Kernel Agentic Access
Kernel exposes 133 API operations that an AI agent could call, of which 82 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 51 read, 66 write, 3 physical, and 13 safety-critical.
13 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| POST | /browsers/{id}/computer/click_mouse | safety-critical | required |
| POST | /browsers/{id}/computer/clipboard/read | safety-critical | required |
| POST | /browsers/{id}/computer/clipboard/write | safety-critical | required |
| POST | /browsers/{id}/computer/cursor | safety-critical | required |
| POST | /browsers/{id}/computer/drag_mouse | safety-critical | required |
| POST | /browsers/{id}/computer/move_mouse | safety-critical | required |
| POST | /browsers/{id}/computer/press_key | safety-critical | required |
| POST | /browsers/{id}/computer/screenshot | safety-critical | required |
| POST | /browsers/{id}/computer/scroll | safety-critical | required |
| POST | /browsers/{id}/computer/type | safety-critical | required |
| DELETE | /browsers/{id}/fs/watch/{watch_id} | safety-critical | required |
| POST | /browsers/{id}/process/{process_id}/kill | safety-critical | required |
| POST | /browsers/{id}/replays/{replay_id}/stop | safety-critical | required |
| PUT | /browsers/{id}/fs/set_file_permissions | physical | conditional |
| POST | /deployments | physical | conditional |
| DELETE | /deployments/{id} | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/kernel-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 133
by_action_class:
acting: 82
connected: 51
by_consequence:
write: 66
read: 51
safety-critical: 13
physical: 3
human_in_the_loop_required: 13
operations:
- path: /invocations
method: post
operationId: postInvocations
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /invocations
method: get
operationId: getInvocations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /invocations/{id}
method: get
operationId: getInvocationsById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /invocations/{id}
method: patch
operationId: patchInvocationsById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /invocations/{id}/browsers
method: get
operationId: getInvocationsBrowsersById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /invocations/{id}/browsers
method: delete
operationId: deleteInvocationsBrowsersById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /invocations/{id}/events
method: get
operationId: getInvocationsEventsById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /proxies
method: post
operationId: postProxies
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /proxies
method: get
operationId: getProxies
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /proxies/{id}
method: get
operationId: getProxiesById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /proxies/{id}
method: delete
operationId: deleteProxiesById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /proxies/{id}/check
method: post
operationId: postProxiesByIdCheck
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers
method: post
operationId: postBrowsers
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers
method: get
operationId: getBrowsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}
method: get
operationId: getBrowsersById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}
method: delete
operationId: deleteBrowsersById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}
method: patch
operationId: patchBrowsersById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/replays
method: post
operationId: startBrowserReplayRecording
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/replays
method: get
operationId: listBrowsersReplays
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/replays/{replay_id}
method: get
operationId: getBrowsersReplaysById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/replays/{replay_id}/stop
method: post
operationId: stopBrowserReplayRecording
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/telemetry
method: get
operationId: streamBrowserTelemetry
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/extensions
method: post
operationId: uploadExtensionsToBrowser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/computer/click_mouse
method: post
operationId: clickMouse
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/computer/move_mouse
method: post
operationId: moveMouse
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/computer/screenshot
method: post
operationId: takeScreenshot
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/computer/type
method: post
operationId: typeText
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/computer/press_key
method: post
operationId: pressKey
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/computer/scroll
method: post
operationId: scroll
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/computer/drag_mouse
method: post
operationId: dragMouse
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/computer/cursor
method: post
operationId: setCursor
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/computer/batch
method: post
operationId: batchComputerAction
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/computer/get_mouse_position
method: post
operationId: getMousePosition
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/computer/clipboard/read
method: post
operationId: readClipboard
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/computer/clipboard/write
method: post
operationId: writeClipboard
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /apps
method: get
operationId: getApps
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /deployments
method: get
operationId: getDeployments
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /deployments
method: post
operationId: postDeployments
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /deployments/{id}
method: get
operationId: getDeploymentsById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /deployments/{id}
method: delete
operationId: deleteDeploymentsById
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /deployments/{id}/events
method: get
operationId: getDeploymentsEventsById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/fs/read_file
method: get
operationId: readFile
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/fs/write_file
method: put
operationId: writeFile
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/fs/list_files
method: get
operationId: listFiles
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/fs/create_directory
method: put
operationId: createDirectory
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/fs/delete_file
method: put
operationId: deleteFile
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/fs/delete_directory
method: put
operationId: deleteDirectory
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/fs/set_file_permissions
method: put
operationId: setFilePermissions
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/fs/file_info
method: get
