Gitea · Agentic Access

Gitea Agentic Access

x-agentic-access generated

Gitea exposes 944 API operations that an AI agent could call, of which 470 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 474 read, 448 write, 10 physical, and 12 safety-critical.

12 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

GitSource ControlDevOpsCI/CDCode HostingOpen SourceSelf HostedPackage RegistryIssue TrackingPull Requests
Operations: 944 Acting: 470 Human-in-the-loop: 12 Method: generated

By consequence

read 474 write 448 physical 10 safety-critical 12

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable safety-critical required
PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable safety-critical required
POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches safety-critical required
POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches safety-critical required
DELETE /repos/{owner}/{repo}/issues/{index}/stopwatch/delete safety-critical required
DELETE /repos/{owner}/{repo}/issues/{index}/stopwatch/delete safety-critical required
POST /repos/{owner}/{repo}/issues/{index}/stopwatch/start safety-critical required
POST /repos/{owner}/{repo}/issues/{index}/stopwatch/start safety-critical required
POST /repos/{owner}/{repo}/issues/{index}/stopwatch/stop safety-critical required
POST /repos/{owner}/{repo}/issues/{index}/stopwatch/stop safety-critical required
DELETE /repos/{owner}/{repo}/issues/{index}/times safety-critical required
DELETE /repos/{owner}/{repo}/issues/{index}/times safety-critical required
PUT /orgs/{org}/public_members/{username} physical conditional
DELETE /orgs/{org}/public_members/{username} physical conditional
PUT /orgs/{org}/public_members/{username} physical conditional
DELETE /orgs/{org}/public_members/{username} physical conditional
POST /repos/{owner}/{repo}/transfer physical conditional
POST /repos/{owner}/{repo}/transfer physical conditional
POST /repos/{owner}/{repo}/transfer/accept physical conditional
POST /repos/{owner}/{repo}/transfer/accept physical conditional
POST /repos/{owner}/{repo}/transfer/reject physical conditional
POST /repos/{owner}/{repo}/transfer/reject physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/gitea-rest-api-openapi-original.yml, openapi/gitea-rest-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 944
  by_action_class:
    connected: 474
    acting: 470
  by_consequence:
    read: 474
    write: 448
    physical: 10
    safety-critical: 12
  human_in_the_loop_required: 12
operations:
- path: /admin/actions/jobs
  method: get
  operationId: listAdminWorkflowJobs
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/actions/runners
  method: get
  operationId: getAdminRunners
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/actions/runners/registration-token
  method: post
  operationId: adminCreateRunnerRegistrationToken
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/actions/runners/{runner_id}
  method: get
  operationId: getAdminRunner
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/actions/runners/{runner_id}
  method: delete
  operationId: deleteAdminRunner
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/actions/runners/{runner_id}
  method: patch
  operationId: updateAdminRunner
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/actions/runs
  method: get
  operationId: listAdminWorkflowRuns
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/cron
  method: get
  operationId: adminCronList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/cron/{task}
  method: post
  operationId: adminCronRun
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/emails
  method: get
  operationId: adminGetAllEmails
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/emails/search
  method: get
  operationId: adminSearchEmails
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/hooks
  method: get
  operationId: adminListHooks
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/hooks
  method: post
  operationId: adminCreateHook
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/hooks/{id}
  method: get
  operationId: adminGetHook
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/hooks/{id}
  method: delete
  operationId: adminDeleteHook
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/hooks/{id}
  method: patch
  operationId: adminEditHook
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/orgs
  method: get
  operationId: adminGetAllOrgs
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/unadopted
  method: get
  operationId: adminUnadoptedList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/unadopted/{owner}/{repo}
  method: post
  operationId: adminAdoptRepository
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/unadopted/{owner}/{repo}
  method: delete
  operationId: adminDeleteUnadoptedRepository
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users
  method: get
  operationId: adminSearchUsers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/users
  method: post
  operationId: adminCreateUser
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users/{username}
  method: delete
  operationId: adminDeleteUser
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users/{username}
  method: patch
  operationId: adminEditUser
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users/{username}/badges
  method: get
  operationId: adminListUserBadges
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /admin/users/{username}/badges
  method: post
  operationId: adminAddUserBadges
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users/{username}/badges
  method: delete
  operationId: adminDeleteUserBadges
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users/{username}/keys
  method: post
  operationId: adminCreatePublicKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users/{username}/keys/{id}
  method: delete
  operationId: adminDeleteUserPublicKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users/{username}/orgs
  method: post
  operationId: adminCreateOrg
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users/{username}/rename
  method: post
  operationId: adminRenameUser
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /admin/users/{username}/repos
  method: post
  operationId: adminCreateRepo
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /gitignore/templates
  method: get
  operationId: listGitignoresTemplates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /gitignore/templates/{name}
  method: get
  operationId: getGitignoreTemplateInfo
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /label/templates
  method: get
  operationId: listLabelTemplates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /label/templates/{name}
  method: get
  operationId: getLabelTemplateInfo
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /licenses
  method: get
  operationId: listLicenseTemplates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /licenses/{name}
  method: get
  operationId: getLicenseTemplateInfo
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /markdown
  method: post
  operationId: renderMarkdown
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /markdown/raw
  method: post
  operationId: renderMarkdownRaw
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /markup
  method: post
  operationId: renderMarkup
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /notifications
  method: get
  operationId: notifyGetList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /notifications
  method: put
  operationId: notifyReadList
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /notifications/new
  method: get
  operationId: notifyNewAvailable
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /notifications/threads/{id}
  method: get
  operationId: notifyGetThread
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /notifications/threads/{id}
  method: patch
  operationId: notifyReadThread
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /org/{org}/repos
  method: post
