Ironclad · Agentic Access

Ironclad Agentic Access

x-agentic-access generated

Ironclad exposes 98 API operations that an AI agent could call, of which 53 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 45 read, 48 write, and 5 physical.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

Contract Lifecycle ManagementCLMContractsLegal TechLegalOpsEnterpriseWorkflowseSignatureClickwrapAIOAuthSCIMWebhooks
Operations: 98 Acting: 53 Human-in-the-loop: 0 Method: generated

By consequence

read 45 write 48 physical 5

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
PATCH /Groups/{groupId} physical conditional
POST /workflows/{id}/sign-status/scheduled-send physical conditional
PATCH /workflows/{id}/sign-status/scheduled-send physical conditional
DELETE /workflows/{id}/sign-status/scheduled-send physical conditional
POST /workflows/{id}/sign-status/send-signature-request physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/ironclad-oauth-20-api-openapi.yml, openapi/ironclad-public-api-openapi.yml,
  openapi/ironclad-scim-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 98
  by_action_class:
    connected: 45
    acting: 53
  by_consequence:
    read: 45
    write: 48
    physical: 5
  human_in_the_loop_required: 0
operations:
- path: /authorize
  method: get
  operationId: oauth-authorize
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /token
  method: post
  operationId: oauth-token
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /company-info
  method: get
  operationId: oauth-company-info
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /userinfo
  method: get
  operationId: oauth-userinfo
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /workflows
  method: post
  operationId: launch-a-new-workflow
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.createWorkflows
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows
  method: get
  operationId: list-all-workflows
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readWorkflows
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/async
  method: post
  operationId: create-a-new-workflow-async
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.createWorkflows
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/async/{asyncJobId}
  method: get
  operationId: retrieve-asynchronous-workflow-status
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.createWorkflows
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}
  method: get
  operationId: retrieve-a-workflow
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readWorkflows
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/approvals
  method: get
  operationId: list-all-workflow-approvals
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readApprovals
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/approval-requests
  method: get
  operationId: approval-requests
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readApprovals
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/approvals/{roleId}
  method: patch
  operationId: update-workflow-approval
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.updateApprovals
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/turn-history
  method: get
  operationId: turn-history
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readTurnHistory
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/sign-status
  method: get
  operationId: get-sign-status
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readSignStatus
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/sign-status/send-signature-request
  method: post
  operationId: send-signature-request
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - public.workflows.sendSignatureRequests
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/sign-status/scheduled-send
  method: post
  operationId: schedule-send-signature-request
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - public.workflows.scheduleSendSignatureRequest
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/sign-status/scheduled-send
  method: patch
  operationId: update-scheduled-signature-request
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - public.workflows.updateScheduledSignatureRequest
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/sign-status/scheduled-send
  method: delete
  operationId: delete-scheduled-signature-request
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - public.workflows.deleteScheduledSignatureRequest
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/sign-status/cancel-signature-request
  method: post
  operationId: cancel-signature-request
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.cancelSignatureRequests
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/sign-status/signers/{signerRoleName}
  method: patch
  operationId: update-signer
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.updateSigners
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/sign-status/signers/{signerRoleName}
  method: delete
  operationId: delete-signer
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.deleteSigners
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/sign-status/signers/{signerRoleName}/remind
  method: post
  operationId: remind-signer
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.remindSigners
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/signatures
  method: get
  operationId: list-all-workflow-signers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readSignatures
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/signatures/recipient-urls
  method: post
  operationId: create-recipient-url
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.createSignatureRecipientUrls
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/signatures/recipient-urls/embedded
  method: post
  operationId: create-embeddable-recipient-url
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.createEmbeddableSignerUrls
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/upload-signed
  method: post
  operationId: workflow-upload-signed-document
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.uploadSignedDocuments
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/participants
  method: get
  operationId: list-all-workflow-participants
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readParticipants
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/roles/{roleName}
