Cockroach Labs Agentic Access
Cockroach Labs exposes 98 API operations that an AI agent could call, of which 51 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 47 read, 46 write, and 5 safety-critical.
5 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /api/v1/clusters/{cluster_id}/logexport | safety-critical | required |
| DELETE | /api/v1/clusters/{cluster_id}/metricexport/cloudwatch | safety-critical | required |
| DELETE | /api/v1/clusters/{cluster_id}/metricexport/datadog | safety-critical | required |
| DELETE | /api/v1/clusters/{cluster_id}/metricexport/prometheus | safety-critical | required |
| POST | /api/v2/logout/ | safety-critical | required |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/cockroach-labs-cloud-api-openapi.yml, openapi/cockroach-labs-cluster-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 98
by_action_class:
connected: 47
acting: 51
by_consequence:
read: 47
write: 46
safety-critical: 5
human_in_the_loop_required: 5
operations:
- path: /api/v1/organization
method: get
operationId: GetOrganizationInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters
method: get
operationId: ListClusters
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters
method: post
operationId: CreateCluster
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}
method: get
operationId: GetCluster
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}
method: patch
operationId: UpdateCluster
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}
method: delete
operationId: DeleteCluster
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/connection-string
method: get
operationId: GetConnectionString
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/nodes
method: get
operationId: ListClusterNodes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/available-regions
method: get
operationId: ListAvailableRegions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cluster-versions
method: get
operationId: ListMajorClusterVersions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/databases
method: get
operationId: ListDatabases
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/databases
method: post
operationId: CreateDatabase
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/databases/{name}
method: patch
operationId: EditDatabase
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/databases/{name}
method: delete
operationId: DeleteDatabase
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/sql-users
method: get
operationId: ListSQLUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/sql-users
method: post
operationId: CreateSQLUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/sql-users/{name}
method: delete
operationId: DeleteSQLUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/sql-users/{name}/password
method: put
operationId: UpdateSQLUserPassword
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/api-keys
method: get
operationId: ListApiKeys
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/api-keys
method: post
operationId: CreateApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/api-keys/{id}
method: get
operationId: GetApiKey
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/api-keys/{id}
method: patch
operationId: UpdateApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/api-keys/{id}
method: delete
operationId: DeleteApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/service-accounts
method: get
operationId: ListServiceAccounts
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/service-accounts
method: post
operationId: CreateServiceAccount
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/service-accounts/{id}
method: get
operationId: GetServiceAccount
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/service-accounts/{id}
method: patch
operationId: UpdateServiceAccount
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/service-accounts/{id}
method: delete
operationId: DeleteServiceAccount
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/folders
method: get
operationId: ListFolders
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/folders
method: post
operationId: CreateFolder
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/folders/{folder_id}
method: get
operationId: GetFolder
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/folders/{folder_id}
method: patch
operationId: UpdateFolder
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/folders/{folder_id}
method: delete
operationId: DeleteFolder
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/folders/{folder_id}/contents
method: get
operationId: ListFolderContents
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/networking/allowlist
method: get
operationId: ListAllowlistEntries
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/networking/allowlist
method: post
operationId: AddAllowlistEntry
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/networking/allowlist/{cidr_ip}/{cidr_mask}
method: patch
operationId: UpdateAllowlistEntry
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/networking/allowlist/{cidr_ip}/{cidr_mask}
method: delete
operationId: DeleteAllowlistEntry
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/networking/private-endpoint-services
method: get
operationId: ListPrivateEndpointServices
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/networking/private-endpoint-services
method: post
operationId: CreatePrivateEndpointServices
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/networking/private-endpoint-connections
method: get
operationId: ListPrivateEndpointConnections
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/networking/private-endpoint-connections
method: post
operationId: AddPrivateEndpointConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/networking/private-endpoint-connections/{endpoint_id}
method: delete
operationId: DeletePrivateEndpointConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/networking/egress-rules
method: get
operationId: ListEgressRules
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/networking/egress-rules
method: post
operationId: AddEgressRule
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/networking/egress-rules/{rule_id}
