lakeFS Agentic Access
lakeFS exposes 134 API operations that an AI agent could call, of which 71 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 63 read, 67 write, 2 physical, and 2 safety-critical.
2 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| PUT | /repositories/{repository}/branches/{branch} | safety-critical | required |
| PUT | /repositories/{repository}/branches/{branch}/hard_reset | safety-critical | required |
| PUT | /auth/groups/{groupId}/members/{userId} | physical | conditional |
| DELETE | /auth/groups/{groupId}/members/{userId} | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/lakefs-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 134
by_action_class:
acting: 71
connected: 63
by_consequence:
write: 67
read: 63
physical: 2
safety-critical: 2
human_in_the_loop_required: 2
operations:
- path: /setup_comm_prefs
method: post
operationId: setupCommPrefs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /setup_lakefs
method: get
operationId: getSetupState
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /setup_lakefs
method: post
operationId: setup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /user
method: get
operationId: getCurrentUser
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/login
method: post
operationId: login
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/external/principal/login
method: post
operationId: externalPrincipalLogin
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sts/login
method: post
operationId: stsLogin
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/capabilities
method: get
operationId: getAuthCapabilities
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/users
method: get
operationId: listUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/users
method: post
operationId: createUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/users/{userId}
method: get
operationId: getUser
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/users/{userId}
method: delete
operationId: deleteUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/groups
method: get
operationId: listGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/groups
method: post
operationId: createGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/groups/{groupId}
method: get
operationId: getGroup
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/groups/{groupId}
method: delete
operationId: deleteGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/policies
method: get
operationId: listPolicies
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/policies
method: post
operationId: createPolicy
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/policies/{policyId}
method: get
operationId: getPolicy
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/policies/{policyId}
method: put
operationId: updatePolicy
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/policies/{policyId}
method: delete
operationId: deletePolicy
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/groups/{groupId}/members
method: get
operationId: listGroupMembers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/groups/{groupId}/members/{userId}
method: put
operationId: addGroupMembership
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/groups/{groupId}/members/{userId}
method: delete
operationId: deleteGroupMembership
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/users/{userId}/credentials
method: get
operationId: listUserCredentials
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/users/{userId}/credentials
method: post
operationId: createCredentials
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/users/{userId}/credentials/{accessKeyId}
method: delete
operationId: deleteCredentials
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/users/{userId}/credentials/{accessKeyId}
method: get
operationId: getCredentials
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/users/{userId}/groups
method: get
operationId: listUserGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/users/{userId}/policies
method: get
operationId: listUserPolicies
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/users/{userId}/policies/{policyId}
method: put
operationId: attachPolicyToUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/users/{userId}/policies/{policyId}
method: delete
operationId: detachPolicyFromUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/users/{userId}/external/principals
method: post
operationId: createUserExternalPrincipal
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/users/{userId}/external/principals
method: delete
operationId: deleteUserExternalPrincipal
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/users/{userId}/external/principals/ls
method: get
operationId: listUserExternalPrincipals
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/external/principals
method: get
operationId: getExternalPrincipal
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/groups/{groupId}/policies
method: get
operationId: listGroupPolicies
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /auth/groups/{groupId}/policies/{policyId}
method: put
operationId: attachPolicyToGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/groups/{groupId}/policies/{policyId}
method: delete
operationId: detachPolicyFromGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/groups/{groupId}/acl
method: post
operationId: setGroupACL
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /auth/groups/{groupId}/acl
method: get
operationId: getGroupACL
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories
method: get
operationId: listRepositories
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories
method: post
operationId: createRepository
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}
method: get
operationId: getRepository
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}
method: delete
operationId: deleteRepository
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/metadata
method: get
operationId: getRepositoryMetadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/metadata
method: post
operationId: setRepositoryMetadata
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/metadata
method: delete
operationId: deleteRepositoryMetadata
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/settings/gc_rules
method: get
operationId: getGCRules
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/settings/gc_rules
method: put
operationId: setGCRules
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/settings/gc_rules
