Publishes a Google Tag Manager container version and notifies the marketing analytics Slack channel of the deployment.

naftiko: '0.5'
info:
  label: Google Tag Manager Container Version Publish
  description: Publishes a Google Tag Manager container version and notifies the marketing analytics Slack channel of the deployment.
  tags:
  - marketing
  - analytics
  - google-tag-manager
  - slack
capability:
  exposes:
  - type: mcp
    namespace: martech-ops
    port: 8080
    tools:
    - name: publish-gtm-version
      description: Given a GTM account, container, and version IDs, publish the container version and notify the analytics Slack channel.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: GTM account ID.
      - name: container_id
        in: body
        type: string
        description: GTM container ID.
      - name: version_id
        in: body
        type: string
        description: GTM container version ID.
      steps:
      - name: publish-version
        type: call
        call: gtm.publish-version
        with:
          account_id: '{{account_id}}'
          container_id: '{{container_id}}'
          version_id: '{{version_id}}'
      - name: notify-slack
        type: call
        call: slack.post-message
        with:
          channel: marketing-analytics
          text: GTM container {{container_id}} version {{version_id}} published successfully.
  consumes:
  - type: http
    namespace: gtm
    baseUri: https://www.googleapis.com/tagmanager/v2
    authentication:
      type: bearer
      token: $secrets.google_gtm_token
    resources:
    - name: versions
      path: /accounts/{{account_id}}/containers/{{container_id}}/versions/{{version_id}}:publish
      inputParameters:
      - name: account_id
        in: path
      - name: container_id
        in: path
      - name: version_id
        in: path
      operations:
      - name: publish-version
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When New Relic triggers a critical alert condition, creates a Jira incident ticket and notifies the on-call team via Slack.

naftiko: '0.5'
info:
  label: New Relic Alert to Jira
  description: When New Relic triggers a critical alert condition, creates a Jira incident ticket and notifies the on-call team via Slack.
  tags:
  - monitoring
  - incident-management
  - new-relic
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: observability-ops
    port: 8080
    tools:
    - name: handle-newrelic-alert
      description: Given a New Relic alert condition ID and violation details, create a Jira incident and alert the on-call Slack channel.
      inputParameters:
      - name: condition_id
        in: body
        type: string
        description: New Relic alert condition ID.
      - name: violation_url
        in: body
        type: string
        description: New Relic violation URL.
      - name: entity_name
        in: body
        type: string
        description: Affected entity name.
      steps:
      - name: create-jira
        type: call
        call: jira.create-issue
        with:
          project_key: OPS
          issuetype: Bug
          summary: 'New Relic alert: {{entity_name}}'
          description: 'Condition {{condition_id}} violated. Details: {{violation_url}}'
      - name: notify-oncall
        type: call
        call: slack.post-message
        with:
          channel: oncall-alerts
          text: 'New Relic critical alert on {{entity_name}} | Jira: {{create-jira.key}} | {{violation_url}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Triggers SAP S/4HANA month-end financial close for Adobe's fiscal period, validates journal completeness, and notifies the finance team via Teams.

naftiko: '0.5'
info:
  label: Monthly Financial Period Close
  description: Triggers SAP S/4HANA month-end financial close for Adobe's fiscal period, validates journal completeness, and notifies the finance team via Teams.
  tags:
  - finance
  - erp
  - period-close
  - sap
  - accounting
capability:
  exposes:
  - type: mcp
    namespace: finance-close
    port: 8080
    tools:
    - name: trigger-period-close
      description: Given a fiscal period and company code, initiate the SAP period close sequence and validate journal postings. Post completion status to the finance Teams channel. Use at month end to automate the financial close workflow.
      inputParameters:
      - name: fiscal_period
        in: body
        type: string
        description: Fiscal period in YYYYPP format, e.g. '202603'.
      - name: company_code
        in: body
        type: string
        description: SAP company code, e.g. 'ADBE'.
      - name: finance_channel_id
        in: body
        type: string
        description: Finance Teams channel ID.
      steps:
      - name: close-period
        type: call
        call: sap-fi.close-period
        with:
          fiscal_period: '{{fiscal_period}}'
          company_code: '{{company_code}}'
      - name: validate-journals
        type: call
        call: sap-journals.check-completeness
        with:
          fiscal_period: '{{fiscal_period}}'
          company_code: '{{company_code}}'
      - name: notify-finance
        type: call
        call: msteams-finance.post-channel-message
        with:
          channel_id: '{{finance_channel_id}}'
          text: 'Period {{fiscal_period}} close complete for {{company_code}}. Journal status: {{validate-journals.status}} | Open items: {{validate-journals.open_count}}'
  consumes:
  - type: http
    namespace: sap-fi
    baseUri: https://adobe-s4.sap.com/sap/opu/odata/sap/FAR_PERIOD_CLOSE_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: period-close
      path: /PeriodClose
      operations:
      - name: close-period
        method: POST
  - type: http
    namespace: sap-journals
    baseUri: https://adobe-s4.sap.com/sap/opu/odata/sap/FAR_JOURNAL_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: journal-validation
      path: /JournalEntryCompleteness
      inputParameters:
      - name: fiscal_period
        in: query
      - name: company_code
        in: query
      operations:
      - name: check-completeness
        method: GET
  - type: http
    namespace: msteams-finance
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves the status of a Salesforce Marketing Cloud journey by journey ID, returning active contacts and completion rate.

naftiko: '0.5'
info:
  label: Salesforce Marketing Cloud Journey Status
  description: Retrieves the status of a Salesforce Marketing Cloud journey by journey ID, returning active contacts and completion rate.
  tags:
  - marketing
  - customer-engagement
  - salesforce-marketing-cloud
capability:
  exposes:
  - type: mcp
    namespace: marketing-ops
    port: 8080
    tools:
    - name: get-journey-status
      description: Given a Salesforce Marketing Cloud journey ID, return the journey status, active contact count, and completion rate.
      inputParameters:
      - name: journey_id
        in: body
        type: string
        description: Marketing Cloud journey ID.
      call: sfmc.get-journey
      with:
        journey_id: '{{journey_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: active_contacts
        type: integer
        mapping: $.stats.activeContacts
      - name: completion_rate
        type: number
        mapping: $.stats.completionRate
  consumes:
  - type: http
    namespace: sfmc
    baseUri: https://adobe.rest.marketingcloudapis.com
    authentication:
      type: bearer
      token: $secrets.sfmc_token
    resources:
    - name: journeys
      path: /interaction/v1/interactions/{{journey_id}}
      inputParameters:
      - name: journey_id
        in: path
      operations:
      - name: get-journey
        method: GET

Fetches a Salesforce contact record and syncs enriched fields (title, phone, company) into HubSpot for marketing campaigns.

naftiko: '0.5'
info:
  label: HubSpot Contact Enrichment from Salesforce
  description: Fetches a Salesforce contact record and syncs enriched fields (title, phone, company) into HubSpot for marketing campaigns.
  tags:
  - marketing
  - crm
  - hubspot
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: marketing-sync
    port: 8080
    tools:
    - name: enrich-hubspot-contact
      description: Given a Salesforce contact ID, fetch enriched fields and upsert them into the matching HubSpot contact record.
      inputParameters:
      - name: sf_contact_id
        in: body
        type: string
        description: Salesforce contact ID.
      steps:
      - name: get-sf-contact
        type: call
        call: salesforce.get-contact
        with:
          contact_id: '{{sf_contact_id}}'
      - name: upsert-hubspot
        type: call
        call: hubspot.upsert-contact
        with:
          email: '{{get-sf-contact.Email}}'
          properties:
            firstname: '{{get-sf-contact.FirstName}}'
            lastname: '{{get-sf-contact.LastName}}'
            jobtitle: '{{get-sf-contact.Title}}'
            company: '{{get-sf-contact.Account.Name}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /sobjects/Contact/{{contact_id}}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: get-contact
        method: GET
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /crm/v3/objects/contacts
      operations:
      - name: upsert-contact
        method: POST

Retrieves all Okta group memberships for a given user, returning group names and IDs for access review.

naftiko: '0.5'
info:
  label: Okta User Group Membership Lookup
  description: Retrieves all Okta group memberships for a given user, returning group names and IDs for access review.
  tags:
  - identity
  - access-management
  - okta
capability:
  exposes:
  - type: mcp
    namespace: iam
    port: 8080
    tools:
    - name: get-user-groups
      description: Given an Okta user ID, return all group memberships with group names and IDs. Use for quarterly access reviews and provisioning audits.
      inputParameters:
      - name: user_id
        in: body
        type: string
        description: Okta user ID.
      call: okta.list-user-groups
      with:
        user_id: '{{user_id}}'
      outputParameters:
      - name: groups
        type: array
        mapping: $.[*].profile.name
  consumes:
  - type: http
    namespace: okta
    baseUri: https://adobe.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: user-groups
      path: /users/{{user_id}}/groups
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: list-user-groups
        method: GET

Fetches all completed Jira issues for a version, formats release notes, and publishes them as a Confluence page.

naftiko: '0.5'
info:
  label: Jira Release Notes Generator
  description: Fetches all completed Jira issues for a version, formats release notes, and publishes them as a Confluence page.
  tags:
  - engineering
  - release-management
  - jira
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: release-ops
    port: 8080
    tools:
    - name: generate-release-notes
      description: Given a Jira project key and version name, fetch all resolved issues and create a Confluence release notes page.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: Jira project key.
      - name: version_name
        in: body
        type: string
        description: Jira fix version name.
      - name: confluence_space
        in: body
        type: string
        description: Confluence space key for release notes.
      steps:
      - name: get-issues
        type: call
        call: jira.search-issues
        with:
          jql: project={{project_key}} AND fixVersion='{{version_name}}' AND status=Done
      - name: create-page
        type: call
        call: confluence.create-content
        with:
          space_key: '{{confluence_space}}'
          title: Release Notes - {{version_name}}
          body: '{{get-issues.formatted_notes}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search-issues
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://adobe.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-content
        method: POST

Retrieves a payroll preview from ADP Workforce Now for a given pay period, returning gross pay, deductions, and net pay totals.

naftiko: '0.5'
info:
  label: ADP Payroll Preview Lookup
  description: Retrieves a payroll preview from ADP Workforce Now for a given pay period, returning gross pay, deductions, and net pay totals.
  tags:
  - hr
  - payroll
  - adp
capability:
  exposes:
  - type: mcp
    namespace: payroll-ops
    port: 8080
    tools:
    - name: get-payroll-preview
      description: Given an ADP pay period ID, return the payroll preview with gross pay, total deductions, and net pay.
      inputParameters:
      - name: pay_period_id
        in: body
        type: string
        description: ADP pay period identifier.
      call: adp.get-payroll-preview
      with:
        pay_period_id: '{{pay_period_id}}'
      outputParameters:
      - name: gross_pay
        type: number
        mapping: $.payrollPreview.grossPay.amount
      - name: deductions
        type: number
        mapping: $.payrollPreview.totalDeductions.amount
      - name: net_pay
        type: number
        mapping: $.payrollPreview.netPay.amount
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: payroll
      path: /payroll-previews/{{pay_period_id}}
      inputParameters:
      - name: pay_period_id
        in: path
      operations:
      - name: get-payroll-preview
        method: GET

Enrolls a qualified Salesforce lead in a Marketo product-specific nurture program based on their Creative Cloud trial activity.

naftiko: '0.5'
info:
  label: Marketo Lead Nurture Enrollment from Salesforce
  description: Enrolls a qualified Salesforce lead in a Marketo product-specific nurture program based on their Creative Cloud trial activity.
  tags:
  - marketing
  - salesforce
  - marketo
  - lead-nurture
  - creative-cloud
capability:
  exposes:
  - type: mcp
    namespace: lead-nurture
    port: 8080
    tools:
    - name: enroll-lead-in-nurture
      description: Given a Salesforce lead ID and Marketo program ID, retrieve the lead's details from Salesforce and enroll them in the specified Marketo nurture program. Use when a Creative Cloud trial lead qualifies for a nurture track.
      inputParameters:
      - name: salesforce_lead_id
        in: body
        type: string
        description: Salesforce lead record ID.
      - name: marketo_program_id
        in: body
        type: string
        description: Marketo program ID for the nurture campaign.
      steps:
      - name: get-lead
        type: call
        call: salesforce-leads.get-lead
        with:
          lead_id: '{{salesforce_lead_id}}'
      - name: enroll-in-program
        type: call
        call: marketo-programs.add-to-program
        with:
          email: '{{get-lead.Email}}'
          first_name: '{{get-lead.FirstName}}'
          last_name: '{{get-lead.LastName}}'
          program_id: '{{marketo_program_id}}'
  consumes:
  - type: http
    namespace: salesforce-leads
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{{lead_id}}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: get-lead
        method: GET
  - type: http
    namespace: marketo-programs
    baseUri: https://adobe.mktorest.com/rest/v1
    authentication:
      type: bearer
      token: $secrets.marketo_token
    resources:
    - name: program-members
      path: /leads/programs/{{program_id}}.json
      inputParameters:
      - name: program_id
        in: path
      operations:
      - name: add-to-program
        method: POST

Retrieves performance insights for a Meta (Facebook) advertising campaign, returning reach, impressions, spend, and conversions.

naftiko: '0.5'
info:
  label: Meta Ads Campaign Report
  description: Retrieves performance insights for a Meta (Facebook) advertising campaign, returning reach, impressions, spend, and conversions.
  tags:
  - marketing
  - advertising
  - meta
  - facebook
capability:
  exposes:
  - type: mcp
    namespace: paid-media
    port: 8080
    tools:
    - name: get-meta-campaign-report
      description: Given a Meta ad campaign ID, return reach, impressions, spend, and conversion count for the specified date range.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: Meta Ads campaign ID.
      - name: date_preset
        in: body
        type: string
        description: Date preset (e.g., last_7d, last_30d).
      call: meta-ads.get-insights
      with:
        campaign_id: '{{campaign_id}}'
        date_preset: '{{date_preset}}'
      outputParameters:
      - name: reach
        type: integer
        mapping: $.data[0].reach
      - name: impressions
        type: integer
        mapping: $.data[0].impressions
      - name: spend
        type: string
        mapping: $.data[0].spend
  consumes:
  - type: http
    namespace: meta-ads
    baseUri: https://graph.facebook.com/v18.0
    authentication:
      type: bearer
      token: $secrets.meta_ads_token
    resources:
    - name: insights
      path: /{{campaign_id}}/insights
      inputParameters:
      - name: campaign_id
        in: path
      operations:
      - name: get-insights
        method: GET

Triggers a Terraform Cloud plan to detect infrastructure drift and, if drift is found, creates a Jira ticket and alerts the infra Slack channel.

naftiko: '0.5'
info:
  label: Terraform Drift Detection Alert
  description: Triggers a Terraform Cloud plan to detect infrastructure drift and, if drift is found, creates a Jira ticket and alerts the infra Slack channel.
  tags:
  - infrastructure
  - iac
  - terraform
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: infra-ops
    port: 8080
    tools:
    - name: detect-terraform-drift
      description: Given a Terraform Cloud workspace ID, trigger a speculative plan. If drift is detected, create a Jira ticket and alert the infra Slack channel.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: Terraform Cloud workspace ID.
      steps:
      - name: trigger-plan
        type: call
        call: terraform.create-run
        with:
          workspace_id: '{{workspace_id}}'
          is_destroy: false
          message: Automated drift detection
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: INFRA
          issuetype: Task
          summary: Terraform drift detected in workspace {{workspace_id}}
          description: 'Plan run: {{trigger-plan.id}}'
      - name: alert-infra
        type: call
        call: slack.post-message
        with:
          channel: infra-alerts
          text: 'Drift detected in Terraform workspace {{workspace_id}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: create-run
        method: POST
  - type: http
    namespace: jira
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Invokes an AWS Lambda function with a JSON payload and returns the function response.

naftiko: '0.5'
info:
  label: AWS Lambda Function Invoke
  description: Invokes an AWS Lambda function with a JSON payload and returns the function response.
  tags:
  - cloud
  - serverless
  - aws
  - aws-lambda
capability:
  exposes:
  - type: mcp
    namespace: serverless-ops
    port: 8080
    tools:
    - name: invoke-lambda
      description: Given an AWS Lambda function name and JSON payload, invoke the function synchronously and return the response. Use for ad-hoc serverless task execution.
      inputParameters:
      - name: function_name
        in: body
        type: string
        description: Lambda function name or ARN.
      - name: payload
        in: body
        type: string
        description: JSON payload for the function.
      call: lambda.invoke-function
      with:
        function_name: '{{function_name}}'
        payload: '{{payload}}'
      outputParameters:
      - name: status_code
        type: integer
        mapping: $.StatusCode
      - name: response
        type: string
        mapping: $.Payload
  consumes:
  - type: http
    namespace: lambda
    baseUri: https://lambda.us-east-1.amazonaws.com/2015-03-31
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: functions
      path: /functions/{{function_name}}/invocations
      inputParameters:
      - name: function_name
        in: path
      operations:
      - name: invoke-function
        method: POST

Retrieves the signing status of an Adobe Sign agreement by agreement ID, returning signer details and completion percentage.

naftiko: '0.5'
info:
  label: Adobe Sign Document Status
  description: Retrieves the signing status of an Adobe Sign agreement by agreement ID, returning signer details and completion percentage.
  tags:
  - legal
  - document-signing
  - adobe
capability:
  exposes:
  - type: mcp
    namespace: legal-ops
    port: 8080
    tools:
    - name: get-agreement-status
      description: Given an Adobe Sign agreement ID, return the current status, list of signers, and completion percentage. Use for contract tracking.
      inputParameters:
      - name: agreement_id
        in: body
        type: string
        description: Adobe Sign agreement ID.
      call: adobe-sign.get-agreement
      with:
        agreement_id: '{{agreement_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: signers
        type: array
        mapping: $.participantSetsInfo[*].memberInfos[*].email
      - name: completion_pct
        type: number
        mapping: $.completionPercentage
  consumes:
  - type: http
    namespace: adobe-sign
    baseUri: https://api.na1.adobesign.com/api/rest/v6
    authentication:
      type: bearer
      token: $secrets.adobe_sign_token
    resources:
    - name: agreements
      path: /agreements/{{agreement_id}}
      inputParameters:
      - name: agreement_id
        in: path
      operations:
      - name: get-agreement
        method: GET

At sprint close, fetches Jira velocity metrics, refreshes the Power BI agile dashboard, and posts a sprint summary to the engineering Teams channel.

naftiko: '0.5'
info:
  label: Jira Sprint Velocity Report Publication
  description: At sprint close, fetches Jira velocity metrics, refreshes the Power BI agile dashboard, and posts a sprint summary to the engineering Teams channel.
  tags:
  - devops
  - jira
  - agile
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: agile-reporting
    port: 8080
    tools:
    - name: publish-sprint-velocity
      description: Given a Jira board ID and sprint ID, retrieve completed story points and velocity metrics, refresh the Power BI agile dashboard, and post a sprint summary to the engineering Teams channel. Use at each sprint close.
      inputParameters:
      - name: board_id
        in: body
        type: string
        description: Jira software board ID.
      - name: sprint_id
        in: body
        type: string
        description: Completed sprint ID.
      - name: pbi_dataset_id
        in: body
        type: string
        description: Power BI dataset ID for the agile velocity dashboard.
      - name: eng_channel_id
        in: body
        type: string
        description: Engineering Teams channel ID.
      steps:
      - name: get-sprint-metrics
        type: call
        call: jira-agile.get-sprint-report
        with:
          board_id: '{{board_id}}'
          sprint_id: '{{sprint_id}}'
      - name: refresh-pbi-agile
        type: call
        call: powerbi-agile.trigger-refresh
        with:
          dataset_id: '{{pbi_dataset_id}}'
      - name: post-summary
        type: call
        call: msteams-agile.post-channel-message
        with:
          channel_id: '{{eng_channel_id}}'
          text: 'Sprint {{sprint_id}} closed. Velocity: {{get-sprint-metrics.completed_points}} pts | Completion: {{get-sprint-metrics.completion_rate}}% | Dashboard refreshed.'
  consumes:
  - type: http
    namespace: jira-agile
    baseUri: https://adobe.atlassian.net/rest/agile/1.0
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: sprint-issues
      path: /board/{{board_id}}/sprint/{{sprint_id}}/issue
      inputParameters:
      - name: board_id
        in: path
      - name: sprint_id
        in: path
      operations:
      - name: get-sprint-report
        method: GET
  - type: http
    namespace: powerbi-agile
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msteams-agile
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When a Figma file is updated, posts a review request to the design team Slack channel with a link to the file.

naftiko: '0.5'
info:
  label: Figma Design Review Notification
  description: When a Figma file is updated, posts a review request to the design team Slack channel with a link to the file.
  tags:
  - design
  - collaboration
  - figma
  - slack
capability:
  exposes:
  - type: mcp
    namespace: design-ops
    port: 8080
    tools:
    - name: notify-design-review
      description: Given a Figma file key and reviewer channel, fetch file metadata and post a review request to Slack.
      inputParameters:
      - name: file_key
        in: body
        type: string
        description: Figma file key.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for design reviews.
      steps:
      - name: get-file
        type: call
        call: figma.get-file
        with:
          file_key: '{{file_key}}'
      - name: post-review
        type: call
        call: slack.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Design review requested: {{get-file.name}} — https://www.figma.com/file/{{file_key}}'
  consumes:
  - type: http
    namespace: figma
    baseUri: https://api.figma.com/v1
    authentication:
      type: bearer
      token: $secrets.figma_token
    resources:
    - name: files
      path: /files/{{file_key}}
      inputParameters:
      - name: file_key
        in: path
      operations:
      - name: get-file
        method: GET
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Exports an Adobe Analytics segment audience to a CSV in Amazon S3 for downstream activation in marketing platforms.

naftiko: '0.5'
info:
  label: Adobe Analytics Segment Export
  description: Exports an Adobe Analytics segment audience to a CSV in Amazon S3 for downstream activation in marketing platforms.
  tags:
  - analytics
  - adobe-analytics
  - amazon-s3
capability:
  exposes:
  - type: mcp
    namespace: analytics-ops
    port: 8080
    tools:
    - name: export-analytics-segment
      description: Given an Adobe Analytics segment ID, export the audience to a CSV file in S3. Use when marketing needs a fresh audience list for campaign targeting.
      inputParameters:
      - name: segment_id
        in: body
        type: string
        description: Adobe Analytics segment ID.
      - name: s3_bucket
        in: body
        type: string
        description: Target S3 bucket name.
      steps:
      - name: fetch-segment
        type: call
        call: adobe-analytics.get-segment
        with:
          segment_id: '{{segment_id}}'
      - name: upload-csv
        type: call
        call: s3.put-object
        with:
          bucket: '{{s3_bucket}}'
          key: segments/{{segment_id}}/export.csv
          body: '{{fetch-segment.data}}'
  consumes:
  - type: http
    namespace: adobe-analytics
    baseUri: https://analytics.adobe.io/api
    authentication:
      type: bearer
      token: $secrets.adobe_analytics_token
    resources:
    - name: segments
      path: /segments/{{segment_id}}
      inputParameters:
      - name: segment_id
        in: path
      operations:
      - name: get-segment
        method: GET
  - type: http
    namespace: s3
    baseUri: https://s3.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: objects
      path: /{{bucket}}/{{key}}
      inputParameters:
      - name: bucket
        in: path
      - name: key
        in: path
      operations:
      - name: put-object
        method: PUT

Retrieves a goods receipt document from SAP S/4HANA by document number and returns quantity, posting date, and material details.

naftiko: '0.5'
info:
  label: SAP Goods Receipt Verification
  description: Retrieves a goods receipt document from SAP S/4HANA by document number and returns quantity, posting date, and material details.
  tags:
  - procurement
  - erp
  - sap
capability:
  exposes:
  - type: mcp
    namespace: erp-ops
    port: 8080
    tools:
    - name: get-goods-receipt
      description: Given a SAP goods receipt document number, return posting date, material, quantity, and plant. Use for three-way match verification.
      inputParameters:
      - name: document_number
        in: body
        type: string
        description: SAP goods receipt document number.
      call: sap.get-goods-receipt
      with:
        doc_number: '{{document_number}}'
      outputParameters:
      - name: posting_date
        type: string
        mapping: $.d.PostingDate
      - name: material
        type: string
        mapping: $.d.Material
      - name: quantity
        type: number
        mapping: $.d.Quantity
  consumes:
  - type: http
    namespace: sap
    baseUri: https://adobe-s4.sap.com/sap/opu/odata/sap/API_MATERIAL_DOCUMENT_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: material-documents
      path: /A_MaterialDocumentHeader('{{doc_number}}')
      inputParameters:
      - name: doc_number
        in: path
      operations:
      - name: get-goods-receipt
        method: GET

When AWS Cost Anomaly Detection raises a critical alert, creates a Datadog event, opens a Jira FinOps ticket, and posts to the cloud-finops Teams channel.

naftiko: '0.5'
info:
  label: Cloud Cost Anomaly Response
  description: When AWS Cost Anomaly Detection raises a critical alert, creates a Datadog event, opens a Jira FinOps ticket, and posts to the cloud-finops Teams channel.
  tags:
  - finops
  - cloud
  - aws
  - datadog
  - jira
capability:
  exposes:
  - type: mcp
    namespace: cloud-finops
    port: 8080
    tools:
    - name: handle-cost-anomaly
      description: Given an AWS cost anomaly ID, service, and estimated overage, create a Datadog warning event, open a Jira FinOps task, and alert the cloud-finops Teams channel. Use when AWS Cost Anomaly Detection triggers above threshold.
      inputParameters:
      - name: anomaly_id
        in: body
        type: string
        description: AWS Cost Anomaly Detection anomaly ID.
      - name: service_name
        in: body
        type: string
        description: AWS service generating the anomaly.
      - name: estimated_overage_usd
        in: body
        type: number
        description: Estimated cost overage in USD.
      - name: finops_channel_id
        in: body
        type: string
        description: FinOps Teams channel ID.
      steps:
      - name: create-dd-event
        type: call
        call: datadog-finops.create-event
        with:
          title: 'AWS Cost Anomaly: {{service_name}}'
          text: Anomaly {{anomaly_id}} — overage ${{estimated_overage_usd}}
          alert_type: warning
      - name: open-jira
        type: call
        call: jira-finops.create-issue
        with:
          project_key: FINOPS
          issuetype: Task
          summary: 'Cost anomaly: {{service_name}} +${{estimated_overage_usd}}'
          description: 'Anomaly {{anomaly_id}}. Datadog: {{create-dd-event.id}}'
      - name: alert-finops
        type: call
        call: msteams-finops.post-channel-message
        with:
          channel_id: '{{finops_channel_id}}'
          text: 'AWS Cost Anomaly on {{service_name}}: +${{estimated_overage_usd}} | Jira: {{open-jira.key}} | Datadog: {{create-dd-event.url}}'
  consumes:
  - type: http
    namespace: datadog-finops
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: jira-finops
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams-finops
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves Datadog SLO compliance metrics for Adobe's core services, publishes to Power BI, and emails the SLO report to engineering leadership.

naftiko: '0.5'
info:
  label: Datadog SLO Compliance Report
  description: Retrieves Datadog SLO compliance metrics for Adobe's core services, publishes to Power BI, and emails the SLO report to engineering leadership.
  tags:
  - observability
  - datadog
  - slo
  - reporting
  - engineering
capability:
  exposes:
  - type: mcp
    namespace: slo-reporting
    port: 8080
    tools:
    - name: publish-slo-report
      description: Given a time window and Power BI dataset ID, fetch SLO compliance metrics for all monitored services from Datadog, trigger a Power BI refresh, and email the SLO summary to engineering leadership. Use weekly for reliability review meetings.
      inputParameters:
      - name: from_ts
        in: body
        type: integer
        description: Unix timestamp for the start of the SLO measurement period.
      - name: to_ts
        in: body
        type: integer
        description: Unix timestamp for the end of the SLO measurement period.
      - name: pbi_dataset_id
        in: body
        type: string
        description: Power BI dataset ID for the SLO dashboard.
      - name: engineering_email
        in: body
        type: string
        description: Engineering leadership email for the SLO report.
      steps:
      - name: get-slos
        type: call
        call: datadog-slo.get-slo-history
        with:
          from_ts: '{{from_ts}}'
          to_ts: '{{to_ts}}'
      - name: refresh-pbi-slo
        type: call
        call: powerbi-slo.trigger-refresh
        with:
          dataset_id: '{{pbi_dataset_id}}'
      - name: send-slo-report
        type: call
        call: msgraph-slo.send-email
        with:
          to: '{{engineering_email}}'
          subject: SLO Compliance Report
          body: 'Services meeting SLO: {{get-slos.compliant_count}} | Services breaching SLO: {{get-slos.breaching_count}} | Dashboard refreshed.'
  consumes:
  - type: http
    namespace: datadog-slo
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: slo-history
      path: /slo/history
      inputParameters:
      - name: from_ts
        in: query
      - name: to_ts
        in: query
      operations:
      - name: get-slo-history
        method: GET
  - type: http
    namespace: powerbi-slo
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph-slo
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /users/{{sender}}/sendMail
      operations:
      - name: send-email
        method: POST

Executes a read-only SQL query against Snowflake and returns the result set for ad-hoc analytics requests.

naftiko: '0.5'
info:
  label: Snowflake Query Execution
  description: Executes a read-only SQL query against Snowflake and returns the result set for ad-hoc analytics requests.
  tags:
  - data
  - analytics
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: run-snowflake-query
      description: Given a SQL query string, execute it against Snowflake and return the result rows. Use for ad-hoc data lookups by analysts and business users.
      inputParameters:
      - name: sql
        in: body
        type: string
        description: Read-only SQL query to execute.
      - name: warehouse
        in: body
        type: string
        description: Snowflake warehouse to use.
      call: snowflake.execute-statement
      with:
        statement: '{{sql}}'
        warehouse: '{{warehouse}}'
      outputParameters:
      - name: rows
        type: array
        mapping: $.data
      - name: row_count
        type: integer
        mapping: $.resultSetMetaData.numRows
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://adobe.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST

