Gremlin Agentic Access
Gremlin exposes 379 API operations that an AI agent could call, of which 173 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 206 read, 141 write, and 32 safety-critical.
32 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /apikeys/{identifier} | safety-critical | required |
| PUT | /apikeys/{identifier}/activate | safety-critical | required |
| DELETE | /attacks | safety-critical | required |
| POST | /attacks/halt | safety-critical | required |
| DELETE | /attacks/{guid} | safety-critical | required |
| POST | /attacks/{guid}/halt | safety-critical | required |
| DELETE | /clients/{identifier} | safety-critical | required |
| DELETE | /companies/{identifier}/invites/{email} | safety-critical | required |
| POST | /companies/{identifier}/users/{email}/active | safety-critical | required |
| DELETE | /companies/{identifier}/users/{email}/active | safety-critical | required |
| DELETE | /companies/{identifier}/users/{email}/api-key/{api-key-id} | safety-critical | required |
| POST | /disaster-recovery-tests/{identifier}/halt-all | safety-critical | required |
| DELETE | /external-integrations | safety-critical | required |
| POST | /failure-flags/experiments/{id}/halt | safety-critical | required |
| POST | /halts | safety-critical | required |
| DELETE | /integration-clients/{identifier} | safety-critical | required |
| POST | /kubernetes/attacks/halt | safety-critical | required |
| POST | /kubernetes/attacks/{uid}/halt | safety-critical | required |
| POST | /orgs/auth/secret/reset | safety-critical | required |
| POST | /scenarios/halt | safety-critical | required |
| POST | /scenarios/halt/{guid}/runs/{runNumber} | safety-critical | required |
| DELETE | /schedules/scenarios/{guid}/enabled | safety-critical | required |
| DELETE | /services/{serviceId}/dependencies/discovered | safety-critical | required |
| POST | /sharedAssets/requests/delete | safety-critical | required |
| POST | /sharedAssets/requests/deny | safety-critical | required |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/gremlin-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 379
by_action_class:
connected: 206
acting: 173
by_consequence:
read: 206
write: 141
safety-critical: 32
human_in_the_loop_required: 32
operations:
- path: /attacks/active
method: get
operationId: active
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /attacks/active/paged
method: get
operationId: activePaged
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /attacks/{guid}/annotations
method: put
operationId: addAnnotations
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- MINIMUM_TEAM_PRIVILEGES
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /attacks
method: get
operationId: all
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /attacks
method: post
operationId: createNewAttack
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_RUN
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /attacks
method: delete
operationId: halt
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /attacks/range
method: get
operationId: allAttacksInRange
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /attacks/completed
method: get
operationId: completed
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /attacks/completed/paged
method: get
operationId: completedPaged
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /attacks/new
method: post
operationId: create
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_RUN
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /attacks/{guid}
method: get
operationId: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /attacks/{guid}
method: delete
operationId: halt_1
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- HALT_WRITE
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /attacks/halt
method: post
operationId: haltAsPost
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /attacks/{guid}/halt
method: post
operationId: haltAsPost_1
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- HALT_WRITE
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /executions
method: get
operationId: forAttack
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /halts
method: post
operationId: haltAll
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /kubernetes/attacks/{guid}
method: get
operationId: attack
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /kubernetes/attacks
method: get
operationId: attacks
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /kubernetes/attacks/new
method: post
operationId: createAttack
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /kubernetes/attacks/{uid}/halt
method: post
operationId: halt_2
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- HALT_WRITE
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /kubernetes/attacks/halt
method: post
operationId: haltAll_1
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /metadata
method: get
operationId: metadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /users/auth/mfa/auth
method: post
operationId: auth
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/auth/mfa/disable
method: post
operationId: disable
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /users/auth/mfa/enable
method: post
operationId: enable
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/auth/mfa/forceDisable
method: post
operationId: forceDisable
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- COMPANY_USERS_WRITE
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /users/auth/mfa/info
method: get
operationId: getInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_COMPANY_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /users/auth/mfa/{email}/enabled
method: get
operationId: isEnabled
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- SECURITY_REPORTS_READ
token:
max-ttl: 3600
audit: none
- path: /users/auth/mfa/validate
method: post
operationId: validate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /integrations/{type}
method: get
operationId: get_2
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- COMPANY_INTEGRATIONS_READ
token:
max-ttl: 3600
audit: none
- path: /integrations/{type}
method: put
operationId: put
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- COMPANY_INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /integrations/{type}
method: delete
operationId: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- COMPANY_INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /integrations
method: get
operationId: list
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- COMPANY_INTEGRATIONS_READ
token:
max-ttl: 3600
audit: none
- path: /oauth/callback
method: get
operationId: oAuthCallback
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth/login
method: get
operationId: oAuthLogin
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /roles
method: get
operationId: getRolesAndPrivileges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /roles
method: post
operationId: createCustomRole
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- ROLES_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /roles/{roleId}
method: get
operationId: getRole
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /roles/{roleId}
method: delete
operationId: deleteCustomRole
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- ROLES_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /roles/{roleId}
method: patch
operationId: updateCustomRole
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- ROLES_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/auth
method: post
operationId: auth_1
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/auth
method: delete
operationId: invalidate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- MINIMUM_COMPANY_PRIVILEGES
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/auth/emailCompanies
method: get
operationId: companyAffiliationsEmail
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /users/auth/password/reset
method: post
operationId: passwordReset
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /users/auth/password
method: put
operationId: passwordReset_1
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- MINIMUM_COMPANY_PRIVILEGES
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /users/auth/password
method: post
operationId: passwordUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/auth/saml/failures
method: get
operationId: samlFailures
