Coder · Agentic Access

Coder Agentic Access

x-agentic-access generated

Coder exposes 378 API operations that an AI agent could call, of which 165 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 213 read, 150 write, 7 physical, and 8 safety-critical.

8 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

Developer ToolsRemote DevelopmentCloud Development EnvironmentsAI AgentsInfrastructureWorkspaces
Operations: 378 Acting: 165 Human-in-the-loop: 8 Method: generated

By consequence

read 213 write 150 physical 7 safety-critical 8

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
POST /api/experimental/users/{user}/skills safety-critical required
DELETE /api/experimental/users/{user}/skills/{skillName} safety-critical required
PATCH /api/experimental/users/{user}/skills/{skillName} safety-critical required
PUT /api/v2/notifications/templates/{notification_template}/method safety-critical required
POST /api/v2/templates/{template}/prebuilds/invalidate safety-critical required
PUT /api/v2/users/{user}/ai/budget safety-critical required
DELETE /api/v2/users/{user}/ai/budget safety-critical required
POST /oauth2/revoke safety-critical required
POST /api/experimental/chats/{chat}/messages physical conditional
POST /api/v2/notifications/custom physical conditional
POST /api/v2/notifications/test physical conditional
POST /api/v2/organizations/{organization}/provisionerkeys physical conditional
DELETE /api/v2/organizations/{organization}/provisionerkeys/{provisionerkey} physical conditional
POST /api/v2/tasks/{user}/{task}/send physical conditional
POST /api/v2/users/{user}/webpush/test physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/coder-rest-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 378
  by_action_class:
    connected: 213
    acting: 165
  by_consequence:
    read: 213
    write: 150
    physical: 7
    safety-critical: 8
  human_in_the_loop_required: 8
operations:
- path: /.well-known/oauth-authorization-server
  method: get
  operationId: oauth2-authorization-server-metadata
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /.well-known/oauth-protected-resource
  method: get
  operationId: oauth2-protected-resource-metadata
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats
  method: get
  operationId: list-chats
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats
  method: post
  operationId: create-chat
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/chats/config/retention-days
  method: get
  operationId: get-chat-retention-days
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/config/retention-days
  method: put
  operationId: update-chat-retention-days
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/chats/files
  method: post
  operationId: upload-chat-file
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/chats/files/{file}
  method: get
  operationId: get-chat-file
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/insights/pull-requests
  method: get
  operationId: get-pr-insights
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/models
  method: get
  operationId: list-chat-models
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/watch
  method: get
  operationId: watch-chat-events-for-a-user-via-websockets
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}
  method: get
  operationId: get-chat-by-id
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}
  method: patch
  operationId: update-chat
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/chats/{chat}/acl
  method: get
  operationId: get-chat-acls
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}/acl
  method: patch
  operationId: update-chat-acl
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/chats/{chat}/diff
  method: get
  operationId: get-chat-diff-contents
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}/interrupt
  method: post
  operationId: interrupt-chat
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/chats/{chat}/messages
  method: get
  operationId: list-chat-messages
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}/messages
  method: post
  operationId: send-chat-message
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/chats/{chat}/messages/{message}
  method: patch
  operationId: edit-chat-message
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/chats/{chat}/prompts
  method: get
  operationId: list-chat-user-prompts
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}/reconcile-invalid
  method: post
  operationId: reconcile-invalid-chat-state
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/chats/{chat}/stream
  method: get
  operationId: stream-chat-events-via-websockets
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}/stream/desktop
  method: get
  operationId: connect-to-chat-workspace-desktop-via-websockets
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}/stream/git
  method: get
  operationId: watch-chat-workspace-git-state-via-websockets
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}/stream/parts
  method: get
  operationId: stream-chat-parts-via-websockets
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/chats/{chat}/title/regenerate
  method: post
  operationId: regenerate-chat-title
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/experimental/users/{user}/skills
  method: get
  operationId: list-user-skills
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/users/{user}/skills
  method: post
  operationId: create-a-user-skill
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /api/experimental/users/{user}/skills/{skillName}
  method: get
  operationId: get-a-user-skill-by-name
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/experimental/users/{user}/skills/{skillName}
  method: delete
  operationId: delete-a-user-skill
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /api/experimental/users/{user}/skills/{skillName}
  method: patch
  operationId: update-a-user-skill
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /api/experimental/watch-all-workspacebuilds
  method: get
  operationId: watch-all-workspace-builds
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/
  method: get
  operationId: api-root-handler
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/ai/providers
  method: get
  operationId: list-ai-providers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/ai/providers
  method: post
  operationId: create-an-ai-provider
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/ai/providers/{idOrName}
  method: get
  operationId: get-an-ai-provider
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/ai/providers/{idOrName}
  method: delete
  operationId: delete-an-ai-provider
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/ai/providers/{idOrName}
  method: patch
  operationId: update-an-ai-provider
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/aibridge/clients
  method: get
  operationId: list-ai-bridge-clients
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/aibridge/keys
  method: get
  operationId: list-ai-gateway-keys
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/aibridge/keys
  method: post
  operationId: create-ai-gateway-key
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/aibridge/keys/{key}
  method: delete
  operationId: delete-ai-gateway-key
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/aibridge/models
  method: get
  operationId: list-ai-bridge-models
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/aibridge/sessions
  method: get
  operationId: list-ai-bridge-sessions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/aibridge/sessions/{session_id}
  method: get
  operationId: get-ai-bridge-session-threads
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/appearance
  method: get
  operationId: get-appearance
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/appearance
  method: put
  operationId: update-appearance
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/applications/auth-redirect
  method: get
  operationId: redirect-to-uri-with-encrypted-api-key
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/applications/host
  method: get
  operationId: get-applications-host
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/applications/reconnecting-pty-signed-token
  method: post
  operationId: issue-signed-app-token-for-reconnecting-pty
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/audit
  method: get
