JFrog Artifactory Agentic Access
JFrog Artifactory exposes 69 API operations that an AI agent could call, of which 35 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 34 read, 33 write, 1 physical, and 1 safety-critical.
1 operation are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /api/security/apiKey | safety-critical | required |
| PUT | /{repoKey}/{itemPath} | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/artifactory-aql-api-openapi.yml, openapi/artifactory-build-integration-api-openapi.yml,
openapi/artifactory-docker-registry-api-openapi.yml, openapi/artifactory-rest-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 69
by_action_class:
acting: 35
connected: 34
by_consequence:
write: 33
read: 34
physical: 1
safety-critical: 1
human_in_the_loop_required: 1
operations:
- path: /api/search/aql
method: post
operationId: executeAqlQuery
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/build
method: put
operationId: publishBuildInfo
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/build/{buildName}
method: get
operationId: getBuildRuns
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/build/{buildName}
method: delete
operationId: deleteBuild
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/build/{buildName}/{buildNumber}
method: get
operationId: getBuildInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/build/promote/{buildName}/{buildNumber}
method: post
operationId: promoteBuild
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/build/rename/{buildName}
method: post
operationId: renameBuild
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/build/diff/{buildName}/{buildNumber}
method: get
operationId: getBuildDiff
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/build/retention/{buildName}
method: post
operationId: setBuildRetention
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/build/retention/{buildName}
method: get
operationId: getBuildRetention
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v2/
method: get
operationId: checkApiVersion
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v2/_catalog
method: get
operationId: listRepositories
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v2/{name}/tags/list
method: get
operationId: listTags
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v2/{name}/manifests/{reference}
method: get
operationId: getManifest
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v2/{name}/manifests/{reference}
method: put
operationId: putManifest
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v2/{name}/manifests/{reference}
method: delete
operationId: deleteManifest
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v2/{name}/blobs/{digest}
method: get
operationId: getBlob
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v2/{name}/blobs/{digest}
method: head
operationId: checkBlobExists
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v2/{name}/blobs/{digest}
method: delete
operationId: deleteBlob
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v2/{name}/blobs/uploads/
method: post
operationId: initiateUpload
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v2/{name}/blobs/uploads/{uuid}
method: patch
operationId: uploadBlobChunk
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v2/{name}/blobs/uploads/{uuid}
method: put
operationId: completeUpload
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v2/{name}/blobs/uploads/{uuid}
method: delete
operationId: cancelUpload
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/docker/{repoKey}/v2/promote
method: post
operationId: promoteDockerImage
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/system/ping
method: get
operationId: systemPing
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/system/version
method: get
operationId: getSystemVersion
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/system/configuration
method: get
operationId: getSystemConfiguration
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/system/configuration
method: patch
operationId: updateSystemConfiguration
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/system/licenses
method: get
operationId: getLicenseInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/storage/{repoKey}/{itemPath}
method: get
operationId: getStorageInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/repositories
method: get
operationId: listRepositories
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/repositories/{repoKey}
method: get
operationId: getRepository
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/repositories/{repoKey}
method: put
operationId: createOrReplaceRepository
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/repositories/{repoKey}
method: post
operationId: updateRepository
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/repositories/{repoKey}
method: delete
operationId: deleteRepository
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /{repoKey}/{itemPath}
method: get
operationId: retrieveArtifact
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /{repoKey}/{itemPath}
method: put
operationId: deployArtifact
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /{repoKey}/{itemPath}
method: delete
operationId: deleteArtifact
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/copy/{srcRepoKey}/{srcItemPath}
method: post
operationId: copyArtifact
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/move/{srcRepoKey}/{srcItemPath}
method: post
operationId: moveArtifact
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/search/artifact
method: get
operationId: searchArtifactByName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/search/gavc
method: get
operationId: searchByGAVC
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/search/checksum
method: get
operationId: searchByChecksum
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/search/prop
method: get
operationId: searchByProperty
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/search/dates
method: get
operationId: searchByDate
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/search/creation
method: get
operationId: searchByCreationDate
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/security/users
method: get
operationId: listUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/security/users/{username}
method: get
operationId: getUser
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/security/users/{username}
method: put
operationId: createOrReplaceUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/security/users/{username}
method: delete
operationId: deleteUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/security/groups
method: get
operationId: listGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/security/groups/{groupName}
method: get
operationId: getGroup
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/security/groups/{groupName}
method: put
operationId: createOrReplaceGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/security/groups/{groupName}
method: delete
operationId: deleteGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/security/permissions
method: get
operationId: listPermissionTargets
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/security/permissions/{permissionName}
method: get
operationId: getPermissionTarget
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/security/permissions/{permissionName}
method: put
operationId: createOrReplacePermissionTarget
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/security/permissions/{permissionName}
method: delete
operationId: deletePermissionTarget
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/security/token
method: post
operationId: createAccessToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/security/apiKey
method: get
operationId: getApiKey
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/security/apiKey
method: put
operationId: createApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/security/apiKey
method: delete
operationId: revokeApiKey
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/storage/{repoKey}/{itemPath}?properties
method: get
operationId: getItemProperties
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/storage/{repoKey}/{itemPath}?properties
method: put
operationId: setItemProperties
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/storage/{repoKey}/{itemPath}?properties
method: delete
operationId: deleteItemProperties
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/replications/{repoKey}
method: get
operationId: getReplicationConfig
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/replications/{repoKey}
method: put
operationId: createOrReplaceReplication
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/replications/{repoKey}
method: delete
operationId: deleteReplication
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/system/storage
method: get
operationId: getStorageSummary
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none