Forgejo Agentic Access
Forgejo exposes 506 API operations that an AI agent could call, of which 245 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 261 read, 232 write, 8 physical, and 5 safety-critical.
5 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| POST | /repos/{owner}/{repo}/actions/workflows/{workflowfilename}/dispatches | safety-critical | required |
| DELETE | /repos/{owner}/{repo}/issues/{index}/stopwatch/delete | safety-critical | required |
| POST | /repos/{owner}/{repo}/issues/{index}/stopwatch/start | safety-critical | required |
| POST | /repos/{owner}/{repo}/issues/{index}/stopwatch/stop | safety-critical | required |
| DELETE | /repos/{owner}/{repo}/issues/{index}/times | safety-critical | required |
| POST | /activitypub/actor/inbox | physical | conditional |
| POST | /activitypub/repository-id/{repository-id}/inbox | physical | conditional |
| POST | /activitypub/user-id/{user-id}/inbox | physical | conditional |
| PUT | /orgs/{org}/public_members/{username} | physical | conditional |
| DELETE | /orgs/{org}/public_members/{username} | physical | conditional |
| POST | /repos/{owner}/{repo}/transfer | physical | conditional |
| POST | /repos/{owner}/{repo}/transfer/accept | physical | conditional |
| POST | /repos/{owner}/{repo}/transfer/reject | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/openapi.json
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 506
by_action_class:
connected: 261
acting: 245
by_consequence:
read: 261
physical: 8
write: 232
safety-critical: 5
human_in_the_loop_required: 5
operations:
- path: /actions/run
method: get
operationId: getActionsRun
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /activitypub/actor
method: get
operationId: activitypubInstanceActor
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /activitypub/actor/inbox
method: post
operationId: activitypubInstanceActorInbox
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /activitypub/actor/outbox
method: post
operationId: activitypubInstanceActorOutbox
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /activitypub/repository-id/{repository-id}
method: get
operationId: activitypubRepository
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /activitypub/repository-id/{repository-id}/inbox
method: post
operationId: activitypubRepositoryInbox
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /activitypub/repository-id/{repository-id}/outbox
method: post
operationId: activitypubRepositoryOutbox
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /activitypub/user-id/{user-id}
method: get
operationId: activitypubPerson
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /activitypub/user-id/{user-id}/activities/{activity-id}
method: get
operationId: activitypubPersonActivityNote
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /activitypub/user-id/{user-id}/activities/{activity-id}/activity
method: get
operationId: activitypubPersonActivity
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /activitypub/user-id/{user-id}/inbox
method: post
operationId: activitypubPersonInbox
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /activitypub/user-id/{user-id}/outbox
method: get
operationId: activitypubPersonFeed
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/actions/runners
method: get
operationId: getAdminRunners
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/actions/runners
method: post
operationId: registerAdminRunner
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/actions/runners/jobs
method: get
operationId: adminGetActionRunJobs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/actions/runners/registration-token
method: get
operationId: adminGetRunnerRegistrationToken
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/actions/runners/{runner_id}
method: get
operationId: getAdminRunner
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/actions/runners/{runner_id}
method: delete
operationId: deleteAdminRunner
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/cron
method: get
operationId: adminCronList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/cron/{task}
method: post
operationId: adminCronRun
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/emails
method: get
operationId: adminGetAllEmails
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/emails/search
method: get
operationId: adminSearchEmails
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/hooks
method: get
operationId: adminListHooks
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/hooks
method: post
operationId: adminCreateHook
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/hooks/{id}
method: get
operationId: adminGetHook
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/hooks/{id}
method: delete
operationId: adminDeleteHook
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/hooks/{id}
method: patch
operationId: adminEditHook
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/orgs
method: get
operationId: adminGetAllOrgs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/quota/groups
method: get
operationId: adminListQuotaGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/quota/groups
method: post
operationId: adminCreateQuotaGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/quota/groups/{quotagroup}
method: get
operationId: adminGetQuotaGroup
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/quota/groups/{quotagroup}
method: delete
operationId: adminDeleteQuotaGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/quota/groups/{quotagroup}/rules/{quotarule}
method: put
operationId: adminAddRuleToQuotaGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/quota/groups/{quotagroup}/rules/{quotarule}
method: delete
operationId: adminRemoveRuleFromQuotaGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/quota/groups/{quotagroup}/users
method: get
operationId: adminListUsersInQuotaGroup
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/quota/groups/{quotagroup}/users/{username}
method: put
operationId: adminAddUserToQuotaGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/quota/groups/{quotagroup}/users/{username}
method: delete
operationId: adminRemoveUserFromQuotaGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/quota/rules
method: get
operationId: adminListQuotaRules
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/quota/rules
method: post
operationId: adminCreateQuotaRule
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/quota/rules/{quotarule}
method: get
operationId: adminGetQuotaRule
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/quota/rules/{quotarule}
method: delete
operationId: adminDeleteQuotaRule
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/quota/rules/{quotarule}
method: patch
operationId: adminEditQuotaRule
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/runners/jobs
method: get
operationId: adminSearchRunJobs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/runners/registration-token
method: get
operationId: adminGetRegistrationToken
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/unadopted
method: get
operationId: adminUnadoptedList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/unadopted/{owner}/{repo}
method: post
operationId: adminAdoptRepository
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/unadopted/{owner}/{repo}
method: delete
operationId: adminDeleteUnadoptedRepository
