Gremlin · Agentic Access

Gremlin Agentic Access

x-agentic-access generated

Gremlin exposes 379 API operations that an AI agent could call, of which 173 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 206 read, 141 write, and 32 safety-critical.

32 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

Chaos EngineeringFault InjectionInfrastructure TestingReliabilitySite Reliability Engineering
Operations: 379 Acting: 173 Human-in-the-loop: 32 Method: generated

By consequence

read 206 write 141 safety-critical 32

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
DELETE /apikeys/{identifier} safety-critical required
PUT /apikeys/{identifier}/activate safety-critical required
DELETE /attacks safety-critical required
POST /attacks/halt safety-critical required
DELETE /attacks/{guid} safety-critical required
POST /attacks/{guid}/halt safety-critical required
DELETE /clients/{identifier} safety-critical required
DELETE /companies/{identifier}/invites/{email} safety-critical required
POST /companies/{identifier}/users/{email}/active safety-critical required
DELETE /companies/{identifier}/users/{email}/active safety-critical required
DELETE /companies/{identifier}/users/{email}/api-key/{api-key-id} safety-critical required
POST /disaster-recovery-tests/{identifier}/halt-all safety-critical required
DELETE /external-integrations safety-critical required
POST /failure-flags/experiments/{id}/halt safety-critical required
POST /halts safety-critical required
DELETE /integration-clients/{identifier} safety-critical required
POST /kubernetes/attacks/halt safety-critical required
POST /kubernetes/attacks/{uid}/halt safety-critical required
POST /orgs/auth/secret/reset safety-critical required
POST /scenarios/halt safety-critical required
POST /scenarios/halt/{guid}/runs/{runNumber} safety-critical required
DELETE /schedules/scenarios/{guid}/enabled safety-critical required
DELETE /services/{serviceId}/dependencies/discovered safety-critical required
POST /sharedAssets/requests/delete safety-critical required
POST /sharedAssets/requests/deny safety-critical required

