GitLab Agentic Access
GitLab exposes 167 API operations that an AI agent could call, of which 92 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 75 read, 90 write, 1 physical, and 1 safety-critical.
1 operation are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| POST | /oauth/revoke | safety-critical | required |
| POST | /projects/{id}/hooks/{hook_id}/events/{hook_event_id}/resend | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/gitlab-api-v4-admin-openapi-original.yml, openapi/gitlab-api-v4-application-openapi-original.yml,
openapi/gitlab-api-v4-applications-openapi-original.yml, openapi/gitlab-api-v4-avatar-openapi-original.yml,
openapi/gitlab-api-v4-broadcast-messages-openapi-original.yml, openapi/gitlab-api-v4-bulk-imports-openapi-original.yml,
openapi/gitlab-api-v4-groups-openapi-original.yml, openapi/gitlab-api-v4-metadata-openapi-original.yml,
openapi/gitlab-api-v4-projects-openapi-original.yml, openapi/gitlab-api-v4-version-openapi-original.yml,
openapi/gitlab-oauth2-openapi.yml, openapi/gitlab-openapi-original.yml, openapi/gitlab-webhooks-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 167
by_action_class:
connected: 75
acting: 92
by_consequence:
read: 75
write: 90
safety-critical: 1
physical: 1
human_in_the_loop_required: 1
operations:
- path: /api/v4/admin/batched_background_migrations/{id}
method: get
operationId: getApiV4AdminBatchedBackgroundMigrationsId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/admin/batched_background_migrations
method: get
operationId: getApiV4AdminBatchedBackgroundMigrations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/admin/batched_background_migrations/{id}/resume
method: put
operationId: putApiV4AdminBatchedBackgroundMigrationsIdResume
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/admin/batched_background_migrations/{id}/pause
method: put
operationId: putApiV4AdminBatchedBackgroundMigrationsIdPause
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/admin/ci/variables/{key}
method: get
operationId: getApiV4AdminCiVariablesKey
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/admin/ci/variables/{key}
method: put
operationId: putApiV4AdminCiVariablesKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/admin/ci/variables/{key}
method: delete
operationId: deleteApiV4AdminCiVariablesKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/admin/ci/variables
method: get
operationId: getApiV4AdminCiVariables
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/admin/ci/variables
method: post
operationId: postApiV4AdminCiVariables
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/admin/databases/{database_name}/dictionary/tables/{table_name}
method: get
operationId: getApiV4AdminDatabasesDatabaseNameDictionaryTablesTableName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/admin/clusters/{cluster_id}
method: get
operationId: getApiV4AdminClustersClusterId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/admin/clusters/{cluster_id}
method: put
operationId: putApiV4AdminClustersClusterId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/admin/clusters/{cluster_id}
method: delete
operationId: deleteApiV4AdminClustersClusterId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/admin/clusters/add
method: post
operationId: postApiV4AdminClustersAdd
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/admin/clusters
method: get
operationId: getApiV4AdminClusters
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/admin/migrations/{timestamp}/mark
method: post
operationId: postApiV4AdminMigrationsTimestampMark
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/applications/{id}
method: delete
operationId: deleteApiV4ApplicationsId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/applications
method: get
operationId: getApiV4Applications
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/applications
method: post
operationId: postApiV4Applications
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/application/appearance
method: get
operationId: getApiV4ApplicationAppearance
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/application/appearance
method: put
operationId: putApiV4ApplicationAppearance
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/application/plan_limits
method: get
operationId: getApiV4ApplicationPlanLimits
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/application/plan_limits
method: put
operationId: putApiV4ApplicationPlanLimits
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/applications/{id}
method: delete
operationId: deleteApiV4ApplicationsId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/applications
method: get
operationId: getApiV4Applications
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/applications
method: post
operationId: postApiV4Applications
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/avatar
method: get
operationId: getApiV4Avatar
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/broadcast_messages/{id}
method: get
operationId: getApiV4BroadcastMessagesId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/broadcast_messages/{id}
method: put
operationId: putApiV4BroadcastMessagesId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/broadcast_messages/{id}
method: delete
operationId: deleteApiV4BroadcastMessagesId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/broadcast_messages
method: get
operationId: getApiV4BroadcastMessages
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/broadcast_messages
method: post
operationId: postApiV4BroadcastMessages
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/bulk_imports/{import_id}/entities/{entity_id}
method: get
operationId: getApiV4BulkImportsImportIdEntitiesEntityId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/bulk_imports/{import_id}/entities
method: get
operationId: getApiV4BulkImportsImportIdEntities
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/bulk_imports/{import_id}
method: get
operationId: getApiV4BulkImportsImportId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/bulk_imports/entities
method: get
operationId: getApiV4BulkImportsEntities
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/bulk_imports
method: get
operationId: getApiV4BulkImports
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/bulk_imports
method: post
operationId: postApiV4BulkImports
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/badges/{badge_id}
method: get
operationId: getApiV4GroupsIdBadgesBadgeId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/groups/{id}/badges/{badge_id}
method: put
operationId: putApiV4GroupsIdBadgesBadgeId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/badges/{badge_id}
method: delete
operationId: deleteApiV4GroupsIdBadgesBadgeId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/badges
method: get
operationId: getApiV4GroupsIdBadges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/groups/{id}/badges
method: post
operationId: postApiV4GroupsIdBadges
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/badges/render
method: get
operationId: getApiV4GroupsIdBadgesRender
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/groups/{id}/access_requests/{user_id}
method: delete
operationId: deleteApiV4GroupsIdAccessRequestsUserId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/access_requests/{user_id}/approve
method: put
operationId: putApiV4GroupsIdAccessRequestsUserIdApprove
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/access_requests
method: get
operationId: getApiV4GroupsIdAccessRequests
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/groups/{id}/access_requests
