Flyte Agentic Access
Flyte exposes 45 API operations that an AI agent could call, of which 17 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 28 read, 16 write, and 1 safety-critical.
1 operation are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /api/v1/executions/{id.project}/{id.domain}/{id.name} | safety-critical | required |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/flyte-admin-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 45
by_action_class:
connected: 28
acting: 17
by_consequence:
read: 28
write: 16
safety-critical: 1
human_in_the_loop_required: 1
operations:
- path: /api/v1/projects
method: get
operationId: ListProjects
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/projects
method: post
operationId: RegisterProject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/projects/{id}
method: put
operationId: UpdateProject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/tasks
method: post
operationId: CreateTask
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/tasks/{id.project}/{id.domain}
method: get
operationId: ListTasks
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/tasks/{id.project}/{id.domain}/{id.name}
method: get
operationId: ListTasksByName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/tasks/{id.project}/{id.domain}/{id.name}/{id.version}
method: get
operationId: GetTask
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/task_ids/{project}/{domain}
method: get
operationId: ListTaskIds
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/workflows
method: post
operationId: CreateWorkflow
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/workflows/{id.project}/{id.domain}
method: get
operationId: ListWorkflows
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/workflows/{id.project}/{id.domain}/{id.name}
method: get
operationId: ListWorkflowsByName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/workflows/{id.project}/{id.domain}/{id.name}/{id.version}
method: get
operationId: GetWorkflow
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/workflow_ids/{project}/{domain}
method: get
operationId: ListWorkflowIds
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/launch_plans
method: post
operationId: CreateLaunchPlan
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/launch_plans/{id.project}/{id.domain}
method: get
operationId: ListLaunchPlans
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/launch_plans/{id.project}/{id.domain}/{id.name}
method: get
operationId: ListLaunchPlansByName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/launch_plans/{id.project}/{id.domain}/{id.name}/{id.version}
method: get
operationId: GetLaunchPlan
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/launch_plans/{id.project}/{id.domain}/{id.name}/{id.version}
method: put
operationId: UpdateLaunchPlan
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/active_launch_plans/{project}/{domain}
method: get
operationId: ListActiveLaunchPlans
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/active_launch_plans/{id.project}/{id.domain}/{id.name}
method: get
operationId: GetActiveLaunchPlan
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/launch_plan_ids/{project}/{domain}
method: get
operationId: ListLaunchPlanIds
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/executions
method: post
operationId: CreateExecution
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/executions/relaunch
method: post
operationId: RelaunchExecution
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/executions/recover
method: post
operationId: RecoverExecution
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/executions/{id.project}/{id.domain}
method: get
operationId: ListExecutions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/executions/{id.project}/{id.domain}/{id.name}
method: get
operationId: GetExecution
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/executions/{id.project}/{id.domain}/{id.name}
method: delete
operationId: TerminateExecution
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/metrics/executions/{id.project}/{id.domain}/{id.name}
method: get
operationId: GetExecutionMetrics
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/data/executions/{id.project}/{id.domain}/{id.name}
method: get
operationId: GetExecutionData
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/node_executions/{workflow_execution_id.project}/{workflow_execution_id.domain}/{workflow_execution_id.name}
method: get
operationId: ListNodeExecutions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/task_executions/{node_execution_id.execution_id.project}/{node_execution_id.execution_id.domain}/{node_execution_id.execution_id.name}/{node_execution_id.node_id}
method: get
operationId: ListTaskExecutions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/events/workflows
method: post
operationId: CreateWorkflowEvent
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/events/nodes
method: post
operationId: CreateNodeEvent
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/events/tasks
method: post
operationId: CreateTaskEvent
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/named_entities/{resource_type}/{project}/{domain}
method: get
operationId: ListNamedEntities
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/named_entities/{resource_type}/{id.project}/{id.domain}/{id.name}
method: get
operationId: GetNamedEntity
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/named_entities/{resource_type}/{id.project}/{id.domain}/{id.name}
method: put
operationId: UpdateNamedEntity
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/matchable_attributes
method: get
operationId: ListMatchableAttributes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/project_attributes/{project}
method: get
operationId: GetProjectAttributes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/project_attributes/{attributes.project}
method: put
operationId: UpdateProjectAttributes
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/project_domain_attributes/{project}/{domain}
method: get
operationId: GetProjectDomainAttributes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/project_domain_attributes/{attributes.project}/{attributes.domain}
method: put
operationId: UpdateProjectDomainAttributes
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/workflow_attributes/{project}/{domain}/{workflow}
method: get
operationId: GetWorkflowAttributes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/workflow_attributes/{attributes.project}/{attributes.domain}/{attributes.workflow}
method: put
operationId: UpdateWorkflowAttributes
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/version
method: get
operationId: GetVersion
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none