method: delete
operationId: deleteGCRules
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/settings/branch_protection
method: get
operationId: getBranchProtectionRules
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/settings/branch_protection
method: put
operationId: setBranchProtectionRules
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/refs/dump
method: put
operationId: dumpRefs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/refs/restore
method: put
operationId: restoreRefs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/dump
method: post
operationId: dumpSubmit
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/dump
method: get
operationId: dumpStatus
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/restore
method: post
operationId: restoreSubmit
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/restore
method: get
operationId: restoreStatus
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/tags
method: get
operationId: listTags
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/tags
method: post
operationId: createTag
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/tags/{tag}
method: get
operationId: getTag
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/tags/{tag}
method: delete
operationId: deleteTag
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches
method: get
operationId: listBranches
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/branches
method: post
operationId: createBranch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/refs/{ref}/commits
method: get
operationId: logCommits
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/branches/{branch}/commits
method: post
operationId: commit
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/commits
method: post
operationId: CreateCommitRecord
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}
method: get
operationId: getBranch
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/branches/{branch}
method: delete
operationId: deleteBranch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}
method: put
operationId: resetBranch
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /repositories/{repository}/branches/{branch}/hard_reset
method: put
operationId: hardResetBranch
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /repositories/{repository}/branches/{branch}/revert
method: post
operationId: revertBranch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/cherry-pick
method: post
operationId: cherryPick
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/refs/{sourceRef}/merge/{destinationBranch}
method: post
operationId: mergeIntoBranch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/refs/{sourceRef}/merge/{destinationBranch}
method: get
operationId: findMergeBase
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/branches/{branch}/diff
method: get
operationId: diffBranch
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/refs/{leftRef}/diff/{rightRef}
method: get
operationId: diffRefs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/commits/{commitId}
method: get
operationId: getCommit
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/refs/{ref}/objects
method: get
operationId: getObject
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/refs/{ref}/objects
method: head
operationId: headObject
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/branches/{branch}/staging/pmpu
method: post
operationId: createPresignMultipartUpload
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId}
method: put
operationId: completePresignMultipartUpload
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId}
method: delete
operationId: abortPresignMultipartUpload
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId}/parts/{partNumber}
method: put
operationId: uploadPart
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId}/parts/{partNumber}/copy
method: put
operationId: uploadPartCopy
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/staging/backing
method: get
operationId: getPhysicalAddress
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/branches/{branch}/staging/backing
method: put
operationId: linkPhysicalAddress
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/import
method: get
operationId: importStatus
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/branches/{branch}/import
method: post
operationId: importStart
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/import
method: delete
operationId: importCancel
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/objects/stage_allowed
method: get
operationId: uploadObjectPreflight
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/branches/{branch}/objects
method: put
operationId: stageObject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/objects
method: post
operationId: uploadObject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/objects
method: delete
operationId: deleteObject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/objects/delete
method: post
operationId: deleteObjects
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/branches/{branch}/objects/copy
method: post
operationId: copyObject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/refs/{ref}/objects/stat
method: get
operationId: statObject
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/branches/{branch}/objects/stat/user_metadata
method: put
operationId: updateObjectUserMetadata
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/refs/{ref}/objects/underlyingProperties
method: get
operationId: getUnderlyingProperties
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/refs/{ref}/objects/ls
method: get
operationId: listObjects
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/refs/{branch}/symlink
method: post
operationId: createSymlinkFile
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /repositories/{repository}/actions/runs
method: get
operationId: listRepositoryRuns
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/actions/runs/{run_id}
method: get
operationId: getRun
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/actions/runs/{run_id}/hooks
method: get
operationId: listRunHooks
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /repositories/{repository}/actions/runs/{run_id}/hooks/{hook_run_id}/output
method: get
operationId: getRunHookOutput
x-agentic-access:
action-class: connected
# --- truncated at 32 KB (39 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/lakefs/refs/heads/main/agentic-access/lakefs-agentic-access.yml