Retrieves headcount and payroll cost by cost center from Workday for use in monthly finance reporting and headcount planning.

naftiko: '0.5'
info:
  label: Workday Payroll Headcount Snapshot
  description: Retrieves headcount and payroll cost by cost center from Workday for use in monthly finance reporting and headcount planning.
  tags:
  - hr
  - payroll
  - workday
  - headcount
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: hr-payroll
    port: 8080
    tools:
    - name: get-headcount-snapshot
      description: Returns headcount and payroll cost grouped by cost center from Workday as of the specified date. Use for monthly finance reviews and headcount planning.
      inputParameters:
      - name: as_of_date
        in: body
        type: string
        description: Snapshot date in YYYY-MM-DD format.
      call: workday-hcm.get-headcount
      with:
        effective_date: '{{as_of_date}}'
      outputParameters:
      - name: total_headcount
        type: string
        mapping: $.Report_Entry[0].Total_Headcount
      - name: total_cost
        type: string
        mapping: $.Report_Entry[0].Total_Labor_Cost
  consumes:
  - type: http
    namespace: workday-hcm
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: headcount
      path: /reports/headcount_by_cost_center
      inputParameters:
      - name: effective_date
        in: query
      operations:
      - name: get-headcount
        method: GET

When Datadog fires a critical alert on a production service, opens a P1 ServiceNow incident, pages the on-call engineer via PagerDuty, and posts to the IT war-room Teams channel.

naftiko: '0.5'
info:
  label: IT P1 Incident Triage
  description: When Datadog fires a critical alert on a production service, opens a P1 ServiceNow incident, pages the on-call engineer via PagerDuty, and posts to the IT war-room Teams channel.
  tags:
  - itsm
  - incident-response
  - datadog
  - pagerduty
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: it-ops
    port: 8080
    tools:
    - name: handle-critical-alert
      description: Given a Datadog critical alert for a production Adobe service, create a P1 ServiceNow incident, trigger PagerDuty to page the on-call engineer, and post to the IT war-room Teams channel. Use when monitoring detects a critical service failure.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog monitor alert ID.
      - name: service_name
        in: body
        type: string
        description: Affected Adobe service name.
      - name: alert_message
        in: body
        type: string
        description: Human-readable alert description.
      - name: warroom_channel_id
        in: body
        type: string
        description: IT war-room Teams channel ID.
      steps:
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: P1 Alert — {{service_name}}
          description: 'Datadog alert {{alert_id}}: {{alert_message}}'
          priority: '1'
      - name: page-oncall
        type: call
        call: pagerduty.trigger-incident
        with:
          title: P1 — {{service_name}}
          severity: critical
          details: 'INC: {{create-incident.number}} | Alert: {{alert_id}}'
      - name: post-warroom
        type: call
        call: msteams-it.post-channel-message
        with:
          channel_id: '{{warroom_channel_id}}'
          text: 'P1 INCIDENT: {{service_name}} | INC: {{create-incident.number}} | PagerDuty: {{page-oncall.incident_key}} | {{alert_message}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://events.pagerduty.com/v2
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: enqueue
      path: /enqueue
      operations:
      - name: trigger-incident
        method: POST
  - type: http
    namespace: msteams-it
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Triggers a Terraform Cloud run to provision a new cloud environment for a product team, and notifies the DevOps Teams channel upon completion.

naftiko: '0.5'
info:
  label: Terraform Cloud Environment Provisioning
  description: Triggers a Terraform Cloud run to provision a new cloud environment for a product team, and notifies the DevOps Teams channel upon completion.
  tags:
  - devops
  - terraform
  - cloud
  - infrastructure
  - provisioning
capability:
  exposes:
  - type: mcp
    namespace: infra-provisioning
    port: 8080
    tools:
    - name: provision-cloud-environment
      description: Given a Terraform Cloud workspace ID and environment label, trigger a plan-and-apply run to provision cloud infrastructure and notify the DevOps Teams channel. Use when product teams need new cloud environments for development or staging.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: Terraform Cloud workspace ID.
      - name: environment_label
        in: body
        type: string
        description: Human-readable environment label, e.g. 'photoshop-staging'.
      - name: devops_channel_id
        in: body
        type: string
        description: DevOps Teams channel ID.
      steps:
      - name: trigger-run
        type: call
        call: terraform.create-run
        with:
          workspace_id: '{{workspace_id}}'
          message: Provisioning {{environment_label}}
          auto_apply: 'true'
      - name: notify-devops
        type: call
        call: msteams-devops.post-channel-message
        with:
          channel_id: '{{devops_channel_id}}'
          text: 'Terraform run triggered for {{environment_label}} (workspace {{workspace_id}}). Run ID: {{trigger-run.data.id}}'
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: create-run
        method: POST
  - type: http
    namespace: msteams-devops
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When a Salesforce support case is escalated to engineering, creates a Jira bug ticket and posts the link back into the Salesforce case notes.

naftiko: '0.5'
info:
  label: Salesforce Case Escalation to Jira
  description: When a Salesforce support case is escalated to engineering, creates a Jira bug ticket and posts the link back into the Salesforce case notes.
  tags:
  - support
  - engineering
  - salesforce
  - jira
capability:
  exposes:
  - type: mcp
    namespace: support-eng
    port: 8080
    tools:
    - name: escalate-case-to-jira
      description: Given a Salesforce case ID and severity, create a Jira engineering ticket and update the Salesforce case with the Jira link.
      inputParameters:
      - name: case_id
        in: body
        type: string
        description: Salesforce case ID.
      - name: severity
        in: body
        type: string
        description: Severity level (P1, P2, P3).
      - name: summary
        in: body
        type: string
        description: Brief summary of the engineering issue.
      steps:
      - name: create-jira-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '{{summary}}'
          priority: '{{severity}}'
          description: Escalated from Salesforce case {{case_id}}.
      - name: update-sf-case
        type: call
        call: salesforce.update-case
        with:
          case_id: '{{case_id}}'
          jira_link: '{{create-jira-ticket.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case/{{case_id}}
      inputParameters:
      - name: case_id
        in: path
      operations:
      - name: update-case
        method: PATCH

Retrieves the direct reports and manager chain for a Workday employee, returning names and titles.

naftiko: '0.5'
info:
  label: Workday Org Chart Lookup
  description: Retrieves the direct reports and manager chain for a Workday employee, returning names and titles.
  tags:
  - hr
  - workforce
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-ops
    port: 8080
    tools:
    - name: get-org-chart
      description: Given a Workday employee ID, return the manager name, manager title, and list of direct reports. Use for org chart queries and approval routing.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-worker
      with:
        employee_id: '{{employee_id}}'
      outputParameters:
      - name: manager_name
        type: string
        mapping: $.Worker.Manager.Name
      - name: manager_title
        type: string
        mapping: $.Worker.Manager.Title
      - name: direct_reports
        type: array
        mapping: $.Worker.DirectReports[*].Name
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/adobe
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: workers
      path: /Human_Resources/v40.0/Get_Workers
      operations:
      - name: get-worker
        method: GET

When a Salesforce opportunity moves to Closed-Won, fetches deal details and posts a celebration message to the sales wins Slack channel.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Update to Slack
  description: When a Salesforce opportunity moves to Closed-Won, fetches deal details and posts a celebration message to the sales wins Slack channel.
  tags:
  - sales
  - crm
  - salesforce
  - slack
capability:
  exposes:
  - type: mcp
    namespace: sales-ops
    port: 8080
    tools:
    - name: announce-closed-won
      description: Given a Salesforce opportunity ID, fetch deal details and post a win announcement to the Slack sales-wins channel.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: Salesforce opportunity ID.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: post-win
        type: call
        call: slack.post-message
        with:
          channel: sales-wins
          text: 'Deal Won: {{get-opportunity.Name}} — ${{get-opportunity.Amount}} | Account: {{get-opportunity.Account.Name}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Fetches a Google Analytics weekly traffic summary and posts the key metrics to a marketing Slack channel.

naftiko: '0.5'
info:
  label: Google Analytics Report to Slack
  description: Fetches a Google Analytics weekly traffic summary and posts the key metrics to a marketing Slack channel.
  tags:
  - marketing
  - analytics
  - google-analytics
  - slack
capability:
  exposes:
  - type: mcp
    namespace: marketing-analytics
    port: 8080
    tools:
    - name: post-weekly-traffic
      description: Fetch weekly Google Analytics traffic metrics and post a summary to the marketing Slack channel.
      inputParameters:
      - name: property_id
        in: body
        type: string
        description: Google Analytics property ID.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for the report.
      steps:
      - name: get-report
        type: call
        call: ga.run-report
        with:
          property_id: '{{property_id}}'
          date_range: last7days
      - name: post-slack
        type: call
        call: slack.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Weekly traffic: {{get-report.sessions}} sessions, {{get-report.users}} users, {{get-report.bounce_rate}}% bounce rate'
  consumes:
  - type: http
    namespace: ga
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /properties/{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a compensation change is approved in Workday, sends a confirmation email to the employee and notifies HR via Microsoft Teams.

naftiko: '0.5'
info:
  label: Workday Compensation Change Notification
  description: When a compensation change is approved in Workday, sends a confirmation email to the employee and notifies HR via Microsoft Teams.
  tags:
  - hr
  - compensation
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-ops
    port: 8080
    tools:
    - name: notify-comp-change
      description: Given a Workday employee ID and compensation event ID, fetch the change details, email the employee, and notify the HR Teams channel.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: comp_event_id
        in: body
        type: string
        description: Workday compensation event ID.
      steps:
      - name: get-comp-change
        type: call
        call: workday.get-comp-event
        with:
          employee_id: '{{employee_id}}'
          event_id: '{{comp_event_id}}'
      - name: email-employee
        type: call
        call: msgraph.send-mail
        with:
          to: '{{get-comp-change.employee_email}}'
          subject: Compensation Change Confirmed
          body: Your compensation change effective {{get-comp-change.effective_date}} has been approved.
      - name: notify-hr
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: hr-notifications
          text: 'Comp change processed for {{employee_id}}: effective {{get-comp-change.effective_date}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/adobe
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: compensation
      path: /Compensation/v40.0
      operations:
      - name: get-comp-event
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-mail
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Triggers a customer journey in Adobe Experience Cloud based on a Salesforce opportunity stage change and logs the event to Snowflake.

naftiko: '0.5'
info:
  label: Experience Cloud Journey Trigger
  description: Triggers a customer journey in Adobe Experience Cloud based on a Salesforce opportunity stage change and logs the event to Snowflake.
  tags:
  - marketing
  - customer-experience
  - adobe-experience-cloud
  - salesforce
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: cx-orchestration
    port: 8080
    tools:
    - name: trigger-customer-journey
      description: Given a Salesforce opportunity ID and new stage, trigger the corresponding Adobe Experience Cloud journey and log the event to Snowflake for analytics.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: Salesforce opportunity ID.
      - name: new_stage
        in: body
        type: string
        description: New opportunity stage name.
      - name: customer_email
        in: body
        type: string
        description: Customer email for journey entry.
      steps:
      - name: trigger-journey
        type: call
        call: aec.trigger-journey
        with:
          email: '{{customer_email}}'
          journey_stage: '{{new_stage}}'
          source: salesforce-opp-{{opportunity_id}}
      - name: log-event
        type: call
        call: snowflake.insert-row
        with:
          table: CX_JOURNEY_EVENTS
          values:
            opportunity_id: '{{opportunity_id}}'
            stage: '{{new_stage}}'
            journey_id: '{{trigger-journey.journey_run_id}}'
  consumes:
  - type: http
    namespace: aec
    baseUri: https://platform.adobe.io/journey
    authentication:
      type: bearer
      token: $secrets.aec_token
    resources:
    - name: journeys
      path: /triggers
      operations:
      - name: trigger-journey
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adobe.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-row
        method: POST

Fetches the bucket policy for an S3 bucket, checks for public access, and posts a security finding to Slack if detected.

naftiko: '0.5'
info:
  label: AWS S3 Bucket Policy Audit
  description: Fetches the bucket policy for an S3 bucket, checks for public access, and posts a security finding to Slack if detected.
  tags:
  - security
  - cloud
  - aws
  - amazon-s3
  - slack
capability:
  exposes:
  - type: mcp
    namespace: cloud-security
    port: 8080
    tools:
    - name: audit-s3-bucket-policy
      description: Given an S3 bucket name, retrieve the bucket policy, check for public access statements, and alert the security Slack channel if found.
      inputParameters:
      - name: bucket_name
        in: body
        type: string
        description: S3 bucket name.
      - name: slack_channel
        in: body
        type: string
        description: Security Slack channel.
      steps:
      - name: get-policy
        type: call
        call: s3.get-bucket-policy
        with:
          bucket: '{{bucket_name}}'
      - name: alert-security
        type: call
        call: slack.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'S3 bucket policy audit for {{bucket_name}}: {{get-policy.public_access_detected}}'
  consumes:
  - type: http
    namespace: s3
    baseUri: https://s3.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: bucket-policy
      path: /{{bucket}}?policy
      inputParameters:
      - name: bucket
        in: path
      operations:
      - name: get-bucket-policy
        method: GET
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves a Zendesk support ticket by ID and returns the subject, status, priority, and last comment.

naftiko: '0.5'
info:
  label: Zendesk Ticket Summary Lookup
  description: Retrieves a Zendesk support ticket by ID and returns the subject, status, priority, and last comment.
  tags:
  - support
  - customer-service
  - zendesk
capability:
  exposes:
  - type: mcp
    namespace: support-ops
    port: 8080
    tools:
    - name: get-ticket-summary
      description: Given a Zendesk ticket ID, return the subject, current status, priority, and most recent comment. Use for support queue triage.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: Zendesk ticket ID.
      call: zendesk.get-ticket
      with:
        ticket_id: '{{ticket_id}}'
      outputParameters:
      - name: subject
        type: string
        mapping: $.ticket.subject
      - name: status
        type: string
        mapping: $.ticket.status
      - name: priority
        type: string
        mapping: $.ticket.priority
  consumes:
  - type: http
    namespace: zendesk
    baseUri: https://adobe.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: tickets
      path: /tickets/{{ticket_id}}.json
      inputParameters:
      - name: ticket_id
        in: path
      operations:
      - name: get-ticket
        method: GET

Fetches open Dependabot alerts for a GitHub repository and posts a severity-grouped summary to the security Slack channel.

naftiko: '0.5'
info:
  label: GitHub Dependabot Alert Summary
  description: Fetches open Dependabot alerts for a GitHub repository and posts a severity-grouped summary to the security Slack channel.
  tags:
  - security
  - engineering
  - github
  - slack
capability:
  exposes:
  - type: mcp
    namespace: appsec
    port: 8080
    tools:
    - name: summarize-dependabot-alerts
      description: Given a GitHub repository, fetch open Dependabot vulnerability alerts and post a severity-grouped count to the security Slack channel.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository in org/repo format.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for the summary.
      steps:
      - name: get-alerts
        type: call
        call: github.list-dependabot-alerts
        with:
          repo: '{{repo}}'
          state: open
      - name: post-summary
        type: call
        call: slack.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Dependabot alerts for {{repo}}: Critical={{get-alerts.critical_count}}, High={{get-alerts.high_count}}, Medium={{get-alerts.medium_count}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: dependabot-alerts
      path: /repos/{{repo}}/dependabot/alerts
      inputParameters:
      - name: repo
        in: path
      operations:
      - name: list-dependabot-alerts
        method: GET
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Lists Slack channels inactive for more than 90 days and posts a cleanup recommendation to the workspace admin channel.

naftiko: '0.5'
info:
  label: Slack Channel Archive Audit
  description: Lists Slack channels inactive for more than 90 days and posts a cleanup recommendation to the workspace admin channel.
  tags:
  - collaboration
  - governance
  - slack
capability:
  exposes:
  - type: mcp
    namespace: workspace-ops
    port: 8080
    tools:
    - name: audit-inactive-channels
      description: List Slack channels with no messages in the past N days and post a summary to the admin channel for archive consideration.
      inputParameters:
      - name: inactive_days
        in: body
        type: integer
        description: Number of days of inactivity threshold.
      - name: admin_channel
        in: body
        type: string
        description: Admin Slack channel for the report.
      steps:
      - name: list-channels
        type: call
        call: slack.list-channels
        with:
          types: public_channel
      - name: post-report
        type: call
        call: slack.post-message
        with:
          channel: '{{admin_channel}}'
          text: 'Inactive channel audit: {{list-channels.inactive_count}} channels with no activity in {{inactive_days}} days. Review for archival.'
  consumes:
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: channels
      path: /conversations.list
      operations:
      - name: list-channels
        method: GET
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When Dynatrace detects a problem, creates a Jira operations ticket and posts the root cause analysis to a Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Dynatrace Problem Notification
  description: When Dynatrace detects a problem, creates a Jira operations ticket and posts the root cause analysis to a Microsoft Teams channel.
  tags:
  - monitoring
  - incident-management
  - dynatrace
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: observability-ops
    port: 8080
    tools:
    - name: handle-dynatrace-problem
      description: Given a Dynatrace problem ID, fetch root cause details, create a Jira ticket, and notify the Teams operations channel.
      inputParameters:
      - name: problem_id
        in: body
        type: string
        description: Dynatrace problem ID.
      steps:
      - name: get-problem
        type: call
        call: dynatrace.get-problem
        with:
          problem_id: '{{problem_id}}'
      - name: create-jira
        type: call
        call: jira.create-issue
        with:
          project_key: OPS
          issuetype: Bug
          summary: 'Dynatrace: {{get-problem.title}}'
          description: 'Root cause: {{get-problem.rootCauseEntity}} | Impact: {{get-problem.impactLevel}}'
      - name: notify-teams
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: ops-incidents
          text: 'Dynatrace problem: {{get-problem.title}} | Jira: {{create-jira.key}}'
  consumes:
  - type: http
    namespace: dynatrace
    baseUri: https://adobe.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: problems
      path: /problems/{{problem_id}}
      inputParameters:
      - name: problem_id
        in: path
      operations:
      - name: get-problem
        method: GET
  - type: http
    namespace: jira
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Triggers a Tableau Server extract refresh for a given workbook and posts the completion status to a Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Tableau Workbook Refresh Trigger
  description: Triggers a Tableau Server extract refresh for a given workbook and posts the completion status to a Microsoft Teams channel.
  tags:
  - analytics
  - reporting
  - tableau
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: bi-ops
    port: 8080
    tools:
    - name: refresh-tableau-workbook
      description: Given a Tableau workbook ID, trigger an extract refresh and notify a Teams channel when complete.
      inputParameters:
      - name: workbook_id
        in: body
        type: string
        description: Tableau workbook ID.
      - name: teams_channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID for notification.
      steps:
      - name: trigger-refresh
        type: call
        call: tableau.refresh-workbook
        with:
          workbook_id: '{{workbook_id}}'
      - name: notify-teams
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{teams_channel_id}}'
          text: 'Tableau workbook {{workbook_id}} refresh triggered. Job ID: {{trigger-refresh.job.id}}'
  consumes:
  - type: http
    namespace: tableau
    baseUri: https://tableau.adobe.com/api/3.21
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: workbooks
      path: /sites/{{site_id}}/workbooks/{{workbook_id}}/refresh
      inputParameters:
      - name: workbook_id
        in: path
      operations:
      - name: refresh-workbook
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Checks a GitHub repository for branch protection, CODEOWNERS file, and required status checks, then posts a compliance summary to Slack.

naftiko: '0.5'
info:
  label: GitHub Repo Compliance Check
  description: Checks a GitHub repository for branch protection, CODEOWNERS file, and required status checks, then posts a compliance summary to Slack.
  tags:
  - engineering
  - compliance
  - github
  - slack
capability:
  exposes:
  - type: mcp
    namespace: eng-compliance
    port: 8080
    tools:
    - name: check-repo-compliance
      description: Given a GitHub repository name, verify branch protection rules, CODEOWNERS presence, and required status checks. Posts a compliance summary to the security Slack channel.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: GitHub repository name in org/repo format.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for compliance report.
      steps:
      - name: get-branch-protection
        type: call
        call: github.get-branch-protection
        with:
          repo: '{{repo_name}}'
          branch: main
      - name: get-codeowners
        type: call
        call: github.get-file
        with:
          repo: '{{repo_name}}'
          path: CODEOWNERS
      - name: post-summary
        type: call
        call: slack.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Compliance check for {{repo_name}}: Branch protection={{get-branch-protection.enabled}}, CODEOWNERS={{get-codeowners.exists}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: branch-protection
      path: /repos/{{repo}}/branches/{{branch}}/protection
      inputParameters:
      - name: repo
        in: path
      - name: branch
        in: path
      operations:
      - name: get-branch-protection
        method: GET
    - name: contents
      path: /repos/{{repo}}/contents/{{path}}
      inputParameters:
      - name: repo
        in: path
      - name: path
        in: path
      operations:
      - name: get-file
        method: GET
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Fetches the latest status update from an Asana project and posts it to the project's Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Asana Project Status Sync
  description: Fetches the latest status update from an Asana project and posts it to the project's Microsoft Teams channel.
  tags:
  - project-management
  - collaboration
  - asana
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: pm-ops
    port: 8080
    tools:
    - name: sync-project-status
      description: Given an Asana project GID, fetch the latest status update and post it to a Teams channel.
      inputParameters:
      - name: project_gid
        in: body
        type: string
        description: Asana project GID.
      - name: teams_channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID.
      steps:
      - name: get-status
        type: call
        call: asana.get-project-status
        with:
          project_gid: '{{project_gid}}'
      - name: post-teams
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{teams_channel_id}}'
          text: 'Asana project status: {{get-status.color}} — {{get-status.text}}'
  consumes:
  - type: http
    namespace: asana
    baseUri: https://app.asana.com/api/1.0
    authentication:
      type: bearer
      token: $secrets.asana_token
    resources:
    - name: project-statuses
      path: /projects/{{project_gid}}/project_statuses
      inputParameters:
      - name: project_gid
        in: path
      operations:
      - name: get-project-status
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves Adobe's LinkedIn campaign performance metrics, enriches Marketo lead records with engagement signals, and posts a weekly digest to the social media Teams channel.

naftiko: '0.5'
info:
  label: LinkedIn Social Campaign Performance
  description: Retrieves Adobe's LinkedIn campaign performance metrics, enriches Marketo lead records with engagement signals, and posts a weekly digest to the social media Teams channel.
  tags:
  - marketing
  - social
  - linkedin
  - marketo
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: social-analytics
    port: 8080
    tools:
    - name: digest-linkedin-campaign
      description: Given a LinkedIn campaign ID and Marketo program ID, retrieve campaign impressions, clicks, and conversion data from LinkedIn, enrich Marketo with engagement signals, and post a digest to the social media Teams channel. Use weekly to review LinkedIn campaign performance.
      inputParameters:
      - name: linkedin_campaign_id
        in: body
        type: string
        description: LinkedIn campaign ID to retrieve metrics for.
      - name: marketo_program_id
        in: body
        type: string
        description: Marketo program ID to update with engagement data.
      - name: social_channel_id
        in: body
        type: string
        description: Social media Teams channel ID.
      steps:
      - name: get-linkedin-metrics
        type: call
        call: linkedin.get-campaign-analytics
        with:
          campaign_id: '{{linkedin_campaign_id}}'
      - name: update-marketo-program
        type: call
        call: marketo-social.update-program
        with:
          program_id: '{{marketo_program_id}}'
          impressions: '{{get-linkedin-metrics.impressions}}'
          clicks: '{{get-linkedin-metrics.clicks}}'
          conversions: '{{get-linkedin-metrics.conversions}}'
      - name: post-digest
        type: call
        call: msteams-social.post-channel-message
        with:
          channel_id: '{{social_channel_id}}'
          text: 'LinkedIn Campaign {{linkedin_campaign_id}}: {{get-linkedin-metrics.impressions}} impressions | {{get-linkedin-metrics.clicks}} clicks | {{get-linkedin-metrics.conversions}} conversions | CTR: {{get-linkedin-metrics.ctr}}%'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: campaign-analytics
      path: /adAnalytics
      inputParameters:
      - name: campaign_id
        in: query
      operations:
      - name: get-campaign-analytics
        method: GET
  - type: http
    namespace: marketo-social
    baseUri: https://adobe.mktorest.com/rest/v1
    authentication:
      type: bearer
      token: $secrets.marketo_token
    resources:
    - name: programs
      path: /programs/{{program_id}}.json
      inputParameters:
      - name: program_id
        in: path
      operations:
      - name: update-program
        method: POST
  - type: http
    namespace: msteams-social
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When a P1 ServiceNow incident is created, triggers a PagerDuty alert and updates the ServiceNow incident with the PagerDuty incident URL.

naftiko: '0.5'
info:
  label: ServiceNow Incident to PagerDuty
  description: When a P1 ServiceNow incident is created, triggers a PagerDuty alert and updates the ServiceNow incident with the PagerDuty incident URL.
  tags:
  - it-operations
  - incident-management
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: incident-ops
    port: 8080
    tools:
    - name: escalate-to-pagerduty
      description: Given a ServiceNow incident number, create a PagerDuty incident and update ServiceNow with the PagerDuty link.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number.
      - name: service_id
        in: body
        type: string
        description: PagerDuty service ID to alert.
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident
        with:
          number: '{{incident_number}}'
      - name: create-pd-incident
        type: call
        call: pagerduty.create-incident
        with:
          service_id: '{{service_id}}'
          title: '{{get-incident.short_description}}'
          urgency: high
      - name: update-snow
        type: call
        call: servicenow.update-incident
        with:
          sys_id: '{{get-incident.sys_id}}'
          pagerduty_url: '{{create-pd-incident.html_url}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: get-incident
        method: GET
      - name: update-incident
        method: PATCH
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST

Creates a ServiceNow change request for planned maintenance and notifies the CAB Teams channel for approval.

naftiko: '0.5'
info:
  label: IT Change Management Request Submission
  description: Creates a ServiceNow change request for planned maintenance and notifies the CAB Teams channel for approval.
  tags:
  - itsm
  - change-management
  - servicenow
  - approval
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: submit-change-request
      description: Given a change description and planned maintenance window, create a ServiceNow change request and notify the CAB Teams channel. Use when engineering teams need to schedule planned maintenance on Adobe production systems.
      inputParameters:
      - name: short_description
        in: body
        type: string
        description: Brief description of the planned change.
      - name: description
        in: body
        type: string
        description: Full change details including rollback plan and systems affected.
      - name: planned_start
        in: body
        type: string
        description: Planned start time in ISO 8601 format.
      - name: planned_end
        in: body
        type: string
        description: Planned end time in ISO 8601 format.
      - name: cab_channel_id
        in: body
        type: string
        description: CAB Teams channel ID.
      steps:
      - name: create-change
        type: call
        call: servicenow-change.create-change-request
        with:
          short_description: '{{short_description}}'
          description: '{{description}}'
          start_date: '{{planned_start}}'
          end_date: '{{planned_end}}'
      - name: notify-cab
        type: call
        call: msteams-cab.post-channel-message
        with:
          channel_id: '{{cab_channel_id}}'
          text: 'Change Request {{create-change.number}}: {{short_description}} | Window: {{planned_start}} to {{planned_end}} | Awaiting CAB approval'
  consumes:
  - type: http
    namespace: servicenow-change
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: msteams-cab
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves the latest build status for an Azure DevOps pipeline and returns the result, duration, and commit SHA.

naftiko: '0.5'
info:
  label: Azure DevOps Build Status Check
  description: Retrieves the latest build status for an Azure DevOps pipeline and returns the result, duration, and commit SHA.
  tags:
  - engineering
  - cicd
  - azure-devops
capability:
  exposes:
  - type: mcp
    namespace: cicd-ops
    port: 8080
    tools:
    - name: get-build-status
      description: Given an Azure DevOps project and pipeline ID, return the latest build result, duration, and source commit. Use for deployment readiness checks.
      inputParameters:
      - name: project
        in: body
        type: string
        description: Azure DevOps project name.
      - name: pipeline_id
        in: body
        type: string
        description: Pipeline definition ID.
      call: azdo.get-latest-build
      with:
        project: '{{project}}'
        definition_id: '{{pipeline_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.value[0].result
      - name: duration
        type: string
        mapping: $.value[0].duration
      - name: commit
        type: string
        mapping: $.value[0].sourceVersion
  consumes:
  - type: http
    namespace: azdo
    baseUri: https://dev.azure.com/adobe
    authentication:
      type: basic
      username: ''
      password: $secrets.azdo_pat
    resources:
    - name: builds
      path: /{{project}}/_apis/build/builds
      inputParameters:
      - name: project
        in: path
      - name: definition_id
        in: query
      operations:
      - name: get-latest-build
        method: GET

Checks material availability in SAP S/4HANA by material number and plant, returning available quantity and next replenishment date.

naftiko: '0.5'
info:
  label: SAP Material Availability Check
  description: Checks material availability in SAP S/4HANA by material number and plant, returning available quantity and next replenishment date.
  tags:
  - supply-chain
  - erp
  - sap
capability:
  exposes:
  - type: mcp
    namespace: scm-ops
    port: 8080
    tools:
    - name: check-material-availability
      description: Given a SAP material number and plant, return available stock quantity and next replenishment date.
      inputParameters:
      - name: material
        in: body
        type: string
        description: SAP material number.
      - name: plant
        in: body
        type: string
        description: SAP plant code.
      call: sap.get-material-stock
      with:
        material: '{{material}}'
        plant: '{{plant}}'
      outputParameters:
      - name: available_qty
        type: number
        mapping: $.d.AvailableQuantity
      - name: unit
        type: string
        mapping: $.d.BaseUnit
      - name: next_replenishment
        type: string
        mapping: $.d.NextReplenishmentDate
  consumes:
  - type: http
    namespace: sap
    baseUri: https://adobe-s4.sap.com/sap/opu/odata/sap/API_MATERIAL_STOCK_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: material-stock
      path: /A_MatlStkInAcctMod(Material='{{material}}',Plant='{{plant}}')
      inputParameters:
      - name: material
        in: path
      - name: plant
        in: path
      operations:
      - name: get-material-stock
        method: GET

