generated: '2026-07-15' method: generated source: openapi/jupyterhub-rest-api-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 35 by_action_class: connected: 14 acting: 21 by_consequence: read: 14 write: 17 safety-critical: 4 human_in_the_loop_required: 4 operations: - path: / method: get operationId: getHubVersion x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /info method: get operationId: getHubInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /users method: get operationId: listUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /users method: post operationId: createUsers x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{name} method: get operationId: getUser x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /users/{name} method: post operationId: createUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{name} method: patch operationId: updateUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{name} method: delete operationId: deleteUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{name}/activity method: post operationId: notifyUserActivity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{name}/server method: post operationId: startUserServer x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{name}/server method: delete operationId: stopUserServer x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /users/{name}/servers/{server_name} method: post operationId: startNamedServer x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{name}/servers/{server_name} method: delete operationId: stopNamedServer x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /users/{name}/tokens method: get operationId: listUserTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /users/{name}/tokens method: post operationId: createUserToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{name}/tokens/{token_id} method: get operationId: getUserToken x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /users/{name}/tokens/{token_id} method: delete operationId: revokeUserToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /groups method: get operationId: listGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /groups method: post operationId: createGroups x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /groups/{name} method: get operationId: getGroup x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /groups/{name} method: post operationId: createGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /groups/{name} method: delete operationId: deleteGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /groups/{name}/users method: post operationId: addGroupUsers x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /groups/{name}/users method: delete operationId: removeGroupUsers x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /services method: get operationId: listServices x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /services/{name} method: get operationId: getService x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /proxy method: get operationId: getProxyRoutes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /proxy method: post operationId: syncProxy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /proxy method: patch operationId: updateProxy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /authorizations/token method: post operationId: requestToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /authorizations/token/{token} method: get operationId: identifyToken x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /authorizations/cookie/{cookie_name}/{cookie_value} method: get operationId: identifyCookie x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /oauth2/authorize method: get operationId: oauth2Authorize x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /oauth2/token method: post operationId: oauth2Token x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /shutdown method: post operationId: shutdownHub x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required