  method: patch
  operationId: update-workflow-role-assignment
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.updateRoleAssignment
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/roles/{roleName}/eligible-assignees
  method: get
  operationId: list-workflow-role-eligible-assignees
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readRoleAssignees
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/revert-to-review
  method: patch
  operationId: revert-to-review
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.revertToReview
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/cancel
  method: post
  operationId: cancel-a-workflow
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.cancel
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/pause
  method: post
  operationId: pause-a-workflow
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.pauseAndResume
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/resume
  method: post
  operationId: resume-a-workflow
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.pauseAndResume
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/comment
  method: post
  operationId: deprecated-create-a-comment-on-a-workflow
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.createComments
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/comments
  method: post
  operationId: create-a-comment-on-a-workflow
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.createComments
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/comments
  method: get
  operationId: list-all-comments-in-a-workflow
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readComments
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/comments/{commentId}
  method: get
  operationId: list-a-comment-from-a-workflow
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readComments
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/attributes
  method: patch
  operationId: update-workflow-metadata
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.updateWorkflows
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/documents
  method: get
  operationId: retrieve-workflow-documents
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readDocuments
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/signature-packet
  method: patch
  operationId: update-workflow-signature-packet
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.updateSignaturePacket
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/documents/{attributeId}
  method: post
  operationId: create-a-workflow-document
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.workflows.createDocuments
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /workflows/{id}/document/{key}/download
  method: get
  operationId: retrieve-a-workflow-document
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readDocuments
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/emails
  method: get
  operationId: retrieve-email-threads-from-workflow
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readEmailCommunications
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/emails/{emailThreadId}
  method: get
  operationId: retrieve-email-thread-from-workflow
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readEmailCommunications
    token:
      max-ttl: 3600
    audit: none
- path: /workflows/{id}/emails/{emailThreadId}/attachments/{attachmentId}
  method: get
  operationId: retrieve-attachment-from-email-thread
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readEmailCommunications
    token:
      max-ttl: 3600
    audit: none
- path: /workflow-schemas
  method: get
  operationId: list-all-workflow-schemas
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readSchemas
    token:
      max-ttl: 3600
    audit: none
- path: /workflow-schemas/{id}
  method: get
  operationId: retrieve-a-workflow-schema
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.workflows.readSchemas
    token:
      max-ttl: 3600
    audit: none
- path: /records
  method: get
  operationId: list-all-records
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.records.readRecords
    token:
      max-ttl: 3600
    audit: none
- path: /records
  method: post
  operationId: create-a-record
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.createRecords
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/attachments/download-urls
  method: post
  operationId: create-attachment-download-urls
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.readAttachments
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/attachments/download-urls/{jobId}
  method: get
  operationId: get-attachment-download-urls-status
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.records.readAttachments
    token:
      max-ttl: 3600
    audit: none
- path: /records/smart-import
  method: get
  operationId: retrieve-import-predictions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.records.readSmartImportRecords
    token:
      max-ttl: 3600
    audit: none
- path: /records/smart-import
  method: post
  operationId: create-a-smart-import-record
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.createSmartImportRecords
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/smart-import/{importId}
  method: post
  operationId: create-a-smart-import-record-to-import
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.createSmartImportRecords
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/{id}
  method: get
  operationId: retrieve-a-record
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.records.readRecords
    token:
      max-ttl: 3600
    audit: none
- path: /records/{id}
  method: put
  operationId: replace-a-record
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.updateRecords
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/{id}
  method: delete
  operationId: delete-a-record
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.deleteRecords
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/{id}
  method: patch
  operationId: update-record-metadata
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.updateRecords
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/metadata
  method: get
  operationId: list-all-records-metadata
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.records.readSchemas
    token:
      max-ttl: 3600
    audit: none