Sends user-generated content to the OpenAI moderation endpoint and, if flagged, creates a Zendesk moderation ticket.

naftiko: '0.5'
info:
  label: OpenAI Content Moderation
  description: Sends user-generated content to the OpenAI moderation endpoint and, if flagged, creates a Zendesk moderation ticket.
  tags:
  - content-safety
  - ai
  - openai
  - zendesk
capability:
  exposes:
  - type: mcp
    namespace: trust-safety
    port: 8080
    tools:
    - name: moderate-content
      description: Given user-generated text, run it through OpenAI moderation. If flagged, create a Zendesk moderation review ticket.
      inputParameters:
      - name: content
        in: body
        type: string
        description: User-generated content to moderate.
      - name: user_id
        in: body
        type: string
        description: User ID who submitted the content.
      steps:
      - name: check-moderation
        type: call
        call: openai.create-moderation
        with:
          input: '{{content}}'
      - name: create-ticket
        type: call
        call: zendesk.create-ticket
        with:
          subject: Content moderation flag — user {{user_id}}
          description: 'Flagged categories: {{check-moderation.results[0].categories}}'
          priority: high
  consumes:
  - type: http
    namespace: openai
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: moderations
      path: /moderations
      operations:
      - name: create-moderation
        method: POST
  - type: http
    namespace: zendesk
    baseUri: https://adobe.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: tickets
      path: /tickets.json
      operations:
      - name: create-ticket
        method: POST

When a GitHub Actions workflow fails on a protected branch, creates a Jira bug, posts a Datadog deployment marker, and alerts the engineering Teams channel.

naftiko: '0.5'
info:
  label: GitHub CI/CD Pipeline Failure Handler
  description: When a GitHub Actions workflow fails on a protected branch, creates a Jira bug, posts a Datadog deployment marker, and alerts the engineering Teams channel.
  tags:
  - devops
  - cicd
  - github
  - jira
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: devops-ci
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions failure event with repo, branch, commit, and workflow details, open a Jira bug, create a Datadog error event, and post an alert to the engineering Teams channel. Use when a protected-branch CI pipeline fails.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository full name, e.g. 'adobe/creative-cloud-api'.
      - name: branch
        in: body
        type: string
        description: Branch where the failure occurred.
      - name: commit_sha
        in: body
        type: string
        description: Failing commit SHA.
      - name: workflow_name
        in: body
        type: string
        description: Name of the failed GitHub Actions workflow.
      - name: run_url
        in: body
        type: string
        description: URL to the failed workflow run.
      - name: eng_channel_id
        in: body
        type: string
        description: Engineering Teams channel ID.
      steps:
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[CI Failure] {{repo}} / {{branch}} — {{workflow_name}}'
          description: 'Commit: {{commit_sha}}

            Run: {{run_url}}'
      - name: log-dd-event
        type: call
        call: datadog.create-event
        with:
          title: 'CI Failure: {{repo}} — {{branch}}'
          text: Commit {{commit_sha}} | Workflow {{workflow_name}}
          alert_type: error
      - name: alert-eng
        type: call
        call: msteams-eng.post-channel-message
        with:
          channel_id: '{{eng_channel_id}}'
          text: 'CI Failure: {{repo}} | Branch: {{branch}} | Jira: {{create-bug.key}} | Run: {{run_url}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams-eng
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Checks the replication status of a SAP HANA system replication and posts the status to the DBA Microsoft Teams channel.

naftiko: '0.5'
info:
  label: SAP HANA Data Replication Status
  description: Checks the replication status of a SAP HANA system replication and posts the status to the DBA Microsoft Teams channel.
  tags:
  - data
  - database
  - sap-hana
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: dba-ops
    port: 8080
    tools:
    - name: check-replication-status
      description: Query SAP HANA system replication status and post the result to the DBA Teams channel.
      inputParameters:
      - name: hana_host
        in: body
        type: string
        description: SAP HANA host identifier.
      - name: teams_channel_id
        in: body
        type: string
        description: Microsoft Teams DBA channel ID.
      steps:
      - name: get-status
        type: call
        call: hana.get-replication-status
        with:
          host: '{{hana_host}}'
      - name: notify-dba
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{teams_channel_id}}'
          text: 'HANA replication for {{hana_host}}: mode={{get-status.replication_mode}}, status={{get-status.replication_status}}'
  consumes:
  - type: http
    namespace: hana
    baseUri: https://{{hana_host}}:8443/api/v1
    authentication:
      type: basic
      username: $secrets.hana_user
      password: $secrets.hana_password
    resources:
    - name: replication
      path: /system_replication
      operations:
      - name: get-replication-status
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves DNS records for a Cloudflare zone by record type and name.

naftiko: '0.5'
info:
  label: Cloudflare DNS Record Lookup
  description: Retrieves DNS records for a Cloudflare zone by record type and name.
  tags:
  - infrastructure
  - networking
  - cloudflare
capability:
  exposes:
  - type: mcp
    namespace: infra-ops
    port: 8080
    tools:
    - name: get-dns-records
      description: Given a Cloudflare zone ID and record name, return matching DNS records with type, content, and TTL.
      inputParameters:
      - name: zone_id
        in: body
        type: string
        description: Cloudflare zone ID.
      - name: record_name
        in: body
        type: string
        description: DNS record name to look up.
      call: cloudflare.list-dns-records
      with:
        zone_id: '{{zone_id}}'
        name: '{{record_name}}'
      outputParameters:
      - name: records
        type: array
        mapping: $.result[*]
  consumes:
  - type: http
    namespace: cloudflare
    baseUri: https://api.cloudflare.com/client/v4
    authentication:
      type: bearer
      token: $secrets.cloudflare_token
    resources:
    - name: dns-records
      path: /zones/{{zone_id}}/dns_records
      inputParameters:
      - name: zone_id
        in: path
      - name: name
        in: query
      operations:
      - name: list-dns-records
        method: GET

When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions their Okta account, and sends a Microsoft Teams welcome message.

naftiko: '0.5'
info:
  label: New Employee Onboarding Orchestration
  description: When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions their Okta account, and sends a Microsoft Teams welcome message.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - okta
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-employee-onboarding
      description: Given a Workday employee ID and start date, create a ServiceNow onboarding task, provision their Okta account, and send a Teams welcome message. Use when HR confirms a new hire in Workday.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID for the new hire.
      - name: start_date
        in: body
        type: string
        description: Employee start date in YYYY-MM-DD format.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: create-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Onboarding: {{get-employee.first_name}} {{get-employee.last_name}}'
          category: hr_onboarding
          assigned_group: IT_Onboarding
      - name: provision-okta
        type: call
        call: okta.create-user
        with:
          firstName: '{{get-employee.first_name}}'
          lastName: '{{get-employee.last_name}}'
          email: '{{get-employee.work_email}}'
          login: '{{get-employee.work_email}}'
      - name: send-welcome
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.work_email}}'
          text: 'Welcome to Adobe, {{get-employee.first_name}}! Your onboarding ticket: {{create-ticket.number}}. Start date: {{start_date}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: okta
    baseUri: https://adobe.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_token
      placement: header
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the running status, instance type, and uptime for an AWS EC2 instance by instance ID.

naftiko: '0.5'
info:
  label: AWS EC2 Instance Status Check
  description: Retrieves the running status, instance type, and uptime for an AWS EC2 instance by instance ID.
  tags:
  - cloud
  - infrastructure
  - aws
  - ec2
capability:
  exposes:
  - type: mcp
    namespace: cloud-ops
    port: 8080
    tools:
    - name: get-ec2-status
      description: Given an EC2 instance ID, return the instance state, type, availability zone, and launch time. Use for infrastructure health checks.
      inputParameters:
      - name: instance_id
        in: body
        type: string
        description: AWS EC2 instance ID.
      call: aws-ec2.describe-instance
      with:
        instance_id: '{{instance_id}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.Reservations[0].Instances[0].State.Name
      - name: instance_type
        type: string
        mapping: $.Reservations[0].Instances[0].InstanceType
      - name: availability_zone
        type: string
        mapping: $.Reservations[0].Instances[0].Placement.AvailabilityZone
  consumes:
  - type: http
    namespace: aws-ec2
    baseUri: https://ec2.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: instances
      path: /
      inputParameters:
      - name: instance_id
        in: query
      operations:
      - name: describe-instance
        method: GET

Retrieves a supplier risk profile from SAP Ariba and, if the risk score exceeds the threshold, creates a ServiceNow task and alerts the procurement Slack channel.

naftiko: '0.5'
info:
  label: SAP Ariba Supplier Risk Assessment
  description: Retrieves a supplier risk profile from SAP Ariba and, if the risk score exceeds the threshold, creates a ServiceNow task and alerts the procurement Slack channel.
  tags:
  - procurement
  - risk
  - sap-ariba
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: procurement-risk
    port: 8080
    tools:
    - name: assess-supplier-risk
      description: Given a SAP Ariba supplier ID and risk threshold, fetch the risk profile. If the score exceeds the threshold, create a ServiceNow remediation task and post to the procurement Slack channel.
      inputParameters:
      - name: supplier_id
        in: body
        type: string
        description: SAP Ariba supplier ID.
      - name: risk_threshold
        in: body
        type: number
        description: Risk score threshold (0-100).
      steps:
      - name: get-risk-profile
        type: call
        call: ariba.get-supplier-risk
        with:
          supplier_id: '{{supplier_id}}'
      - name: create-task
        type: call
        call: servicenow.create-task
        with:
          short_description: 'High-risk supplier: {{supplier_id}} (score: {{get-risk-profile.risk_score}})'
          category: Procurement
          priority: '2'
      - name: alert-procurement
        type: call
        call: slack.post-message
        with:
          channel: procurement-alerts
          text: 'Supplier {{supplier_id}} risk score {{get-risk-profile.risk_score}} exceeds threshold {{risk_threshold}}. ServiceNow: {{create-task.number}}'
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/supplier-risk/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: suppliers
      path: /suppliers/{{supplier_id}}/risk
      inputParameters:
      - name: supplier_id
        in: path
      operations:
      - name: get-supplier-risk
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves a Salesforce contact by email address, returning name, title, account, and phone number.

naftiko: '0.5'
info:
  label: Salesforce Contact Lookup
  description: Retrieves a Salesforce contact by email address, returning name, title, account, and phone number.
  tags:
  - sales
  - crm
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: crm-ops
    port: 8080
    tools:
    - name: lookup-contact
      description: Given an email address, look up the matching Salesforce contact and return name, title, account name, and phone. Use for quick contact verification.
      inputParameters:
      - name: email
        in: body
        type: string
        description: Contact email address.
      call: salesforce.query-contact
      with:
        q: SELECT Id, Name, Title, Account.Name, Phone FROM Contact WHERE Email = '{{email}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.records[0].Name
      - name: title
        type: string
        mapping: $.records[0].Title
      - name: account
        type: string
        mapping: $.records[0].Account.Name
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      operations:
      - name: query-contact
        method: GET

When GitHub Advanced Security detects a critical CVE, creates a Jira security ticket, logs a Datadog event, and alerts the security engineering Teams channel.

naftiko: '0.5'
info:
  label: GitHub Security Vulnerability Triage
  description: When GitHub Advanced Security detects a critical CVE, creates a Jira security ticket, logs a Datadog event, and alerts the security engineering Teams channel.
  tags:
  - security
  - github
  - devops
  - jira
  - vulnerability
capability:
  exposes:
  - type: mcp
    namespace: sec-vuln
    port: 8080
    tools:
    - name: triage-security-alert
      description: Given a GitHub security alert with CVE, severity, and affected package, create a high-priority Jira security ticket, log a Datadog error event, and alert the security engineering Teams channel. Use when GitHub Advanced Security finds a critical CVE in an Adobe repo.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository full name.
      - name: cve_id
        in: body
        type: string
        description: CVE identifier.
      - name: severity
        in: body
        type: string
        description: 'Severity: critical, high, medium, or low.'
      - name: package_name
        in: body
        type: string
        description: Affected package name.
      - name: sec_channel_id
        in: body
        type: string
        description: Security engineering Teams channel ID.
      steps:
      - name: create-sec-ticket
        type: call
        call: jira-sec.create-issue
        with:
          project_key: SEC
          issuetype: Bug
          summary: '[{{severity}}] {{cve_id}} in {{repo}} — {{package_name}}'
          description: 'CVE: {{cve_id}} | Package: {{package_name}} | Severity: {{severity}}'
          priority: Highest
      - name: log-dd-event
        type: call
        call: datadog-sec.create-event
        with:
          title: 'Security: {{cve_id}} in {{repo}}'
          text: 'Package {{package_name}} | Severity: {{severity}} | Jira: {{create-sec-ticket.key}}'
          alert_type: error
      - name: alert-sec-team
        type: call
        call: msteams-sec.post-channel-message
        with:
          channel_id: '{{sec_channel_id}}'
          text: 'SECURITY: {{severity}} CVE {{cve_id}} in {{repo}} / {{package_name}} | Jira: {{create-sec-ticket.key}} | Datadog: {{log-dd-event.url}}'
  consumes:
  - type: http
    namespace: jira-sec
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: datadog-sec
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams-sec
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When a Gainsight customer health score drops below threshold, creates a Salesforce task for the CSM and alerts the customer-success Slack channel.

naftiko: '0.5'
info:
  label: Gainsight Health Score Alert
  description: When a Gainsight customer health score drops below threshold, creates a Salesforce task for the CSM and alerts the customer-success Slack channel.
  tags:
  - customer-success
  - crm
  - gainsight
  - salesforce
  - slack
capability:
  exposes:
  - type: mcp
    namespace: cs-ops
    port: 8080
    tools:
    - name: alert-low-health-score
      description: Given a Gainsight company ID and health score threshold, check the score. If below threshold, create a Salesforce CSM task and notify Slack.
      inputParameters:
      - name: company_id
        in: body
        type: string
        description: Gainsight company ID.
      - name: threshold
        in: body
        type: number
        description: Health score threshold.
      steps:
      - name: get-health
        type: call
        call: gainsight.get-company-health
        with:
          company_id: '{{company_id}}'
      - name: create-sf-task
        type: call
        call: salesforce.create-task
        with:
          subject: 'Low health score alert: {{company_id}} ({{get-health.score}})'
          priority: High
      - name: notify-cs
        type: call
        call: slack.post-message
        with:
          channel: customer-success
          text: 'Health score alert: {{company_id}} dropped to {{get-health.score}} (threshold: {{threshold}})'
  consumes:
  - type: http
    namespace: gainsight
    baseUri: https://adobe.gainsightcloud.com/v1
    authentication:
      type: bearer
      token: $secrets.gainsight_token
    resources:
    - name: companies
      path: /data/objects/Company/{{company_id}}
      inputParameters:
      - name: company_id
        in: path
      operations:
      - name: get-company-health
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: tasks
      path: /sobjects/Task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Aggregates Marketo campaign engagement metrics, publishes a refreshed Power BI marketing dashboard, and emails the weekly campaign digest to the marketing team.

naftiko: '0.5'
info:
  label: Marketo Campaign Performance Digest
  description: Aggregates Marketo campaign engagement metrics, publishes a refreshed Power BI marketing dashboard, and emails the weekly campaign digest to the marketing team.
  tags:
  - marketing
  - marketo
  - power-bi
  - reporting
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: mkt-reporting
    port: 8080
    tools:
    - name: digest-campaign-performance
      description: Given a Marketo campaign ID and Power BI dataset ID, retrieve campaign performance metrics from Marketo, trigger a Power BI refresh, and email a digest to the marketing leadership. Use weekly for campaign performance reviews.
      inputParameters:
      - name: marketo_program_id
        in: body
        type: string
        description: Marketo program ID to retrieve metrics for.
      - name: pbi_dataset_id
        in: body
        type: string
        description: Power BI dataset ID for the marketing dashboard.
      - name: marketing_email
        in: body
        type: string
        description: Marketing leadership email distribution list.
      steps:
      - name: get-campaign-metrics
        type: call
        call: marketo.get-program-metrics
        with:
          program_id: '{{marketo_program_id}}'
      - name: refresh-mkt-pbi
        type: call
        call: powerbi-mkt.trigger-refresh
        with:
          dataset_id: '{{pbi_dataset_id}}'
      - name: send-digest
        type: call
        call: msgraph-mkt.send-email
        with:
          to: '{{marketing_email}}'
          subject: Campaign Performance Digest — Program {{marketo_program_id}}
          body: 'Emails sent: {{get-campaign-metrics.emails_sent}} | Open rate: {{get-campaign-metrics.open_rate}}% | Clicks: {{get-campaign-metrics.clicks}} | Dashboard refreshed.'
  consumes:
  - type: http
    namespace: marketo
    baseUri: https://adobe.mktorest.com/rest/v1
    authentication:
      type: bearer
      token: $secrets.marketo_token
    resources:
    - name: program-metrics
      path: /stats/programs/{{program_id}}/detail.json
      inputParameters:
      - name: program_id
        in: path
      operations:
      - name: get-program-metrics
        method: GET
  - type: http
    namespace: powerbi-mkt
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph-mkt
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /users/{{sender}}/sendMail
      operations:
      - name: send-email
        method: POST

Triggers a GitHub Actions workflow dispatch event and posts the run URL to a Slack channel for visibility.

naftiko: '0.5'
info:
  label: GitHub Actions Workflow Trigger
  description: Triggers a GitHub Actions workflow dispatch event and posts the run URL to a Slack channel for visibility.
  tags:
  - engineering
  - cicd
  - github
  - github-actions
  - slack
capability:
  exposes:
  - type: mcp
    namespace: cicd-ops
    port: 8080
    tools:
    - name: trigger-workflow
      description: Given a GitHub repo and workflow file name, trigger a workflow dispatch and post the run URL to Slack.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository in org/repo format.
      - name: workflow_id
        in: body
        type: string
        description: Workflow file name (e.g., deploy.yml).
      - name: ref
        in: body
        type: string
        description: Git ref to run against.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for notification.
      steps:
      - name: dispatch-workflow
        type: call
        call: github.create-workflow-dispatch
        with:
          repo: '{{repo}}'
          workflow_id: '{{workflow_id}}'
          ref: '{{ref}}'
      - name: notify-slack
        type: call
        call: slack.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'GitHub Actions workflow {{workflow_id}} triggered on {{repo}} (ref: {{ref}})'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-dispatches
      path: /repos/{{repo}}/actions/workflows/{{workflow_id}}/dispatches
      inputParameters:
      - name: repo
        in: path
      - name: workflow_id
        in: path
      operations:
      - name: create-workflow-dispatch
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Moves documents older than a retention threshold from a SharePoint library to an archive site and logs the action.

naftiko: '0.5'
info:
  label: SharePoint Document Archival
  description: Moves documents older than a retention threshold from a SharePoint library to an archive site and logs the action.
  tags:
  - governance
  - document-management
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: doc-governance
    port: 8080
    tools:
    - name: archive-documents
      description: Given a SharePoint site ID and library name, move documents past the retention period to the archive site.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: SharePoint site ID.
      - name: library_name
        in: body
        type: string
        description: Document library name.
      - name: retention_days
        in: body
        type: integer
        description: Retention period in days.
      steps:
      - name: list-old-docs
        type: call
        call: sharepoint.list-items
        with:
          site_id: '{{site_id}}'
          library: '{{library_name}}'
          filter: createdDateTime lt {{retention_days}}
      - name: move-to-archive
        type: call
        call: sharepoint.move-items
        with:
          items: '{{list-old-docs.value}}'
          destination: archive
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /sites/{{site_id}}/drive/items
      inputParameters:
      - name: site_id
        in: path
      operations:
      - name: list-items
        method: GET
      - name: move-items
        method: PATCH

Queries SAP Concur for unsubmitted expense reports older than 14 days and sends reminder emails via Microsoft Graph.

naftiko: '0.5'
info:
  label: SAP Concur Expense Submission Reminder
  description: Queries SAP Concur for unsubmitted expense reports older than 14 days and sends reminder emails via Microsoft Graph.
  tags:
  - finance
  - expense-management
  - sap-concur
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: finance-ops
    port: 8080
    tools:
    - name: send-expense-reminders
      description: Fetch all unsubmitted SAP Concur expense reports older than a given threshold and send email reminders to report owners via Microsoft Graph.
      inputParameters:
      - name: days_threshold
        in: body
        type: integer
        description: Number of days after which to flag unsubmitted reports.
      steps:
      - name: get-unsubmitted
        type: call
        call: concur.list-reports
        with:
          status: UNSUBMITTED
          older_than_days: '{{days_threshold}}'
      - name: send-reminders
        type: call
        call: msgraph.send-mail
        with:
          recipients: '{{get-unsubmitted.owner_emails}}'
          subject: 'Action Required: Submit Your Expense Report'
          body: You have an unsubmitted expense report older than {{days_threshold}} days. Please submit it in SAP Concur.
  consumes:
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: reports
      path: /expense/reports
      operations:
      - name: list-reports
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-mail
        method: POST

When a Jira bug is marked resolved, auto-generates a Confluence knowledge base article with the resolution details and posts it to the support Teams channel.

naftiko: '0.5'
info:
  label: Confluence Knowledge Base Article Creation from Jira
  description: When a Jira bug is marked resolved, auto-generates a Confluence knowledge base article with the resolution details and posts it to the support Teams channel.
  tags:
  - devops
  - jira
  - confluence
  - knowledge-management
  - customer-service
capability:
  exposes:
  - type: mcp
    namespace: kb-ops
    port: 8080
    tools:
    - name: create-kb-article-from-bug
      description: Given a resolved Jira issue key and Confluence space key, retrieve the issue resolution details, create a Confluence knowledge base article documenting the fix, and post a link to the support Teams channel. Use when a significant customer-facing bug is resolved.
      inputParameters:
      - name: jira_issue_key
        in: body
        type: string
        description: Resolved Jira issue key, e.g. 'CC-1234'.
      - name: confluence_space_key
        in: body
        type: string
        description: Confluence space key for the knowledge base.
      - name: support_channel_id
        in: body
        type: string
        description: Support Teams channel ID.
      steps:
      - name: get-issue
        type: call
        call: jira-kb.get-issue
        with:
          issue_key: '{{jira_issue_key}}'
      - name: create-article
        type: call
        call: confluence-kb.create-page
        with:
          space_key: '{{confluence_space_key}}'
          title: 'KB: {{get-issue.summary}}'
          body: 'Issue: {{jira_issue_key}}


            Summary: {{get-issue.summary}}


            Resolution: {{get-issue.resolution}}


            Workaround: {{get-issue.workaround}}'
      - name: notify-support
        type: call
        call: msteams-kb.post-channel-message
        with:
          channel_id: '{{support_channel_id}}'
          text: 'New KB article created from {{jira_issue_key}}: {{get-issue.summary}} | Confluence: {{create-article.url}}'
  consumes:
  - type: http
    namespace: jira-kb
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue/{{issue_key}}
      inputParameters:
      - name: issue_key
        in: path
      operations:
      - name: get-issue
        method: GET
  - type: http
    namespace: confluence-kb
    baseUri: https://adobe.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: msteams-kb
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves the status of a DocuSign envelope by envelope ID, returning signer status and completion date.

naftiko: '0.5'
info:
  label: DocuSign Envelope Status Check
  description: Retrieves the status of a DocuSign envelope by envelope ID, returning signer status and completion date.
  tags:
  - legal
  - document-signing
  - docusign
capability:
  exposes:
  - type: mcp
    namespace: legal-ops
    port: 8080
    tools:
    - name: get-envelope-status
      description: Given a DocuSign envelope ID, return the envelope status, list of signer statuses, and completion timestamp.
      inputParameters:
      - name: envelope_id
        in: body
        type: string
        description: DocuSign envelope ID.
      call: docusign.get-envelope
      with:
        envelope_id: '{{envelope_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: signers
        type: array
        mapping: $.recipients.signers[*].status
      - name: completed_date
        type: string
        mapping: $.completedDateTime
  consumes:
  - type: http
    namespace: docusign
    baseUri: https://na4.docusign.net/restapi/v2.1/accounts/$secrets.docusign_account_id
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: envelopes
      path: /envelopes/{{envelope_id}}
      inputParameters:
      - name: envelope_id
        in: path
      operations:
      - name: get-envelope
        method: GET

Retrieves an invoice record from Oracle E-Business Suite by invoice number, returning status, amount, and payment date.

naftiko: '0.5'
info:
  label: Oracle EBS Invoice Status Lookup
  description: Retrieves an invoice record from Oracle E-Business Suite by invoice number, returning status, amount, and payment date.
  tags:
  - finance
  - erp
  - oracle
capability:
  exposes:
  - type: mcp
    namespace: finance-ops
    port: 8080
    tools:
    - name: get-invoice-status
      description: Given an Oracle EBS invoice number, return the invoice status, total amount, and scheduled payment date.
      inputParameters:
      - name: invoice_number
        in: body
        type: string
        description: Oracle EBS invoice number.
      call: oracle-ebs.get-invoice
      with:
        invoice_num: '{{invoice_number}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.InvoiceStatus
      - name: amount
        type: number
        mapping: $.InvoiceAmount
      - name: payment_date
        type: string
        mapping: $.ScheduledPaymentDate
  consumes:
  - type: http
    namespace: oracle-ebs
    baseUri: https://adobe-ebs.oracle.com/webservices/rest/AP_INVOICES
    authentication:
      type: basic
      username: $secrets.oracle_user
      password: $secrets.oracle_password
    resources:
    - name: invoices
      path: /{{invoice_num}}
      inputParameters:
      - name: invoice_num
        in: path
      operations:
      - name: get-invoice
        method: GET

Retrieves Okta privileged group membership, triggers a Power BI access review report refresh, and emails the security team for certification.

naftiko: '0.5'
info:
  label: Okta Quarterly Privileged Access Review
  description: Retrieves Okta privileged group membership, triggers a Power BI access review report refresh, and emails the security team for certification.
  tags:
  - identity
  - security
  - okta
  - compliance
  - access-review
capability:
  exposes:
  - type: mcp
    namespace: access-review
    port: 8080
    tools:
    - name: run-privileged-access-review
      description: Given an Okta group ID and Power BI dataset ID, pull current group membership, trigger a Power BI refresh, and email the certification report to the security team. Use quarterly for privileged access reviews.
      inputParameters:
      - name: okta_group_id
        in: body
        type: string
        description: Okta group ID to certify.
      - name: pbi_dataset_id
        in: body
        type: string
        description: Power BI dataset ID for access certification reports.
      - name: security_team_email
        in: body
        type: string
        description: Security team email for the review.
      steps:
      - name: get-group-members
        type: call
        call: okta-review.get-group-users
        with:
          group_id: '{{okta_group_id}}'
      - name: refresh-pbi
        type: call
        call: powerbi-review.trigger-refresh
        with:
          dataset_id: '{{pbi_dataset_id}}'
      - name: send-cert-email
        type: call
        call: msgraph-review.send-email
        with:
          to: '{{security_team_email}}'
          subject: Quarterly Access Review — Okta Group {{okta_group_id}}
          body: Group {{okta_group_id}} has {{get-group-members.total_count}} members. Review in Power BI and certify or revoke access.
  consumes:
  - type: http
    namespace: okta-review
    baseUri: https://adobe.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_token
      placement: header
    resources:
    - name: group-users
      path: /groups/{{group_id}}/users
      inputParameters:
      - name: group_id
        in: path
      operations:
      - name: get-group-users
        method: GET
  - type: http
    namespace: powerbi-review
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph-review
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /users/{{sender}}/sendMail
      operations:
      - name: send-email
        method: POST

Validates incoming SAP Ariba invoices against open purchase orders and routes exceptions to the accounts payable team via ServiceNow.

naftiko: '0.5'
info:
  label: SAP Ariba Invoice Processing
  description: Validates incoming SAP Ariba invoices against open purchase orders and routes exceptions to the accounts payable team via ServiceNow.
  tags:
  - finance
  - procurement
  - sap-ariba
  - accounts-payable
  - erp
capability:
  exposes:
  - type: mcp
    namespace: ap-ops
    port: 8080
    tools:
    - name: process-ariba-invoice
      description: Given an SAP Ariba invoice ID and PO number, retrieve and compare both documents, then create a ServiceNow approval task for AP review. Use when processing incoming supplier invoices requiring three-way match.
      inputParameters:
      - name: invoice_id
        in: body
        type: string
        description: SAP Ariba invoice ID.
      - name: po_number
        in: body
        type: string
        description: Related SAP purchase order number.
      steps:
      - name: get-invoice
        type: call
        call: ariba.get-invoice
        with:
          invoice_id: '{{invoice_id}}'
      - name: get-po
        type: call
        call: sap-erp.get-purchase-order
        with:
          po_number: '{{po_number}}'
      - name: create-approval
        type: call
        call: servicenow-ap.create-task
        with:
          short_description: 'Invoice match: {{invoice_id}} vs PO {{po_number}}'
          description: 'Invoice total: {{get-invoice.total_amount}} | PO total: {{get-po.total_amount}} | Vendor: {{get-invoice.vendor_name}}'
          assigned_group: AP_Team
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/invoice/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: invoices
      path: /invoices/{{invoice_id}}
      inputParameters:
      - name: invoice_id
        in: path
      operations:
      - name: get-invoice
        method: GET
  - type: http
    namespace: sap-erp
    baseUri: https://adobe-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-purchase-order
        method: GET
  - type: http
    namespace: servicenow-ap
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Takes a snapshot of a Datadog dashboard and posts the image URL to a Microsoft Teams channel for stakeholder review.

naftiko: '0.5'
info:
  label: Datadog Dashboard Snapshot
  description: Takes a snapshot of a Datadog dashboard and posts the image URL to a Microsoft Teams channel for stakeholder review.
  tags:
  - monitoring
  - reporting
  - datadog
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: snapshot-dashboard
      description: Given a Datadog dashboard ID, take a PNG snapshot and post the image link to a Teams channel.
      inputParameters:
      - name: dashboard_id
        in: body
        type: string
        description: Datadog dashboard ID.
      - name: teams_channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID.
      steps:
      - name: take-snapshot
        type: call
        call: datadog.create-snapshot
        with:
          graph_def: '{{dashboard_id}}'
      - name: post-teams
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{teams_channel_id}}'
          text: 'Datadog dashboard snapshot: {{take-snapshot.snapshot_url}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: snapshots
      path: /graph/snapshot
      operations:
      - name: create-snapshot
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves the send report for a Mailchimp campaign, returning open rate, click rate, and total recipients.

