generated: '2026-07-15' method: generated source: openapi/kion-cloud-operations-api-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 126 by_action_class: connected: 53 acting: 73 by_consequence: read: 53 write: 67 safety-critical: 6 human_in_the_loop_required: 6 operations: - path: /account method: get operationId: listAccounts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /account method: post operationId: createAccount x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /account/{id} method: get operationId: getAccount x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /account/{id} method: patch operationId: updateAccount x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /project method: get operationId: listProjects x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /project method: post operationId: createProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /project/{id} method: get operationId: getProject x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /project/{id} method: patch operationId: updateProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /project/{id} method: delete operationId: deleteProject x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /project/{id}/note method: get operationId: listProjectNotes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /project/{id}/note method: post operationId: createProjectNote x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /project/{id}/enforcement method: get operationId: listProjectEnforcements x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /project/{id}/enforcement method: post operationId: createProjectEnforcement x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /project/{id}/cloud-access-role method: get operationId: listProjectCloudAccessRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /project/{id}/cloud-access-role method: post operationId: createProjectCloudAccessRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /project/{id}/permission-mapping method: get operationId: listProjectPermissionMappings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /project/{id}/permission-mapping method: post operationId: createProjectPermissionMapping x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /ou method: get operationId: listOUs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /ou method: post operationId: createOU x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /ou/{id} method: get operationId: getOU x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /ou/{id} method: patch operationId: updateOU x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /ou/{id} method: delete operationId: deleteOU x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /ou/{id}/cloud-access-role method: get operationId: listOUCloudAccessRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /ou/{id}/cloud-access-role method: post operationId: createOUCloudAccessRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /ou/{id}/permission-mapping method: get operationId: listOUPermissionMappings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /ou/{id}/permission-mapping method: post operationId: createOUPermissionMapping x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /cloud-rule method: get operationId: listCloudRules x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /cloud-rule method: post operationId: createCloudRule x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /cloud-rule/{id} method: get operationId: getCloudRule x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /cloud-rule/{id} method: patch operationId: updateCloudRule x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /cloud-rule/{id} method: delete operationId: deleteCloudRule x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /compliance-check method: get operationId: listComplianceChecks x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance-check method: post operationId: createComplianceCheck x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /compliance-check/{id} method: get operationId: getComplianceCheck x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance-check/{id} method: patch operationId: updateComplianceCheck x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /compliance-check/{id} method: delete operationId: deleteComplianceCheck x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /compliance-standard method: get operationId: listComplianceStandards x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance-standard method: post operationId: createComplianceStandard x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /compliance-standard/{id} method: get operationId: getComplianceStandard x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /compliance-standard/{id} method: patch operationId: updateComplianceStandard x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /compliance-standard/{id} method: delete operationId: deleteComplianceStandard x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /funding-source method: get operationId: listFundingSources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /funding-source method: post operationId: createFundingSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /funding-source/{id} method: get operationId: getFundingSource x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /funding-source/{id} method: patch operationId: updateFundingSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /funding-source/{id} method: delete operationId: deleteFundingSource x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /funding-source/{id}/permission-mapping method: get operationId: listFundingSourcePermissionMappings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /funding-source/{id}/permission-mapping method: post operationId: createFundingSourcePermissionMapping x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /label method: get operationId: listLabels x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /label method: post operationId: createLabel x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /label/{id} method: get operationId: getLabel x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /label/{id} method: patch operationId: updateLabel x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /label/{id} method: delete operationId: deleteLabel x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user method: get operationId: listUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /user method: post operationId: createUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user/{id} method: get operationId: getUser x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /user/{id} method: patch operationId: updateUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user/{id} method: delete operationId: deleteUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user-group method: get operationId: listUserGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /user-group method: post operationId: createUserGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user-group/{id} method: get operationId: getUserGroup x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /user-group/{id} method: patch operationId: updateUserGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user-group/{id} method: delete operationId: deleteUserGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /aws-iam-policy method: get operationId: listAwsIamPolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /aws-iam-policy method: post operationId: createAwsIamPolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /aws-iam-policy/{id} method: get operationId: getAwsIamPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /aws-iam-policy/{id} method: patch operationId: updateAwsIamPolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /aws-iam-policy/{id} method: delete operationId: deleteAwsIamPolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /service-control-policy method: get operationId: listServiceControlPolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /service-control-policy method: post operationId: createServiceControlPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /service-control-policy/{id} method: get operationId: getServiceControlPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /service-control-policy/{id} method: patch operationId: updateServiceControlPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /service-control-policy/{id} method: delete operationId: deleteServiceControlPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /aws-cloudformation-template method: get operationId: listCloudFormationTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /aws-cloudformation-template method: post operationId: createCloudFormationTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /aws-cloudformation-template/{id} method: get operationId: getCloudFormationTemplate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /aws-cloudformation-template/{id} method: patch operationId: updateCloudFormationTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /aws-cloudformation-template/{id} method: delete operationId: deleteCloudFormationTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /azure-arm-template method: get operationId: listAzureArmTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /azure-arm-template method: post operationId: createAzureArmTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /azure-arm-template/{id} method: get operationId: getAzureArmTemplate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /azure-arm-template/{id} method: patch operationId: updateAzureArmTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /azure-arm-template/{id} method: delete operationId: deleteAzureArmTemplate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /azure-policy method: get operationId: listAzurePolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /azure-policy method: post operationId: createAzurePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /azure-policy/{id} method: get operationId: getAzurePolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /azure-policy/{id} method: patch operationId: updateAzurePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /azure-policy/{id} method: delete operationId: deleteAzurePolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /azure-role method: get operationId: listAzureRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /azure-role method: post operationId: createAzureRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /azure-role/{id} method: get operationId: getAzureRole x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /azure-role/{id} method: patch operationId: updateAzureRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /azure-role/{id} method: delete operationId: deleteAzureRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /gcp-iam-role method: get operationId: listGcpIamRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /gcp-iam-role method: post operationId: createGcpIamRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /gcp-iam-role/{id} method: get operationId: getGcpIamRole x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /gcp-iam-role/{id} method: patch operationId: updateGcpIamRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /gcp-iam-role/{id} method: delete operationId: deleteGcpIamRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /webhook method: get operationId: listWebhooks x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /webhook method: post operationId: createWebhook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /webhook/{id} method: get operationId: getWebhook x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /webhook/{id} method: patch operationId: updateWebhook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /webhook/{id} method: delete operationId: deleteWebhook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /saml-group-association method: get operationId: listSamlGroupAssociations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /saml-group-association method: post operationId: createSamlGroupAssociation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /saml-group-association/{id} method: get operationId: getSamlGroupAssociation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /saml-group-association/{id} method: patch operationId: updateSamlGroupAssociation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /saml-group-association/{id} method: delete operationId: deleteSamlGroupAssociation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-variable method: get operationId: listCustomVariables x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /custom-variable method: post operationId: createCustomVariable x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-variable/{id} method: get operationId: getCustomVariable x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /custom-variable/{id} method: patch operationId: updateCustomVariable x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-variable/{id} method: delete operationId: deleteCustomVariable x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-variable-override method: get operationId: listCustomVariableOverrides x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /custom-variable-override method: post operationId: createCustomVariableOverride x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /custom-variable-override/{id} method: get operationId: getCustomVariableOverride x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /custom-variable-override/{id} method: patch operationId: updateCustomVariableOverride x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /custom-variable-override/{id} method: delete operationId: deleteCustomVariableOverride x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /global-permission-mapping method: get operationId: listGlobalPermissionMappings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /global-permission-mapping method: post operationId: createGlobalPermissionMapping x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /global-permission-mapping/{id} method: get operationId: getGlobalPermissionMapping x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /global-permission-mapping/{id} method: patch operationId: updateGlobalPermissionMapping x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /global-permission-mapping/{id} method: delete operationId: deleteGlobalPermissionMapping x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /idms method: get operationId: listIdms x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /app-config method: get operationId: getAppConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /app-config method: patch operationId: updateAppConfig x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required