Bitbucket Agentic Access
Bitbucket exposes 335 API operations that an AI agent could call, of which 156 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 179 read, 141 write, 11 physical, and 4 safety-critical.
4 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /repositories/{workspace}/{repo_slug}/issues/{issue_id}/watch | safety-critical | required |
| PUT | /repositories/{workspace}/{repo_slug}/override-settings | safety-critical | required |
| POST | /repositories/{workspace}/{repo_slug}/pipelines/{pipeline_uuid}/stopPipeline | safety-critical | required |
| DELETE | /snippets/{workspace}/{encoded_id}/watch | safety-critical | required |
| POST | /repositories/{workspace}/{repo_slug}/deploy-keys | physical | conditional |
| DELETE | /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id} | physical | conditional |
| PUT | /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id} | physical | conditional |
| POST | /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables | physical | conditional |
| PUT | /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables/{variable_uuid} | physical | conditional |
| DELETE | /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables/{variable_uuid} | physical | conditional |
| POST | /repositories/{workspace}/{repo_slug}/environments | physical | conditional |
| DELETE | /repositories/{workspace}/{repo_slug}/environments/{environment_uuid} | physical | conditional |
| POST | /repositories/{workspace}/{repo_slug}/environments/{environment_uuid}/changes | physical | conditional |
| POST | /workspaces/{workspace}/projects/{project_key}/deploy-keys | physical | conditional |
| DELETE | /workspaces/{workspace}/projects/{project_key}/deploy-keys/{key_id} | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/bitbucket-cloud-rest-api-openapi.json
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 335
by_action_class:
acting: 156
connected: 179
by_consequence:
write: 141
read: 179
physical: 11
safety-critical: 4
human_in_the_loop_required: 4
operations:
- path: /addon
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /addon
method: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /addon/linkers
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /addon/linkers/{linker_key}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /addon/linkers/{linker_key}/values
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /addon/linkers/{linker_key}/values
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /addon/linkers/{linker_key}/values
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /addon/linkers/{linker_key}/values
method: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /addon/linkers/{linker_key}/values/{value_id}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /addon/linkers/{linker_key}/values/{value_id}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /hook_events
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /hook_events/{subject_type}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}
method: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository:admin
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions/{id}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions/{id}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository:admin
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/branch-restrictions/{id}
method: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/branching-model
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/branching-model/settings
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository:admin
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/branching-model/settings
method: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/approve
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/approve
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments/{comment_id}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments/{comment_id}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/comments/{comment_id}
method: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/properties/{app_key}/{property_name}
method: put
operationId: updateCommitHostedPropertyValue
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/properties/{app_key}/{property_name}
method: delete
operationId: deleteCommitHostedPropertyValue
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/properties/{app_key}/{property_name}
method: get
operationId: getCommitHostedPropertyValue
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/pullrequests
method: get
operationId: getPullrequestsForCommit
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- pullrequest
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports
method: get
operationId: getReportsForCommit
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}
method: put
operationId: createOrUpdateReport
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}
method: get
operationId: getReport
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}
method: delete
operationId: deleteReport
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations
method: get
operationId: getAnnotationsForReport
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations
method: post
operationId: bulkCreateOrUpdateAnnotations
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations/{annotationId}
method: get
operationId: getAnnotation
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations/{annotationId}
method: put
operationId: createOrUpdateAnnotation
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations/{annotationId}
method: delete
operationId: deleteAnnotation
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/statuses
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/statuses/build
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/statuses/build/{key}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commit/{commit}/statuses/build/{key}
method: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commits
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commits
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/commits/{revision}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/commits/{revision}
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/components
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- issue
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/components/{component_id}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- issue
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/default-reviewers
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- pullrequest
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/default-reviewers/{target_username}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/default-reviewers/{target_username}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- pullrequest
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/default-reviewers/{target_username}
method: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/deploy-keys
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
- repository:admin
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/deploy-keys
method: post
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- repository
- repository:admin
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id}
method: delete
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- repository
- repository:admin
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
- repository:admin
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/deploy-keys/{key_id}
method: put
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- repository
- repository:admin
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/deployments
method: get
operationId: getDeploymentsForRepository
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- pipeline
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/deployments/{deployment_uuid}
method: get
operationId: getDeploymentForRepository
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- pipeline
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables
method: get
operationId: getDeploymentVariables
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- pipeline
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables
method: post
operationId: createDeploymentVariable
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- pipeline:variable
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables/{variable_uuid}
method: put
operationId: updateDeploymentVariable
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- pipeline:variable
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/deployments_config/environments/{environment_uuid}/variables/{variable_uuid}
method: delete
operationId: deleteDeploymentVariable
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- pipeline:variable
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/diff/{spec}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/diffstat/{spec}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/downloads
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/downloads
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/downloads/{filename}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/downloads/{filename}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/effective-branching-model
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/effective-default-reviewers
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- pullrequest
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/environments
method: get
operationId: getEnvironmentsForRepository
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- pipeline
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/environments
method: post
operationId: createEnvironment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- pipeline
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/environments/{environment_uuid}
method: get
operationId: getEnvironmentForRepository
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- pipeline
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/environments/{environment_uuid}
method: delete
operationId: deleteEnvironmentForRepository
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- pipeline
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/environments/{environment_uuid}/changes
method: post
operationId: updateEnvironmentForRepository
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- pipeline
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/filehistory/{commit}/{path}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/forks
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- repository
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/forks
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- repository:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/hooks
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- webhook
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/hooks
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- webhook
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/hooks/{uid}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- webhook
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/hooks/{uid}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- webhook
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/hooks/{uid}
method: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- webhook
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/issues
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- issue
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/issues
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- issue:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/issues/export
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- issue
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/issues/export/{repo_name}-issues-{task_id}.zip
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- issue
- repository:admin
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/issues/import
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- issue:write
- repository:admin
token:
max-ttl: 3600
audit: none
- path: /repositories/{workspace}/{repo_slug}/issues/import
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- issue:write
- repository:admin
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{workspace}/{repo_slug}/issues/{issue_id}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- issue:
# --- truncated at 32 KB (106 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/bitbucket/refs/heads/main/agentic-access/bitbucket-agentic-access.yml