- path: /records/{id}/attachments/{key}
  method: post
  operationId: create-an-attachment-on-a-record
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.createAttachments
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/{id}/attachments/{key}
  method: get
  operationId: retrieve-an-attachment-on-a-record
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.records.readAttachments
    token:
      max-ttl: 3600
    audit: none
- path: /records/{id}/attachments/{key}
  method: delete
  operationId: delete-an-attachment-on-a-record
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.deleteAttachments
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/{id}/actions
  method: post
  operationId: run-an-action-on-a-record
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.applyContractAction
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /records/export
  method: get
  operationId: retrieve-xlsx-export-file-of-all-records
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.records.readRecords
    token:
      max-ttl: 3600
    audit: none
- path: /webhooks
  method: post
  operationId: create-a-webhook
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.webhooks.createWebhooks
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /webhooks
  method: get
  operationId: list-all-webhooks
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.webhooks.readWebhooks
    token:
      max-ttl: 3600
    audit: none
- path: /webhooks/{id}
  method: get
  operationId: retrieve-a-webhook
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.webhooks.readWebhooks
    token:
      max-ttl: 3600
    audit: none
- path: /webhooks/{id}
  method: patch
  operationId: update-a-webhook
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.webhooks.updateWebhooks
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /webhooks/{id}
  method: delete
  operationId: delete-a-webhook
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.webhooks.deleteWebhooks
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /webhooks/verification-key
  method: get
  operationId: retrieve-webhook-verification-key
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /exports
  method: post
  operationId: export
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.export.createReports
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /exports/{jobId}
  method: get
  operationId: export-job
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.export.readReports
    token:
      max-ttl: 3600
    audit: none
- path: /exports/{jobId}/download
  method: get
  operationId: export-job-download
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.export.readReports
    token:
      max-ttl: 3600
    audit: none
- path: /entities/relationship-types
  method: get
  operationId: get-all-entity-relationship-types
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.entities.readRelationshipTypes
    token:
      max-ttl: 3600
    audit: none
- path: /entities
  method: get
  operationId: list-all-entities
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.entities.readEntities
    token:
      max-ttl: 3600
    audit: none
- path: /entities
  method: post
  operationId: create-an-entity
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.entities.createEntities
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /entities/{id}
  method: get
  operationId: retrieve-an-entity
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.entities.readEntities
    token:
      max-ttl: 3600
    audit: none
- path: /entities/{id}
  method: patch
  operationId: update-an-entity
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.entities.updateEntities
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /entities/{id}
  method: delete
  operationId: delete-an-entity
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.entities.deleteEntities
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /obligations
  method: get
  operationId: list-all-obligations
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.obligations.readObligations
    token:
      max-ttl: 3600
    audit: none
- path: /obligations
  method: post
  operationId: create-an-obligation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.obligations.createObligations
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /obligations/{id}
  method: get
  operationId: retrieve-an-obligation
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - public.obligations.readObligations
    token:
      max-ttl: 3600
    audit: none
- path: /obligations/{id}
  method: patch
  operationId: update-an-obligation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.obligations.updateObligations
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /search/conversational
  method: post
  operationId: run-conversational-search
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - public.records.readRecords
    - public.search.conversational
    - public.workflows.readWorkflows
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /Users
  method: get
  operationId: retrieve-all-users
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /Users
  method: post
  operationId: create-a-user
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /Users/{userId}
  method: get
  operationId: retrieve-a-user
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /Users/{userId}
  method: patch
  operationId: update-user-data
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /Users/{userId}
  method: put
  operationId: replace-a-user
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /Users/{userId}
  method: delete
  operationId: delete-a-user
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /Groups
  method: get
  operationId: retrieve-all-groups
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /Groups
  method: post
  operationId: create-a-group
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /Groups/{groupId}
  method: get
  operationId: retrieve-a-group
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /Groups/{groupId}
  method: patch
  operationId: update-group-membership
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /Groups/{groupId}
  method: put
  operationId: replace-a-group
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal


# --- truncated at 32 KB (32 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/ironclad/refs/heads/main/agentic-access/ironclad-agentic-access.yml