naftiko: '0.5'
info:
  label: Mailchimp Campaign Send Report
  description: Retrieves the send report for a Mailchimp campaign, returning open rate, click rate, and total recipients.
  tags:
  - marketing
  - email
  - mailchimp
capability:
  exposes:
  - type: mcp
    namespace: email-ops
    port: 8080
    tools:
    - name: get-campaign-report
      description: Given a Mailchimp campaign ID, return open rate, click rate, unsubscribe count, and total recipients.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: Mailchimp campaign ID.
      call: mailchimp.get-report
      with:
        campaign_id: '{{campaign_id}}'
      outputParameters:
      - name: open_rate
        type: number
        mapping: $.opens.open_rate
      - name: click_rate
        type: number
        mapping: $.clicks.click_rate
      - name: total_recipients
        type: integer
        mapping: $.emails_sent
  consumes:
  - type: http
    namespace: mailchimp
    baseUri: https://us1.api.mailchimp.com/3.0
    authentication:
      type: basic
      username: anystring
      password: $secrets.mailchimp_api_key
    resources:
    - name: reports
      path: /reports/{{campaign_id}}
      inputParameters:
      - name: campaign_id
        in: path
      operations:
      - name: get-report
        method: GET

Creates a new Confluence page in a given space using a predefined template and notifies the author via Slack.

naftiko: '0.5'
info:
  label: Confluence Page Creation from Template
  description: Creates a new Confluence page in a given space using a predefined template and notifies the author via Slack.
  tags:
  - documentation
  - collaboration
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: docs-ops
    port: 8080
    tools:
    - name: create-page-from-template
      description: Given a Confluence space key, template name, and page title, create a new page and notify the author on Slack.
      inputParameters:
      - name: space_key
        in: body
        type: string
        description: Confluence space key.
      - name: template_name
        in: body
        type: string
        description: Template name to use for the new page.
      - name: page_title
        in: body
        type: string
        description: Title for the new Confluence page.
      - name: author_slack_id
        in: body
        type: string
        description: Slack user ID of the page author.
      steps:
      - name: create-page
        type: call
        call: confluence.create-content
        with:
          space_key: '{{space_key}}'
          title: '{{page_title}}'
          template: '{{template_name}}'
      - name: notify-author
        type: call
        call: slack.post-message
        with:
          channel: '{{author_slack_id}}'
          text: 'Your Confluence page ''{{page_title}}'' has been created: {{create-page.url}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://adobe.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-content
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a Kubernetes pod enters CrashLoopBackOff, captures logs via Datadog, creates a Jira ticket, and alerts the platform Slack channel.

naftiko: '0.5'
info:
  label: Kubernetes Pod Restart Handler
  description: When a Kubernetes pod enters CrashLoopBackOff, captures logs via Datadog, creates a Jira ticket, and alerts the platform Slack channel.
  tags:
  - infrastructure
  - containers
  - kubernetes
  - datadog
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: platform-ops
    port: 8080
    tools:
    - name: handle-pod-crash
      description: Given a Kubernetes namespace and pod name, fetch recent logs from Datadog, create a Jira investigation ticket, and alert the platform Slack channel.
      inputParameters:
      - name: namespace
        in: body
        type: string
        description: Kubernetes namespace.
      - name: pod_name
        in: body
        type: string
        description: Pod name in CrashLoopBackOff.
      steps:
      - name: fetch-logs
        type: call
        call: datadog.search-logs
        with:
          query: kube_namespace:{{namespace}} pod_name:{{pod_name}}
          limit: 50
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: PLATFORM
          issuetype: Bug
          summary: 'CrashLoopBackOff: {{pod_name}} in {{namespace}}'
          description: Pod {{pod_name}} in namespace {{namespace}} is crash-looping. Recent logs attached.
      - name: alert-slack
        type: call
        call: slack.post-message
        with:
          channel: platform-alerts
          text: 'CrashLoopBackOff: {{pod_name}} in {{namespace}} | Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v2
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: logs
      path: /logs/events/search
      operations:
      - name: search-logs
        method: POST
  - type: http
    namespace: jira
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Creates a Snowflake data share for a partner account, grants access to specified schemas, and logs the provisioning event to ServiceNow.

naftiko: '0.5'
info:
  label: Snowflake Data Share Provisioning
  description: Creates a Snowflake data share for a partner account, grants access to specified schemas, and logs the provisioning event to ServiceNow.
  tags:
  - data
  - governance
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: provision-data-share
      description: Given a Snowflake database, schema, and partner account, create a data share and log the action in ServiceNow.
      inputParameters:
      - name: database
        in: body
        type: string
        description: Snowflake database name.
      - name: schema
        in: body
        type: string
        description: Schema to share.
      - name: partner_account
        in: body
        type: string
        description: Partner Snowflake account locator.
      steps:
      - name: create-share
        type: call
        call: snowflake.execute-statement
        with:
          statement: CREATE SHARE IF NOT EXISTS share_{{partner_account}}; GRANT USAGE ON DATABASE {{database}} TO SHARE share_{{partner_account}}; GRANT USAGE ON SCHEMA {{database}}.{{schema}} TO SHARE share_{{partner_account}}
      - name: log-provisioning
        type: call
        call: servicenow.create-record
        with:
          table: u_data_share_audit
          database: '{{database}}'
          schema: '{{schema}}'
          partner: '{{partner_account}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://adobe.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

Scans SAP Ariba for supplier contracts expiring within 90 days, creates Jira renewal tasks, and emails contract owners.

naftiko: '0.5'
info:
  label: SAP Ariba Contract Renewal Alert
  description: Scans SAP Ariba for supplier contracts expiring within 90 days, creates Jira renewal tasks, and emails contract owners.
  tags:
  - procurement
  - contract-management
  - sap-ariba
  - jira
capability:
  exposes:
  - type: mcp
    namespace: contract-ops
    port: 8080
    tools:
    - name: alert-expiring-contracts
      description: Given a look-ahead window in days, fetch expiring supplier contracts from SAP Ariba and create a Jira renewal task for each. Use monthly to proactively manage contract renewals for Adobe's key technology and service vendors.
      inputParameters:
      - name: days_ahead
        in: body
        type: integer
        description: Number of days ahead to scan for expiring contracts.
      - name: jira_project_key
        in: body
        type: string
        description: Jira project key for procurement tasks.
      steps:
      - name: get-expiring
        type: call
        call: ariba-contracts.get-expiring-contracts
        with:
          days_ahead: '{{days_ahead}}'
      - name: create-renewal-task
        type: call
        call: jira-contracts.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Task
          summary: Contract renewals due within {{days_ahead}} days
          description: 'Expiring contracts: {{get-expiring.contract_ids}}'
  consumes:
  - type: http
    namespace: ariba-contracts
    baseUri: https://openapi.ariba.com/api/contract/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: contracts
      path: /contracts
      inputParameters:
      - name: days_ahead
        in: query
      operations:
      - name: get-expiring-contracts
        method: GET
  - type: http
    namespace: jira-contracts
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Activates an Adobe Target A/B test activity by activity ID and logs the activation event to Snowflake for tracking.

naftiko: '0.5'
info:
  label: Adobe Target Experience Activation
  description: Activates an Adobe Target A/B test activity by activity ID and logs the activation event to Snowflake for tracking.
  tags:
  - personalization
  - experimentation
  - adobe
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: cx-ops
    port: 8080
    tools:
    - name: activate-ab-test
      description: Given an Adobe Target activity ID, activate the A/B test and log the event to Snowflake.
      inputParameters:
      - name: activity_id
        in: body
        type: string
        description: Adobe Target activity ID.
      steps:
      - name: activate-activity
        type: call
        call: target.update-activity
        with:
          activity_id: '{{activity_id}}'
          state: approved
      - name: log-activation
        type: call
        call: snowflake.insert-row
        with:
          table: AB_TEST_ACTIVATIONS
          values:
            activity_id: '{{activity_id}}'
            activated_at: '{{activate-activity.modifiedAt}}'
  consumes:
  - type: http
    namespace: target
    baseUri: https://mc.adobe.io/adobe/target
    authentication:
      type: bearer
      token: $secrets.adobe_target_token
    resources:
    - name: activities
      path: /activities/ab/{{activity_id}}/state
      inputParameters:
      - name: activity_id
        in: path
      operations:
      - name: update-activity
        method: PUT
  - type: http
    namespace: snowflake
    baseUri: https://adobe.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-row
        method: POST

When an employee changes teams in Workday, updates their Azure Active Directory group memberships to match the new role.

naftiko: '0.5'
info:
  label: Azure AD Group Membership Sync
  description: When an employee changes teams in Workday, updates their Azure Active Directory group memberships to match the new role.
  tags:
  - identity
  - hr
  - azure-active-directory
  - workday
capability:
  exposes:
  - type: mcp
    namespace: iam-ops
    port: 8080
    tools:
    - name: sync-ad-groups
      description: Given a Workday employee ID and new team code, fetch the required AD groups and update Azure AD memberships.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: new_team_code
        in: body
        type: string
        description: New team code from Workday.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          employee_id: '{{employee_id}}'
      - name: update-groups
        type: call
        call: azuread.update-group-membership
        with:
          user_principal_name: '{{get-employee.email}}'
          team_code: '{{new_team_code}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/adobe
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: workers
      path: /Human_Resources/v40.0/Get_Workers
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: groups
      path: /groups
      operations:
      - name: update-group-membership
        method: POST

Retrieves a lead record from Marketo and returns the current lead score, status, and last activity date.

naftiko: '0.5'
info:
  label: Marketo Lead Scoring Update
  description: Retrieves a lead record from Marketo and returns the current lead score, status, and last activity date.
  tags:
  - marketing
  - crm
  - marketo
capability:
  exposes:
  - type: mcp
    namespace: marketing-ops
    port: 8080
    tools:
    - name: get-lead-score
      description: Given a Marketo lead ID, return the current lead score, lifecycle status, and last activity timestamp. Use when sales needs to verify lead qualification before outreach.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: Marketo lead ID.
      call: marketo.get-lead
      with:
        lead_id: '{{lead_id}}'
      outputParameters:
      - name: lead_score
        type: number
        mapping: $.result[0].leadScore
      - name: status
        type: string
        mapping: $.result[0].status
      - name: last_activity
        type: string
        mapping: $.result[0].lastActivityDate
  consumes:
  - type: http
    namespace: marketo
    baseUri: https://adobe-mkt.mktorest.com/rest/v1
    authentication:
      type: bearer
      token: $secrets.marketo_access_token
    resources:
    - name: leads
      path: /lead/{{lead_id}}.json
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: get-lead
        method: GET

Retrieves IT asset details from ServiceNow CMDB by asset tag, returning model, assigned user, and warranty status.

naftiko: '0.5'
info:
  label: ServiceNow IT Asset Lookup
  description: Retrieves IT asset details from ServiceNow CMDB by asset tag, returning model, assigned user, and warranty status.
  tags:
  - it-operations
  - asset-management
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: it-ops
    port: 8080
    tools:
    - name: get-it-asset
      description: Given a ServiceNow asset tag, return model name, assigned user, location, and warranty expiry date. Use for IT support ticket triage and hardware refresh planning.
      inputParameters:
      - name: asset_tag
        in: body
        type: string
        description: ServiceNow asset tag identifier.
      call: servicenow.get-asset
      with:
        asset_tag: '{{asset_tag}}'
      outputParameters:
      - name: model
        type: string
        mapping: $.result.model_id.display_value
      - name: assigned_to
        type: string
        mapping: $.result.assigned_to.display_value
      - name: warranty_expiry
        type: string
        mapping: $.result.warranty_expiration
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: assets
      path: /table/alm_hardware
      inputParameters:
      - name: asset_tag
        in: query
      operations:
      - name: get-asset
        method: GET

Publishes an Adobe Launch (Experience Platform Tags) library to production and notifies the analytics team via Slack.

naftiko: '0.5'
info:
  label: Adobe Launch Rule Deployment
  description: Publishes an Adobe Launch (Experience Platform Tags) library to production and notifies the analytics team via Slack.
  tags:
  - marketing
  - tag-management
  - adobe
  - slack
capability:
  exposes:
  - type: mcp
    namespace: martech-ops
    port: 8080
    tools:
    - name: deploy-launch-library
      description: Given an Adobe Launch property ID and library ID, publish the library to production and notify the analytics Slack channel.
      inputParameters:
      - name: property_id
        in: body
        type: string
        description: Adobe Launch property ID.
      - name: library_id
        in: body
        type: string
        description: Adobe Launch library ID to publish.
      steps:
      - name: publish-library
        type: call
        call: launch.publish-library
        with:
          property_id: '{{property_id}}'
          library_id: '{{library_id}}'
      - name: notify-team
        type: call
        call: slack.post-message
        with:
          channel: analytics-ops
          text: Adobe Launch library {{library_id}} published to production for property {{property_id}}
  consumes:
  - type: http
    namespace: launch
    baseUri: https://reactor.adobe.io
    authentication:
      type: bearer
      token: $secrets.adobe_launch_token
    resources:
    - name: libraries
      path: /properties/{{property_id}}/libraries/{{library_id}}/publish
      inputParameters:
      - name: property_id
        in: path
      - name: library_id
        in: path
      operations:
      - name: publish-library
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Checks the message count in an Amazon SQS dead letter queue and, if above threshold, creates a PagerDuty alert and posts to Slack.

naftiko: '0.5'
info:
  label: Amazon SQS Dead Letter Queue Monitor
  description: Checks the message count in an Amazon SQS dead letter queue and, if above threshold, creates a PagerDuty alert and posts to Slack.
  tags:
  - engineering
  - messaging
  - amazon-sqs
  - pagerduty
  - slack
capability:
  exposes:
  - type: mcp
    namespace: platform-ops
    port: 8080
    tools:
    - name: monitor-dlq
      description: Given an SQS DLQ URL and message threshold, check the queue depth. If above threshold, trigger a PagerDuty alert and Slack notification.
      inputParameters:
      - name: queue_url
        in: body
        type: string
        description: SQS dead letter queue URL.
      - name: threshold
        in: body
        type: integer
        description: Message count threshold.
      steps:
      - name: get-queue-attrs
        type: call
        call: sqs.get-queue-attributes
        with:
          queue_url: '{{queue_url}}'
          attribute_names: ApproximateNumberOfMessages
      - name: alert-pd
        type: call
        call: pagerduty.create-event
        with:
          routing_key: $secrets.pagerduty_routing_key
          summary: DLQ depth {{get-queue-attrs.ApproximateNumberOfMessages}} exceeds threshold {{threshold}}
          severity: error
      - name: notify-slack
        type: call
        call: slack.post-message
        with:
          channel: platform-alerts
          text: 'SQS DLQ alert: {{get-queue-attrs.ApproximateNumberOfMessages}} messages in queue (threshold: {{threshold}})'
  consumes:
  - type: http
    namespace: sqs
    baseUri: https://sqs.us-east-1.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: queues
      path: /
      operations:
      - name: get-queue-attributes
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://events.pagerduty.com/v2
    authentication:
      type: none
    resources:
    - name: events
      path: /enqueue
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Executes a SQL query against Amazon Redshift and returns the result set for data warehouse lookups.

naftiko: '0.5'
info:
  label: Amazon Redshift Query Execution
  description: Executes a SQL query against Amazon Redshift and returns the result set for data warehouse lookups.
  tags:
  - data
  - analytics
  - amazon-redshift
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: run-redshift-query
      description: Given a SQL statement and Redshift cluster identifier, execute the query and return the results.
      inputParameters:
      - name: sql
        in: body
        type: string
        description: SQL query to execute.
      - name: cluster_id
        in: body
        type: string
        description: Redshift cluster identifier.
      - name: database
        in: body
        type: string
        description: Database name.
      call: redshift.execute-statement
      with:
        sql: '{{sql}}'
        cluster_id: '{{cluster_id}}'
        database: '{{database}}'
      outputParameters:
      - name: statement_id
        type: string
        mapping: $.Id
  consumes:
  - type: http
    namespace: redshift
    baseUri: https://redshift-data.us-east-1.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: statements
      path: /
      operations:
      - name: execute-statement
        method: POST

When an employee termination is processed in Workday, deactivates their Okta account, closes open ServiceNow access requests, and deactivates the Salesforce user license.

naftiko: '0.5'
info:
  label: Employee Offboarding Deprovisioning
  description: When an employee termination is processed in Workday, deactivates their Okta account, closes open ServiceNow access requests, and deactivates the Salesforce user license.
  tags:
  - hr
  - offboarding
  - okta
  - workday
  - identity
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: deprovision-terminated-employee
      description: Given a terminated employee's Workday ID, Okta user ID, and Salesforce user ID, deactivate their Okta account, close open ServiceNow access requests, and deactivate their Salesforce license. Use immediately upon processing a termination in Workday.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID of the terminated employee.
      - name: okta_user_id
        in: body
        type: string
        description: Okta user ID to deactivate.
      - name: salesforce_user_id
        in: body
        type: string
        description: Salesforce user ID to deactivate.
      steps:
      - name: deactivate-okta
        type: call
        call: okta-offboard.deactivate-user
        with:
          user_id: '{{okta_user_id}}'
      - name: close-requests
        type: call
        call: servicenow-offboard.close-user-requests
        with:
          employee_id: '{{workday_employee_id}}'
      - name: deactivate-sf
        type: call
        call: salesforce-offboard.update-user
        with:
          user_id: '{{salesforce_user_id}}'
          is_active: 'false'
  consumes:
  - type: http
    namespace: okta-offboard
    baseUri: https://adobe.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_token
      placement: header
    resources:
    - name: user-lifecycle
      path: /users/{{user_id}}/lifecycle/deactivate
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: deactivate-user
        method: POST
  - type: http
    namespace: servicenow-offboard
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: close-user-requests
        method: PATCH
  - type: http
    namespace: salesforce-offboard
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: users
      path: /sobjects/User/{{user_id}}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: update-user
        method: PATCH

Retrieves vendor master data from SAP S/4HANA by vendor number, returning name, address, and payment terms.

naftiko: '0.5'
info:
  label: SAP Vendor Master Lookup
  description: Retrieves vendor master data from SAP S/4HANA by vendor number, returning name, address, and payment terms.
  tags:
  - procurement
  - erp
  - sap
capability:
  exposes:
  - type: mcp
    namespace: erp-ops
    port: 8080
    tools:
    - name: get-vendor
      description: Given a SAP vendor number, return vendor name, address, and payment terms. Use for invoice verification and onboarding.
      inputParameters:
      - name: vendor_number
        in: body
        type: string
        description: SAP vendor number.
      call: sap.get-vendor
      with:
        vendor: '{{vendor_number}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.d.SupplierName
      - name: city
        type: string
        mapping: $.d.AddressData.CityName
      - name: payment_terms
        type: string
        mapping: $.d.PaymentTerms
  consumes:
  - type: http
    namespace: sap
    baseUri: https://adobe-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: suppliers
      path: /A_Supplier('{{vendor}}')
      inputParameters:
      - name: vendor
        in: path
      operations:
      - name: get-vendor
        method: GET

When an Azure Monitor metric alert fires, creates a ServiceNow incident and notifies the cloud ops Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Azure Monitor Metric Alert Handler
  description: When an Azure Monitor metric alert fires, creates a ServiceNow incident and notifies the cloud ops Microsoft Teams channel.
  tags:
  - cloud
  - monitoring
  - azure-monitor
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cloud-ops
    port: 8080
    tools:
    - name: handle-azure-alert
      description: Given an Azure Monitor alert rule name and resource ID, create a ServiceNow incident and notify the cloud ops Teams channel.
      inputParameters:
      - name: alert_rule
        in: body
        type: string
        description: Azure Monitor alert rule name.
      - name: resource_id
        in: body
        type: string
        description: Azure resource ID that triggered the alert.
      - name: severity
        in: body
        type: string
        description: Alert severity (Sev0-Sev4).
      steps:
      - name: create-snow-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Azure alert: {{alert_rule}} on {{resource_id}}'
          severity: '{{severity}}'
          category: Cloud Infrastructure
      - name: notify-teams
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: cloud-ops
          text: 'Azure alert fired: {{alert_rule}} | Resource: {{resource_id}} | Severity: {{severity}} | SNOW: {{create-snow-incident.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves email delivery statistics from SendGrid for a given date range, returning delivered, bounced, and opened counts.

naftiko: '0.5'
info:
  label: SendGrid Email Delivery Status
  description: Retrieves email delivery statistics from SendGrid for a given date range, returning delivered, bounced, and opened counts.
  tags:
  - communications
  - email
  - sendgrid
capability:
  exposes:
  - type: mcp
    namespace: email-ops
    port: 8080
    tools:
    - name: get-delivery-stats
      description: Given a date range, return SendGrid email delivery stats including delivered, bounced, and opened counts.
      inputParameters:
      - name: start_date
        in: body
        type: string
        description: Start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: End date in YYYY-MM-DD format.
      call: sendgrid.get-stats
      with:
        start_date: '{{start_date}}'
        end_date: '{{end_date}}'
      outputParameters:
      - name: delivered
        type: integer
        mapping: $.stats[0].metrics.delivered
      - name: bounces
        type: integer
        mapping: $.stats[0].metrics.bounces
      - name: opens
        type: integer
        mapping: $.stats[0].metrics.opens
  consumes:
  - type: http
    namespace: sendgrid
    baseUri: https://api.sendgrid.com/v3
    authentication:
      type: bearer
      token: $secrets.sendgrid_api_key
    resources:
    - name: stats
      path: /stats
      operations:
      - name: get-stats
        method: GET

When a Creative Cloud enterprise subscription is approaching renewal, enriches the Salesforce account from ZoomInfo, creates a renewal opportunity, and alerts the account manager in Teams.

naftiko: '0.5'
info:
  label: Creative Cloud Subscription Renewal Outreach
  description: When a Creative Cloud enterprise subscription is approaching renewal, enriches the Salesforce account from ZoomInfo, creates a renewal opportunity, and alerts the account manager in Teams.
  tags:
  - sales
  - crm
  - salesforce
  - creative-cloud
  - renewal
capability:
  exposes:
  - type: mcp
    namespace: renewal-ops
    port: 8080
    tools:
    - name: trigger-renewal-outreach
      description: Given a Salesforce account ID and contract end date, enrich the account with ZoomInfo data, create a renewal opportunity in Salesforce, and send a Teams alert to the account manager. Use when contract end dates are within 90 days.
      inputParameters:
      - name: salesforce_account_id
        in: body
        type: string
        description: Salesforce account ID for the renewing customer.
      - name: contract_end_date
        in: body
        type: string
        description: Contract expiration date in YYYY-MM-DD format.
      - name: account_manager_upn
        in: body
        type: string
        description: Account manager Teams UPN.
      - name: zoominfo_company_id
        in: body
        type: string
        description: ZoomInfo company ID for enrichment.
      steps:
      - name: enrich-account
        type: call
        call: zoominfo.get-company
        with:
          company_id: '{{zoominfo_company_id}}'
      - name: update-sf-account
        type: call
        call: salesforce-acct.update-account
        with:
          account_id: '{{salesforce_account_id}}'
          employees: '{{enrich-account.employee_count}}'
          annual_revenue: '{{enrich-account.revenue}}'
      - name: create-renewal-opp
        type: call
        call: salesforce-opp.create-opportunity
        with:
          account_id: '{{salesforce_account_id}}'
          name: Renewal — {{enrich-account.company_name}} — {{contract_end_date}}
          stage_name: Renewal Outreach
          close_date: '{{contract_end_date}}'
      - name: alert-account-manager
        type: call
        call: msteams-renewal.send-message
        with:
          recipient_upn: '{{account_manager_upn}}'
          text: 'Renewal alert: {{enrich-account.company_name}} contract ends {{contract_end_date}}. Renewal opportunity created: {{create-renewal-opp.id}}. Employees: {{enrich-account.employee_count}}'
  consumes:
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com/search
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /company/{{company_id}}
      inputParameters:
      - name: company_id
        in: path
      operations:
      - name: get-company
        method: GET
  - type: http
    namespace: salesforce-acct
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-account
        method: PATCH
  - type: http
    namespace: salesforce-opp
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity
      operations:
      - name: create-opportunity
        method: POST
  - type: http
    namespace: msteams-renewal
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Checks the health status of an Elasticsearch index, returning shard count, document count, and store size, then posts critical findings to Slack.

naftiko: '0.5'
info:
  label: Elasticsearch Index Health Check
  description: Checks the health status of an Elasticsearch index, returning shard count, document count, and store size, then posts critical findings to Slack.
  tags:
  - data
  - search
  - elasticsearch
  - slack
capability:
  exposes:
  - type: mcp
    namespace: search-ops
    port: 8080
    tools:
    - name: check-index-health
      description: Given an Elasticsearch index name, fetch health metrics and post any red-status findings to the platform Slack channel.
      inputParameters:
      - name: index_name
        in: body
        type: string
        description: Elasticsearch index name.
      steps:
      - name: get-index-stats
        type: call
        call: elasticsearch.get-index-stats
        with:
          index: '{{index_name}}'
      - name: alert-if-unhealthy
        type: call
        call: slack.post-message
        with:
          channel: platform-alerts
          text: 'Elasticsearch index {{index_name}}: status={{get-index-stats.health}}, docs={{get-index-stats.docs_count}}, size={{get-index-stats.store_size}}'
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://adobe-es.es.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: indices
      path: /_cat/indices/{{index}}
      inputParameters:
      - name: index
        in: path
      operations:
      - name: get-index-stats
        method: GET
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves the latest run results for a Postman API monitor, returning pass/fail count and average response time.

naftiko: '0.5'
info:
  label: Postman API Monitor Status
  description: Retrieves the latest run results for a Postman API monitor, returning pass/fail count and average response time.
  tags:
  - engineering
  - api-management
  - postman
capability:
  exposes:
  - type: mcp
    namespace: api-ops
    port: 8080
    tools:
    - name: get-monitor-status
      description: Given a Postman monitor ID, return the latest run results including pass count, fail count, and average response time.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: Postman monitor ID.
      call: postman.get-monitor
      with:
        monitor_id: '{{monitor_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.monitor.lastRun.status
      - name: pass_count
        type: integer
        mapping: $.monitor.lastRun.stats.assertions.passed
      - name: fail_count
        type: integer
        mapping: $.monitor.lastRun.stats.assertions.failed
  consumes:
  - type: http
    namespace: postman
    baseUri: https://api.getpostman.com
    authentication:
      type: apikey
      key: X-Api-Key
      value: $secrets.postman_api_key
      placement: header
    resources:
    - name: monitors
      path: /monitors/{{monitor_id}}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET

Checks Snowflake task history for failed pipelines in the Experience Cloud data warehouse, logs anomalies to Datadog, and opens Jira tickets for the data engineering team.

naftiko: '0.5'
info:
  label: Snowflake Data Pipeline Health Check
  description: Checks Snowflake task history for failed pipelines in the Experience Cloud data warehouse, logs anomalies to Datadog, and opens Jira tickets for the data engineering team.
  tags:
  - data
  - snowflake
  - datadog
  - monitoring
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: check-pipeline-health
      description: Query Snowflake task execution history for failures, log each failure as a Datadog error event, and open a Jira ticket for the data engineering team if failures are detected. Use daily to verify Adobe's Experience Cloud data pipelines.
      inputParameters:
      - name: lookback_hours
        in: body
        type: integer
        description: Hours of pipeline history to examine.
      - name: jira_project_key
        in: body
        type: string
        description: Jira project key for data engineering tickets.
      steps:
      - name: get-failures
        type: call
        call: snowflake.get-task-failures
        with:
          lookback_hours: '{{lookback_hours}}'
      - name: log-dd-failures
        type: call
        call: datadog-data.create-event
        with:
          title: Snowflake pipeline failures
          text: 'Failed tasks: {{get-failures.task_names}}'
          alert_type: error
      - name: create-jira
        type: call
        call: jira-data.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Bug
          summary: Snowflake pipeline failures — {{get-failures.task_count}} tasks
          description: 'Tasks: {{get-failures.task_names}} | Datadog: {{log-dd-failures.url}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://adobe.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: task-history
      path: /databases/EXPERIENCE_CLOUD/schemas/PUBLIC/tasks/history
      inputParameters:
      - name: lookback_hours
        in: query
      operations:
      - name: get-task-failures
        method: GET
  - type: http
    namespace: datadog-data
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: jira-data
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Creates a new Microsoft Teams channel for a project and posts a welcome message with links to Jira board and Confluence space.

naftiko: '0.5'
info:
  label: Microsoft Teams Channel Provisioning
  description: Creates a new Microsoft Teams channel for a project and posts a welcome message with links to Jira board and Confluence space.
  tags:
  - collaboration
  - project-management
  - microsoft-teams
  - jira
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: collab-ops
    port: 8080
    tools:
    - name: provision-project-channel
      description: Given a project name, create a Teams channel, and post a welcome message with links to the corresponding Jira board and Confluence space.
      inputParameters:
      - name: project_name
        in: body
        type: string
        description: Project name for the new channel.
      - name: team_id
        in: body
        type: string
        description: Microsoft Teams team ID.
      - name: jira_board_url
        in: body
        type: string
        description: Jira board URL for the project.
      - name: confluence_space_url
        in: body
        type: string
        description: Confluence space URL.
      steps:
      - name: create-channel
        type: call
        call: msteams.create-channel
        with:
          team_id: '{{team_id}}'
          display_name: '{{project_name}}'
          description: Project channel for {{project_name}}
      - name: post-welcome
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{create-channel.id}}'
          text: 'Welcome to {{project_name}}! Jira: {{jira_board_url}} | Confluence: {{confluence_space_url}}'
  consumes:
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/{{team_id}}/channels
      inputParameters:
      - name: team_id
        in: path
      operations:
      - name: create-channel
        method: POST
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Assigns an Okta user to an application and logs the provisioning event to ServiceNow for audit.