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users
method: get
operationId: adminSearchUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/users
method: post
operationId: adminCreateUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}
method: delete
operationId: adminDeleteUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}
method: patch
operationId: adminEditUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}/emails
method: get
operationId: adminListUserEmails
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/users/{username}/emails
method: delete
operationId: adminDeleteUserEmails
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}/keys
method: post
operationId: adminCreatePublicKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}/keys/{id}
method: delete
operationId: adminDeleteUserPublicKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}/orgs
method: post
operationId: adminCreateOrg
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}/quota
method: get
operationId: adminGetUserQuota
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/users/{username}/quota/groups
method: post
operationId: adminSetUserQuotaGroups
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}/rename
method: post
operationId: adminRenameUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}/repos
method: post
operationId: adminCreateRepo
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}/tokens
method: get
operationId: adminListUserAccessTokens
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/users/{username}/tokens
method: post
operationId: adminCreateUserAccessToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/users/{username}/tokens/{token}
method: delete
operationId: adminDeleteUserAccessToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /gitignore/templates
method: get
operationId: listGitignoresTemplates
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /gitignore/templates/{name}
method: get
operationId: getGitignoreTemplateInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /label/templates
method: get
operationId: listLabelTemplates
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /label/templates/{name}
method: get
operationId: getLabelTemplateInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /licenses
method: get
operationId: listLicenseTemplates
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /licenses/{name}
method: get
operationId: getLicenseTemplateInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /markdown
method: post
operationId: renderMarkdown
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /markdown/raw
method: post
operationId: renderMarkdownRaw
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /markup
method: post
operationId: renderMarkup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /nodeinfo
method: get
operationId: getNodeInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /notifications
method: get
operationId: notifyGetList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /notifications
method: put
operationId: notifyReadList
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /notifications/new
method: get
operationId: notifyNewAvailable
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /notifications/threads/{id}
method: get
operationId: notifyGetThread
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /notifications/threads/{id}
method: patch
operationId: notifyReadThread
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /org/{org}/repos
method: post
operationId: createOrgRepoDeprecated
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs
method: get
operationId: orgGetAll
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs
method: post
operationId: orgCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}
method: get
operationId: orgGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}
method: delete
operationId: orgDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}
method: patch
operationId: orgEdit
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/actions/runners
method: get
operationId: getOrgRunners
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/actions/runners
method: post
operationId: registerOrgRunner
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/actions/runners/jobs
method: get
operationId: orgSearchRunJobs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/actions/runners/registration-token
method: get
operationId: orgGetRunnerRegistrationToken
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/actions/runners/{runner_id}
method: get
operationId: getOrgRunner
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/actions/runners/{runner_id}
method: delete
operationId: deleteOrgRunner
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/actions/secrets
method: get
operationId: orgListActionsSecrets
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/actions/secrets/{secretname}
method: put
operationId: updateOrgSecret
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/actions/secrets/{secretname}
method: delete
operationId: deleteOrgSecret
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/actions/variables
method: get
operationId: getOrgVariablesList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/actions/variables/{variablename}
method: get
operationId: getOrgVariable
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/actions/variables/{variablename}
method: put
operationId: updateOrgVariable
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/actions/variables/{variablename}
method: post
operationId: createOrgVariable
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/actions/variables/{variablename}
method: delete
operationId: deleteOrgVariable
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/activities/feeds
method: get
operationId: orgListActivityFeeds
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/avatar
method: post
operationId: orgUpdateAvatar
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/avatar
method: delete
operationId: orgDeleteAvatar
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/block/{username}
method: put
operationId: orgBlockUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/hooks
method: get
operationId: orgListHooks
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/hooks
method: post
operationId: orgCreateHook
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/hooks/{id}
method: get
operationId: orgGetHook
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/hooks/{id}
method: delete
operationId: orgDeleteHook
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/hooks/{id}
method: patch
operationId: orgEditHook
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/labels
method: get
operationId: orgListLabels
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/labels
method: post
operationId: orgCreateLabel
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/labels/{id}
method: get
operationId: orgGetLabel
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /orgs/{org}/labels/{id}
method: delete
operationId: orgDeleteLabel
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /orgs/{org}/labels/{id}
method: patch
operationId: o
# --- truncated at 32 KB (144 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/forgejo/refs/heads/main/agentic-access/forgejo-agentic-access.yml