  operationId: get-audit-logs
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/audit/testgenerate
  method: post
  operationId: generate-fake-audit-log
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/auth/scopes
  method: get
  operationId: list-api-key-scopes
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/authcheck
  method: post
  operationId: check-authorization
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/buildinfo
  method: get
  operationId: build-info
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/connectionlog
  method: get
  operationId: get-connection-logs
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/csp/reports
  method: post
  operationId: report-csp-violations
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/debug/coordinator
  method: get
  operationId: debug-info-wireguard-coordinator
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/derp/traffic
  method: get
  operationId: debug-derp-traffic
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/expvar
  method: get
  operationId: debug-expvar
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/health
  method: get
  operationId: debug-info-deployment-health
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/health/settings
  method: get
  operationId: get-health-settings
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/health/settings
  method: put
  operationId: update-health-settings
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/debug/metrics
  method: get
  operationId: debug-metrics
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/pprof
  method: get
  operationId: debug-pprof-index
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/pprof/cmdline
  method: get
  operationId: debug-pprof-cmdline
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/pprof/profile
  method: get
  operationId: debug-pprof-profile
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/pprof/symbol
  method: get
  operationId: debug-pprof-symbol
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/pprof/trace
  method: get
  operationId: debug-pprof-trace
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/profile
  method: post
  operationId: collect-debug-profiles
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/debug/tailnet
  method: get
  operationId: debug-info-tailnet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/ws
  method: get
  operationId: debug-info-websocket-test
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/debug/{user}/debug-link
  method: get
  operationId: debug-oidc-context-for-a-user
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/deployment/config
  method: get
  operationId: get-deployment-config
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/deployment/ssh
  method: get
  operationId: ssh-config
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/deployment/stats
  method: get
  operationId: get-deployment-stats
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/derp-map
  method: get
  operationId: get-derp-map-updates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/entitlements
  method: get
  operationId: get-entitlements
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/experiments
  method: get
  operationId: get-enabled-experiments
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/experiments/available
  method: get
  operationId: get-safe-experiments
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/external-auth
  method: get
  operationId: get-user-external-auths
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/external-auth/{externalauth}
  method: get
  operationId: get-external-auth-by-id
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/external-auth/{externalauth}
  method: delete
  operationId: delete-external-auth-user-link-by-id
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/external-auth/{externalauth}/device
  method: get
  operationId: get-external-auth-device-by-id
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/external-auth/{externalauth}/device
  method: post
  operationId: post-external-auth-device-by-id
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/files
  method: post
  operationId: upload-file
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/files/{fileID}
  method: get
  operationId: get-file-by-id
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/groups
  method: get
  operationId: get-groups
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/groups/{group}
  method: get
  operationId: get-group-by-id
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/groups/{group}
  method: delete
  operationId: delete-group-by-name
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/groups/{group}
  method: patch
  operationId: update-group-by-name
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/groups/{group}/ai/budget
  method: get
  operationId: get-group-ai-budget
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/groups/{group}/ai/budget
  method: put
  operationId: upsert-group-ai-budget
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/groups/{group}/ai/budget
  method: delete
  operationId: delete-group-ai-budget
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/groups/{group}/members
  method: get
  operationId: get-group-members-by-group-id
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/init-script/{os}/{arch}
  method: get
  operationId: get-agent-init-script
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/insights/daus
  method: get
  operationId: get-deployment-daus
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/insights/templates
  method: get
  operationId: get-insights-about-templates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/insights/user-activity
  method: get
  operationId: get-insights-about-user-activity
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/insights/user-latency
  method: get
  operationId: get-insights-about-user-latency
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/insights/user-status-counts
  method: get
  operationId: get-insights-about-user-status-counts
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/licenses
  method: get
  operationId: get-licenses
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/licenses
  method: post
  operationId: add-new-license
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/licenses/refresh-entitlements
  method: post
  operationId: update-license-entitlements
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/licenses/{id}
  method: delete
  operationId: delete-license
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/notifications/custom
  method: post
  operationId: send-a-custom-notification
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/notifications/dispatch-methods
  method: get
  operationId: get-notification-dispatch-methods
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/notifications/inbox
  method: get
  operationId: list-inbox-notifications
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/notifications/inbox/mark-all-as-read
  method: put
  operationId: mark-all-unread-notifications-as-read
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/notifications/inbox/watch
  method: get
  operationId: watch-for-new-inbox-notifications
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/notifications/inbox/{id}/read-status
  method: put
  operationId: update-read-status-of-a-notification
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/notifications/settings
  method: get
  operationId: get-notifications-settings
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/notifications/settings
  method: put
  operationId: update-notifications-settings
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v2/notifications/templates/custom
  method: get
  operationId: get-custom-notification-templates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/notifications/templates/system
  method: get
  operationId: get-system-notification-templates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v2/notifications/templates/{notification_template}/method
  method: put
  operationId: update-notification-template-dispatch-method
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escal

# --- truncated at 32 KB (111 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/coder/refs/heads/main/agentic-access/coder-agentic-access.yml