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/gremlin-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 379
  by_action_class:
    connected: 206
    acting: 173
  by_consequence:
    read: 206
    write: 141
    safety-critical: 32
  human_in_the_loop_required: 32
operations:
- path: /attacks/active
  method: get
  operationId: active
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /attacks/active/paged
  method: get
  operationId: activePaged
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /attacks/{guid}/annotations
  method: put
  operationId: addAnnotations
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /attacks
  method: get
  operationId: all
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /attacks
  method: post
  operationId: createNewAttack
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_RUN
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /attacks
  method: delete
  operationId: halt
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /attacks/range
  method: get
  operationId: allAttacksInRange
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /attacks/completed
  method: get
  operationId: completed
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /attacks/completed/paged
  method: get
  operationId: completedPaged
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /attacks/new
  method: post
  operationId: create
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_RUN
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /attacks/{guid}
  method: get
  operationId: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /attacks/{guid}
  method: delete
  operationId: halt_1
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - HALT_WRITE
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /attacks/halt
  method: post
  operationId: haltAsPost
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /attacks/{guid}/halt
  method: post
  operationId: haltAsPost_1
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - HALT_WRITE
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /executions
  method: get
  operationId: forAttack
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /halts
  method: post
  operationId: haltAll
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /kubernetes/attacks/{guid}
  method: get
  operationId: attack
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /kubernetes/attacks
  method: get
  operationId: attacks
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /kubernetes/attacks/new
  method: post
  operationId: createAttack
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /kubernetes/attacks/{uid}/halt
  method: post
  operationId: halt_2
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - HALT_WRITE
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /kubernetes/attacks/halt
  method: post
  operationId: haltAll_1
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /metadata
  method: get
  operationId: metadata
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /users/auth/mfa/auth
  method: post
  operationId: auth
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /users/auth/mfa/disable
  method: post
  operationId: disable
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /users/auth/mfa/enable
  method: post
  operationId: enable
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /users/auth/mfa/forceDisable
  method: post
  operationId: forceDisable
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - COMPANY_USERS_WRITE
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /users/auth/mfa/info
  method: get
  operationId: getInfo
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_COMPANY_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /users/auth/mfa/{email}/enabled
  method: get
  operationId: isEnabled
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - SECURITY_REPORTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /users/auth/mfa/validate
  method: post
  operationId: validate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /integrations/{type}
  method: get
  operationId: get_2
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - COMPANY_INTEGRATIONS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /integrations/{type}
  method: put
  operationId: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - COMPANY_INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /integrations/{type}
  method: delete
  operationId: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - COMPANY_INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /integrations
  method: get
  operationId: list
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - COMPANY_INTEGRATIONS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /oauth/callback
  method: get
  operationId: oAuthCallback
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /oauth/login
  method: get
  operationId: oAuthLogin
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /roles
  method: get
  operationId: getRolesAndPrivileges
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /roles
  method: post
  operationId: createCustomRole
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - ROLES_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /roles/{roleId}
  method: get
  operationId: getRole
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /roles/{roleId}
  method: delete
  operationId: deleteCustomRole
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - ROLES_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /roles/{roleId}
  method: patch
  operationId: updateCustomRole
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - ROLES_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /users/auth
  method: post
  operationId: auth_1
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /users/auth
  method: delete
  operationId: invalidate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - MINIMUM_COMPANY_PRIVILEGES
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /users/auth/emailCompanies
  method: get
  operationId: companyAffiliationsEmail
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /users/auth/password/reset
  method: post
  operationId: passwordReset
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /users/auth/password
  method: put
  operationId: passwordReset_1
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - MINIMUM_COMPANY_PRIVILEGES
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /users/auth/password
  method: post
  operationId: passwordUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /users/auth/saml/failures
  method: get
  operationId: samlFailures
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - COMPANY_SECURITY_READ
    token:
      max-ttl: 3600
    audit: none
- path: /users/auth/saml/metadata
  method: get
  operationId: samlMetadata
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /aws/metadata/autoscaling-groups
  method: get
  operationId: getAutoscalingGroupsForAccount
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /aws/metadata/iam-role
  method: get
  operationId: getAwsMetadataIamRole
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /aws/metadata/load-balancers
  method: get
  operationId: getLoadBalancersForAccount
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /datadog/monitors/{monitorId}
  method: get
  operationId: getMonitor
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /datadog/monitors
  method: get
  operationId: searchMonitors
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /grafana/alerts
  method: get
  operationId: alerts
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /grafana/dashboards
  method: get
  operationId: dashboards
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /grafana/rules
  method: get
  operationId: rules
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /grafana/monitors
  method: get
  operationId: searchMonitors_1
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /jira/issues
  method: get
  operationId: issuesForGremlinEntityIds
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - INTEGRATIONS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /jira/issues
  method: post
  operationId: issue
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /jira/issues/count
  method: get
  operationId: issueCount
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /jira/issue-meta
  method: get
  operationId: issueMeta
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /jira/issues/services
  method: get
  operationId: issuesForGremlinEntityIdOfType
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - INTEGRATIONS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /jira/labels
  method: get
  operationId: labels
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /jira/priorities
  method: get
  operationId: priorities
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /jira/projects/{projectIdOrKey}
  method: get
  operationId: projectById
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /jira/projects
  method: get
  operationId: projectSearch
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /jira/projects/{projectIdOrKey}/users
  method: get
  operationId: projectUsers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /newrelic/incidents/{incidentId}
  method: get
  operationId: incident
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - INTEGRATIONS_WRITE
    token:
      max-ttl: 3600
    audit: none
- path: /pagerduty/incidents
  method: get
  operationId: incidentsForService
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /pagerduty/services
  method: get
  operationId: services
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /external-integrations
  method: get
  operationId: get_4
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - INTEGRATIONS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /external-integrations
  method: delete
  operationId: revoke
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /external-integrations/load-generator
  method: get
  operationId: getLoadGeneratorIntegrations
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - INTEGRATIONS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /external-integrations/load-generator
  method: put
  operationId: updateLoadGeneratorIntegration
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /external-integrations/load-generator
  method: post
  operationId: createLoadGeneratorIntegration
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /external-integrations/load-generator
  method: delete
  operationId: removeLoadGeneratorIntegration
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /external-integrations/status-check
  method: get
  operationId: getStatusCheckIntegrations
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - INTEGRATIONS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /external-integrations/status-check
  method: put
  operationId: updateStatusCheckIntegration
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /external-integrations/status-check
  method: post
  operationId: createStatusCheckIntegration
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /external-integrations/status-check
  method: delete
  operationId: removeStatusCheckIntegration
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - INTEGRATIONS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /failure-flags/apps/{name}
  method: get
  operationId: getApplicationForNameAndTeam
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/apps
  method: get
  operationId: getApplicationsForTeam
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/apps/{name}/protect
  method: post
  operationId: protectApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /failure-flags/apps/{name}/unprotect
  method: post
  operationId: unprotectApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /failure-flags/experiments/{id}/runs
  method: get
  operationId: allRunsForExperiment
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/experiments
  method: get
  operationId: getExperimentsForTeam
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/experiments
  method: post
  operationId: createExperiment
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /failure-flags/experiments/{id}
  method: get
  operationId: getExperimentForTeamAndId
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/experiments/{id}
  method: delete
  operationId: deleteExperiment
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /failure-flags/experiments/active
  method: get
  operationId: getActiveExperimentsForTeam
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/experiments/completed/paged
  method: get
  operationId: getCompletedExperimentsForTeam
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/experiments/{id}/run/{startTime}
  method: get
  operationId: getExperimentRunDetailsForIdAndStartTime
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/experiments/{id}/halt
  method: post
  operationId: haltExperiment
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - HALT_WRITE
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /failure-flags/experiments/{id}/protect
  method: post
  operationId: protectExperiment
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /failure-flags/experiments/{id}/run
  method: post
  operationId: runExperiment
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_RUN
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /failure-flags/experiments/{id}/unprotect
  method: post
  operationId: unprotectExperiment
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /failure-flags/flags/{name}
  method: get
  operationId: getFailureFlagForTeamAndName
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/flags
  method: get
  operationId: getFailureFlagsForTeam
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - EXPERIMENTS_READ
    token:
      max-ttl: 3600
    audit: none
- path: /failure-flags/flags/{name}/protect
  method: post
  operationId: protectFailureFlag
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /failure-flags/flags/{name}/unprotect
  method: post
  operationId: unprotectFailureFlag
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - EXPERIMENTS_WRITE
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /gamedays
  method: get
  operationId: getGameDaysForTeam
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    token:
      max-ttl: 3600
    audit: none
- path: /gamedays
  method: post
  operationId: createGameDayPlan
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /gamedays/{gameDayId}/summary/images/{imageName}
  method: delete
  operationId: delete_1
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /gamedays/{gameDayId}/summary/images/{imageName}
  method: patch
  operationId: put_1
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - MINIMUM_TEAM_PRIVILEGES
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /gamedays/{gameDayId}/summary/export
  method: get
  operationId: export
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - MINIMUM_T

# --- truncated at 32 KB (117 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/gremlin/refs/heads/main/agentic-access/gremlin-agentic-access.yml