createMySQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mysql-credentials/{rotationId} method: get operationId: getMySQLCredentialsRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mysql-credentials/{rotationId} method: patch operationId: updateMySQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mysql-credentials/{rotationId} method: delete operationId: deleteMySQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mysql-credentials/rotation-name/{rotationName} method: get operationId: getMySQLCredentialsRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mysql-credentials/{rotationId}/generated-credentials method: get operationId: getMySQLCredentialsRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mysql-credentials/{rotationId}/move method: post operationId: moveMySQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mysql-credentials/{rotationId}/rotate-secrets method: post operationId: rotateMySQLCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mysql-credentials/{rotationId}/check-credentials method: post operationId: checkMySQLCredentialsRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/oracledb-credentials method: get operationId: listOracleDBCredentialsRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/oracledb-credentials method: post operationId: createOracleDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/oracledb-credentials/{rotationId} method: get operationId: getOracleDBCredentialsRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/oracledb-credentials/{rotationId} method: patch operationId: updateOracleDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/oracledb-credentials/{rotationId} method: delete operationId: deleteOracleDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/oracledb-credentials/rotation-name/{rotationName} method: get operationId: getOracleDBCredentialsRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/oracledb-credentials/{rotationId}/generated-credentials method: get operationId: getOracleDBCredentialsRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/oracledb-credentials/{rotationId}/move method: post operationId: moveOracleDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/oracledb-credentials/{rotationId}/rotate-secrets method: post operationId: rotateOracleDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/oracledb-credentials/{rotationId}/check-credentials method: post operationId: checkOracleDBCredentialsRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/auth0-client-secret method: get operationId: listAuth0ClientSecretRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/auth0-client-secret method: post operationId: createAuth0ClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/auth0-client-secret/{rotationId} method: get operationId: getAuth0ClientSecretRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/auth0-client-secret/{rotationId} method: patch operationId: updateAuth0ClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/auth0-client-secret/{rotationId} method: delete operationId: deleteAuth0ClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/auth0-client-secret/rotation-name/{rotationName} method: get operationId: getAuth0ClientSecretRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/auth0-client-secret/{rotationId}/generated-credentials method: get operationId: getAuth0ClientSecretRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/auth0-client-secret/{rotationId}/move method: post operationId: moveAuth0ClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/auth0-client-secret/{rotationId}/rotate-secrets method: post operationId: rotateAuth0ClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/auth0-client-secret/{rotationId}/check-credentials method: post operationId: checkAuth0ClientSecretRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/azure-client-secret method: get operationId: listAzureClientSecretRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/azure-client-secret method: post operationId: createAzureClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/azure-client-secret/{rotationId} method: get operationId: getAzureClientSecretRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/azure-client-secret/{rotationId} method: patch operationId: updateAzureClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/azure-client-secret/{rotationId} method: delete operationId: deleteAzureClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/azure-client-secret/rotation-name/{rotationName} method: get operationId: getAzureClientSecretRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/azure-client-secret/{rotationId}/generated-credentials method: get operationId: getAzureClientSecretRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/azure-client-secret/{rotationId}/move method: post operationId: moveAzureClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/azure-client-secret/{rotationId}/rotate-secrets method: post operationId: rotateAzureClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/azure-client-secret/{rotationId}/check-credentials method: post operationId: checkAzureClientSecretRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/aws-iam-user-secret method: get operationId: listAWSIAMUserSecretRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/aws-iam-user-secret method: post operationId: createAWSIAMUserSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/aws-iam-user-secret/{rotationId} method: get operationId: getAWSIAMUserSecretRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/aws-iam-user-secret/{rotationId} method: patch operationId: updateAWSIAMUserSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/aws-iam-user-secret/{rotationId} method: delete operationId: deleteAWSIAMUserSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/aws-iam-user-secret/rotation-name/{rotationName} method: get operationId: getAWSIAMUserSecretRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/aws-iam-user-secret/{rotationId}/generated-credentials method: get operationId: getAWSIAMUserSecretRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/aws-iam-user-secret/{rotationId}/move method: post operationId: moveAWSIAMUserSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/aws-iam-user-secret/{rotationId}/rotate-secrets method: post operationId: rotateAWSIAMUserSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/aws-iam-user-secret/{rotationId}/check-credentials method: post operationId: checkAWSIAMUserSecretRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/ldap-password method: get operationId: listLDAPPasswordRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/ldap-password method: post operationId: createLDAPPasswordRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/ldap-password/{rotationId} method: get operationId: getLDAPPasswordRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/ldap-password/{rotationId} method: patch operationId: updateLDAPPasswordRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/ldap-password/{rotationId} method: delete operationId: deleteLDAPPasswordRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/ldap-password/rotation-name/{rotationName} method: get operationId: getLDAPPasswordRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/ldap-password/{rotationId}/generated-credentials method: get operationId: getLDAPPasswordRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/ldap-password/{rotationId}/move method: post operationId: moveLDAPPasswordRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/ldap-password/{rotationId}/rotate-secrets method: post operationId: rotateLDAPPasswordRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/ldap-password/{rotationId}/check-credentials method: post operationId: checkLDAPPasswordRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/okta-client-secret method: get operationId: listOktaClientSecretRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/okta-client-secret method: post operationId: createOktaClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/okta-client-secret/{rotationId} method: get operationId: getOktaClientSecretRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/okta-client-secret/{rotationId} method: patch operationId: updateOktaClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/okta-client-secret/{rotationId} method: delete operationId: deleteOktaClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/okta-client-secret/rotation-name/{rotationName} method: get operationId: getOktaClientSecretRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/okta-client-secret/{rotationId}/generated-credentials method: get operationId: getOktaClientSecretRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/okta-client-secret/{rotationId}/move method: post operationId: moveOktaClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/okta-client-secret/{rotationId}/rotate-secrets method: post operationId: rotateOktaClientSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/okta-client-secret/{rotationId}/check-credentials method: post operationId: checkOktaClientSecretRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/redis-credentials method: get operationId: listRedisCredentialsRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/redis-credentials method: post operationId: createRedisCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/redis-credentials/{rotationId} method: get operationId: getRedisCredentialsRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/redis-credentials/{rotationId} method: patch operationId: updateRedisCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/redis-credentials/{rotationId} method: delete operationId: deleteRedisCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/redis-credentials/rotation-name/{rotationName} method: get operationId: getRedisCredentialsRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/redis-credentials/{rotationId}/generated-credentials method: get operationId: getRedisCredentialsRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/redis-credentials/{rotationId}/move method: post operationId: moveRedisCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/redis-credentials/{rotationId}/rotate-secrets method: post operationId: rotateRedisCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/redis-credentials/{rotationId}/check-credentials method: post operationId: checkRedisCredentialsRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mongodb-credentials method: get operationId: listMongoDBCredentialsRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mongodb-credentials method: post operationId: createMongoDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mongodb-credentials/{rotationId} method: get operationId: getMongoDBCredentialsRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mongodb-credentials/{rotationId} method: patch operationId: updateMongoDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mongodb-credentials/{rotationId} method: delete operationId: deleteMongoDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mongodb-credentials/rotation-name/{rotationName} method: get operationId: getMongoDBCredentialsRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mongodb-credentials/{rotationId}/generated-credentials method: get operationId: getMongoDBCredentialsRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/mongodb-credentials/{rotationId}/move method: post operationId: moveMongoDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mongodb-credentials/{rotationId}/rotate-secrets method: post operationId: rotateMongoDBCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/mongodb-credentials/{rotationId}/check-credentials method: post operationId: checkMongoDBCredentialsRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/databricks-service-principal-secret method: get operationId: listDatabricksServicePrincipalSecretRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/databricks-service-principal-secret method: post operationId: createDatabricksServicePrincipalSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/databricks-service-principal-secret/{rotationId} method: get operationId: getDatabricksServicePrincipalSecretRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/databricks-service-principal-secret/{rotationId} method: patch operationId: updateDatabricksServicePrincipalSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/databricks-service-principal-secret/{rotationId} method: delete operationId: deleteDatabricksServicePrincipalSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/databricks-service-principal-secret/rotation-name/{rotationName} method: get operationId: getDatabricksServicePrincipalSecretRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/databricks-service-principal-secret/{rotationId}/generated-credentials method: get operationId: getDatabricksServicePrincipalSecretRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/databricks-service-principal-secret/{rotationId}/move method: post operationId: moveDatabricksServicePrincipalSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/databricks-service-principal-secret/{rotationId}/rotate-secrets method: post operationId: rotateDatabricksServicePrincipalSecretRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/databricks-service-principal-secret/{rotationId}/check-credentials method: post operationId: checkDatabricksServicePrincipalSecretRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/unix-linux-local-account method: get operationId: listUnix/LinuxLocalAccountRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/unix-linux-local-account method: post operationId: createUnix/LinuxLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/unix-linux-local-account/{rotationId} method: get operationId: getUnix/LinuxLocalAccountRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/unix-linux-local-account/{rotationId} method: patch operationId: updateUnix/LinuxLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/unix-linux-local-account/{rotationId} method: delete operationId: deleteUnix/LinuxLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/unix-linux-local-account/rotation-name/{rotationName} method: get operationId: getUnix/LinuxLocalAccountRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/unix-linux-local-account/{rotationId}/generated-credentials method: get operationId: getUnix/LinuxLocalAccountRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/unix-linux-local-account/{rotationId}/move method: post operationId: moveUnix/LinuxLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/unix-linux-local-account/{rotationId}/rotate-secrets method: post operationId: rotateUnix/LinuxLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/unix-linux-local-account/{rotationId}/check-credentials method: post operationId: checkUnix/LinuxLocalAccountRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/unix-linux-local-account/{rotationId}/reconcile method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/dbt-service-token method: get operationId: listDBTServiceTokenRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/dbt-service-token method: post operationId: createDBTServiceTokenRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/dbt-service-token/{rotationId} method: get operationId: getDBTServiceTokenRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/dbt-service-token/{rotationId} method: patch operationId: updateDBTServiceTokenRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/dbt-service-token/{rotationId} method: delete operationId: deleteDBTServiceTokenRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/dbt-service-token/rotation-name/{rotationName} method: get operationId: getDBTServiceTokenRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/dbt-service-token/{rotationId}/generated-credentials method: get operationId: getDBTServiceTokenRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/dbt-service-token/{rotationId}/move method: post operationId: moveDBTServiceTokenRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/dbt-service-token/{rotationId}/rotate-secrets method: post operationId: rotateDBTServiceTokenRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/dbt-service-token/{rotationId}/check-credentials method: post operationId: checkDBTServiceTokenRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/windows-local-account method: get operationId: listWindowsLocalAccountRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/windows-local-account method: post operationId: createWindowsLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/windows-local-account/{rotationId} method: get operationId: getWindowsLocalAccountRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/windows-local-account/{rotationId} method: patch operationId: updateWindowsLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/windows-local-account/{rotationId} method: delete operationId: deleteWindowsLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/windows-local-account/rotation-name/{rotationName} method: get operationId: getWindowsLocalAccountRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/windows-local-account/{rotationId}/generated-credentials method: get operationId: getWindowsLocalAccountRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/windows-local-account/{rotationId}/move method: post operationId: moveWindowsLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/windows-local-account/{rotationId}/rotate-secrets method: post operationId: rotateWindowsLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/windows-local-account/{rotationId}/check-credentials method: post operationId: checkWindowsLocalAccountRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/windows-local-account/{rotationId}/reconcile method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/open-router-api-key method: get operationId: listOpenRouterAPIKeyRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/open-router-api-key method: post operationId: createOpenRouterAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/open-router-api-key/{rotationId} method: get operationId: getOpenRouterAPIKeyRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/open-router-api-key/{rotationId} method: patch operationId: updateOpenRouterAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/open-router-api-key/{rotationId} method: delete operationId: deleteOpenRouterAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/open-router-api-key/rotation-name/{rotationName} method: get operationId: getOpenRouterAPIKeyRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/open-router-api-key/{rotationId}/generated-credentials method: get operationId: getOpenRouterAPIKeyRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/open-router-api-key/{rotationId}/move method: post operationId: moveOpenRouterAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/open-router-api-key/{rotationId}/rotate-secrets method: post operationId: rotateOpenRouterAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/open-router-api-key/{rotationId}/check-credentials method: post operationId: checkOpenRouterAPIKeyRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/hp-ilo-local-account method: get operationId: listHPiLOLocalAccountRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/hp-ilo-local-account method: post operationId: createHPiLOLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/hp-ilo-local-account/{rotationId} method: get operationId: getHPiLOLocalAccountRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/hp-ilo-local-account/{rotationId} method: patch operationId: updateHPiLOLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/hp-ilo-local-account/{rotationId} method: delete operationId: deleteHPiLOLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/hp-ilo-local-account/rotation-name/{rotationName} method: get operationId: getHPiLOLocalAccountRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/hp-ilo-local-account/{rotationId}/generated-credentials method: get operationId: getHPiLOLocalAccountRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/hp-ilo-local-account/{rotationId}/move method: post operationId: moveHPiLOLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/hp-ilo-local-account/{rotationId}/rotate-secrets method: post operationId: rotateHPiLOLocalAccountRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/hp-ilo-local-account/{rotationId}/check-credentials method: post operationId: checkHPiLOLocalAccountRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/hp-ilo-local-account/{rotationId}/reconcile method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/supabase-api-key method: get operationId: listSupabaseAPIKeyRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/supabase-api-key method: post operationId: createSupabaseAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/supabase-api-key/{rotationId} method: get operationId: getSupabaseAPIKeyRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/supabase-api-key/{rotationId} method: patch operationId: updateSupabaseAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/supabase-api-key/{rotationId} method: delete operationId: deleteSupabaseAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/supabase-api-key/rotation-name/{rotationName} method: get operationId: getSupabaseAPIKeyRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/supabase-api-key/{rotationId}/generated-credentials method: get operationId: getSupabaseAPIKeyRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/supabase-api-key/{rotationId}/move method: post operationId: moveSupabaseAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/supabase-api-key/{rotationId}/rotate-secrets method: post operationId: rotateSupabaseAPIKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/supabase-api-key/{rotationId}/check-credentials method: post operationId: checkSupabaseAPIKeyRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/salesforce-oauth-credentials method: get operationId: listSalesforceOAuthCredentialsRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/salesforce-oauth-credentials method: post operationId: createSalesforceOAuthCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/salesforce-oauth-credentials/{rotationId} method: get operationId: getSalesforceOAuthCredentialsRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/salesforce-oauth-credentials/{rotationId} method: patch operationId: updateSalesforceOAuthCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/salesforce-oauth-credentials/{rotationId} method: delete operationId: deleteSalesforceOAuthCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/salesforce-oauth-credentials/rotation-name/{rotationName} method: get operationId: getSalesforceOAuthCredentialsRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/salesforce-oauth-credentials/{rotationId}/generated-credentials method: get operationId: getSalesforceOAuthCredentialsRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/salesforce-oauth-credentials/{rotationId}/move method: post operationId: moveSalesforceOAuthCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/salesforce-oauth-credentials/{rotationId}/rotate-secrets method: post operationId: rotateSalesforceOAuthCredentialsRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/salesforce-oauth-credentials/{rotationId}/check-credentials method: post operationId: checkSalesforceOAuthCredentialsRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/datadog-application-key-secret method: get operationId: listDatadogApplicationKeyRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/datadog-application-key-secret method: post operationId: createDatadogApplicationKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/datadog-application-key-secret/{rotationId} method: get operationId: getDatadogApplicationKeyRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/datadog-application-key-secret/{rotationId} method: patch operationId: updateDatadogApplicationKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/datadog-application-key-secret/{rotationId} method: delete operationId: deleteDatadogApplicationKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/datadog-application-key-secret/rotation-name/{rotationName} method: get operationId: getDatadogApplicationKeyRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/datadog-application-key-secret/{rotationId}/generated-credentials method: get operationId: getDatadogApplicationKeyRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/datadog-application-key-secret/{rotationId}/move method: post operationId: moveDatadogApplicationKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/datadog-application-key-secret/{rotationId}/rotate-secrets method: post operationId: rotateDatadogApplicationKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/datadog-application-key-secret/{rotationId}/check-credentials method: post operationId: checkDatadogApplicationKeyRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/convex-access-key method: get operationId: listConvexAccessKeyRotations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/convex-access-key method: post operationId: createConvexAccessKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/convex-access-key/{rotationId} method: get operationId: getConvexAccessKeyRotation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/convex-access-key/{rotationId} method: patch operationId: updateConvexAccessKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/convex-access-key/{rotationId} method: delete operationId: deleteConvexAccessKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/convex-access-key/rotation-name/{rotationName} method: get operationId: getConvexAccessKeyRotationByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/convex-access-key/{rotationId}/generated-credentials method: get operationId: getConvexAccessKeyRotationGeneratedCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-rotations/convex-access-key/{rotationId}/move method: post operationId: moveConvexAccessKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/convex-access-key/{rotationId}/rotate-secrets method: post operationId: rotateConvexAccessKeyRotation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-rotations/convex-access-key/{rotationId}/check-credentials method: post operationId: checkConvexAccessKeyRotationCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/options method: get operationId: listSecretScanningDataSourceOptions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources method: get operationId: listSecretScanningDataSources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/findings method: get operationId: listSecretScanningFindings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/findings method: patch operationId: updateSecretScanningFindingsBatch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/findings/{findingId} method: patch operationId: updateSecretScanningFinding x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/configs method: get operationId: getSecretScanningConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/configs method: patch operationId: updateSecretScanningConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/github method: get operationId: listGitHubDataSources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/github method: post operationId: createGitHubDataSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/github/{dataSourceId} method: get operationId: getGitHubDataSource x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/github/{dataSourceId} method: patch operationId: updateGitHubDataSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/github/{dataSourceId} method: delete operationId: deleteGitHubDataSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/github/data-source-name/{sourceName} method: get operationId: getGitHubDataSourceByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/github/{dataSourceId}/scan method: post operationId: triggerGitHubDataSourceScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/github/{dataSourceId}/resources/{resourceId}/scan method: post operationId: triggerGitHubDataSourceResourceScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/github/{dataSourceId}/resources method: get operationId: listGitHubDataSourceResources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/github/{dataSourceId}/scans method: get operationId: listGitHubDataSourceScans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/bitbucket method: get operationId: listBitbucketDataSources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/bitbucket method: post operationId: createBitbucketDataSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/bitbucket/{dataSourceId} method: get operationId: getBitbucketDataSource x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/bitbucket/{dataSourceId} method: patch operationId: updateBitbucketDataSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/bitbucket/{dataSourceId} method: delete operationId: deleteBitbucketDataSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/bitbucket/data-source-name/{sourceName} method: get operationId: getBitbucketDataSourceByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/bitbucket/{dataSourceId}/scan method: post operationId: triggerBitbucketDataSourceScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/bitbucket/{dataSourceId}/resources/{resourceId}/scan method: post operationId: triggerBitbucketDataSourceResourceScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/bitbucket/{dataSourceId}/resources method: get operationId: listBitbucketDataSourceResources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/bitbucket/{dataSourceId}/scans method: get operationId: listBitbucketDataSourceScans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/gitlab method: get operationId: listGitLabDataSources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/gitlab method: post operationId: createGitLabDataSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/gitlab/{dataSourceId} method: get operationId: getGitLabDataSource x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/gitlab/{dataSourceId} method: patch operationId: updateGitLabDataSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/gitlab/{dataSourceId} method: delete operationId: deleteGitLabDataSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/gitlab/data-source-name/{sourceName} method: get operationId: getGitLabDataSourceByName x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/gitlab/{dataSourceId}/scan method: post operationId: triggerGitLabDataSourceScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/gitlab/{dataSourceId}/resources/{resourceId}/scan method: post operationId: triggerGitLabDataSourceResourceScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-scanning/data-sources/gitlab/{dataSourceId}/resources method: get operationId: listGitLabDataSourceResources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-scanning/data-sources/gitlab/{dataSourceId}/scans method: get operationId: listGitLabDataSourceScans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/service-token method: get operationId: getServiceToken x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/pki/ca method: get operationId: listCertificateAuthoritiesV2 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/pki/certificate-templates method: post operationId: createPkiTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/pki/certificate-templates method: get operationId: listPkiTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/pki/certificate-templates/{templateName} method: patch operationId: updatePkiTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/pki/certificate-templates/{templateName} method: delete operationId: deletePkiTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/pki/certificate-templates/{templateName} method: get operationId: getPkiTemplate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/pki/certificate-templates/{templateName}/issue-certificate method: post operationId: issueCertificateFromTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/pki/certificate-templates/{templateName}/sign-certificate method: post operationId: signCertificateFromTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/organizations/{organizationId}/memberships method: get operationId: listOrgMemberships x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/organizations/{organizationId}/memberships method: delete operationId: bulkDeleteOrgMemberships x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/organizations/{organizationId}/workspaces method: get operationId: listOrgProjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/organizations/{organizationId}/memberships/{membershipId} method: patch operationId: updateOrgMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/organizations/{organizationId}/memberships/{membershipId} method: delete operationId: deleteOrgMembership x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/organizations/{orgId}/identity-memberships method: get operationId: listOrgIdentityMemberships x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/identities/search method: post operationId: searchMachineIdentitiesV2 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/identities/search/count method: post operationId: countMachineIdentitiesV2 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/folders method: post operationId: createSecretFolder x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/folders method: get operationId: listSecretFolders x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/folders/{folderId} method: patch operationId: updateSecretFolder x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/folders/batch method: patch operationId: updateSecretFoldersBatch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/folders/{folderIdOrName} method: delete operationId: deleteSecretFolder x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/folders/{id} method: get operationId: getSecretFolderById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-imports method: post operationId: createSecretImport x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-imports method: get operationId: listSecretImports x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-imports/{secretImportId} method: patch operationId: updateSecretImport x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-imports/{secretImportId} method: delete operationId: deleteSecretImport x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/secret-imports/{secretImportId} method: get operationId: getSecretImport x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/secret-imports/secrets method: get operationId: getRawSecretsFromImports x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{slug} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{slug} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{slug}/cas method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/pki-alerts method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/pki-collections method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/pki-subscribers method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/certificate-templates method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/ssh-certificate-templates method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/ssh-cas method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/ssh-hosts method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/ssh-host-groups method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/identity-memberships/{identityId} method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/identity-memberships/{identityId} method: patch x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/identity-memberships/{identityId} method: delete x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/identity-memberships/{identityId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/identity-memberships method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/identity-memberships/{identityMembershipId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/groups/{groupIdOrName} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/groups/{groupId} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/groups/{groupId} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/groups/{groupId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/groups method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/groups/{groupId}/users method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v2/workspace/{projectId}/memberships method: post x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v2/workspace/{projectId}/memberships method: delete x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/secrets/tags/{secretName} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/secrets/tags/{secretName} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/secrets/raw method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v3/secrets/raw/id/{secretId} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v3/secrets/raw/{secretName} method: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v3/secrets/raw/{secretName} method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/secrets/raw/{secretName} method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/secrets/raw/{secretName} method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/secrets/move method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/secrets/batch/raw method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/secrets/batch/raw method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/secrets/batch/raw method: delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/pki/certificates/{certificateId}/renew method: post x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v3/pki/certificates/{certificateId}/config method: patch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v4/secrets method: get operationId: listSecretsV4 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v4/secrets/id/{secretId} method: get operationId: getSecretByIdV4 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v4/secrets/{secretName} method: get operationId: getSecretByNameV4 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v4/secrets/{secretName} method: post operationId: createSecretV4 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v4/secrets/{secretName} method: patch operationId: updateSecretV4 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v4/secrets/{secretName} method: delete operationId: deleteSecretV4 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v4/secrets/move method: post operationId: moveSecretsV4 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v4/secrets/duplicate method: post operationId: duplicateSecretV4 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v4/secrets/batch method: post operationId: createManySecretsV4 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v4/secrets/batch method: patch operationId: updateManySecretsV4 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v4/secrets/batch method: delete operationId: deleteManySecretsV4 x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v4/secrets/{secretName}/reference-dependency-tree method: get operationId: getSecretReferencesV4 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v4/secrets/{secretName}/secret-reference-tree method: get operationId: getSecretReferenceTreeV4 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none