Freestyle · Agentic Access

Freestyle Agentic Access

x-agentic-access generated

Freestyle exposes 128 API operations that an AI agent could call, of which 62 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 66 read, 50 write, 6 physical, and 6 safety-critical.

6 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

AIAgentsSandboxesVMsMicroVMsGitCode ExecutionJavaScriptTypeScriptServerlessHostingDeveloper ToolsInfrastructure
Operations: 128 Acting: 62 Human-in-the-loop: 6 Method: generated

By consequence

read 66 write 50 physical 6 safety-critical 6

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
DELETE /identity/v1/identities/{identity}/permissions/git/{repo} safety-critical required
DELETE /identity/v1/identities/{identity}/permissions/vm/{vm_id} safety-critical required
DELETE /identity/v1/identities/{identity}/tokens/{token} safety-critical required
POST /v1/vms/{vm_id}/kill safety-critical required
POST /v1/vms/{vm_id}/stop safety-critical required
POST /v1/vms/{vm_id}/systemd/stop safety-critical required
POST /domains/v1/certs/{domain}/wildcard physical conditional
POST /web/v1/deployment physical conditional
PUT /web/v1/deployments/{deployment_id}/fetch physical conditional
POST /web/v1/deployments/{deployment_id}/fetch physical conditional
DELETE /web/v1/deployments/{deployment_id}/fetch physical conditional
PATCH /web/v1/deployments/{deployment_id}/fetch physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/freestyle-cron-api-openapi.yml, openapi/freestyle-domains-api-openapi.yml, openapi/freestyle-execute-api-openapi.yml,
  openapi/freestyle-git-api-openapi.yml, openapi/freestyle-identity-api-openapi.yml, openapi/freestyle-observability-api-openapi.yml,
  openapi/freestyle-vm-api-openapi.yml, openapi/freestyle-web-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 128
  by_action_class:
    connected: 66
    acting: 62
  by_consequence:
    read: 66
    write: 50
    physical: 6
    safety-critical: 6
  human_in_the_loop_required: 6
operations:
- path: /v1/cron/schedules
  method: get
  operationId: handle_list_schedules
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/cron/schedules
  method: post
  operationId: handle_create_schedule
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/cron/schedules/{id}
  method: get
  operationId: handle_get_schedule
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/cron/schedules/{id}
  method: delete
  operationId: handle_delete_schedule
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/cron/schedules/{id}
  method: patch
  operationId: handle_update_schedule
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/cron/schedules/{id}/executions
  method: get
  operationId: handle_list_schedule_executions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/cron/schedules/{id}/metrics-timeline
  method: get
  operationId: handle_get_metrics_timeline
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/cron/schedules/{id}/success-rate
  method: get
  operationId: handle_get_schedule_success_rate
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /dns/v1/records
  method: get
  operationId: handle_list_records
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /dns/v1/records
  method: post
  operationId: handle_create_record
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /dns/v1/records
  method: delete
  operationId: handle_delete_record
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /domains/v1/certs/{domain}/wildcard
  method: post
  operationId: handle_verify_wildcard
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /domains/v1/domains
  method: get
  operationId: handle_list_domains
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /domains/v1/mappings
  method: get
  operationId: handle_list_domain_mappings
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /domains/v1/mappings/{domain}
  method: post
  operationId: handle_insert_domain_mapping
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /domains/v1/mappings/{domain}
  method: delete
  operationId: handle_delete_domain_mapping
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /domains/v1/verifications
  method: get
  operationId: handle_list_domain_verification_requests
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /domains/v1/verifications
  method: put
  operationId: handle_verify_domain
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /domains/v1/verifications
  method: post
  operationId: handle_create_domain_verification
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /domains/v1/verifications
  method: delete
  operationId: handle_delete_domain_verification
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /execute/v1/deployments
  method: get
  operationId: handle_list_execute_runs
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /execute/v1/deployments/{deployment}
  method: get
  operationId: handle_get_execute_run
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /execute/v1/deployments/{deployment}/output
  method: get
  operationId: handle_get_execute_run_output
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /execute/v3/script
  method: post
  operationId: handle_execute_script_v3
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo
  method: get
  operationId: handle_list_repositories
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo
  method: post
  operationId: handle_create_repo
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo_id}/default-branch
  method: get
  operationId: handle_get_default_branch
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo_id}/default-branch
  method: put
  operationId: handle_set_default_branch
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo_id}/github-sync
  method: get
  operationId: get_github_sync
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo_id}/github-sync
  method: post
  operationId: configure_github_sync
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo_id}/github-sync
  method: delete
  operationId: remove_github_sync
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo_id}/visibility
  method: get
  operationId: handle_get_visibility
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo_id}/visibility
  method: put
  operationId: handle_set_visibility
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo}
  method: get
  operationId: handle_get_repo_info
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}
  method: delete
  operationId: handle_delete_repo
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo}/commits
  method: post
  operationId: handle_create_commit
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo}/compare
  method: get
  operationId: handle_compare_commits
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/contents/{path}
  method: get
  operationId: handle_get_contents
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/git/blobs/{hash}
  method: get
  operationId: handle_get_blob
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/git/commits
  method: get
  operationId: handle_list_commits
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/git/commits
  method: post
  operationId: handle_create_odb_commit
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo}/git/commits/{hash}
  method: get
  operationId: handle_get_commit
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/git/refs/heads/
  method: get
  operationId: handle_list_branches
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/git/refs/heads/{*branch}
  method: post
  operationId: handle_create_branch
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo}/git/refs/heads/{branch}
  method: get
  operationId: handle_get_ref_branch
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/git/refs/tags/
  method: get
  operationId: handle_list_tags
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/git/refs/tags/{tag}
  method: get
  operationId: handle_get_ref_tag
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/git/tags/{hash}
  method: get
  operationId: handle_get_tag