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- COMPANY_SECURITY_READ
token:
max-ttl: 3600
audit: none
- path: /users/auth/saml/metadata
method: get
operationId: samlMetadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /aws/metadata/autoscaling-groups
method: get
operationId: getAutoscalingGroupsForAccount
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /aws/metadata/iam-role
method: get
operationId: getAwsMetadataIamRole
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /aws/metadata/load-balancers
method: get
operationId: getLoadBalancersForAccount
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /datadog/monitors/{monitorId}
method: get
operationId: getMonitor
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /datadog/monitors
method: get
operationId: searchMonitors
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /grafana/alerts
method: get
operationId: alerts
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /grafana/dashboards
method: get
operationId: dashboards
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /grafana/rules
method: get
operationId: rules
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /grafana/monitors
method: get
operationId: searchMonitors_1
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /jira/issues
method: get
operationId: issuesForGremlinEntityIds
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- INTEGRATIONS_READ
token:
max-ttl: 3600
audit: none
- path: /jira/issues
method: post
operationId: issue
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /jira/issues/count
method: get
operationId: issueCount
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /jira/issue-meta
method: get
operationId: issueMeta
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /jira/issues/services
method: get
operationId: issuesForGremlinEntityIdOfType
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- INTEGRATIONS_READ
token:
max-ttl: 3600
audit: none
- path: /jira/labels
method: get
operationId: labels
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /jira/priorities
method: get
operationId: priorities
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /jira/projects/{projectIdOrKey}
method: get
operationId: projectById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /jira/projects
method: get
operationId: projectSearch
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /jira/projects/{projectIdOrKey}/users
method: get
operationId: projectUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /newrelic/incidents/{incidentId}
method: get
operationId: incident
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- INTEGRATIONS_WRITE
token:
max-ttl: 3600
audit: none
- path: /pagerduty/incidents
method: get
operationId: incidentsForService
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /pagerduty/services
method: get
operationId: services
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /external-integrations
method: get
operationId: get_4
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- INTEGRATIONS_READ
token:
max-ttl: 3600
audit: none
- path: /external-integrations
method: delete
operationId: revoke
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /external-integrations/load-generator
method: get
operationId: getLoadGeneratorIntegrations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- INTEGRATIONS_READ
token:
max-ttl: 3600
audit: none
- path: /external-integrations/load-generator
method: put
operationId: updateLoadGeneratorIntegration
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /external-integrations/load-generator
method: post
operationId: createLoadGeneratorIntegration
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /external-integrations/load-generator
method: delete
operationId: removeLoadGeneratorIntegration
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /external-integrations/status-check
method: get
operationId: getStatusCheckIntegrations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- INTEGRATIONS_READ
token:
max-ttl: 3600
audit: none
- path: /external-integrations/status-check
method: put
operationId: updateStatusCheckIntegration
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /external-integrations/status-check
method: post
operationId: createStatusCheckIntegration
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /external-integrations/status-check
method: delete
operationId: removeStatusCheckIntegration
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- INTEGRATIONS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /failure-flags/apps/{name}
method: get
operationId: getApplicationForNameAndTeam
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/apps
method: get
operationId: getApplicationsForTeam
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/apps/{name}/protect
method: post
operationId: protectApplication
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /failure-flags/apps/{name}/unprotect
method: post
operationId: unprotectApplication
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /failure-flags/experiments/{id}/runs
method: get
operationId: allRunsForExperiment
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/experiments
method: get
operationId: getExperimentsForTeam
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/experiments
method: post
operationId: createExperiment
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /failure-flags/experiments/{id}
method: get
operationId: getExperimentForTeamAndId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/experiments/{id}
method: delete
operationId: deleteExperiment
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /failure-flags/experiments/active
method: get
operationId: getActiveExperimentsForTeam
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/experiments/completed/paged
method: get
operationId: getCompletedExperimentsForTeam
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/experiments/{id}/run/{startTime}
method: get
operationId: getExperimentRunDetailsForIdAndStartTime
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/experiments/{id}/halt
method: post
operationId: haltExperiment
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- HALT_WRITE
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /failure-flags/experiments/{id}/protect
method: post
operationId: protectExperiment
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /failure-flags/experiments/{id}/run
method: post
operationId: runExperiment
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_RUN
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /failure-flags/experiments/{id}/unprotect
method: post
operationId: unprotectExperiment
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /failure-flags/flags/{name}
method: get
operationId: getFailureFlagForTeamAndName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/flags
method: get
operationId: getFailureFlagsForTeam
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- EXPERIMENTS_READ
token:
max-ttl: 3600
audit: none
- path: /failure-flags/flags/{name}/protect
method: post
operationId: protectFailureFlag
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /failure-flags/flags/{name}/unprotect
method: post
operationId: unprotectFailureFlag
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- EXPERIMENTS_WRITE
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /gamedays
method: get
operationId: getGameDaysForTeam
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_TEAM_PRIVILEGES
token:
max-ttl: 3600
audit: none
- path: /gamedays
method: post
operationId: createGameDayPlan
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- MINIMUM_TEAM_PRIVILEGES
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /gamedays/{gameDayId}/summary/images/{imageName}
method: delete
operationId: delete_1
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- MINIMUM_TEAM_PRIVILEGES
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /gamedays/{gameDayId}/summary/images/{imageName}
method: patch
operationId: put_1
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- MINIMUM_TEAM_PRIVILEGES
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /gamedays/{gameDayId}/summary/export
method: get
operationId: export
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- MINIMUM_T
# --- truncated at 32 KB (117 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/gremlin/refs/heads/main/agentic-access/gremlin-agentic-access.yml