Bitbucket · Agentic Access

Bitbucket Agentic Access

x-agentic-access generated

Bitbucket exposes 335 API operations that an AI agent could call, of which 156 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 179 read, 141 write, 11 physical, and 4 safety-critical.

4 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

AtlassianCI/CDCode CollaborationCode ReviewDevOpsGitPull RequestsRepository HostingVersion Control
Operations: 335 Acting: 156 Human-in-the-loop: 4 Method: generated

By consequence

read 179 write 141 physical 11 safety-critical 4

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
DELETE /repositories/{workspace}/{repo_slug}/issues/{issue_id}/watch safety-critical required
PUT /repositories/{workspace}/{repo_slug}/override-settings safety-critical required
POST /repositories/{workspace}/{repo_slug}/pipelines/{pipeline_uuid}/stopPipeline safety-critical required
DELETE /snippets/{workspace}/{encoded_id}/watch safety-critical required
POST /repositories/{workspace}/{repo_slug}/deploy-keys physical conditional
DELETE /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id} physical conditional
PUT /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id} physical conditional
POST /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables physical conditional
PUT /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables/{variable_uuid} physical conditional
DELETE /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables/{variable_uuid} physical conditional
POST /repositories/{workspace}/{repo_slug}/environments physical conditional
DELETE /repositories/{workspace}/{repo_slug}/environments/{environment_uuid} physical conditional
POST /repositories/{workspace}/{repo_slug}/environments/{environment_uuid}/changes physical conditional
POST /workspaces/{workspace}/projects/{project_key}/deploy-keys physical conditional
DELETE /workspaces/{workspace}/projects/{project_key}/deploy-keys/{key_id} physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/bitbucket-cloud-rest-api-openapi.json
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 335
  by_action_class:
    acting: 156
    connected: 179
  by_consequence:
    write: 141
    read: 179
    physical: 11
    safety-critical: 4
  human_in_the_loop_required: 4
operations:
- path: /addon
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /addon
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /addon/linkers
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /addon/linkers/{linker_key}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /addon/linkers/{linker_key}/values
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /addon/linkers/{linker_key}/values
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /addon/linkers/{linker_key}/values
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /addon/linkers/{linker_key}/values
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /addon/linkers/{linker_key}/values/{value_id}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /addon/linkers/{linker_key}/values/{value_id}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /hook_events
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /hook_events/{subject_type}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /repositories
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:delete
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository:admin
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions/{id}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions/{id}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository:admin
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions/{id}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/branching-model
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/branching-model/settings
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository:admin
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/branching-model/settings
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/approve
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/approve
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments/{comment_id}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments/{comment_id}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments/{comment_id}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/properties/{app_key}/{property_name}
  method: put
  operationId: updateCommitHostedPropertyValue
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/properties/{app_key}/{property_name}
  method: delete
  operationId: deleteCommitHostedPropertyValue
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/properties/{app_key}/{property_name}
  method: get
  operationId: getCommitHostedPropertyValue
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/pullrequests
  method: get
  operationId: getPullrequestsForCommit
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - pullrequest
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports
  method: get
  operationId: getReportsForCommit
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}
  method: put
  operationId: createOrUpdateReport
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}
  method: get
  operationId: getReport
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}
  method: delete
  operationId: deleteReport
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations
  method: get
  operationId: getAnnotationsForReport
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations
  method: post
  operationId: bulkCreateOrUpdateAnnotations
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations/{annotationId}
  method: get
  operationId: getAnnotation
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations/{annotationId}
  method: put
  operationId: createOrUpdateAnnotation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations/{annotationId}
  method: delete
  operationId: deleteAnnotation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/statuses
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/statuses/build
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/statuses/build/{key}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/statuses/build/{key}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commits
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commits
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/commits/{revision}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/commits/{revision}
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/components
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - issue
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/components/{component_id}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - issue
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/default-reviewers
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - pullrequest
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/default-reviewers/{target_username}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/default-reviewers/{target_username}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - pullrequest
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/default-reviewers/{target_username}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/deploy-keys
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    - repository:admin
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/deploy-keys
  method: post
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - repository
    - repository:admin
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - repository
    - repository:admin
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    - repository:admin
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - repository
    - repository:admin
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/deployments
  method: get
  operationId: getDeploymentsForRepository
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - pipeline
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/deployments/{deployment_uuid}
  method: get
  operationId: getDeploymentForRepository
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - pipeline
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables
  method: get
  operationId: getDeploymentVariables
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - pipeline
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables
  method: post
  operationId: createDeploymentVariable
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - pipeline:variable
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables/{variable_uuid}
  method: put
  operationId: updateDeploymentVariable
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - pipeline:variable
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables/{variable_uuid}
  method: delete
  operationId: deleteDeploymentVariable
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - pipeline:variable
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/diff/{spec}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/diffstat/{spec}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/downloads
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/downloads
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/downloads/{filename}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/downloads/{filename}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/effective-branching-model
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/effective-default-reviewers
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - pullrequest
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/environments
  method: get
  operationId: getEnvironmentsForRepository
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - pipeline
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/environments
  method: post
  operationId: createEnvironment
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - pipeline
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/environments/{environment_uuid}
  method: get
  operationId: getEnvironmentForRepository
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - pipeline
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/environments/{environment_uuid}
  method: delete
  operationId: deleteEnvironmentForRepository
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - pipeline
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/environments/{environment_uuid}/changes
  method: post
  operationId: updateEnvironmentForRepository
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - pipeline
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/filehistory/{commit}/{path}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/forks
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - repository
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/forks
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - repository:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/hooks
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - webhook
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/hooks
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - webhook
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/hooks/{uid}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - webhook
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/hooks/{uid}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - webhook
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/hooks/{uid}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - webhook
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/issues
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - issue
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/issues
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - issue:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/issues/export
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - issue
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/issues/export/{repo_name}-issues-{task_id}.zip
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - issue
    - repository:admin
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/issues/import
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - issue:write
    - repository:admin
    token:
      max-ttl: 3600
    audit: none
- path: /repositories/{workspace}/{repo_slug}/issues/import
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - issue:write
    - repository:admin
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repositories/{workspace}/{repo_slug}/issues/{issue_id}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - issue:

# --- truncated at 32 KB (106 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/bitbucket/refs/heads/main/agentic-access/bitbucket-agentic-access.yml