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/git/trees/{hash}
  method: get
  operationId: handle_get_tree
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/repair
  method: get
  operationId: handle_list_repair_jobs
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/repair
  method: post
  operationId: handle_schedule_repair
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo}/repair/{job_id}
  method: get
  operationId: handle_get_repair_job
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/repair/{job_id}
  method: delete
  operationId: handle_cancel_repair_job
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo}/search
  method: get
  operationId: handle_search
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/search/commits
  method: get
  operationId: handle_search_commits
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/search/diffs
  method: get
  operationId: handle_search_diffs
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/search/files
  method: get
  operationId: handle_search_files
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/tarball
  method: get
  operationId: handle_download_tarball
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/trigger
  method: get
  operationId: handle_list_git_triggers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /git/v1/repo/{repo}/trigger
  method: post
  operationId: handle_create_git_trigger
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo}/trigger/{trigger}
  method: delete
  operationId: handle_delete_git_trigger
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /git/v1/repo/{repo}/zip
  method: get
  operationId: handle_download_zip
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /auth/v1/background-requests/{request_id}
  method: get
  operationId: handle_get_background_request
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /auth/v1/whoami
  method: get
  operationId: handle_whoami
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /identity/v1/identities
  method: get
  operationId: handle_list_identities
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /identity/v1/identities
  method: post
  operationId: handle_create_identity
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /identity/v1/identities/{identity}
  method: delete
  operationId: handle_delete_identity
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /identity/v1/identities/{identity}/permissions/git
  method: get
  operationId: handle_list_git_permissions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /identity/v1/identities/{identity}/permissions/git/{repo}
  method: get
  operationId: handle_describe_git_permission
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /identity/v1/identities/{identity}/permissions/git/{repo}
  method: put
  operationId: handle_update_git_permission
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /identity/v1/identities/{identity}/permissions/git/{repo}
  method: post
  operationId: handle_grant_git_permission
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /identity/v1/identities/{identity}/permissions/git/{repo}
  method: delete
  operationId: handle_revoke_git_permission
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /identity/v1/identities/{identity}/permissions/vm
  method: get
  operationId: handle_list_vm_permissions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /identity/v1/identities/{identity}/permissions/vm/{vm_id}
  method: get
  operationId: handle_describe_vm_permission
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /identity/v1/identities/{identity}/permissions/vm/{vm_id}
  method: put
  operationId: handle_update_allowed_users
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /identity/v1/identities/{identity}/permissions/vm/{vm_id}
  method: post
  operationId: handle_grant_vm_permission
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /identity/v1/identities/{identity}/permissions/vm/{vm_id}
  method: delete
  operationId: handle_revoke_vm_permission
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /identity/v1/identities/{identity}/tokens
  method: get
  operationId: handle_list_git_tokens
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /identity/v1/identities/{identity}/tokens
  method: post
  operationId: handle_create_git_token
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /identity/v1/identities/{identity}/tokens/{token}
  method: delete
  operationId: handle_revoke_git_token
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /observability/v1/logs
  method: get
  operationId: handle_get_logs
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms
  method: get
  operationId: list_vms
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms
  method: post
  operationId: create_vm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/builds/{build_id}
  method: get
  operationId: get_build
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms/builds/{build_id}/phases
  method: get
  operationId: list_build_phases
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms/snapshots
  method: get
  operationId: list_snapshots
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms/snapshots
  method: post
  operationId: create_snapshot
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/snapshots/{snapshot_id}
  method: get
  operationId: get_snapshot
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms/snapshots/{snapshot_id}
  method: delete
  operationId: delete_snapshot
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/snapshots/{snapshot_id}
  method: patch
  operationId: update_snapshot
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{id}/resize
  method: post
  operationId: resize_vm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}
  method: get
  operationId: get_vm
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms/{vm_id}
  method: delete
  operationId: delete_vm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/await
  method: post
  operationId: wait_vm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/build
  method: get
  operationId: get_build_for_vm
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms/{vm_id}/exec-await
  method: post
  operationId: exec_await
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/files/{filepath}
  method: get
  operationId: get_file
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms/{vm_id}/files/{filepath}
  method: put
  operationId: put_file
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/fork
  method: post
  operationId: fork_vm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/kill
  method: post
  operationId: kill_vm
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /v1/vms/{vm_id}/optimize
  method: post
  operationId: optimize_vm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/snapshot
  method: post
  operationId: snapshot_vm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/start
  method: post
  operationId: start_vm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/stats/stream
  method: get
  operationId: stats_stream
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms/{vm_id}/stop
  method: post
  operationId: stop_vm
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /v1/vms/{vm_id}/suspend
  method: post
  operationId: suspend_vm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/systemd/restart
  method: post
  operationId: batch_restart_services
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/systemd/services
  method: get
  operationId: list_services
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/vms/{vm_id}/systemd/services
  method: post
  operationId: create_service
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/vms/{vm_id}/systemd/services/{service_id}
  method: delete
  operationId: delete_service
  x-agentic-access:
    action-class

# --- truncated at 32 KB (37 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/freestyle-sh/refs/heads/main/agentic-access/freestyle-sh-agentic-access.yml