method: get
operationId: GetEgressRule
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/networking/egress-rules/{rule_id}
method: patch
operationId: EditEgressRule
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/networking/egress-rules/{rule_id}
method: delete
operationId: DeleteEgressRule
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/backups
method: get
operationId: ListBackups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/backups-config
method: get
operationId: GetBackupConfiguration
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/backups-config
method: patch
operationId: UpdateBackupConfiguration
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/restores
method: get
operationId: ListRestores
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/restores
method: post
operationId: CreateRestore
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/restores/{restore_id}
method: get
operationId: GetRestore
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/logexport
method: get
operationId: GetLogExportInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/logexport
method: post
operationId: EnableLogExport
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/logexport
method: delete
operationId: DeleteLogExport
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/clusters/{cluster_id}/metricexport/cloudwatch
method: get
operationId: GetCloudWatchMetricExportInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/metricexport/cloudwatch
method: post
operationId: EnableCloudWatchMetricExport
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/metricexport/cloudwatch
method: delete
operationId: DeleteCloudWatchMetricExport
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/clusters/{cluster_id}/metricexport/datadog
method: get
operationId: GetDatadogMetricExportInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/metricexport/datadog
method: post
operationId: EnableDatadogMetricExport
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/metricexport/datadog
method: delete
operationId: DeleteDatadogMetricExport
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/clusters/{cluster_id}/metricexport/prometheus
method: get
operationId: GetPrometheusMetricExportInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/metricexport/prometheus
method: post
operationId: EnablePrometheusMetricExport
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/metricexport/prometheus
method: delete
operationId: DeletePrometheusMetricExport
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/clusters/{cluster_id}/cmek
method: get
operationId: GetCMEKClusterInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/cmek
method: post
operationId: EnableCMEKSpec
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/cmek
method: put
operationId: UpdateCMEKSpec
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/cmek
method: patch
operationId: UpdateCMEKStatus
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/roles
method: get
operationId: ListRoleGrants
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/roles/{user_id}
method: get
operationId: GetAllRolesForUser
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/roles/{user_id}
method: put
operationId: SetRolesForUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/roles/{user_id}/{resource_type}/{resource_id}/{role_name}
method: post
operationId: AddUserToRole
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/roles/{user_id}/{resource_type}/{resource_id}/{role_name}
method: delete
operationId: RemoveUserFromRole
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/users/persons-by-email
method: get
operationId: GetPersonUsersByEmail
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/invoices
method: get
operationId: ListInvoices
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/invoices/{invoice_id}
method: get
operationId: GetInvoice
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/auditlogevents
method: get
operationId: ListAuditLogs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/jwt-issuers
method: get
operationId: ListJWTIssuers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/jwt-issuers
method: post
operationId: AddJWTIssuer
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/jwt-issuers/{id}
method: get
operationId: GetJWTIssuer
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/jwt-issuers/{id}
method: patch
operationId: UpdateJWTIssuer
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/jwt-issuers/{id}
method: delete
operationId: DeleteJWTIssuer
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/maintenance-window
method: get
operationId: GetMaintenanceWindow
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/maintenance-window
method: put
operationId: SetMaintenanceWindow
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/maintenance-window
method: delete
operationId: DeleteMaintenanceWindow
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/clusters/{cluster_id}/version-deferral
method: get
operationId: GetClusterVersionDeferral
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/clusters/{cluster_id}/version-deferral
method: put
operationId: SetClusterVersionDeferral
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/login/
method: post
operationId: Login
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/logout/
method: post
operationId: Logout
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v2/health/
method: get
operationId: Health
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/nodes/
method: get
operationId: ListNodes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/nodes/{node_id}/ranges/
method: get
operationId: ListNodeRanges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/ranges/hot/
method: get
operationId: ListHotRanges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/ranges/{range_id}/
method: get
operationId: GetRange
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/sessions/
method: get
operationId: ListSessions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/rules/
method: get
operationId: GetAlertingRules
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none