naftiko: '0.5'
info:
  label: Okta Application Assignment
  description: Assigns an Okta user to an application and logs the provisioning event to ServiceNow for audit.
  tags:
  - identity
  - provisioning
  - okta
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: iam-ops
    port: 8080
    tools:
    - name: assign-app-to-user
      description: Given an Okta user ID and application ID, assign the user to the application and create a ServiceNow audit record.
      inputParameters:
      - name: user_id
        in: body
        type: string
        description: Okta user ID.
      - name: app_id
        in: body
        type: string
        description: Okta application ID.
      steps:
      - name: assign-app
        type: call
        call: okta.assign-application
        with:
          app_id: '{{app_id}}'
          user_id: '{{user_id}}'
      - name: log-audit
        type: call
        call: servicenow.create-record
        with:
          table: u_access_audit
          user_id: '{{user_id}}'
          application: '{{app_id}}'
          action: assigned
  consumes:
  - type: http
    namespace: okta
    baseUri: https://adobe.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: app-users
      path: /apps/{{app_id}}/users
      inputParameters:
      - name: app_id
        in: path
      operations:
      - name: assign-application
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

After a customer completes an NPS survey, updates their Salesforce account with the score, creates a follow-up task for low scores, and logs the response in Snowflake.

naftiko: '0.5'
info:
  label: Experience Cloud Customer NPS Survey Sync
  description: After a customer completes an NPS survey, updates their Salesforce account with the score, creates a follow-up task for low scores, and logs the response in Snowflake.
  tags:
  - crm
  - customer-service
  - salesforce
  - nps
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: nps-ops
    port: 8080
    tools:
    - name: process-nps-response
      description: Given a customer NPS score and Salesforce account ID, update the account record with the NPS score, create a follow-up task in Salesforce if the score is below 7 (detractor), and log the response to Snowflake for analytics. Use when NPS survey responses are received.
      inputParameters:
      - name: salesforce_account_id
        in: body
        type: string
        description: Salesforce account ID of the respondent.
      - name: nps_score
        in: body
        type: integer
        description: NPS score from 0–10.
      - name: respondent_email
        in: body
        type: string
        description: Respondent email address.
      - name: survey_date
        in: body
        type: string
        description: Survey completion date in YYYY-MM-DD format.
      steps:
      - name: update-sf-account
        type: call
        call: salesforce-nps.update-account
        with:
          account_id: '{{salesforce_account_id}}'
          nps_score: '{{nps_score}}'
          last_nps_date: '{{survey_date}}'
      - name: create-followup-task
        type: call
        call: salesforce-nps-task.create-task
        with:
          account_id: '{{salesforce_account_id}}'
          subject: 'NPS Detractor Follow-up — Score: {{nps_score}}'
          description: Customer scored {{nps_score}}. Contact to understand issues and recover.
      - name: log-to-snowflake
        type: call
        call: snowflake-nps.insert-record
        with:
          account_id: '{{salesforce_account_id}}'
          email: '{{respondent_email}}'
          score: '{{nps_score}}'
          survey_date: '{{survey_date}}'
  consumes:
  - type: http
    namespace: salesforce-nps
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-account
        method: PATCH
  - type: http
    namespace: salesforce-nps-task
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: tasks
      path: /sobjects/Task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: snowflake-nps
    baseUri: https://adobe.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: nps-records
      path: /databases/CX_ANALYTICS/schemas/PUBLIC/tables/NPS_RESPONSES/rows
      operations:
      - name: insert-record
        method: POST

Retrieves the status of a Databricks job run by run ID, returning state, start time, and duration.

naftiko: '0.5'
info:
  label: Databricks Job Run Status
  description: Retrieves the status of a Databricks job run by run ID, returning state, start time, and duration.
  tags:
  - data-engineering
  - analytics
  - databricks
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: get-job-run-status
      description: Given a Databricks run ID, return the run state, start time, and duration in seconds. Use for pipeline monitoring.
      inputParameters:
      - name: run_id
        in: body
        type: string
        description: Databricks job run ID.
      call: databricks.get-run
      with:
        run_id: '{{run_id}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.state.life_cycle_state
      - name: result_state
        type: string
        mapping: $.state.result_state
      - name: start_time
        type: number
        mapping: $.start_time
  consumes:
  - type: http
    namespace: databricks
    baseUri: https://adobe.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: runs
      path: /jobs/runs/get
      inputParameters:
      - name: run_id
        in: query
      operations:
      - name: get-run
        method: GET

Retrieves a unified customer profile from Adobe Experience Platform by identity, returning segments, attributes, and last activity.

naftiko: '0.5'
info:
  label: Adobe Experience Platform Profile Lookup
  description: Retrieves a unified customer profile from Adobe Experience Platform by identity, returning segments, attributes, and last activity.
  tags:
  - customer-data
  - personalization
  - adobe-experience-cloud
capability:
  exposes:
  - type: mcp
    namespace: cdp-ops
    port: 8080
    tools:
    - name: get-profile
      description: Given a customer identity namespace and value, return the unified profile with segment memberships, key attributes, and last activity date.
      inputParameters:
      - name: namespace
        in: body
        type: string
        description: Identity namespace (e.g., Email, ECID).
      - name: identity_value
        in: body
        type: string
        description: Identity value.
      call: aep.get-profile
      with:
        namespace: '{{namespace}}'
        value: '{{identity_value}}'
      outputParameters:
      - name: segments
        type: array
        mapping: $.segmentMembership
      - name: attributes
        type: object
        mapping: $.record
      - name: last_activity
        type: string
        mapping: $.lastActivityDate
  consumes:
  - type: http
    namespace: aep
    baseUri: https://platform.adobe.io/data/core/ups
    authentication:
      type: bearer
      token: $secrets.aep_token
    resources:
    - name: profiles
      path: /access/entities
      operations:
      - name: get-profile
        method: GET

Retrieves the current on-call engineer for a given PagerDuty schedule and returns their name, email, and shift end time.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Schedule Lookup
  description: Retrieves the current on-call engineer for a given PagerDuty schedule and returns their name, email, and shift end time.
  tags:
  - engineering
  - incident-management
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: incident-ops
    port: 8080
    tools:
    - name: get-on-call
      description: Given a PagerDuty schedule ID, return the current on-call engineer's name, email, and shift end time.
      inputParameters:
      - name: schedule_id
        in: body
        type: string
        description: PagerDuty schedule ID.
      call: pagerduty.get-on-call
      with:
        schedule_id: '{{schedule_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.schedule.final_schedule.rendered_schedule_entries[0].user.summary
      - name: email
        type: string
        mapping: $.schedule.final_schedule.rendered_schedule_entries[0].user.email
      - name: shift_end
        type: string
        mapping: $.schedule.final_schedule.rendered_schedule_entries[0].end
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: schedules
      path: /schedules/{{schedule_id}}
      inputParameters:
      - name: schedule_id
        in: path
      operations:
      - name: get-on-call
        method: GET

Queries Workday for employees who have not completed benefits enrollment and sends reminder emails via Microsoft Graph.

naftiko: '0.5'
info:
  label: Workday Benefits Enrollment Reminder
  description: Queries Workday for employees who have not completed benefits enrollment and sends reminder emails via Microsoft Graph.
  tags:
  - hr
  - benefits
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-ops
    port: 8080
    tools:
    - name: send-enrollment-reminders
      description: Fetch employees with incomplete benefits enrollment from Workday and send email reminders via Microsoft Graph.
      inputParameters:
      - name: enrollment_period
        in: body
        type: string
        description: Benefits enrollment period identifier.
      steps:
      - name: get-incomplete
        type: call
        call: workday.get-pending-enrollment
        with:
          period: '{{enrollment_period}}'
      - name: send-reminders
        type: call
        call: msgraph.send-mail
        with:
          recipients: '{{get-incomplete.employee_emails}}'
          subject: 'Action Required: Complete Your Benefits Enrollment'
          body: Please complete your benefits enrollment for period {{enrollment_period}} in Workday.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/adobe
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: benefits
      path: /Benefits/v40.0
      operations:
      - name: get-pending-enrollment
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-mail
        method: POST

When a new job requisition is approved in Workday, creates the corresponding job posting on LinkedIn and updates the requisition with the LinkedIn post URL.

naftiko: '0.5'
info:
  label: LinkedIn Job Posting Sync
  description: When a new job requisition is approved in Workday, creates the corresponding job posting on LinkedIn and updates the requisition with the LinkedIn post URL.
  tags:
  - hr
  - recruiting
  - workday
  - linkedin
capability:
  exposes:
  - type: mcp
    namespace: recruiting-ops
    port: 8080
    tools:
    - name: sync-job-to-linkedin
      description: Given a Workday requisition ID, fetch the job details and create a LinkedIn job posting. Update Workday with the LinkedIn URL.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: Workday job requisition ID.
      steps:
      - name: get-requisition
        type: call
        call: workday.get-requisition
        with:
          requisition_id: '{{requisition_id}}'
      - name: create-linkedin-post
        type: call
        call: linkedin.create-job
        with:
          title: '{{get-requisition.title}}'
          description: '{{get-requisition.description}}'
          location: '{{get-requisition.location}}'
      - name: update-workday
        type: call
        call: workday.update-requisition
        with:
          requisition_id: '{{requisition_id}}'
          linkedin_url: '{{create-linkedin-post.url}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/adobe
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: requisitions
      path: /Recruiting/v40.0
      operations:
      - name: get-requisition
        method: GET
      - name: update-requisition
        method: PUT
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: jobs
      path: /simpleJobPostings
      operations:
      - name: create-job
        method: POST

Retrieves delivery statistics for an Adobe Campaign email delivery, returning sent count, open rate, and bounce rate.

naftiko: '0.5'
info:
  label: Adobe Campaign Delivery Report
  description: Retrieves delivery statistics for an Adobe Campaign email delivery, returning sent count, open rate, and bounce rate.
  tags:
  - marketing
  - email
  - adobe-campaign
capability:
  exposes:
  - type: mcp
    namespace: campaign-ops
    port: 8080
    tools:
    - name: get-delivery-report
      description: Given an Adobe Campaign delivery ID, return sent count, open rate, click rate, and bounce rate.
      inputParameters:
      - name: delivery_id
        in: body
        type: string
        description: Adobe Campaign delivery ID.
      call: campaign.get-delivery
      with:
        delivery_id: '{{delivery_id}}'
      outputParameters:
      - name: sent
        type: integer
        mapping: $.sent
      - name: open_rate
        type: number
        mapping: $.openRate
      - name: bounce_rate
        type: number
        mapping: $.bounceRate
  consumes:
  - type: http
    namespace: campaign
    baseUri: https://mc.adobe.io/adobe/campaign
    authentication:
      type: bearer
      token: $secrets.adobe_campaign_token
    resources:
    - name: deliveries
      path: /profileAndServicesExt/delivery/{{delivery_id}}
      inputParameters:
      - name: delivery_id
        in: path
      operations:
      - name: get-delivery
        method: GET

When a Workday role change is approved, updates Okta group memberships, adjusts the Salesforce user profile, and creates an IT ServiceNow follow-up task.

naftiko: '0.5'
info:
  label: Employee Role Change Provisioning
  description: When a Workday role change is approved, updates Okta group memberships, adjusts the Salesforce user profile, and creates an IT ServiceNow follow-up task.
  tags:
  - hr
  - identity
  - workday
  - okta
  - provisioning
capability:
  exposes:
  - type: mcp
    namespace: role-provisioning
    port: 8080
    tools:
    - name: process-role-change
      description: Given a Workday employee ID, new role, and Okta group changes, update Okta group membership, update the Salesforce user profile, and create a ServiceNow IT task for access follow-up. Use when an employee's role or department changes.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID of the employee.
      - name: new_role
        in: body
        type: string
        description: New job title or role.
      - name: okta_add_group_id
        in: body
        type: string
        description: Okta group ID to add the employee to.
      - name: salesforce_user_id
        in: body
        type: string
        description: Salesforce user ID to update.
      steps:
      - name: get-worker
        type: call
        call: workday-rc.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: add-to-okta-group
        type: call
        call: okta-role.add-user-to-group
        with:
          group_id: '{{okta_add_group_id}}'
          user_email: '{{get-worker.work_email}}'
      - name: update-sf-user
        type: call
        call: salesforce-rc.update-user
        with:
          user_id: '{{salesforce_user_id}}'
          title: '{{new_role}}'
      - name: create-it-task
        type: call
        call: servicenow-rc.create-task
        with:
          short_description: 'Role change: {{get-worker.full_name}} → {{new_role}}'
          category: access_management
          assigned_group: IT_Access
  consumes:
  - type: http
    namespace: workday-rc
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta-role
    baseUri: https://adobe.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_token
      placement: header
    resources:
    - name: group-users
      path: /groups/{{group_id}}/users
      inputParameters:
      - name: group_id
        in: path
      operations:
      - name: add-user-to-group
        method: PUT
  - type: http
    namespace: salesforce-rc
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: users
      path: /sobjects/User/{{user_id}}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: update-user
        method: PATCH
  - type: http
    namespace: servicenow-rc
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

When a complex ServiceNow support ticket arrives, sends the ticket description to Anthropic Claude for an intelligent triage summary and routes it to the correct team.

naftiko: '0.5'
info:
  label: AI-Assisted Customer Support Ticket Summarization
  description: When a complex ServiceNow support ticket arrives, sends the ticket description to Anthropic Claude for an intelligent triage summary and routes it to the correct team.
  tags:
  - ai
  - customer-service
  - servicenow
  - anthropic
  - triage
capability:
  exposes:
  - type: mcp
    namespace: ai-support
    port: 8080
    tools:
    - name: triage-support-ticket
      description: Given a ServiceNow incident ID, retrieve the full ticket description, send it to Anthropic Claude for intelligent triage and routing recommendation, then update the ServiceNow ticket with the AI summary and recommended assignment group. Use for complex support tickets requiring expert triage.
      inputParameters:
      - name: incident_id
        in: body
        type: string
        description: ServiceNow incident sys_id to triage.
      - name: support_channel_id
        in: body
        type: string
        description: Support Teams channel ID for triage summaries.
      steps:
      - name: get-ticket
        type: call
        call: servicenow-triage.get-incident
        with:
          sys_id: '{{incident_id}}'
      - name: generate-summary
        type: call
        call: anthropic.create-message
        with:
          model: claude-opus-4-5
          prompt: 'Analyze this Adobe support ticket and provide: 1) a 2-sentence summary, 2) the recommended team to assign it to (Creative Cloud, Document Cloud, or Experience Cloud), 3) estimated priority. Ticket: {{get-ticket.description}}'
      - name: update-ticket
        type: call
        call: servicenow-triage-update.update-incident
        with:
          sys_id: '{{incident_id}}'
          ai_summary: '{{generate-summary.content[0].text}}'
      - name: notify-support
        type: call
        call: msteams-support.post-channel-message
        with:
          channel_id: '{{support_channel_id}}'
          text: 'AI Triage for INC {{incident_id}}: {{generate-summary.content[0].text}}'
  consumes:
  - type: http
    namespace: servicenow-triage
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident/{{sys_id}}
      inputParameters:
      - name: sys_id
        in: path
      operations:
      - name: get-incident
        method: GET
  - type: http
    namespace: anthropic
    baseUri: https://api.anthropic.com/v1
    authentication:
      type: apikey
      key: x-api-key
      value: $secrets.anthropic_api_key
      placement: header
    resources:
    - name: messages
      path: /messages
      operations:
      - name: create-message
        method: POST
  - type: http
    namespace: servicenow-triage-update
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident/{{sys_id}}
      inputParameters:
      - name: sys_id
        in: path
      operations:
      - name: update-incident
        method: PATCH
  - type: http
    namespace: msteams-support
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Triggers a Power BI dataset refresh by dataset ID and returns the refresh status.

naftiko: '0.5'
info:
  label: Power BI Dataset Refresh
  description: Triggers a Power BI dataset refresh by dataset ID and returns the refresh status.
  tags:
  - analytics
  - reporting
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: bi-ops
    port: 8080
    tools:
    - name: refresh-dataset
      description: Given a Power BI dataset ID, trigger a dataset refresh and return the request ID. Use when data pipelines complete and dashboards need updating.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset ID.
      - name: group_id
        in: body
        type: string
        description: Power BI workspace (group) ID.
      call: powerbi.refresh-dataset
      with:
        group_id: '{{group_id}}'
        dataset_id: '{{dataset_id}}'
      outputParameters:
      - name: request_id
        type: string
        mapping: $.requestId
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

Creates a new ServiceNow knowledge base article from a resolved incident's details and notifies the author via Microsoft Teams.

naftiko: '0.5'
info:
  label: ServiceNow Knowledge Article Creation
  description: Creates a new ServiceNow knowledge base article from a resolved incident's details and notifies the author via Microsoft Teams.
  tags:
  - it-operations
  - knowledge-management
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: km-ops
    port: 8080
    tools:
    - name: create-kb-from-incident
      description: Given a ServiceNow incident number, extract resolution details, create a knowledge article, and notify the resolver via Teams.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number.
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident
        with:
          number: '{{incident_number}}'
      - name: create-article
        type: call
        call: servicenow.create-kb-article
        with:
          short_description: 'KB: {{get-incident.short_description}}'
          text: '{{get-incident.close_notes}}'
          knowledge_base: IT Knowledge Base
      - name: notify-author
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: it-knowledge
          text: 'KB article created from {{incident_number}}: {{create-article.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: get-incident
        method: GET
    - name: kb-articles
      path: /table/kb_knowledge
      operations:
      - name: create-kb-article
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Searches Jira for overdue tickets, escalates their priority, and posts an escalation summary to the engineering Slack channel.

naftiko: '0.5'
info:
  label: Jira Overdue Ticket Escalation
  description: Searches Jira for overdue tickets, escalates their priority, and posts an escalation summary to the engineering Slack channel.
  tags:
  - engineering
  - project-management
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: eng-ops
    port: 8080
    tools:
    - name: escalate-overdue-tickets
      description: Search Jira for tickets past their due date in a given project, bump their priority, and post an escalation summary to Slack.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: Jira project key.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for escalation notices.
      steps:
      - name: search-overdue
        type: call
        call: jira.search-issues
        with:
          jql: project={{project_key}} AND duedate < now() AND status != Done
      - name: post-escalation
        type: call
        call: slack.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Overdue tickets in {{project_key}}: {{search-overdue.total}} issues need attention.'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://adobe.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search-issues
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves the current state of a Grafana alert rule by UID, returning firing status and evaluation timestamp.

naftiko: '0.5'
info:
  label: Grafana Alert Rule Status
  description: Retrieves the current state of a Grafana alert rule by UID, returning firing status and evaluation timestamp.
  tags:
  - monitoring
  - observability
  - grafana
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: get-alert-rule-status
      description: Given a Grafana alert rule UID, return the current state, last evaluation time, and labels.
      inputParameters:
      - name: rule_uid
        in: body
        type: string
        description: Grafana alert rule UID.
      call: grafana.get-alert-rule
      with:
        uid: '{{rule_uid}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.state
      - name: last_eval
        type: string
        mapping: $.lastEvaluation
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://grafana.adobe.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_token
    resources:
    - name: alert-rules
      path: /v1/provisioning/alert-rules/{{uid}}
      inputParameters:
      - name: uid
        in: path
      operations:
      - name: get-alert-rule
        method: GET

Pulls Adobe's open sales opportunities from Salesforce, refreshes the Power BI pipeline dashboard, and emails a weekly summary to sales leadership.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Pipeline Digest
  description: Pulls Adobe's open sales opportunities from Salesforce, refreshes the Power BI pipeline dashboard, and emails a weekly summary to sales leadership.
  tags:
  - sales
  - crm
  - salesforce
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: sales-digest
    port: 8080
    tools:
    - name: publish-pipeline-report
      description: Given a Salesforce opportunity filter and Power BI dataset ID, retrieve the open sales pipeline from Salesforce, trigger a Power BI refresh, and email the pipeline summary to sales leadership. Use weekly for sales forecast reviews.
      inputParameters:
      - name: division
        in: body
        type: string
        description: Sales division filter, e.g. 'Digital Experience' or 'Creative Cloud'.
      - name: pbi_dataset_id
        in: body
        type: string
        description: Power BI dataset ID for the pipeline dashboard.
      - name: leadership_email
        in: body
        type: string
        description: Sales leadership email distribution list.
      steps:
      - name: get-pipeline
        type: call
        call: salesforce.query-opportunities
        with:
          division: '{{division}}'
      - name: refresh-pbi
        type: call
        call: powerbi.trigger-refresh
        with:
          dataset_id: '{{pbi_dataset_id}}'
      - name: send-summary
        type: call
        call: msgraph.send-email
        with:
          to: '{{leadership_email}}'
          subject: '{{division}} Pipeline Report — {{get-pipeline.record_count}} opps | ${{get-pipeline.total_arr}}'
          body: 'Open pipeline for {{division}}: {{get-pipeline.record_count}} opportunities totaling ${{get-pipeline.total_arr}} ARR. Power BI refreshed.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /query
      inputParameters:
      - name: division
        in: query
      operations:
      - name: query-opportunities
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /users/{{sender}}/sendMail
      operations:
      - name: send-email
        method: POST

Queries Salesforce for the current quarter's pipeline by stage, formats the data, and posts the summary to a Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Salesforce Quarterly Pipeline Report
  description: Queries Salesforce for the current quarter's pipeline by stage, formats the data, and posts the summary to a Microsoft Teams channel.
  tags:
  - sales
  - reporting
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: sales-ops
    port: 8080
    tools:
    - name: post-pipeline-report
      description: Run a Salesforce SOQL query for current quarter pipeline by stage and post the summary to a Teams channel.
      inputParameters:
      - name: teams_channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID.
      steps:
      - name: query-pipeline
        type: call
        call: salesforce.query
        with:
          q: SELECT StageName, SUM(Amount) total FROM Opportunity WHERE CloseDate = THIS_QUARTER GROUP BY StageName
      - name: post-teams
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{teams_channel_id}}'
          text: 'Q Pipeline Report: {{query-pipeline.records}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      operations:
      - name: query
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Looks up a SAP S/4HANA purchase order by number and returns header status, vendor, and total value.

naftiko: '0.5'
info:
  label: SAP Purchase Order Status Lookup
  description: Looks up a SAP S/4HANA purchase order by number and returns header status, vendor, and total value.
  tags:
  - finance
  - procurement
  - erp
  - sap
capability:
  exposes:
  - type: mcp
    namespace: erp-ops
    port: 8080
    tools:
    - name: get-purchase-order
      description: Given a SAP purchase order number, return the PO status, vendor name, total amount, and currency. Use when procurement or AP teams need to verify PO status before approving an invoice.
      inputParameters:
      - name: po_number
        in: body
        type: string
        description: SAP purchase order number, e.g. '4500012345'.
      call: sap-po.get-po
      with:
        po_number: '{{po_number}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.d.OverallStatus
      - name: vendor
        type: string
        mapping: $.d.Supplier.CompanyName
      - name: total_amount
        type: string
        mapping: $.d.TotalAmount
      - name: currency
        type: string
        mapping: $.d.TransactionCurrency
  consumes:
  - type: http
    namespace: sap-po
    baseUri: https://adobe-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET

Retrieves a Box file's metadata classification and, if marked confidential, restricts external sharing and logs the action to Splunk.

naftiko: '0.5'
info:
  label: Box File Classification Sync
  description: Retrieves a Box file's metadata classification and, if marked confidential, restricts external sharing and logs the action to Splunk.
  tags:
  - data-governance
  - security
  - box
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: enforce-file-classification
      description: Given a Box file ID, check its classification metadata. If confidential, remove external sharing and log to Splunk.
      inputParameters:
      - name: file_id
        in: body
        type: string
        description: Box file ID.
      steps:
      - name: get-classification
        type: call
        call: box.get-file-metadata
        with:
          file_id: '{{file_id}}'
      - name: log-action
        type: call
        call: splunk.send-event
        with:
          source: box-dlp
          event: 'Classification enforcement on file {{file_id}}: {{get-classification.classification}}'
  consumes:
  - type: http
    namespace: box
    baseUri: https://api.box.com/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: file-metadata
      path: /files/{{file_id}}/metadata/enterprise/securityClassification-6VMVochwUWo
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: get-file-metadata
        method: GET
  - type: http
    namespace: splunk
    baseUri: https://adobe-splunk.splunkcloud.com:8088
    authentication:
      type: bearer
      token: $secrets.splunk_hec_token
    resources:
    - name: events
      path: /services/collector/event
      operations:
      - name: send-event
        method: POST

Retrieves performance metrics for a Google Ads campaign, returning impressions, clicks, conversions, and cost.

naftiko: '0.5'
info:
  label: Google Ads Campaign Performance
  description: Retrieves performance metrics for a Google Ads campaign, returning impressions, clicks, conversions, and cost.
  tags:
  - marketing
  - advertising
  - google-ads
capability:
  exposes:
  - type: mcp
    namespace: paid-media
    port: 8080
    tools:
    - name: get-campaign-performance
      description: Given a Google Ads customer ID and campaign ID, return impressions, clicks, conversions, and total cost for the last 7 days.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: Google Ads customer ID.
      - name: campaign_id
        in: body
        type: string
        description: Google Ads campaign ID.
      call: google-ads.get-campaign-metrics
      with:
        customer_id: '{{customer_id}}'
        campaign_id: '{{campaign_id}}'
      outputParameters:
      - name: impressions
        type: integer
        mapping: $.results[0].metrics.impressions
      - name: clicks
        type: integer
        mapping: $.results[0].metrics.clicks
      - name: conversions
        type: number
        mapping: $.results[0].metrics.conversions
      - name: cost_micros
        type: number
        mapping: $.results[0].metrics.costMicros
  consumes:
  - type: http
    namespace: google-ads
    baseUri: https://googleads.googleapis.com/v15
    authentication:
      type: bearer
      token: $secrets.google_ads_token
    resources:
    - name: campaigns
      path: /customers/{{customer_id}}/googleAds:searchStream
      inputParameters:
      - name: customer_id
        in: path
      operations:
      - name: get-campaign-metrics
        method: POST

Fetches a completed Zoom meeting recording and uploads it to Google Drive, then posts the share link to Slack.

naftiko: '0.5'
info:
  label: Zoom Meeting Recording Upload
  description: Fetches a completed Zoom meeting recording and uploads it to Google Drive, then posts the share link to Slack.
  tags:
  - collaboration
  - meetings
  - zoom
  - google-drive
  - slack
capability:
  exposes:
  - type: mcp
    namespace: meeting-ops
    port: 8080
    tools:
    - name: upload-recording
      description: Given a Zoom meeting ID, fetch the recording, upload to Google Drive, and share the link in Slack.
      inputParameters:
      - name: meeting_id
        in: body
        type: string
        description: Zoom meeting ID.
      - name: drive_folder_id
        in: body
        type: string
        description: Google Drive folder ID for upload.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for the share link.
      steps:
      - name: get-recording
        type: call
        call: zoom.get-recording
        with:
          meeting_id: '{{meeting_id}}'
      - name: upload-drive
        type: call
        call: gdrive.upload-file
        with:
          folder_id: '{{drive_folder_id}}'
          name: recording-{{meeting_id}}.mp4
          download_url: '{{get-recording.recording_files[0].download_url}}'
      - name: notify-slack
        type: call
        call: slack.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Zoom recording uploaded: {{upload-drive.webViewLink}}'
  consumes:
  - type: http
    namespace: zoom
    baseUri: https://api.zoom.us/v2
    authentication:
      type: bearer
      token: $secrets.zoom_token
    resources:
    - name: recordings
      path: /meetings/{{meeting_id}}/recordings
      inputParameters:
      - name: meeting_id
        in: path
      operations:
      - name: get-recording
        method: GET
  - type: http
    namespace: gdrive
    baseUri: https://www.googleapis.com/upload/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_drive_token
    resources:
    - name: files
      path: /files
      operations:
      - name: upload-file
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves sharing permissions for a Google Drive file and returns a list of users with access level.

naftiko: '0.5'
info:
  label: Google Drive File Permission Audit
  description: Retrieves sharing permissions for a Google Drive file and returns a list of users with access level.
  tags:
  - security
  - collaboration
  - google-drive
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: audit-file-permissions
      description: Given a Google Drive file ID, return all permission entries with email, role, and type. Use for data access reviews.
      inputParameters:
      - name: file_id
        in: body
        type: string
        description: Google Drive file ID.
      call: gdrive.list-permissions
      with:
        file_id: '{{file_id}}'
      outputParameters:
      - name: permissions
        type: array
        mapping: $.permissions[*]
  consumes:
  - type: http
    namespace: gdrive
    baseUri: https://www.googleapis.com/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_drive_token
    resources:
    - name: permissions
      path: /files/{{file_id}}/permissions
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: list-permissions
        method: GET

Retrieves company firmographic data from ZoomInfo by domain name, returning employee count, revenue, and industry.

naftiko: '0.5'
info:
  label: ZoomInfo Company Enrichment
  description: Retrieves company firmographic data from ZoomInfo by domain name, returning employee count, revenue, and industry.
  tags:
  - sales
  - data-enrichment
  - zoominfo
capability:
  exposes:
  - type: mcp
    namespace: sales-intel
    port: 8080
    tools:
    - name: enrich-company
      description: Given a company domain, return ZoomInfo firmographic data including employee count, annual revenue, and industry classification.
      inputParameters:
      - name: domain
        in: body
        type: string
        description: Company domain name.
      call: zoominfo.get-company
      with:
        companyDomain: '{{domain}}'
      outputParameters:
      - name: company_name
        type: string
        mapping: $.data[0].companyName
      - name: employee_count
        type: integer
        mapping: $.data[0].employeeCount
      - name: revenue
        type: string
        mapping: $.data[0].revenue
      - name: industry
        type: string
        mapping: $.data[0].industry
  consumes:
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /search/company
      operations:
      - name: get-company
        method: POST

Retrieves Microsoft 365 license usage data via Microsoft Graph, returning active users by product and available licenses.