operationId: fileInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/fs/move
method: put
operationId: movePath
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/fs/watch
method: post
operationId: startFsWatch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/fs/watch/{watch_id}/events
method: get
operationId: streamFsEvents
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/fs/watch/{watch_id}
method: delete
operationId: stopFsWatch
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/process/exec
method: post
operationId: processExec
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/process/spawn
method: post
operationId: processSpawn
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/process/{process_id}/status
method: get
operationId: processStatus
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/process/{process_id}/stdout/stream
method: get
operationId: processStdoutStream
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/process/{process_id}/stdin
method: post
operationId: processStdin
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/process/{process_id}/kill
method: post
operationId: processKill
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /browsers/{id}/process/{process_id}/resize
method: post
operationId: processResize
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/playwright/execute
method: post
operationId: executePlaywrightCode
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/logs/stream
method: get
operationId: logsStream
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/fs/download_dir_zip
method: get
operationId: downloadDirZip
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browsers/{id}/fs/upload
method: post
operationId: uploadFiles
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/fs/upload_zip
method: post
operationId: uploadZip
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browsers/{id}/curl
method: post
operationId: browserCurl
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browser_pools
method: post
operationId: postBrowserPools
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browser_pools
method: get
operationId: getBrowserPools
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browser_pools/{id_or_name}
method: get
operationId: getBrowserPoolsByIdOrName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /browser_pools/{id_or_name}
method: patch
operationId: updateBrowserPoolsByIdOrName
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browser_pools/{id_or_name}
method: delete
operationId: deleteBrowserPoolsByIdOrName
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browser_pools/{id_or_name}/acquire
method: post
operationId: acquireFromBrowserPoolByIdOrName
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browser_pools/{id_or_name}/release
method: post
operationId: releaseToBrowserPoolByIdOrName
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /browser_pools/{id_or_name}/flush
method: post
operationId: flushBrowserPoolByIdOrName
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /profiles
method: post
operationId: postProfiles
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /profiles
method: get
operationId: getProfiles
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /profiles/{id_or_name}
method: get
operationId: getProfileByIdOrName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /profiles/{id_or_name}
method: delete
operationId: deleteProfileByIdOrName
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /profiles/{id_or_name}/download
method: get
operationId: downloadProfileByIdOrName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/connections
method: post
operationId: postAuthConnections
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/connections
method: get
operationId: getAuthConnections
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/connections/{id}
method: get
operationId: getAuthConnectionsById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/connections/{id}
method: delete
operationId: deleteAuthConnectionsById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/connections/{id}
method: patch
operationId: patchAuthConnectionsById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/connections/{id}/login
method: post
operationId: postAuthConnectionsLogin
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/connections/{id}/submit
method: post
operationId: postAuthConnectionsSubmit
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/connections/{id}/events
method: get
operationId: getAuthConnectionsEventsById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/connections/{id}/exchange
method: post
operationId: postAuthConnectionsExchange
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /extensions
method: post
operationId: postExtensions
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /extensions
method: get
operationId: getExtensions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /extensions/{id_or_name}
method: get
operationId: getExtensionByIdOrName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /extensions/{id_or_name}
method: delete
operationId: deleteExtensionByIdOrName
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /extensions/from_chrome_store
method: get
operationId: getExtensionsFromChromeStore
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /agents/auth
method: post
operationId: postAgentsAuth
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /agents/auth
method: get
operationId: getAgentsAuth
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /agents/auth/invocations
method: post
operationId: postAgentsAuthInvocations
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /agents/auth/{id}
method: get
operationId: getAgentsAuthById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /agents/auth/{id}
method: delete
operationId: deleteAgentsAuthById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /agents/auth/invocations/{invocation_id}
method: get
operationId: getAgentsAuthInvocationsInvocationId
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /agents/auth/invocations/{invocation_id}/exchange
method: post
operationId: postAgentsAuthInvocationsExchange
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /agents/auth/invocations/{invocation_id}/submit
method: post
operationId: postAgentsAuthInvocationsSubmit
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /credentials
method: post
operationId: postCredentials
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /credentials
method: get
operationId: getCredentials
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /credentials/{id_or_name}
method: get
operationId: getCredentialByIdOrName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /credentials/{id_or_name}
method: patch
operationId: patchCredentialByIdOrName
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /credentials/{id_or_name}
method: delete
operationId: deleteCredentialByIdOrName
# --- truncated at 32 KB (39 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/kernel-so/refs/heads/main/agentic-access/kernel-so-agentic-access.yml