method: post
operationId: postApiV4GroupsIdAccessRequests
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/metadata
method: get
operationId: getApiV4Metadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/repository/merged_branches
method: delete
operationId: deleteApiV4ProjectsIdRepositoryMergedBranches
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/repository/branches/{branch}
method: get
operationId: getApiV4ProjectsIdRepositoryBranchesBranch
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/repository/branches/{branch}
method: delete
operationId: deleteApiV4ProjectsIdRepositoryBranchesBranch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/repository/branches/{branch}
method: head
operationId: headApiV4ProjectsIdRepositoryBranchesBranch
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/repository/branches
method: get
operationId: getApiV4ProjectsIdRepositoryBranches
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/repository/branches
method: post
operationId: postApiV4ProjectsIdRepositoryBranches
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/repository/branches/{branch}/unprotect
method: put
operationId: putApiV4ProjectsIdRepositoryBranchesBranchUnprotect
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/repository/branches/{branch}/protect
method: put
operationId: putApiV4ProjectsIdRepositoryBranchesBranchProtect
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/badges/{badge_id}
method: get
operationId: getApiV4ProjectsIdBadgesBadgeId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/badges/{badge_id}
method: put
operationId: putApiV4ProjectsIdBadgesBadgeId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/badges/{badge_id}
method: delete
operationId: deleteApiV4ProjectsIdBadgesBadgeId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/badges
method: get
operationId: getApiV4ProjectsIdBadges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/badges
method: post
operationId: postApiV4ProjectsIdBadges
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/badges/render
method: get
operationId: getApiV4ProjectsIdBadgesRender
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/access_requests/{user_id}
method: delete
operationId: deleteApiV4ProjectsIdAccessRequestsUserId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/access_requests/{user_id}/approve
method: put
operationId: putApiV4ProjectsIdAccessRequestsUserIdApprove
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/access_requests
method: get
operationId: getApiV4ProjectsIdAccessRequests
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/access_requests
method: post
operationId: postApiV4ProjectsIdAccessRequests
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/alert_management_alerts/{alert_iid}/metric_images/{metric_image_id}
method: put
operationId: putApiV4ProjectsIdAlertManagementAlertsAlertIidMetricImagesMetricImageId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/alert_management_alerts/{alert_iid}/metric_images/{metric_image_id}
method: delete
operationId: deleteApiV4ProjectsIdAlertManagementAlertsAlertIidMetricImagesMetricImageId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/alert_management_alerts/{alert_iid}/metric_images
method: get
operationId: getApiV4ProjectsIdAlertManagementAlertsAlertIidMetricImages
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/alert_management_alerts/{alert_iid}/metric_images
method: post
operationId: postApiV4ProjectsIdAlertManagementAlertsAlertIidMetricImages
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/alert_management_alerts/{alert_iid}/metric_images/authorize
method: post
operationId: postApiV4ProjectsIdAlertManagementAlertsAlertIidMetricImagesAuthorize
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/jobs
method: get
operationId: listProjectJobs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/jobs/{job_id}
method: get
operationId: getSingleJob
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/jobs/{job_id}/play
method: post
operationId: triggerManualJob
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/version
method: get
operationId: getApiV4Version
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth/authorize
method: get
operationId: authorizeOAuth
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth/authorize_device
method: post
operationId: authorizeDevice
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth/token
method: post
operationId: exchangeToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth/revoke
method: post
operationId: revokeToken
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /oauth/token/info
method: get
operationId: getTokenInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth/userinfo
method: get
operationId: getUserInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/groups/{id}/badges/{badge_id}
method: get
operationId: getApiV4GroupsIdBadgesBadgeId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/groups/{id}/badges/{badge_id}
method: put
operationId: putApiV4GroupsIdBadgesBadgeId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/badges/{badge_id}
method: delete
operationId: deleteApiV4GroupsIdBadgesBadgeId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/badges
method: get
operationId: getApiV4GroupsIdBadges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/groups/{id}/badges
method: post
operationId: postApiV4GroupsIdBadges
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/badges/render
method: get
operationId: getApiV4GroupsIdBadgesRender
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/groups/{id}/access_requests/{user_id}
method: delete
operationId: deleteApiV4GroupsIdAccessRequestsUserId
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/access_requests/{user_id}/approve
method: put
operationId: putApiV4GroupsIdAccessRequestsUserIdApprove
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/groups/{id}/access_requests
method: get
operationId: getApiV4GroupsIdAccessRequests
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/groups/{id}/access_requests
method: post
operationId: postApiV4GroupsIdAccessRequests
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/repository/merged_branches
method: delete
operationId: deleteApiV4ProjectsIdRepositoryMergedBranches
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/repository/branches/{branch}
method: get
operationId: getApiV4ProjectsIdRepositoryBranchesBranch
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/repository/branches/{branch}
method: delete
operationId: deleteApiV4ProjectsIdRepositoryBranchesBranch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/repository/branches/{branch}
method: head
operationId: headApiV4ProjectsIdRepositoryBranchesBranch
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/repository/branches
method: get
operationId: getApiV4ProjectsIdRepositoryBranches
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v4/projects/{id}/repository/branches
method: post
operationId: postApiV4ProjectsIdRepositoryBranches
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/repository/branches/{branch}/unprotect
method: put
operationId: putApiV4ProjectsIdRepositoryBranchesBranchUnprotect
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v4/projects/{id}/repository/branches/{branch}/protect
method: put
operationId: putApiV4ProjectsIdRepositoryBranchesBranchProtect
x-agentic-access:
action-class: acting
consequence: write
subject: requ
# --- truncated at 32 KB (52 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/gitlab/refs/heads/main/agentic-access/gitlab-agentic-access.yml