naftiko: '0.5'
info:
  label: Microsoft 365 License Usage Report
  description: Retrieves Microsoft 365 license usage data via Microsoft Graph, returning active users by product and available licenses.
  tags:
  - it-operations
  - license-management
  - microsoft-365
capability:
  exposes:
  - type: mcp
    namespace: it-ops
    port: 8080
    tools:
    - name: get-license-usage
      description: Retrieve Microsoft 365 license assignment and usage data, returning active users, available licenses, and utilization rate.
      inputParameters:
      - name: period
        in: body
        type: string
        description: Report period (D7, D30, D90, D180).
      call: msgraph.get-license-usage
      with:
        period: '{{period}}'
      outputParameters:
      - name: products
        type: array
        mapping: $.value
  consumes:
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: reports
      path: /reports/getOffice365ActiveUserDetail(period='{{period}}')
      inputParameters:
      - name: period
        in: path
      operations:
      - name: get-license-usage
        method: GET

Sends a WhatsApp Business API template message to a customer and logs the delivery status to Salesforce.

naftiko: '0.5'
info:
  label: WhatsApp Customer Notification
  description: Sends a WhatsApp Business API template message to a customer and logs the delivery status to Salesforce.
  tags:
  - communications
  - customer-engagement
  - whatsapp
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: comms-ops
    port: 8080
    tools:
    - name: send-whatsapp-notification
      description: Given a customer phone number, template name, and Salesforce case ID, send a WhatsApp template message and log delivery to Salesforce.
      inputParameters:
      - name: phone_number
        in: body
        type: string
        description: Customer phone number in E.164 format.
      - name: template_name
        in: body
        type: string
        description: WhatsApp template name.
      - name: case_id
        in: body
        type: string
        description: Salesforce case ID for logging.
      steps:
      - name: send-message
        type: call
        call: whatsapp.send-template
        with:
          to: '{{phone_number}}'
          template: '{{template_name}}'
      - name: log-to-sf
        type: call
        call: salesforce.create-activity
        with:
          case_id: '{{case_id}}'
          subject: 'WhatsApp: {{template_name}}'
          status: '{{send-message.status}}'
  consumes:
  - type: http
    namespace: whatsapp
    baseUri: https://graph.facebook.com/v18.0
    authentication:
      type: bearer
      token: $secrets.whatsapp_token
    resources:
    - name: messages
      path: /{{phone_number_id}}/messages
      operations:
      - name: send-template
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://adobe.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: activities
      path: /sobjects/Task
      operations:
      - name: create-activity
        method: POST

Runs a Splunk saved search for high-severity security events and creates a ServiceNow security incident for each finding.

naftiko: '0.5'
info:
  label: Splunk Security Event Triage
  description: Runs a Splunk saved search for high-severity security events and creates a ServiceNow security incident for each finding.
  tags:
  - security
  - siem
  - splunk
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: security-ops
    port: 8080
    tools:
    - name: triage-security-events
      description: Run a Splunk saved search for critical security events and create ServiceNow incidents for findings.
      inputParameters:
      - name: saved_search_name
        in: body
        type: string
        description: Splunk saved search name.
      steps:
      - name: run-search
        type: call
        call: splunk.dispatch-saved-search
        with:
          name: '{{saved_search_name}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Splunk security finding: {{saved_search_name}}'
          category: Security
          impact: '1'
          urgency: '1'
          search_results: '{{run-search.results}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://adobe-splunk.splunkcloud.com:8089/servicesNS/admin/search
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: saved-searches
      path: /saved/searches/{{name}}/dispatch
      inputParameters:
      - name: name
        in: path
      operations:
      - name: dispatch-saved-search
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adobe.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Retrieves an employee's current PTO and sick leave balances from Workday by employee ID.

naftiko: '0.5'
info:
  label: Workday Absence Balance Lookup
  description: Retrieves an employee's current PTO and sick leave balances from Workday by employee ID.
  tags:
  - hr
  - leave-management
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-ops
    port: 8080
    tools:
    - name: get-absence-balance
      description: Given a Workday employee ID, return current PTO balance, sick leave balance, and next accrual date. Use when employees or managers need to check leave availability.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-balance
      with:
        employee_id: '{{employee_id}}'
      outputParameters:
      - name: pto_balance
        type: number
        mapping: $.Worker.TimeOff.PTO_Balance
      - name: sick_balance
        type: number
        mapping: $.Worker.TimeOff.Sick_Balance
      - name: next_accrual_date
        type: string
        mapping: $.Worker.TimeOff.Next_Accrual_Date
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/adobe
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: absence
      path: /Human_Resources/v40.0/Get_Workers
      operations:
      - name: get-balance
        method: GET

Retrieves Jira issue status for ADP engineering teams.

naftiko: '0.5'
info:
  label: Jira Issue Status
  description: Retrieves Jira issue status for ADP engineering teams.
  tags:
  - devops
  - jira
  - project-management
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: get-issue
      description: Look up Jira issue at ADP.
      inputParameters:
      - name: issue_key
        in: body
        type: string
        description: The issue_key to look up.
      call: jira.get-issue_key
      with:
        issue_key: '{{issue_key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://adp.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira_issue_status
        method: GET

Retrieves Confluence page content for ADP knowledge base.

naftiko: '0.5'
info:
  label: Confluence Page Retrieval
  description: Retrieves Confluence page content for ADP knowledge base.
  tags:
  - collaboration
  - confluence
  - documentation
capability:
  exposes:
  - type: mcp
    namespace: knowledge
    port: 8080
    tools:
    - name: get-page
      description: Get page at ADP.
      inputParameters:
      - name: page_id
        in: body
        type: string
        description: The page_id to look up.
      call: confluence.get-page_id
      with:
        page_id: '{{page_id}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://adp.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence_page_retrieval
        method: GET

Tracks certifications in ADP, identifies expirations, sends reminders, creates renewal tasks in ServiceNow, and notifies managers.

naftiko: '0.5'
info:
  label: Employee Certification Tracker Pipeline
  description: Tracks certifications in ADP, identifies expirations, sends reminders, creates renewal tasks in ServiceNow, and notifies managers.
  tags:
  - compliance
  - adp
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: employee_certification_tracker_pipeline
      description: Orchestrate employee certification tracker pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves the federal and state tax filing status from ADP, validates against compliance rules in ServiceNow, and logs the audit result in Confluence.

naftiko: '0.5'
info:
  label: Tax Filing Status and Compliance Check
  description: Retrieves the federal and state tax filing status from ADP, validates against compliance rules in ServiceNow, and logs the audit result in Confluence.
  tags:
  - payroll
  - tax
  - adp
  - compliance
  - servicenow
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: payroll-tax
    port: 8080
    tools:
    - name: get-tax-filing-status
      description: Look up tax withholding elections, validate compliance, and log the audit.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      steps:
      - name: fetch-withholdings
        type: call
        call: adp.get-tax-withholdings
        with:
          associate_oid: '{{associate_oid}}'
      - name: validate-compliance
        type: call
        call: servicenow.check-compliance
        with:
          state_code: '{{fetch-withholdings.stateCode}}'
          filing_status: '{{fetch-withholdings.federalFilingStatus}}'
      - name: log-audit
        type: call
        call: confluence.create-page
        with:
          space_key: TAX_AUDIT
          title: 'Tax Filing Audit: {{associate_oid}}'
          body: 'Federal: {{fetch-withholdings.federalFilingStatus}}, State: {{fetch-withholdings.stateCode}}, Compliance: {{validate-compliance.status}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: tax-withholdings
      path: /workers/{{associate_oid}}/tax-withholdings
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-tax-withholdings
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: compliance-checks
      path: /table/tax_compliance_check
      operations:
      - name: check-compliance
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://adp-corp.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST

Collects HR data from ADP, validates against labor laws in Snowflake, creates audit findings in ServiceNow, and notifies compliance.

naftiko: '0.5'
info:
  label: HR Compliance Audit Pipeline
  description: Collects HR data from ADP, validates against labor laws in Snowflake, creates audit findings in ServiceNow, and notifies compliance.
  tags:
  - audit
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: audit
    port: 8080
    tools:
    - name: hr_compliance_audit_pipeline
      description: Orchestrate hr compliance audit pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Configures tax withholding in ADP for new hires, validates state registrations, creates compliance records, and notifies payroll.

naftiko: '0.5'
info:
  label: New Hire Tax Setup Pipeline
  description: Configures tax withholding in ADP for new hires, validates state registrations, creates compliance records, and notifies payroll.
  tags:
  - tax
  - adp
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: tax
    port: 8080
    tools:
    - name: new_hire_tax_setup_pipeline
      description: Orchestrate new hire tax setup pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-snowflake
        type: call
        call: snowflake.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Checks ServiceNow incident status for ADP IT operations.

naftiko: '0.5'
info:
  label: ServiceNow Incident Status Check
  description: Checks ServiceNow incident status for ADP IT operations.
  tags:
  - itsm
  - servicenow
  - incident-management
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: get-incident
      description: Look up incident at ADP.
      inputParameters:
      - name: incident_id
        in: body
        type: string
        description: The incident_id to look up.
      call: servicenow.get-incident_id
      with:
        incident_id: '{{incident_id}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow_incident_status_che
        method: GET

Pulls shift schedules from ADP Workforce Now and syncs them to Google Calendar for team visibility, then posts the weekly schedule summary to Microsoft Teams.

naftiko: '0.5'
info:
  label: Workforce Scheduling Sync to Google Calendar
  description: Pulls shift schedules from ADP Workforce Now and syncs them to Google Calendar for team visibility, then posts the weekly schedule summary to Microsoft Teams.
  tags:
  - workforce-management
  - scheduling
  - adp
  - google-workspace
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: schedule-sync
    port: 8080
    tools:
    - name: sync-weekly-schedule
      description: Sync ADP shift schedules to Google Calendar and post a summary to Teams.
      inputParameters:
      - name: department
        in: body
        type: string
        description: The department to sync schedules for.
      - name: week_start
        in: body
        type: string
        description: The week start date in YYYY-MM-DD format.
      steps:
      - name: get-schedules
        type: call
        call: adp.get-shift-schedules
        with:
          department: '{{department}}'
          week_start: '{{week_start}}'
      - name: create-calendar-events
        type: call
        call: google-calendar.create-event
        with:
          calendar_id: '{{department}}_shifts'
          summary: 'Shift Schedule: {{department}} - Week of {{week_start}}'
          start_date: '{{week_start}}'
          description: '{{get-schedules.scheduleDetails}}'
      - name: post-summary
        type: call
        call: msteams.send-channel-message
        with:
          team_id: operations
          channel: scheduling
          text: 'Weekly schedule posted for {{department}} starting {{week_start}}. {{get-schedules.totalShifts}} shifts across {{get-schedules.employeeCount}} employees. Calendar: {{create-calendar-events.eventUrl}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/time/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: shift-schedules
      path: /schedules?department={{department}}&weekStart={{week_start}}
      inputParameters:
      - name: department
        in: query
      - name: week_start
        in: query
      operations:
      - name: get-shift-schedules
        method: GET
  - type: http
    namespace: google-calendar
    baseUri: https://www.googleapis.com/calendar/v3
    authentication:
      type: bearer
      token: $secrets.google_calendar_token
    resources:
    - name: events
      path: /calendars/{{calendar_id}}/events
      inputParameters:
      - name: calendar_id
        in: path
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel
        in: path
      operations:
      - name: send-channel-message
        method: POST

Monitors compensation changes in ADP, validates approvals, audits against policies in Snowflake, and notifies HR compliance.

naftiko: '0.5'
info:
  label: Compensation Change Audit Pipeline
  description: Monitors compensation changes in ADP, validates approvals, audits against policies in Snowflake, and notifies HR compliance.
  tags:
  - audit
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: audit
    port: 8080
    tools:
    - name: compensation_change_audit_pipeline
      description: Orchestrate compensation change audit pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Processes a promotion by updating the job title and compensation in ADP, generating an offer letter in Google Docs, and notifying HR leadership via Slack.

naftiko: '0.5'
info:
  label: Promotion and Salary Adjustment Pipeline
  description: Processes a promotion by updating the job title and compensation in ADP, generating an offer letter in Google Docs, and notifying HR leadership via Slack.
  tags:
  - hr
  - compensation
  - adp
  - google-docs
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr-promotions
    port: 8080
    tools:
    - name: process-promotion
      description: Process an employee promotion with title change, salary adjustment, and notifications.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      - name: new_title
        in: body
        type: string
        description: The new job title.
      - name: new_salary
        in: body
        type: string
        description: The new annual salary.
      - name: effective_date
        in: body
        type: string
        description: The promotion effective date in YYYY-MM-DD format.
      steps:
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: update-job
        type: call
        call: adp.update-job-title
        with:
          associate_oid: '{{associate_oid}}'
          new_title: '{{new_title}}'
          effective_date: '{{effective_date}}'
      - name: update-comp
        type: call
        call: adp.update-compensation
        with:
          associate_oid: '{{associate_oid}}'
          new_salary: '{{new_salary}}'
          effective_date: '{{effective_date}}'
      - name: generate-letter
        type: call
        call: google-docs.create-document
        with:
          title: 'Promotion Letter: {{get-employee.legalName.formattedName}} - {{new_title}}'
          template_id: promotion_letter_template
      - name: notify-hr
        type: call
        call: slack.post-message
        with:
          channel: '#hr-actions'
          text: 'Promotion processed: {{get-employee.legalName.formattedName}} to {{new_title}} at {{new_salary}} effective {{effective_date}}. Letter: {{generate-letter.url}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
    - name: job-titles
      path: /workers/{{associate_oid}}/work-assignments/job-title
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: update-job-title
        method: PATCH
    - name: compensation
      path: /workers/{{associate_oid}}/compensation
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: update-compensation
        method: PATCH
  - type: http
    namespace: google-docs
    baseUri: https://docs.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_docs_token
    resources:
    - name: documents
      path: /documents
      operations:
      - name: create-document
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Runs validation rules against ADP payroll data, identifies errors in Snowflake, creates correction tasks in Jira, and notifies payroll ops.

naftiko: '0.5'
info:
  label: Payroll Error Detection Pipeline
  description: Runs validation rules against ADP payroll data, identifies errors in Snowflake, creates correction tasks in Jira, and notifies payroll ops.
  tags:
  - payroll
  - adp
  - snowflake
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: payroll
    port: 8080
    tools:
    - name: payroll_error_detection_pipeline
      description: Orchestrate payroll error detection pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-jira
        type: call
        call: jira.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://adp.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves the skills and competencies recorded for an employee in ADP talent management.

naftiko: '0.5'
info:
  label: Employee Skills Inventory Lookup
  description: Retrieves the skills and competencies recorded for an employee in ADP talent management.
  tags:
  - talent
  - skills
  - adp
capability:
  exposes:
  - type: mcp
    namespace: talent-skills
    port: 8080
    tools:
    - name: get-skills-inventory
      description: Retrieve skills and competencies for an employee by ADP associate OID.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      call: adp.get-skills
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: skills_count
        type: string
        mapping: $.skills.length
      - name: top_skill
        type: string
        mapping: $.skills[0].skillName
      - name: proficiency_level
        type: string
        mapping: $.skills[0].proficiencyLevel
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/talent/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: skills
      path: /workers/{{associate_oid}}/skills
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-skills
        method: GET

Retrieves the most recent pay stub for an employee from ADP payroll.

naftiko: '0.5'
info:
  label: Pay Stub Retrieval
  description: Retrieves the most recent pay stub for an employee from ADP payroll.
  tags:
  - payroll
  - pay-stub
  - adp
capability:
  exposes:
  - type: mcp
    namespace: payroll-stubs
    port: 8080
    tools:
    - name: get-latest-pay-stub
      description: Retrieve the most recent pay stub for an employee by ADP associate OID.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      call: adp.get-latest-stub
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: pay_date
        type: string
        mapping: $.payStatement.payDate
      - name: gross_pay
        type: string
        mapping: $.payStatement.grossPayAmount
      - name: net_pay
        type: string
        mapping: $.payStatement.netPayAmount
      - name: document_url
        type: string
        mapping: $.payStatement.documentUri
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: pay-stubs
      path: /workers/{{associate_oid}}/pay-statements?$top=1&$orderby=payDate desc
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-latest-stub
        method: GET

Retrieves Datadog monitor status for ADP infrastructure.

naftiko: '0.5'
info:
  label: Datadog Monitor Status
  description: Retrieves Datadog monitor status for ADP infrastructure.
  tags:
  - monitoring
  - datadog
  - alerting
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: get-monitor
      description: Check monitor at ADP.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: The monitor_id to look up.
      call: datadog.get-monitor_id
      with:
        monitor_id: '{{monitor_id}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog_monitor_status
        method: GET

Retrieves compensation details from ADP, compares against market benchmarks stored in Google Sheets, and generates a compa-ratio report in Power BI.

naftiko: '0.5'
info:
  label: Compensation Benchmark Pipeline
  description: Retrieves compensation details from ADP, compares against market benchmarks stored in Google Sheets, and generates a compa-ratio report in Power BI.
  tags:
  - compensation
  - adp
  - google-sheets
  - power-bi
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: compensation
    port: 8080
    tools:
    - name: get-compensation
      description: Retrieve compensation details, compare against benchmarks, and push to analytics.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      steps:
      - name: fetch-comp
        type: call
        call: adp.get-compensation-detail
        with:
          associate_oid: '{{associate_oid}}'
      - name: get-benchmarks
        type: call
        call: google-sheets.get-range
        with:
          spreadsheet_id: salary_benchmarks_2026
          range: Benchmarks!A:D
      - name: push-to-powerbi
        type: call
        call: powerbi.push-dataset-rows
        with:
          dataset_id: compensation_analytics
          table_name: compa_ratios
          rows: associate={{associate_oid}},salary={{fetch-comp.baseSalary}},grade={{fetch-comp.payGrade}}
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: compensation
      path: /workers/{{associate_oid}}/compensation
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-compensation-detail
        method: GET
  - type: http
    namespace: google-sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_sheets_token
    resources:
    - name: spreadsheet-values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: get-range
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-rows
      path: /datasets/{{dataset_id}}/tables/{{table_name}}/rows
      inputParameters:
      - name: dataset_id
        in: path
      - name: table_name
        in: path
      operations:
      - name: push-dataset-rows
        method: POST

Launches enrollment in ADP, sends communications, tracks participation in Snowflake, generates reports in Power BI, and notifies HR.

naftiko: '0.5'
info:
  label: Benefits Open Enrollment Orchestrator
  description: Launches enrollment in ADP, sends communications, tracks participation in Snowflake, generates reports in Power BI, and notifies HR.
  tags:
  - benefits
  - adp
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: benefits
    port: 8080
    tools:
    - name: benefits_open_enrollment_orchestrator
      description: Orchestrate benefits open enrollment orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-servicenow
        type: call
        call: servicenow.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

Audits employee records in ADP, identifies incomplete data in Snowflake, creates cleanup tasks in Jira, and notifies HR data team.

naftiko: '0.5'
info:
  label: Employee Data Quality Pipeline
  description: Audits employee records in ADP, identifies incomplete data in Snowflake, creates cleanup tasks in Jira, and notifies HR data team.
  tags:
  - data-quality
  - adp
  - snowflake
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: employee_data_quality_pipeline
      description: Orchestrate employee data quality pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-jira
        type: call
        call: jira.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://adp.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Queries Grafana dashboard data for ADP monitoring.

naftiko: '0.5'
info:
  label: Grafana Dashboard Query
  description: Queries Grafana dashboard data for ADP monitoring.
  tags:
  - monitoring
  - grafana
  - dashboards
capability:
  exposes:
  - type: mcp
    namespace: monitoring
    port: 8080
    tools:
    - name: get-dashboard
      description: Query dashboard at ADP.
      inputParameters:
      - name: dashboard_uid
        in: body
        type: string
        description: The dashboard_uid to look up.
      call: grafana.get-dashboard_uid
      with:
        dashboard_uid: '{{dashboard_uid}}'
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://adp-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana_dashboard_query
        method: GET

Extracts payroll tax data from ADP, validates calculations in Snowflake, submits filings, logs confirmation in ServiceNow, and notifies tax team.

naftiko: '0.5'
info:
  label: Payroll Tax Filing Orchestrator
  description: Extracts payroll tax data from ADP, validates calculations in Snowflake, submits filings, logs confirmation in ServiceNow, and notifies tax team.
  tags:
  - tax
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: tax
    port: 8080
    tools:
    - name: payroll_tax_filing_orchestrator
      description: Orchestrate payroll tax filing orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Checks the status of a payroll processing run in ADP including completion percentage, error count, and expected completion time.

naftiko: '0.5'
info:
  label: ADP Pay Run Status
  description: Checks the status of a payroll processing run in ADP including completion percentage, error count, and expected completion time.
  tags:
  - payroll
  - adp
  - workforce-now
capability:
  exposes:
  - type: mcp
    namespace: payroll-status
    port: 8080
    tools:
    - name: get-pay-run-status
      description: Check the status of a payroll run by ADP pay run identifier.
      inputParameters:
      - name: pay_run_id
        in: body
        type: string
        description: The ADP payroll run identifier.
      call: adp.get-run-status
      with:
        pay_run_id: '{{pay_run_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.payRun.status
      - name: completion_pct
        type: string
        mapping: $.payRun.completionPercentage
      - name: error_count
        type: string
        mapping: $.payRun.errorCount
      - name: expected_completion
        type: string
        mapping: $.payRun.expectedCompletionTime
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: pay-runs
      path: /pay-runs/{{pay_run_id}}/status
      inputParameters:
      - name: pay_run_id
        in: path
      operations:
      - name: get-run-status
        method: GET

Retrieves active professional certifications for an employee from ADP talent management.

naftiko: '0.5'
info:
  label: Employee Certification Tracker
  description: Retrieves active professional certifications for an employee from ADP talent management.
  tags:
  - talent
  - certifications
  - adp
capability:
  exposes:
  - type: mcp
    namespace: talent-certs
    port: 8080
    tools:
    - name: get-certifications
      description: Retrieve professional certifications for an employee by ADP associate OID.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      call: adp.get-certifications
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: certification_count
        type: string
        mapping: $.certifications.length
      - name: latest_cert_name
        type: string
        mapping: $.certifications[0].certificationName
      - name: expiration_date
        type: string
        mapping: $.certifications[0].expirationDate
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/talent/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: certifications
      path: /workers/{{associate_oid}}/certifications
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-certifications
        method: GET

Extracts ACA data from ADP, validates eligibility in Snowflake, generates 1095-C forms, files with IRS, and notifies compliance team.

naftiko: '0.5'
info:
  label: ACA Compliance Reporting Pipeline
  description: Extracts ACA data from ADP, validates eligibility in Snowflake, generates 1095-C forms, files with IRS, and notifies compliance team.
  tags:
  - compliance
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: aca_compliance_reporting_pipeline
      description: Orchestrate aca compliance reporting pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves workers compensation claim details for an employee from ADP insurance services.

naftiko: '0.5'
info:
  label: Workers Compensation Claim Lookup
  description: Retrieves workers compensation claim details for an employee from ADP insurance services.
  tags:
  - benefits
  - workers-compensation
  - adp
  - insurance
capability:
  exposes:
  - type: mcp
    namespace: workers-comp
    port: 8080
    tools:
    - name: get-wc-claims
      description: Retrieve workers compensation claims for an employee by ADP associate OID.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      call: adp.get-wc-claims
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: active_claims
        type: string
        mapping: $.claims.length
      - name: latest_claim_status
        type: string
        mapping: $.claims[0].status
      - name: latest_claim_date
        type: string
        mapping: $.claims[0].incidentDate
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/insurance/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: wc-claims
      path: /workers/{{associate_oid}}/workers-comp-claims
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-wc-claims
        method: GET

Retrieves PagerDuty incident details for ADP on-call teams.

naftiko: '0.5'
info:
  label: PagerDuty Incident Details
  description: Retrieves PagerDuty incident details for ADP on-call teams.
  tags:
  - devops
  - pagerduty
  - on-call
capability:
  exposes:
  - type: mcp
    namespace: incident-mgmt
    port: 8080
    tools:
    - name: get-incident
      description: Look up incident at ADP.
      inputParameters:
      - name: incident_id
        in: body
        type: string
        description: The incident_id to look up.
      call: pagerduty.get-incident_id
      with:
        incident_id: '{{incident_id}}'
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty_incident_details
        method: GET

Queries ADP for an employee's PTO balances, cross-references upcoming scheduled shifts, and sends the combined summary via Microsoft Teams.

naftiko: '0.5'
info:
  label: Time-Off Balance and Schedule Check
  description: Queries ADP for an employee's PTO balances, cross-references upcoming scheduled shifts, and sends the combined summary via Microsoft Teams.
  tags:
  - time-off
  - adp
  - workforce-management
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: time-off
    port: 8080
    tools:
    - name: get-time-off-balance
      description: Retrieve time-off balances and upcoming schedule for an employee, then notify via Teams.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      steps:
      - name: fetch-balances
        type: call
        call: adp.get-leave-balances
        with:
          associate_oid: '{{associate_oid}}'
      - name: get-upcoming-schedule
        type: call
        call: adp.get-shift-schedule
        with:
          associate_oid: '{{associate_oid}}'
      - name: notify-employee
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{fetch-balances.workerEmail}}'
          text: 'Your PTO balances: Vacation={{fetch-balances.vacationHours}}h, Sick={{fetch-balances.sickHours}}h. Next scheduled shift: {{get-upcoming-schedule.nextShiftDate}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/time/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: leave-balances
      path: /workers/{{associate_oid}}/time-off-balances
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-leave-balances
        method: GET
    - name: shift-schedules
      path: /workers/{{associate_oid}}/schedules
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-shift-schedule
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Aggregates payroll data from multiple ADP country instances, consolidates in Snowflake, generates global reports, and notifies finance.

naftiko: '0.5'
info:
  label: Multi-Country Payroll Consolidation
  description: Aggregates payroll data from multiple ADP country instances, consolidates in Snowflake, generates global reports, and notifies finance.
  tags:
  - global-payroll
  - adp
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: global-payroll
    port: 8080
    tools:
    - name: multi_country_payroll_consolidation
      description: Orchestrate multi-country payroll consolidation workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-servicenow
        type: call
        call: servicenow.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

Retrieves an employee payroll summary from ADP Workforce Now by employee ID, returning gross pay, net pay, deductions, and pay period details.

naftiko: '0.5'
info:
  label: Employee Payroll Summary
  description: Retrieves an employee payroll summary from ADP Workforce Now by employee ID, returning gross pay, net pay, deductions, and pay period details.
  tags:
  - payroll
  - adp
  - workforce-now
capability:
  exposes:
  - type: mcp
    namespace: payroll-lookup
    port: 8080
    tools:
    - name: get-payroll-summary
      description: Look up an employee payroll summary by ADP associate OID. Returns gross pay, net pay, deductions, and pay period.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID for the employee.
      call: adp.get-pay-statement
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: gross_pay
        type: string
        mapping: $.payStatements[0].grossPayAmount.amount
      - name: net_pay
        type: string
        mapping: $.payStatements[0].netPayAmount.amount
      - name: pay_period_start
        type: string
        mapping: $.payStatements[0].payPeriod.startDate
      - name: pay_period_end
        type: string
        mapping: $.payStatements[0].payPeriod.endDate
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: pay-statements
      path: /workers/{{associate_oid}}/pay-statements
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-pay-statement
        method: GET

Checks COBRA continuation coverage eligibility for a recently terminated employee from ADP benefits administration.

naftiko: '0.5'
info:
  label: COBRA Eligibility Check
  description: Checks COBRA continuation coverage eligibility for a recently terminated employee from ADP benefits administration.
  tags:
  - benefits
  - cobra
  - adp
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: benefits-cobra
    port: 8080
    tools:
    - name: check-cobra-eligibility
      description: Check COBRA eligibility for a terminated employee by ADP associate OID.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      - name: termination_date
        in: body
        type: string
        description: The termination date in YYYY-MM-DD format.
      call: adp.get-cobra-eligibility
      with:
        associate_oid: '{{associate_oid}}'
        termination_date: '{{termination_date}}'
      outputParameters:
      - name: eligible
        type: string
        mapping: $.cobra.isEligible
      - name: qualifying_event
        type: string
        mapping: $.cobra.qualifyingEvent
      - name: coverage_end_date
        type: string
        mapping: $.cobra.maxCoverageEndDate
      - name: monthly_premium
        type: string
        mapping: $.cobra.monthlyPremium
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/benefits/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: cobra-eligibility
      path: /workers/{{associate_oid}}/cobra-eligibility?terminationDate={{termination_date}}
      inputParameters:
      - name: associate_oid
        in: path
      - name: termination_date
        in: query
      operations:
      - name: get-cobra-eligibility
        method: GET

Retrieves the current benefits enrollment from ADP, logs the inquiry in ServiceNow for audit tracking, and posts a summary to the HR Slack channel.

naftiko: '0.5'
info:
  label: Benefits Enrollment Audit Pipeline
  description: Retrieves the current benefits enrollment from ADP, logs the inquiry in ServiceNow for audit tracking, and posts a summary to the HR Slack channel.
  tags:
  - benefits
  - adp
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: benefits-lookup
    port: 8080
    tools:
    - name: get-benefits-enrollment
      description: Retrieve current benefits enrollment by ADP associate OID, log the inquiry, and post a summary.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID for the employee.
      steps:
      - name: fetch-enrollment
        type: call
        call: adp.get-enrollment
        with:
          associate_oid: '{{associate_oid}}'
      - name: log-inquiry
        type: call
        call: servicenow.create-record
        with:
          short_description: 'Benefits enrollment lookup: {{associate_oid}}'
          category: benefits_audit
      - name: post-summary
        type: call
        call: slack.post-message
        with:
          channel: '#benefits-inquiries'
          text: 'Benefits lookup for {{associate_oid}}: Medical={{fetch-enrollment.medicalPlan}}, Coverage={{fetch-enrollment.coverageLevel}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/benefits/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: enrollments
      path: /workers/{{associate_oid}}/benefit-enrollments
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-enrollment
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/incident
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