  operationId: createOrgRepoDeprecated
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs
  method: get
  operationId: orgGetAll
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs
  method: post
  operationId: orgCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}
  method: get
  operationId: orgGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}
  method: delete
  operationId: orgDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}
  method: patch
  operationId: orgEdit
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/actions/jobs
  method: get
  operationId: getOrgWorkflowJobs
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/actions/runners
  method: get
  operationId: getOrgRunners
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/actions/runners/registration-token
  method: post
  operationId: orgCreateRunnerRegistrationToken
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/actions/runners/{runner_id}
  method: get
  operationId: getOrgRunner
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/actions/runners/{runner_id}
  method: delete
  operationId: deleteOrgRunner
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/actions/runners/{runner_id}
  method: patch
  operationId: updateOrgRunner
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/actions/runs
  method: get
  operationId: getOrgWorkflowRuns
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/actions/secrets
  method: get
  operationId: orgListActionsSecrets
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/actions/secrets/{secretname}
  method: put
  operationId: updateOrgSecret
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/actions/secrets/{secretname}
  method: delete
  operationId: deleteOrgSecret
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/actions/variables
  method: get
  operationId: getOrgVariablesList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/actions/variables/{variablename}
  method: get
  operationId: getOrgVariable
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/actions/variables/{variablename}
  method: put
  operationId: updateOrgVariable
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/actions/variables/{variablename}
  method: post
  operationId: createOrgVariable
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/actions/variables/{variablename}
  method: delete
  operationId: deleteOrgVariable
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/activities/feeds
  method: get
  operationId: orgListActivityFeeds
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/avatar
  method: post
  operationId: orgUpdateAvatar
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/avatar
  method: delete
  operationId: orgDeleteAvatar
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/blocks
  method: get
  operationId: organizationListBlocks
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/blocks/{username}
  method: get
  operationId: organizationCheckUserBlock
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/blocks/{username}
  method: put
  operationId: organizationBlockUser
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/blocks/{username}
  method: delete
  operationId: organizationUnblockUser
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/hooks
  method: get
  operationId: orgListHooks
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/hooks
  method: post
  operationId: orgCreateHook
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/hooks/{id}
  method: get
  operationId: orgGetHook
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/hooks/{id}
  method: delete
  operationId: orgDeleteHook
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/hooks/{id}
  method: patch
  operationId: orgEditHook
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/labels
  method: get
  operationId: orgListLabels
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/labels
  method: post
  operationId: orgCreateLabel
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/labels/{id}
  method: get
  operationId: orgGetLabel
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/labels/{id}
  method: delete
  operationId: orgDeleteLabel
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/labels/{id}
  method: patch
  operationId: orgEditLabel
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/members
  method: get
  operationId: orgListMembers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/members/{username}
  method: get
  operationId: orgIsMember
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/members/{username}
  method: delete
  operationId: orgDeleteMember
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/public_members
  method: get
  operationId: orgListPublicMembers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/public_members/{username}
  method: get
  operationId: orgIsPublicMember
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/public_members/{username}
  method: put
  operationId: orgPublicizeMember
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/public_members/{username}
  method: delete
  operationId: orgConcealMember
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/rename
  method: post
  operationId: renameOrg
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/repos
  method: get
  operationId: orgListRepos
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/repos
  method: post
  operationId: createOrgRepo
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/repos
  method: delete
  operationId: orgDeleteRepos
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/teams
  method: get
  operationId: orgListTeams
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /orgs/{org}/teams
  method: post
  operationId: orgCreateTeam
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /orgs/{org}/teams/search
  method: get
  operationId: teamSearch
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /packages/{owner}
  method: get
  operationId: listPackages
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /packages/{owner}/{type}/{name}
  method: get
  operationId: listPackageVersions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /packages/{owner}/{type}/{name}
  method: delete
  operationId: deletePackage
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /packages/{owner}/{type}/{name}/-/latest
  method: get
  operationId: getLatestPackageVersion
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /packages/{owner}/{type}/{name}/-/link/{repo_name}
  method: post
  operationId: linkPackage
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /packages/{owner}/{type}/{name}/-/unlink
  method: post
  operationId: unlinkPackage
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /packages/{owner}/{type}/{name}/{version}
  method: get
  operationId: getPackage
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /packages/{owner}/{type}/{name}/{version}
  method: delete
  operationId: deletePackageVersion
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /packages/{owner}/{type}/{name}/{version}/files
  method: get
  operationId: listPackageFiles
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /repos/issues/search
  method: get
  operationId: issueSearchIssues
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /repos/migrate
  method: post
  operationId: repoMigrate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repos/search
  method: get
  operationId: repoSearch
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /repos/{owner}/{repo}
  method: get
  operationId: repoGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /repos/{owner}/{repo}
  method: delete
  operationId: repoDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /repos/{owner}/{repo}
  method: patch
  operationId: repoEdit
  x-agentic-access:
    action-class: acting
    consequence: write
    s

# --- truncated at 32 KB (270 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/gitea/refs/heads/main/agentic-access/gitea-agentic-access.yml