generated: '2026-07-15' method: generated source: openapi/kubescape-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 23 by_action_class: acting: 18 connected: 5 by_consequence: write: 14 safety-critical: 4 read: 5 human_in_the_loop_required: 4 operations: - path: /posture/frameworks method: post operationId: getPostureFrameworks x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /posture/controls method: post operationId: getPostureControls x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /posture/controls/sections method: post operationId: getPostureControlSections x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /posture/resources method: post operationId: getPostureResources x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/scan method: post operationId: startVulnerabilityScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/scanResults/summary method: post operationId: getVulnerabilityScanSummary x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/scanResults/details method: post operationId: getVulnerabilityScanDetails x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerability/severity method: post operationId: getVulnerabilitySeverity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /vulnerabilities/list method: post operationId: listVulnerabilities x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /images/list method: post operationId: listImages x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /runtimeIncidents method: get operationId: listRuntimeIncidents x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /runtimeIncidents/{guid}/alerts method: get operationId: getRuntimeIncidentAlerts x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /runtimeIncidents/{guid}/resolve method: post operationId: resolveRuntimeIncident x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /attackChains method: post operationId: getAttackChains x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /securityRisks method: get operationId: getSecurityRisks x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /networkPolicies method: get operationId: getNetworkPolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /networkPolicies/generate method: post operationId: generateNetworkPolicies x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /seccompProfiles/generate method: post operationId: generateSeccompProfiles x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /registry/scan method: post operationId: scheduleRegistryScan x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /repositoryPosture/failedControls method: post operationId: getRepositoryFailedControls x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /authentication/accessKeys method: get operationId: listAccessKeys x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /authentication/accessKeys method: post operationId: createAccessKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /authentication/accessKeys/{guid} method: delete operationId: deleteAccessKey x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required