After payroll processing in ADP, extracts journal entries and posts them to SAP for general ledger reconciliation, then logs the sync status in Confluence.

naftiko: '0.5'
info:
  label: Payroll Journal Entry Export to SAP
  description: After payroll processing in ADP, extracts journal entries and posts them to SAP for general ledger reconciliation, then logs the sync status in Confluence.
  tags:
  - payroll
  - adp
  - sap
  - confluence
  - accounting
capability:
  exposes:
  - type: mcp
    namespace: payroll-gl-sync
    port: 8080
    tools:
    - name: export-payroll-to-gl
      description: Export ADP payroll journal entries to SAP general ledger and document in Confluence.
      inputParameters:
      - name: pay_run_id
        in: body
        type: string
        description: The ADP payroll run identifier.
      - name: posting_date
        in: body
        type: string
        description: The GL posting date in YYYY-MM-DD format.
      steps:
      - name: get-journal-entries
        type: call
        call: adp.get-payroll-journal
        with:
          pay_run_id: '{{pay_run_id}}'
      - name: post-to-sap
        type: call
        call: sap.create-journal-entry
        with:
          company_code: '{{get-journal-entries.companyCode}}'
          posting_date: '{{posting_date}}'
          line_items: '{{get-journal-entries.lineItems}}'
      - name: document-sync
        type: call
        call: confluence.create-page
        with:
          space_key: PAYROLL
          title: 'GL Sync: Pay Run {{pay_run_id}} - {{posting_date}}'
          body: 'Payroll journal entries from run {{pay_run_id}} posted to SAP document {{post-to-sap.documentNumber}}. Total amount: {{get-journal-entries.totalAmount}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: payroll-journals
      path: /pay-runs/{{pay_run_id}}/journal-entries
      inputParameters:
      - name: pay_run_id
        in: path
      operations:
      - name: get-payroll-journal
        method: GET
  - type: http
    namespace: sap
    baseUri: https://adp-s4.sap.com/sap/opu/odata/sap/API_JOURNALENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: journal-entries
      path: /A_JournalEntry
      operations:
      - name: create-journal-entry
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://adp-corp.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST

On hire event in ADP, triggers I-9 document verification, stores results in SharePoint, and creates a compliance tracking ticket in ServiceNow.

naftiko: '0.5'
info:
  label: New Hire I-9 Verification Pipeline
  description: On hire event in ADP, triggers I-9 document verification, stores results in SharePoint, and creates a compliance tracking ticket in ServiceNow.
  tags:
  - compliance
  - i9-verification
  - adp
  - sharepoint
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance-i9
    port: 8080
    tools:
    - name: verify-i9-documents
      description: Initiate I-9 verification for a new hire and track compliance status.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID for the new hire.
      - name: hire_date
        in: body
        type: string
        description: The hire date in YYYY-MM-DD format.
      steps:
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: initiate-verification
        type: call
        call: adp.create-i9-verification
        with:
          associate_oid: '{{associate_oid}}'
          hire_date: '{{hire_date}}'
      - name: store-documents
        type: call
        call: sharepoint.upload-file
        with:
          site_id: hr_compliance_site
          folder_path: I9_Documents/{{get-employee.legalName.formattedName}}_{{hire_date}}
          file_name: i9_verification_{{associate_oid}}.pdf
      - name: create-tracking-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'I-9 verification: {{get-employee.legalName.formattedName}}'
          category: compliance
          assigned_group: HR_Compliance
          description: 'I-9 verification initiated for {{get-employee.legalName.formattedName}} hired {{hire_date}}. Verification ID: {{initiate-verification.verificationId}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
    - name: i9-verifications
      path: /workers/{{associate_oid}}/i9-verifications
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: create-i9-verification
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Identifies employees needing reverification from ADP, sends notifications, tracks completion, escalates in ServiceNow, and notifies HR compliance.

naftiko: '0.5'
info:
  label: I-9 Reverification Pipeline
  description: Identifies employees needing reverification from ADP, sends notifications, tracks completion, escalates in ServiceNow, and notifies HR compliance.
  tags:
  - compliance
  - adp
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: i9_reverification_pipeline
      description: Orchestrate i-9 reverification pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Validates payroll data against jurisdiction tax rules, checks ADP compliance database, creates exception reports, and notifies payroll team.

naftiko: '0.5'
info:
  label: Multi-Jurisdiction Payroll Compliance Pipeline
  description: Validates payroll data against jurisdiction tax rules, checks ADP compliance database, creates exception reports, and notifies payroll team.
  tags:
  - payroll
  - compliance
  - adp
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: payroll
    port: 8080
    tools:
    - name: multi_jurisdiction_payroll_compliance_pi
      description: Orchestrate multi-jurisdiction payroll compliance pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-servicenow
        type: call
        call: servicenow.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

When a new talent requisition is approved in ADP Recruiting, publishes the job posting to LinkedIn and logs the posting in Jira for recruiting team tracking.

naftiko: '0.5'
info:
  label: Talent Requisition to Job Posting Pipeline
  description: When a new talent requisition is approved in ADP Recruiting, publishes the job posting to LinkedIn and logs the posting in Jira for recruiting team tracking.
  tags:
  - talent
  - recruiting
  - adp
  - linkedin
  - jira
capability:
  exposes:
  - type: mcp
    namespace: talent-acquisition
    port: 8080
    tools:
    - name: publish-requisition
      description: Publish an approved ADP requisition to LinkedIn and track in Jira.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: The ADP requisition identifier.
      steps:
      - name: get-requisition
        type: call
        call: adp.get-requisition
        with:
          requisition_id: '{{requisition_id}}'
      - name: post-to-linkedin
        type: call
        call: linkedin.create-job-posting
        with:
          title: '{{get-requisition.title}}'
          description: '{{get-requisition.description}}'
          location: '{{get-requisition.location}}'
          company_id: '{{get-requisition.companyId}}'
      - name: create-jira-ticket
        type: call
        call: jira.create-issue
        with:
          project: RECRUIT
          summary: 'Job posted: {{get-requisition.title}} - LinkedIn ID {{post-to-linkedin.postingId}}'
          issue_type: Task
          description: Requisition {{requisition_id}} published to LinkedIn on {{post-to-linkedin.publishedDate}}.
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/staffing/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: requisitions
      path: /job-requisitions/{{requisition_id}}
      inputParameters:
      - name: requisition_id
        in: path
      operations:
      - name: get-requisition
        method: GET
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: job-postings
      path: /jobPostings
      operations:
      - name: create-job-posting
        method: POST
  - type: http
    namespace: jira
    baseUri: https://adp-corp.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Retrieves the current 401k contribution election and employer match details for an employee from ADP retirement services.

naftiko: '0.5'
info:
  label: 401k Contribution Lookup
  description: Retrieves the current 401k contribution election and employer match details for an employee from ADP retirement services.
  tags:
  - benefits
  - retirement
  - adp
capability:
  exposes:
  - type: mcp
    namespace: retirement-benefits
    port: 8080
    tools:
    - name: get-401k-contributions
      description: Retrieve 401k contribution details for an employee by ADP associate OID.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      call: adp.get-retirement-contributions
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: employee_pct
        type: string
        mapping: $.retirementPlan.employeeContributionPercentage
      - name: employer_match_pct
        type: string
        mapping: $.retirementPlan.employerMatchPercentage
      - name: ytd_contribution
        type: string
        mapping: $.retirementPlan.ytdContribution
      - name: plan_name
        type: string
        mapping: $.retirementPlan.planName
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/benefits/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: retirement-plans
      path: /workers/{{associate_oid}}/retirement-contributions
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-retirement-contributions
        method: GET

Distributes surveys via ADP, collects responses, analyzes in Snowflake, generates insights in Power BI, and notifies HR leaders.

naftiko: '0.5'
info:
  label: Employee Engagement Survey Pipeline
  description: Distributes surveys via ADP, collects responses, analyzes in Snowflake, generates insights in Power BI, and notifies HR leaders.
  tags:
  - engagement
  - adp
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: engagement
    port: 8080
    tools:
    - name: employee_engagement_survey_pipeline
      description: Orchestrate employee engagement survey pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-servicenow
        type: call
        call: servicenow.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

Tracks ESS portal usage from ADP, analyzes adoption in Snowflake, identifies improvement areas, and reports to product team.

naftiko: '0.5'
info:
  label: Employee Self-Service Analytics
  description: Tracks ESS portal usage from ADP, analyzes adoption in Snowflake, identifies improvement areas, and reports to product team.
  tags:
  - analytics
  - adp
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: employee_self_service_analytics
      description: Orchestrate employee self-service analytics workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-servicenow
        type: call
        call: servicenow.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

Retrieves active garnishment orders from ADP payroll, logs them in ServiceNow for legal compliance tracking, and notifies the payroll team via Slack.

naftiko: '0.5'
info:
  label: Garnishment Deduction Compliance Pipeline
  description: Retrieves active garnishment orders from ADP payroll, logs them in ServiceNow for legal compliance tracking, and notifies the payroll team via Slack.
  tags:
  - payroll
  - garnishment
  - adp
  - compliance
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: payroll-garnishments
    port: 8080
    tools:
    - name: get-garnishments
      description: Look up active garnishments, log for compliance, and notify payroll team.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      steps:
      - name: fetch-garnishments
        type: call
        call: adp.get-garnishment-orders
        with:
          associate_oid: '{{associate_oid}}'
      - name: log-compliance
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Garnishment review: {{associate_oid}}'
          category: legal_compliance
          assigned_group: Payroll_Legal
          description: '{{fetch-garnishments.activeOrders}} active garnishment orders totaling {{fetch-garnishments.totalDeduction}}.'
      - name: notify-payroll
        type: call
        call: slack.post-message
        with:
          channel: '#payroll-compliance'
          text: 'Garnishment audit for {{associate_oid}}: {{fetch-garnishments.activeOrders}} active orders, total deduction {{fetch-garnishments.totalDeduction}}. ServiceNow: {{log-compliance.number}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: garnishments
      path: /workers/{{associate_oid}}/garnishments
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-garnishment-orders
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Detects direct deposit changes in ADP, validates against fraud patterns in Snowflake, sends verification, and logs in ServiceNow.

naftiko: '0.5'
info:
  label: Direct Deposit Change Verification Pipeline
  description: Detects direct deposit changes in ADP, validates against fraud patterns in Snowflake, sends verification, and logs in ServiceNow.
  tags:
  - security
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: direct_deposit_change_verification_pipel
      description: Orchestrate direct deposit change verification pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves Okta user profile for ADP identity management.

naftiko: '0.5'
info:
  label: Okta User Profile Lookup
  description: Retrieves Okta user profile for ADP identity management.
  tags:
  - security
  - okta
  - identity
capability:
  exposes:
  - type: mcp
    namespace: identity
    port: 8080
    tools:
    - name: get-user
      description: Look up user at ADP.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: The user_email to look up.
      call: okta.get-user_email
      with:
        user_email: '{{user_email}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://adp.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: okta_user_profile_lookup
        method: GET

Runs year-end calculations in ADP, generates W-2 forms, validates in Snowflake, files with SSA, and notifies payroll leadership.

naftiko: '0.5'
info:
  label: Year-End Processing Orchestrator
  description: Runs year-end calculations in ADP, generates W-2 forms, validates in Snowflake, files with SSA, and notifies payroll leadership.
  tags:
  - payroll
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: payroll
    port: 8080
    tools:
    - name: year_end_processing_orchestrator
      description: Orchestrate year-end processing orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

For employees working across multiple states, pulls work location data from ADP, retrieves state tax rates from Oracle, and generates a compliance report in Google Sheets with Slack notification.

naftiko: '0.5'
info:
  label: Multi-State Payroll Tax Compliance Pipeline
  description: For employees working across multiple states, pulls work location data from ADP, retrieves state tax rates from Oracle, and generates a compliance report in Google Sheets with Slack notification.
  tags:
  - payroll
  - tax
  - compliance
  - adp
  - oracle
  - google-sheets
  - slack
capability:
  exposes:
  - type: mcp
    namespace: multistate-tax
    port: 8080
    tools:
    - name: audit-multistate-tax
      description: Audit multi-state tax compliance for remote and traveling employees.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      - name: tax_year
        in: body
        type: string
        description: The tax year to audit.
      steps:
      - name: get-work-locations
        type: call
        call: adp.get-work-locations
        with:
          associate_oid: '{{associate_oid}}'
          tax_year: '{{tax_year}}'
      - name: get-tax-rates
        type: call
        call: oracle.get-state-tax-rates
        with:
          states: '{{get-work-locations.stateList}}'
          tax_year: '{{tax_year}}'
      - name: generate-report
        type: call
        call: google-sheets.create-spreadsheet
        with:
          title: 'Multi-State Tax Audit: {{associate_oid}} - {{tax_year}}'
          data: 'States: {{get-work-locations.stateList}}, Days: {{get-work-locations.daysByState}}, Rates: {{get-tax-rates.ratesByState}}'
      - name: notify-tax-team
        type: call
        call: slack.post-message
        with:
          channel: '#tax-compliance'
          text: 'Multi-state tax audit complete for associate {{associate_oid}} ({{tax_year}}). {{get-work-locations.stateCount}} states identified. Report: {{generate-report.spreadsheetUrl}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: work-locations
      path: /workers/{{associate_oid}}/work-locations?taxYear={{tax_year}}
      inputParameters:
      - name: associate_oid
        in: path
      - name: tax_year
        in: query
      operations:
      - name: get-work-locations
        method: GET
  - type: http
    namespace: oracle
    baseUri: https://adp-erp.oraclecloud.com/fscmRestApi/resources/v1
    authentication:
      type: basic
      username: $secrets.oracle_user
      password: $secrets.oracle_password
    resources:
    - name: tax-rates
      path: /taxRates?states={{states}}&taxYear={{tax_year}}
      inputParameters:
      - name: states
        in: query
      - name: tax_year
        in: query
      operations:
      - name: get-state-tax-rates
        method: GET
  - type: http
    namespace: google-sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_sheets_token
    resources:
    - name: spreadsheets
      path: /spreadsheets
      operations:
      - name: create-spreadsheet
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

On new hire event in ADP, creates a ServiceNow equipment request, provisions Azure AD account, and assigns a Microsoft Intune device profile.

naftiko: '0.5'
info:
  label: New Hire Equipment Provisioning Pipeline
  description: On new hire event in ADP, creates a ServiceNow equipment request, provisions Azure AD account, and assigns a Microsoft Intune device profile.
  tags:
  - onboarding
  - adp
  - servicenow
  - azure-active-directory
  - microsoft-intune
capability:
  exposes:
  - type: mcp
    namespace: equipment-provisioning
    port: 8080
    tools:
    - name: provision-new-hire-equipment
      description: Provision IT equipment and accounts for a new hire based on ADP role data.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      - name: equipment_type
        in: body
        type: string
        description: The equipment type (e.g. laptop, desktop, mobile).
      steps:
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: create-equipment-request
        type: call
        call: servicenow.create-request
        with:
          short_description: 'Equipment provisioning: {{get-employee.legalName.formattedName}}'
          category: hardware
          item: '{{equipment_type}}'
          assigned_group: IT_Provisioning
      - name: create-ad-account
        type: call
        call: azure-ad.create-user
        with:
          display_name: '{{get-employee.legalName.formattedName}}'
          mail_nickname: '{{get-employee.legalName.givenName}}.{{get-employee.legalName.familyName}}'
          department: '{{get-employee.department}}'
      - name: assign-intune-profile
        type: call
        call: intune.assign-device-profile
        with:
          user_id: '{{create-ad-account.userId}}'
          profile_name: standard_{{equipment_type}}
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST
  - type: http
    namespace: azure-ad
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: intune
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: device-profiles
      path: /deviceManagement/deviceConfigurations/{{profile_name}}/assign
      inputParameters:
      - name: profile_name
        in: path
      operations:
      - name: assign-device-profile
        method: POST

Retrieves an employee's demographic and job profile from ADP Workforce Now including name, title, department, and hire date.

naftiko: '0.5'
info:
  label: Worker Profile Lookup
  description: Retrieves an employee's demographic and job profile from ADP Workforce Now including name, title, department, and hire date.
  tags:
  - hr
  - adp
  - workforce-now
capability:
  exposes:
  - type: mcp
    namespace: hr-profile
    port: 8080
    tools:
    - name: get-worker-profile
      description: Retrieve a worker's profile by ADP associate OID. Returns legal name, job title, department, and hire date.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      call: adp.get-worker-detail
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: full_name
        type: string
        mapping: $.workers[0].person.legalName.formattedName
      - name: job_title
        type: string
        mapping: $.workers[0].workAssignments[0].jobTitle
      - name: department
        type: string
        mapping: $.workers[0].workAssignments[0].homeOrganizationalUnits[0].nameCode.shortName
      - name: hire_date
        type: string
        mapping: $.workers[0].workAssignments[0].hireDate
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker-detail
        method: GET

Validates HRIS migration data between systems, compares counts in Snowflake, creates discrepancy tickets in Jira, and notifies project team.

naftiko: '0.5'
info:
  label: HRIS Data Migration Validator
  description: Validates HRIS migration data between systems, compares counts in Snowflake, creates discrepancy tickets in Jira, and notifies project team.
  tags:
  - migration
  - snowflake
  - jira
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: migration
    port: 8080
    tools:
    - name: hris_data_migration_validator
      description: Orchestrate hris data migration validator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://adp.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Compares benefits enrollment data between ADP and carrier systems, identifies discrepancies, creates cases in ServiceNow, and notifies HR.

naftiko: '0.5'
info:
  label: Employee Benefits Reconciliation Pipeline
  description: Compares benefits enrollment data between ADP and carrier systems, identifies discrepancies, creates cases in ServiceNow, and notifies HR.
  tags:
  - benefits
  - adp
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: benefits
    port: 8080
    tools:
    - name: employee_benefits_reconciliation_pipelin
      description: Orchestrate employee benefits reconciliation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves employee profile from Workday at ADP.

naftiko: '0.5'
info:
  label: Workday Employee Lookup
  description: Retrieves employee profile from Workday at ADP.
  tags:
  - hr
  - workday
  - employee-data
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: get-employee
      description: Look up Workday employee at ADP.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The employee_id to look up.
      call: workday.get-employee_id
      with:
        employee_id: '{{employee_id}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/adp
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday_employee_lookup
        method: GET

Processes an internal employee transfer by updating the work assignment in ADP, reassigning the Jira board, moving their SharePoint folder, and notifying both old and new managers via Microsoft Teams.

naftiko: '0.5'
info:
  label: Employee Transfer Orchestrator
  description: Processes an internal employee transfer by updating the work assignment in ADP, reassigning the Jira board, moving their SharePoint folder, and notifying both old and new managers via Microsoft Teams.
  tags:
  - hr
  - transfer
  - adp
  - jira
  - sharepoint
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-transfers
    port: 8080
    tools:
    - name: process-transfer
      description: Execute the full transfer workflow for an employee moving between departments.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      - name: new_department
        in: body
        type: string
        description: The new department name.
      - name: effective_date
        in: body
        type: string
        description: The transfer effective date in YYYY-MM-DD format.
      steps:
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: update-assignment
        type: call
        call: adp.update-work-assignment
        with:
          associate_oid: '{{associate_oid}}'
          department: '{{new_department}}'
          effective_date: '{{effective_date}}'
      - name: reassign-jira
        type: call
        call: jira.update-user-board
        with:
          user_email: '{{get-employee.businessCommunication.emailUri}}'
          new_board: '{{new_department}}'
      - name: move-sharepoint
        type: call
        call: sharepoint.move-folder
        with:
          site_id: department_drives
          source_path: '{{get-employee.currentDepartment}}/{{get-employee.legalName.formattedName}}'
          destination_path: '{{new_department}}/{{get-employee.legalName.formattedName}}'
      - name: notify-managers
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.reportsTo.emailUri}}'
          text: '{{get-employee.legalName.formattedName}} is transferring to {{new_department}} effective {{effective_date}}. Jira and SharePoint updated.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
    - name: work-assignments
      path: /workers/{{associate_oid}}/work-assignments
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: update-work-assignment
        method: PATCH
  - type: http
    namespace: jira
    baseUri: https://adp-corp.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: boards
      path: /board/{{new_board}}/configuration
      inputParameters:
      - name: new_board
        in: path
      operations:
      - name: update-user-board
        method: PUT
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{source_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: source_path
        in: path
      operations:
      - name: move-folder
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the organizational hierarchy from ADP, syncs it to Azure Active Directory group memberships, and updates the org chart visualization in SharePoint.

naftiko: '0.5'
info:
  label: Organization Chart Sync Pipeline
  description: Retrieves the organizational hierarchy from ADP, syncs it to Azure Active Directory group memberships, and updates the org chart visualization in SharePoint.
  tags:
  - hr
  - org-chart
  - adp
  - azure-active-directory
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: hr-org
    port: 8080
    tools:
    - name: get-org-chart
      description: Retrieve the reporting hierarchy, sync to Azure AD, and update SharePoint org chart.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      steps:
      - name: fetch-hierarchy
        type: call
        call: adp.get-reports-to
        with:
          associate_oid: '{{associate_oid}}'
      - name: sync-ad-groups
        type: call
        call: azure-ad.update-manager
        with:
          user_id: '{{fetch-hierarchy.workerEmail}}'
          manager_id: '{{fetch-hierarchy.managerEmail}}'
      - name: update-sharepoint
        type: call
        call: sharepoint.update-list-item
        with:
          site_id: hr_org_charts
          list_name: OrgChart
          associate_oid: '{{associate_oid}}'
          manager_name: '{{fetch-hierarchy.managerName}}'
          direct_reports: '{{fetch-hierarchy.directReportsCount}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: org-hierarchy
      path: /workers/{{associate_oid}}/organizational-hierarchy
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-reports-to
        method: GET
  - type: http
    namespace: azure-ad
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: manager-ref
      path: /users/{{user_id}}/manager/$ref
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: update-manager
        method: PUT
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: list-items
      path: /{{site_id}}/lists/{{list_name}}/items
      inputParameters:
      - name: site_id
        in: path
      - name: list_name
        in: path
      operations:
      - name: update-list-item
        method: POST

Creates client profile in ADP, provisions Salesforce account, configures ServiceNow support, sets up analytics in Snowflake, and notifies implementation.

naftiko: '0.5'
info:
  label: New Client Payroll Setup Pipeline
  description: Creates client profile in ADP, provisions Salesforce account, configures ServiceNow support, sets up analytics in Snowflake, and notifies implementation.
  tags:
  - onboarding
  - adp
  - salesforce
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: onboarding
    port: 8080
    tools:
    - name: new_client_payroll_setup_pipeline
      description: Orchestrate new client payroll setup pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-salesforce
        type: call
        call: salesforce.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://adp.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Extracts HR metrics from ADP, aggregates in Snowflake, generates Power BI dashboards, identifies trends, and notifies HR leadership.

naftiko: '0.5'
info:
  label: Workforce Analytics Pipeline
  description: Extracts HR metrics from ADP, aggregates in Snowflake, generates Power BI dashboards, identifies trends, and notifies HR leadership.
  tags:
  - analytics
  - adp
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: workforce_analytics_pipeline
      description: Orchestrate workforce analytics pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-servicenow
        type: call
        call: servicenow.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

Extracts payroll journals from ADP, transforms for GL posting, loads into ERP, reconciles in Snowflake, and notifies accounting.

naftiko: '0.5'
info:
  label: Payroll Journal Integration Pipeline
  description: Extracts payroll journals from ADP, transforms for GL posting, loads into ERP, reconciles in Snowflake, and notifies accounting.
  tags:
  - finance
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: finance
    port: 8080
    tools:
    - name: payroll_journal_integration_pipeline
      description: Orchestrate payroll journal integration pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Checks overdue compliance training in Pluralsight for employees managed in ADP, sends reminder emails via Microsoft Outlook, and logs escalations in ServiceNow.

naftiko: '0.5'
info:
  label: Compliance Training Enforcement Pipeline
  description: Checks overdue compliance training in Pluralsight for employees managed in ADP, sends reminder emails via Microsoft Outlook, and logs escalations in ServiceNow.
  tags:
  - compliance
  - training
  - adp
  - pluralsight
  - microsoft-outlook
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance-training
    port: 8080
    tools:
    - name: enforce-training-compliance
      description: Check overdue compliance training and send reminders with escalation tracking.
      inputParameters:
      - name: department
        in: body
        type: string
        description: The department to check for overdue training.
      - name: course_id
        in: body
        type: string
        description: The Pluralsight course identifier for the required training.
      steps:
      - name: get-department-workers
        type: call
        call: adp.list-workers-by-department
        with:
          department: '{{department}}'
      - name: check-completions
        type: call
        call: pluralsight.get-course-completions
        with:
          course_id: '{{course_id}}'
          group_id: '{{get-department-workers.groupId}}'
      - name: send-reminders
        type: call
        call: outlook.send-mail
        with:
          to: '{{check-completions.overdueEmails}}'
          subject: 'Action Required: Overdue Compliance Training'
          body: You have overdue compliance training for course {{course_id}}. Please complete by end of week.
      - name: log-escalation
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Overdue compliance training: {{department}} - {{course_id}}'
          category: compliance
          assigned_group: HR_Compliance
          description: '{{check-completions.overdueCount}} employees in {{department}} have not completed required training {{course_id}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: department-workers
      path: /workers?$filter=department eq '{{department}}'
      inputParameters:
      - name: department
        in: query
      operations:
      - name: list-workers-by-department
        method: GET
  - type: http
    namespace: pluralsight
    baseUri: https://api.pluralsight.com/api/v1
    authentication:
      type: bearer
      token: $secrets.pluralsight_api_token
    resources:
    - name: course-completions
      path: /courses/{{course_id}}/completions?groupId={{group_id}}
      inputParameters:
      - name: course_id
        in: path
      - name: group_id
        in: query
      operations:
      - name: get-course-completions
        method: GET
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-mail
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

When a leave request is submitted in ADP, notifies the manager via Microsoft Teams for approval and updates the request status in ADP based on the response.

naftiko: '0.5'
info:
  label: Leave Request Approval Pipeline
  description: When a leave request is submitted in ADP, notifies the manager via Microsoft Teams for approval and updates the request status in ADP based on the response.
  tags:
  - time-off
  - adp
  - microsoft-teams
  - workforce-management
capability:
  exposes:
  - type: mcp
    namespace: leave-approval
    port: 8080
    tools:
    - name: process-leave-request
      description: Process a leave request by notifying the manager and tracking approval.
      inputParameters:
      - name: leave_request_id
        in: body
        type: string
        description: The ADP leave request identifier.
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID of the requestor.
      steps:
      - name: get-leave-request
        type: call
        call: adp.get-leave-request
        with:
          leave_request_id: '{{leave_request_id}}'
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.reportsTo.emailUri}}'
          text: 'Leave request from {{get-employee.legalName.formattedName}}: {{get-leave-request.leaveType}} from {{get-leave-request.startDate}} to {{get-leave-request.endDate}} ({{get-leave-request.totalDays}} days). Please approve or deny.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/time/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: leave-requests
      path: /leave-requests/{{leave_request_id}}
      inputParameters:
      - name: leave_request_id
        in: path
      operations:
      - name: get-leave-request
        method: GET
  - type: http
    namespace: adp-hr
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

When overtime is recorded in ADP time tracking, routes approval to the manager via Microsoft Teams and updates the timecard status in ADP.

naftiko: '0.5'
info:
  label: Overtime Approval Workflow
  description: When overtime is recorded in ADP time tracking, routes approval to the manager via Microsoft Teams and updates the timecard status in ADP.
  tags:
  - workforce-management
  - overtime
  - adp
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: overtime-approval
    port: 8080
    tools:
    - name: request-overtime-approval
      description: Route an overtime request for manager approval and update the ADP timecard.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      - name: overtime_hours
        in: body
        type: string
        description: The number of overtime hours requested.
      - name: work_date
        in: body
        type: string
        description: The date of overtime in YYYY-MM-DD format.
      steps:
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: notify-manager
        type: call
        call: msteams.send-adaptive-card
        with:
          recipient_upn: '{{get-employee.reportsTo.emailUri}}'
          card_title: Overtime Approval Request
          card_body: '{{get-employee.legalName.formattedName}} requests {{overtime_hours}} hours OT on {{work_date}}.'
      - name: update-timecard
        type: call
        call: adp.update-timecard-note
        with:
          associate_oid: '{{associate_oid}}'
          work_date: '{{work_date}}'
          note: 'Overtime approval requested: {{overtime_hours}} hours. Manager notified.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: adp-time
    baseUri: https://api.adp.com/time/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: timecard-notes
      path: /workers/{{associate_oid}}/timecards/{{work_date}}/notes
      inputParameters:
      - name: associate_oid
        in: path
      - name: work_date
        in: path
      operations:
      - name: update-timecard-note
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: adaptive-cards
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-adaptive-card
        method: POST

Retrieves the complete job history for an employee from ADP including prior positions, departments, and effective dates.

naftiko: '0.5'
info:
  label: Employee Job History Lookup
  description: Retrieves the complete job history for an employee from ADP including prior positions, departments, and effective dates.
  tags:
  - hr
  - job-history
  - adp
  - workforce-now
capability:
  exposes:
  - type: mcp
    namespace: hr-history
    port: 8080
    tools:
    - name: get-job-history
      description: Retrieve complete job history for an employee by ADP associate OID.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      call: adp.get-job-history
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: total_positions
        type: string
        mapping: $.jobHistory.length
      - name: current_title
        type: string
        mapping: $.jobHistory[0].jobTitle
      - name: current_department
        type: string
        mapping: $.jobHistory[0].department
      - name: original_hire_date
        type: string
        mapping: $.jobHistory[-1].effectiveDate
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: job-history
      path: /workers/{{associate_oid}}/job-history
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-job-history
        method: GET

Sends a message to a Slack channel for ADP notifications.

naftiko: '0.5'
info:
  label: Slack Channel Post
  description: Sends a message to a Slack channel for ADP notifications.
  tags:
  - collaboration
  - slack
  - messaging
capability:
  exposes:
  - type: mcp
    namespace: messaging
    port: 8080
    tools:
    - name: send-message
      description: Post to Slack at ADP.
      inputParameters:
      - name: channel
        in: body
        type: string
        description: The channel to look up.
      call: slack.get-channel
      with:
        channel: '{{channel}}'
  consumes:
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack_channel_post
        method: GET

Retrieves a W-2 tax document from ADP, archives it in SharePoint for document retention, and sends the employee a notification via Microsoft Outlook.

naftiko: '0.5'
info:
  label: W-2 Document Retrieval and Archive Pipeline
  description: Retrieves a W-2 tax document from ADP, archives it in SharePoint for document retention, and sends the employee a notification via Microsoft Outlook.
  tags:
  - payroll
  - tax
  - adp
  - sharepoint
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: tax-documents
    port: 8080
    tools:
    - name: get-w2-document
      description: Retrieve a W-2, archive in SharePoint, and notify the employee.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      - name: tax_year
        in: body
        type: string
        description: The tax year (e.g. 2025).
      steps:
      - name: fetch-w2
        type: call
        call: adp.get-w2
        with:
          associate_oid: '{{associate_oid}}'
          tax_year: '{{tax_year}}'
      - name: archive-document
        type: call
        call: sharepoint.upload-file
        with:
          site_id: tax_documents_site
          folder_path: W2/{{tax_year}}/{{associate_oid}}
          file_name: W2_{{tax_year}}_{{associate_oid}}.pdf
      - name: notify-employee
        type: call
        call: outlook.send-mail
        with:
          to: '{{fetch-w2.workerEmail}}'
          subject: Your {{tax_year}} W-2 is Available
          body: 'Your W-2 for tax year {{tax_year}} is now available. Wages: {{fetch-w2.wages}}. Federal tax withheld: {{fetch-w2.federalTaxWithheld}}. Document archived in SharePoint.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: w2-documents
      path: /workers/{{associate_oid}}/tax-documents/w2?taxYear={{tax_year}}
      inputParameters:
      - name: associate_oid
        in: path
      - name: tax_year
        in: query
      operations:
      - name: get-w2
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-mail
        method: POST

Pulls active headcount data from ADP and pushes it to Power BI for real-time workforce analytics dashboards, then notifies HR leadership via Slack.

naftiko: '0.5'
info:
  label: Workforce Headcount Dashboard Sync
  description: Pulls active headcount data from ADP and pushes it to Power BI for real-time workforce analytics dashboards, then notifies HR leadership via Slack.
  tags:
  - workforce-management
  - adp
  - power-bi
  - slack
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: workforce-analytics
    port: 8080
    tools:
    - name: sync-headcount-dashboard
      description: Sync current ADP headcount data to Power BI and notify stakeholders.
      inputParameters:
      - name: as_of_date
        in: body
        type: string
        description: The date for the headcount snapshot in YYYY-MM-DD format.
      steps:
      - name: get-headcount
        type: call
        call: adp.get-workforce-analytics
        with:
          report_type: headcount
          as_of_date: '{{as_of_date}}'
      - name: push-to-powerbi
        type: call
        call: powerbi.push-dataset-rows
        with:
          dataset_id: workforce_headcount
          table_name: headcount_daily
          rows: '{{get-headcount.data}}'
      - name: notify-hr
        type: call
        call: slack.post-message
        with:
          channel: '#hr-analytics'
          text: 'Workforce headcount dashboard updated for {{as_of_date}}. Total active: {{get-headcount.totalActive}}. Power BI refresh complete.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/analytics/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workforce-analytics
      path: /reports/{{report_type}}?asOfDate={{as_of_date}}
      inputParameters:
      - name: report_type
        in: path
      - name: as_of_date
        in: query
      operations:
      - name: get-workforce-analytics
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-rows
      path: /datasets/{{dataset_id}}/tables/{{table_name}}/rows
      inputParameters:
      - name: dataset_id
        in: path
      - name: table_name
        in: path
      operations:
      - name: push-dataset-rows
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Triggers Power BI dataset refresh for ADP reporting.

naftiko: '0.5'
info:
  label: Power BI Refresh Trigger
  description: Triggers Power BI dataset refresh for ADP reporting.
  tags:
  - analytics
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: trigger-refresh
      description: Trigger refresh at ADP.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: The dataset_id to look up.
      call: powerbi.get-dataset_id
      with:
        dataset_id: '{{dataset_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: power_bi_refresh_trigger
        method: GET

Generates standard payroll reports from ADP data in Snowflake, publishes to Power BI, distributes via email, and notifies stakeholders.

naftiko: '0.5'
info:
  label: Payroll Reporting Automation Pipeline
  description: Generates standard payroll reports from ADP data in Snowflake, publishes to Power BI, distributes via email, and notifies stakeholders.
  tags:
  - reporting
  - adp
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: reporting
    port: 8080
    tools:
    - name: payroll_reporting_automation_pipeline
      description: Orchestrate payroll reporting automation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-servicenow
        type: call
        call: servicenow.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

Monitors timecard patterns from ADP, detects anomalies in Snowflake, creates investigation cases, and notifies managers.

naftiko: '0.5'
info:
  label: Time and Attendance Anomaly Detector
  description: Monitors timecard patterns from ADP, detects anomalies in Snowflake, creates investigation cases, and notifies managers.
  tags:
  - workforce
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: workforce
    port: 8080
    tools:
    - name: time_and_attendance_anomaly_detector
      description: Orchestrate time and attendance anomaly detector workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Searches for employees in ADP Workforce Now by name or employee ID and returns matching worker records.

naftiko: '0.5'
info:
  label: ADP Worker Search
  description: Searches for employees in ADP Workforce Now by name or employee ID and returns matching worker records.
  tags:
  - hr
  - search
  - adp
  - workforce-now
capability:
  exposes:
  - type: mcp
    namespace: hr-search
    port: 8080
    tools:
    - name: search-workers
      description: Search for workers in ADP by name or employee number.
      inputParameters:
      - name: search_term
        in: body
        type: string
        description: The name or employee ID to search for.
      call: adp.search-workers
      with:
        search_term: '{{search_term}}'
      outputParameters:
      - name: total_results
        type: string
        mapping: $.workers.length
      - name: first_match_name
        type: string
        mapping: $.workers[0].person.legalName.formattedName
      - name: first_match_oid
        type: string
        mapping: $.workers[0].associateOID
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: worker-search
      path: /workers?$filter=contains(person/legalName,'{{search_term}}')
      inputParameters:
      - name: search_term
        in: query
      operations:
      - name: search-workers
        method: GET

On new hire creation in ADP Workforce Now, provisions a SharePoint folder for documents, opens a ServiceNow onboarding ticket, and sends a Microsoft Teams welcome message.

naftiko: '0.5'
info:
  label: New Hire Onboarding Orchestrator
  description: On new hire creation in ADP Workforce Now, provisions a SharePoint folder for documents, opens a ServiceNow onboarding ticket, and sends a Microsoft Teams welcome message.
  tags:
  - hr
  - onboarding
  - adp
  - sharepoint
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-onboarding
      description: Given an ADP associate OID and start date, orchestrate the full onboarding sequence across ServiceNow, SharePoint, and Microsoft Teams.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID for the new hire.
      - name: start_date
        in: body
        type: string
        description: The employee start date in YYYY-MM-DD format.
      - name: department
        in: body
        type: string
        description: The department the new hire is joining.
      steps:
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: open-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'New hire onboarding: {{get-employee.legalName.formattedName}}'
          category: hr_onboarding
          assigned_group: IT_Onboarding
          description: Onboarding for {{get-employee.legalName.formattedName}} starting {{start_date}} in {{department}}.
      - name: provision-folder
        type: call
        call: sharepoint.create-folder
        with:
          site_id: hr_onboarding_site
          folder_path: OnboardingDocs/{{get-employee.legalName.formattedName}}_{{start_date}}
      - name: send-welcome
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.businessCommunication.emailUri}}'
          text: Welcome aboard! Your IT onboarding ticket is {{open-ticket.number}}. Documents are ready at {{provision-folder.url}}.
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      operations:
      - name: create-folder
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Calculates union dues from ADP payroll, reconciles with union records, generates remittance, and notifies labor relations team.

naftiko: '0.5'
info:
  label: Union Dues Processing Pipeline
  description: Calculates union dues from ADP payroll, reconciles with union records, generates remittance, and notifies labor relations team.
  tags:
  - labor-relations
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: labor-relations
    port: 8080
    tools:
    - name: union_dues_processing_pipeline
      description: Orchestrate union dues processing pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Extracts workforce demographics from ADP, aggregates data in Databricks, publishes to Power BI dashboards, and shares the report link in Microsoft Teams.

naftiko: '0.5'
info:
  label: Diversity and Inclusion Reporting Pipeline
  description: Extracts workforce demographics from ADP, aggregates data in Databricks, publishes to Power BI dashboards, and shares the report link in Microsoft Teams.
  tags:
  - hr
  - analytics
  - adp
  - databricks
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: dei-reporting
    port: 8080
    tools:
    - name: generate-dei-report
      description: Generate a diversity and inclusion report from ADP workforce data.
      inputParameters:
      - name: report_period
        in: body
        type: string
        description: The reporting period (e.g. Q1-2026).
      - name: scope
        in: body
        type: string
        description: The organizational scope (e.g. company-wide, division, department).
      steps:
      - name: extract-demographics
        type: call
        call: adp.get-demographics-report
        with:
          report_period: '{{report_period}}'
          scope: '{{scope}}'
      - name: run-aggregation
        type: call
        call: databricks.submit-job
        with:
          job_name: dei_analytics
          parameters: data={{extract-demographics.reportUri}}&period={{report_period}}
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: dei_dashboard
      - name: share-report
        type: call
        call: msteams.send-channel-message
        with:
          team_id: hr_leadership
          channel: dei-reports
          text: 'D&I report for {{report_period}} ({{scope}}) is ready. Dashboard refreshed. Key metrics: {{extract-demographics.summaryStats}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/analytics/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: demographics-reports
      path: /reports/demographics?period={{report_period}}&scope={{scope}}
      inputParameters:
      - name: report_period
        in: query
      - name: scope
        in: query
      operations:
      - name: get-demographics-report
        method: GET
  - type: http
    namespace: databricks
    baseUri: https://adp-workspace.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: submit-job
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves timecard submission status from ADP, checks for missing submissions, and notifies the manager via Microsoft Teams if the timecard is incomplete.

naftiko: '0.5'
info:
  label: Timecard Status and Manager Notification
  description: Retrieves timecard submission status from ADP, checks for missing submissions, and notifies the manager via Microsoft Teams if the timecard is incomplete.
  tags:
  - time-attendance
  - adp
  - workforce-management
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: time-attendance
    port: 8080
    tools:
    - name: get-timecard-status
      description: Check timecard submission status and notify the manager if incomplete.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      - name: pay_period_end
        in: body
        type: string
        description: The pay period end date in YYYY-MM-DD format.
      steps:
      - name: fetch-timecard
        type: call
        call: adp.get-timecard
        with:
          associate_oid: '{{associate_oid}}'
          pay_period_end: '{{pay_period_end}}'
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.reportsTo.emailUri}}'
          text: 'Timecard status for {{get-employee.legalName.formattedName}} (period ending {{pay_period_end}}): {{fetch-timecard.status}}. Total hours: {{fetch-timecard.totalHours}}, OT: {{fetch-timecard.overtimeHours}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/time/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: timecards
      path: /workers/{{associate_oid}}/timecards?periodEnd={{pay_period_end}}
      inputParameters:
      - name: associate_oid
        in: path
      - name: pay_period_end
        in: query
      operations:
      - name: get-timecard
        method: GET
  - type: http
    namespace: adp-hr
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Initiates a performance review cycle by pulling employee data from ADP, creating review documents in Google Docs, assigning tasks in Jira, and notifying managers via Microsoft Teams.

naftiko: '0.5'
info:
  label: Performance Review Cycle Orchestrator
  description: Initiates a performance review cycle by pulling employee data from ADP, creating review documents in Google Docs, assigning tasks in Jira, and notifying managers via Microsoft Teams.
  tags:
  - talent
  - performance
  - adp
  - google-docs
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: talent-performance
    port: 8080
    tools:
    - name: initiate-review-cycle
      description: Kick off a performance review cycle for a department.
      inputParameters:
      - name: department
        in: body
        type: string
        description: The department for the review cycle.
      - name: review_period
        in: body
        type: string
        description: The review period label (e.g. Q1-2026).
      steps:
      - name: get-department-roster
        type: call
        call: adp.list-workers-by-department
        with:
          department: '{{department}}'
      - name: create-review-template
        type: call
        call: google-docs.create-document
        with:
          title: Performance Review {{review_period}} - {{department}}
          template_id: perf_review_template
      - name: create-jira-epic
        type: call
        call: jira.create-issue
        with:
          project: PERF
          summary: 'Performance Reviews: {{department}} - {{review_period}}'
          issue_type: Epic
          description: Track {{get-department-roster.totalCount}} reviews for {{department}} during {{review_period}}.
      - name: notify-managers
        type: call
        call: msteams.send-channel-message
        with:
          team_id: hr_management
          channel: performance-reviews
          text: 'Performance review cycle initiated for {{department}} ({{review_period}}). {{get-department-roster.totalCount}} employees. Jira epic: {{create-jira-epic.key}}. Template: {{create-review-template.url}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: department-workers
      path: /workers?$filter=department eq '{{department}}'
      inputParameters:
      - name: department
        in: query
      operations:
      - name: list-workers-by-department
        method: GET
  - type: http
    namespace: google-docs
    baseUri: https://docs.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_docs_token
    resources:
    - name: documents
      path: /documents
      operations:
      - name: create-document
        method: POST
  - type: http
    namespace: jira
    baseUri: https://adp-corp.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel
        in: path
      operations:
      - name: send-channel-message
        method: POST

Tracks service delivery metrics from ServiceNow, calculates SLA compliance in Snowflake, updates Grafana dashboards, and alerts account managers.

naftiko: '0.5'
info:
  label: Client SLA Monitoring Pipeline
  description: Tracks service delivery metrics from ServiceNow, calculates SLA compliance in Snowflake, updates Grafana dashboards, and alerts account managers.
  tags:
  - service-delivery
  - servicenow
  - snowflake
  - grafana
  - slack
capability:
  exposes:
  - type: mcp
    namespace: service-delivery
    port: 8080
    tools:
    - name: client_sla_monitoring_pipeline
      description: Orchestrate client sla monitoring pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-grafana
        type: call
        call: grafana.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://adp-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves Salesforce account details for ADP sales teams.

naftiko: '0.5'
info:
  label: Salesforce Account Info
  description: Retrieves Salesforce account details for ADP sales teams.
  tags:
  - crm
  - salesforce
  - accounts
capability:
  exposes:
  - type: mcp
    namespace: crm
    port: 8080
    tools:
    - name: get-account
      description: Look up account at ADP.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The account_id to look up.
      call: salesforce.get-account_id
      with:
        account_id: '{{account_id}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://adp.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce_account_info
        method: GET

During benefits open enrollment, sends personalized emails via MailChimp with current plan details from ADP, tracks opens in Google Analytics, and logs activity in Salesforce.

naftiko: '0.5'
info:
  label: Open Enrollment Campaign Orchestrator
  description: During benefits open enrollment, sends personalized emails via MailChimp with current plan details from ADP, tracks opens in Google Analytics, and logs activity in Salesforce.
  tags:
  - benefits
  - open-enrollment
  - adp
  - mailchimp
  - google-analytics
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: open-enrollment
    port: 8080
    tools:
    - name: launch-enrollment-campaign
      description: Launch a personalized open enrollment campaign for a specific employee segment.
      inputParameters:
      - name: segment_id
        in: body
        type: string
        description: The employee segment identifier for targeting.
      - name: plan_year
        in: body
        type: string
        description: The benefits plan year (e.g. 2026).
      steps:
      - name: get-segment-employees
        type: call
        call: adp.list-workers-by-segment
        with:
          segment_id: '{{segment_id}}'
      - name: send-campaign
        type: call
        call: mailchimp.send-campaign
        with:
          list_id: '{{get-segment-employees.listId}}'
          template_id: open_enrollment_{{plan_year}}
          subject: Your {{plan_year}} Benefits Open Enrollment Is Now Open
      - name: log-campaign
        type: call
        call: salesforce.create-campaign-activity
        with:
          campaign_name: OE_{{plan_year}}_{{segment_id}}
          status: sent
          recipient_count: '{{get-segment-employees.totalCount}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: worker-segments
      path: /workers?$filter=segment eq '{{segment_id}}'
      inputParameters:
      - name: segment_id
        in: query
      operations:
      - name: list-workers-by-segment
        method: GET
  - type: http
    namespace: mailchimp
    baseUri: https://us1.api.mailchimp.com/3.0
    authentication:
      type: basic
      username: anystring
      password: $secrets.mailchimp_api_key
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: send-campaign
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://adp.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: campaign-activities
      path: /sobjects/CampaignMember
      operations:
      - name: create-campaign-activity
        method: POST

Retrieves the current work assignment details for an employee from ADP including location, shift, and assignment status.

naftiko: '0.5'
info:
  label: Employee Work Assignment Lookup
  description: Retrieves the current work assignment details for an employee from ADP including location, shift, and assignment status.
  tags:
  - hr
  - work-assignment
  - adp
  - workforce-now
capability:
  exposes:
  - type: mcp
    namespace: hr-assignments
    port: 8080
    tools:
    - name: get-work-assignment
      description: Retrieve work assignment details for an employee by ADP associate OID.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      call: adp.get-assignment
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: work_location
        type: string
        mapping: $.workAssignment.location.nameCode.shortName
      - name: shift
        type: string
        mapping: $.workAssignment.shiftCode
      - name: status
        type: string
        mapping: $.workAssignment.assignmentStatus
      - name: full_part_time
        type: string
        mapping: $.workAssignment.fullTimeOrPartTime
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: work-assignments
      path: /workers/{{associate_oid}}/work-assignments
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-assignment
        method: GET

Pulls benefits enrollment data from ADP and cost data from Oracle, merges them in Databricks for per-employee cost analysis, and publishes results to Power BI.

naftiko: '0.5'
info:
  label: Benefits Cost Analysis Pipeline
  description: Pulls benefits enrollment data from ADP and cost data from Oracle, merges them in Databricks for per-employee cost analysis, and publishes results to Power BI.
  tags:
  - benefits
  - analytics
  - adp
  - oracle
  - databricks
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: benefits-analytics
    port: 8080
    tools:
    - name: analyze-benefits-cost
      description: Run a benefits cost analysis combining ADP enrollment data with Oracle financials.
      inputParameters:
      - name: plan_year
        in: body
        type: string
        description: The benefits plan year to analyze.
      - name: department
        in: body
        type: string
        description: The department to scope the analysis.
      steps:
      - name: get-enrollment-data
        type: call
        call: adp.get-enrollment-report
        with:
          plan_year: '{{plan_year}}'
          department: '{{department}}'
      - name: get-cost-data
        type: call
        call: oracle.get-benefits-costs
        with:
          fiscal_year: '{{plan_year}}'
          cost_center: '{{department}}'
      - name: run-analysis
        type: call
        call: databricks.submit-job
        with:
          job_name: benefits_cost_analysis
          parameters: enrollment={{get-enrollment-data.reportUri}}&costs={{get-cost-data.reportUri}}
      - name: publish-results
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: benefits_cost_dashboard
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/analytics/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: enrollment-reports
      path: /reports/benefit-enrollment?planYear={{plan_year}}&department={{department}}
      inputParameters:
      - name: plan_year
        in: query
      - name: department
        in: query
      operations:
      - name: get-enrollment-report
        method: GET
  - type: http
    namespace: oracle
    baseUri: https://adp-erp.oraclecloud.com/fscmRestApi/resources/v1
    authentication:
      type: basic
      username: $secrets.oracle_user
      password: $secrets.oracle_password
    resources:
    - name: benefits-costs
      path: /benefitsCosts?fiscalYear={{fiscal_year}}&costCenter={{cost_center}}
      inputParameters:
      - name: fiscal_year
        in: query
      - name: cost_center
        in: query
      operations:
      - name: get-benefits-costs
        method: GET
  - type: http
    namespace: databricks
    baseUri: https://adp-workspace.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: submit-job
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

Monitors ADP API health via Datadog, checks data sync status, creates alerts in PagerDuty, logs in ServiceNow, and notifies IT.

naftiko: '0.5'
info:
  label: HR System Integration Health Monitor
  description: Monitors ADP API health via Datadog, checks data sync status, creates alerts in PagerDuty, logs in ServiceNow, and notifies IT.
  tags:
  - integration
  - datadog
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: integration
    port: 8080
    tools:
    - name: hr_system_integration_health_monitor
      description: Orchestrate hr system integration health monitor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-datadog
        type: call
        call: datadog.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

When a payroll run completes in ADP, compares gross pay against SAP cost center budgets and posts a Slack alert if the variance exceeds the threshold.

naftiko: '0.5'
info:
  label: Payroll Discrepancy Alert Pipeline
  description: When a payroll run completes in ADP, compares gross pay against SAP cost center budgets and posts a Slack alert if the variance exceeds the threshold.
  tags:
  - payroll
  - adp
  - sap
  - slack
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: payroll-audit
    port: 8080
    tools:
    - name: check-payroll-variance
      description: Compare a completed payroll run against cost center budgets and alert on variances exceeding the threshold.
      inputParameters:
      - name: pay_run_id
        in: body
        type: string
        description: The ADP payroll run identifier.
      - name: variance_threshold
        in: body
        type: string
        description: Maximum allowed variance percentage before alerting.
      steps:
      - name: get-payroll-totals
        type: call
        call: adp.get-payroll-run
        with:
          pay_run_id: '{{pay_run_id}}'
      - name: get-budget
        type: call
        call: sap.get-cost-center-budget
        with:
          cost_center: '{{get-payroll-totals.costCenterCode}}'
          fiscal_period: '{{get-payroll-totals.payPeriod}}'
      - name: notify-variance
        type: call
        call: slack.post-message
        with:
          channel: '#payroll-alerts'
          text: 'Payroll variance alert: Run {{pay_run_id}} total {{get-payroll-totals.grossTotal}} vs budget {{get-budget.plannedAmount}}. Variance exceeds {{variance_threshold}}%.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: payroll-runs
      path: /pay-runs/{{pay_run_id}}
      inputParameters:
      - name: pay_run_id
        in: path
      operations:
      - name: get-payroll-run
        method: GET
  - type: http
    namespace: sap
    baseUri: https://adp-s4.sap.com/sap/opu/odata/sap/API_COSTCENTER_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: cost-center-budgets
      path: /A_CostCenter('{{cost_center}}')/to_Budget(FiscalPeriod='{{fiscal_period}}')
      inputParameters:
      - name: cost_center
        in: path
      - name: fiscal_period
        in: path
      operations:
      - name: get-cost-center-budget
        method: GET
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Searches Splunk indexes for log entries at ADP.

naftiko: '0.5'
info:
  label: Splunk Log Search
  description: Searches Splunk indexes for log entries at ADP.
  tags:
  - devops
  - splunk
  - logging
capability:
  exposes:
  - type: mcp
    namespace: logging
    port: 8080
    tools:
    - name: search-logs
      description: Search Splunk logs for ADP.
      inputParameters:
      - name: query
        in: body
        type: string
        description: The query to look up.
      call: splunk.get-query
      with:
        query: '{{query}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://adp-splunk.com/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: splunk_log_search
        method: GET

Receives claim from ADP, validates employment, creates case in ServiceNow, calculates exposure in Snowflake, and notifies risk management.

naftiko: '0.5'
info:
  label: Workers Comp Claims Processor
  description: Receives claim from ADP, validates employment, creates case in ServiceNow, calculates exposure in Snowflake, and notifies risk management.
  tags:
  - insurance
  - adp
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: insurance
    port: 8080
    tools:
    - name: workers_comp_claims_processor
      description: Orchestrate workers comp claims processor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-snowflake
        type: call
        call: snowflake.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Generates a compliance audit report by pulling employee data from ADP, cross-referencing with SailPoint access records, producing a report in Google Docs, and filing it in Box.

naftiko: '0.5'
info:
  label: Compliance Audit Report Generator
  description: Generates a compliance audit report by pulling employee data from ADP, cross-referencing with SailPoint access records, producing a report in Google Docs, and filing it in Box.
  tags:
  - compliance
  - audit
  - adp
  - sailpoint
  - google-docs
  - box
capability:
  exposes:
  - type: mcp
    namespace: compliance-audit
    port: 8080
    tools:
    - name: generate-audit-report
      description: Generate a compliance audit report cross-referencing ADP employee data with SailPoint access.
      inputParameters:
      - name: department
        in: body
        type: string
        description: The department to audit.
      - name: audit_date
        in: body
        type: string
        description: The audit date in YYYY-MM-DD format.
      steps:
      - name: get-employees
        type: call
        call: adp.list-workers-by-department
        with:
          department: '{{department}}'
      - name: get-access-records
        type: call
        call: sailpoint.get-access-review
        with:
          group: '{{department}}'
          review_date: '{{audit_date}}'
      - name: create-report
        type: call
        call: google-docs.create-document
        with:
          title: 'Compliance Audit: {{department}} - {{audit_date}}'
          body: 'Audit of {{get-employees.totalCount}} employees. Access review status: {{get-access-records.status}}. Findings: {{get-access-records.findingsCount}} discrepancies.'
      - name: file-in-box
        type: call
        call: box.upload-file
        with:
          folder_id: compliance_audits
          file_name: audit_{{department}}_{{audit_date}}.pdf
          content_url: '{{create-report.exportUrl}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: department-workers
      path: /workers?$filter=department eq '{{department}}'
      inputParameters:
      - name: department
        in: query
      operations:
      - name: list-workers-by-department
        method: GET
  - type: http
    namespace: sailpoint
    baseUri: https://adp-corp.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: access-reviews
      path: /access-reviews?group={{group}}&reviewDate={{review_date}}
      inputParameters:
      - name: group
        in: query
      - name: review_date
        in: query
      operations:
      - name: get-access-review
        method: GET
  - type: http
    namespace: google-docs
    baseUri: https://docs.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_docs_token
    resources:
    - name: documents
      path: /documents
      operations:
      - name: create-document
        method: POST
  - type: http
    namespace: box
    baseUri: https://upload.box.com/api/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: files
      path: /files/content
      operations:
      - name: upload-file
        method: POST

Retrieves direct deposit configuration from ADP, logs the access event in Splunk for security auditing, and sends a confirmation to the employee via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Direct Deposit Audit and Notification Pipeline
  description: Retrieves direct deposit configuration from ADP, logs the access event in Splunk for security auditing, and sends a confirmation to the employee via Microsoft Outlook.
  tags:
  - payroll
  - direct-deposit
  - adp
  - splunk
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: payroll-banking
    port: 8080
    tools:
    - name: get-direct-deposit
      description: Look up direct deposit accounts, log the audit event, and notify the employee.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      steps:
      - name: fetch-deposits
        type: call
        call: adp.get-deposit-accounts
        with:
          associate_oid: '{{associate_oid}}'
      - name: log-audit-event
        type: call
        call: splunk.send-event
        with:
          index: payroll_audit
          event: direct_deposit_access
          associate_oid: '{{associate_oid}}'
          account_count: '{{fetch-deposits.accountCount}}'
      - name: notify-employee
        type: call
        call: outlook.send-mail
        with:
          to: '{{fetch-deposits.workerEmail}}'
          subject: Direct Deposit Information Accessed
          body: 'Your direct deposit information was accessed. {{fetch-deposits.accountCount}} accounts on file. Primary bank: {{fetch-deposits.primaryBank}}. If this was not you, contact HR.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: deposit-accounts
      path: /workers/{{associate_oid}}/direct-deposits
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-deposit-accounts
        method: GET
  - type: http
    namespace: splunk
    baseUri: https://adp-splunk.splunkcloud.com:8088
    authentication:
      type: bearer
      token: $secrets.splunk_hec_token
    resources:
    - name: events
      path: /services/collector/event
      operations:
      - name: send-event
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-mail
        method: POST

Searches Elasticsearch indexes for ADP.

naftiko: '0.5'
info:
  label: Elasticsearch Log Query
  description: Searches Elasticsearch indexes for ADP.
  tags:
  - data
  - elasticsearch
  - search
capability:
  exposes:
  - type: mcp
    namespace: search
    port: 8080
    tools:
    - name: search-logs
      description: Search ES logs at ADP.
      inputParameters:
      - name: query
        in: body
        type: string
        description: The query to look up.
      call: elasticsearch.get-query
      with:
        query: '{{query}}'
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://adp-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: elasticsearch_log_query
        method: GET

Analyzes turnover data from ADP analytics, compares against thresholds stored in Google Sheets, and posts alerts to Slack and creates a Jira ticket when turnover exceeds targets.

naftiko: '0.5'
info:
  label: Workforce Turnover Alert Pipeline
  description: Analyzes turnover data from ADP analytics, compares against thresholds stored in Google Sheets, and posts alerts to Slack and creates a Jira ticket when turnover exceeds targets.
  tags:
  - workforce-management
  - analytics
  - adp
  - google-sheets
  - slack
  - jira
capability:
  exposes:
  - type: mcp
    namespace: turnover-alerts
    port: 8080
    tools:
    - name: check-turnover-rate
      description: Check workforce turnover against targets and alert if thresholds are breached.
      inputParameters:
      - name: department
        in: body
        type: string
        description: The department to analyze.
      - name: period
        in: body
        type: string
        description: The reporting period (e.g. Q1-2026).
      steps:
      - name: get-turnover-data
        type: call
        call: adp.get-turnover-report
        with:
          department: '{{department}}'
          period: '{{period}}'
      - name: get-targets
        type: call
        call: google-sheets.get-range
        with:
          spreadsheet_id: turnover_targets_2026
          range: Targets!A:C
      - name: post-alert
        type: call
        call: slack.post-message
        with:
          channel: '#hr-analytics'
          text: 'Turnover alert: {{department}} at {{get-turnover-data.turnoverRate}}% for {{period}} (target: {{get-targets.targetRate}}%). {{get-turnover-data.separationCount}} separations.'
      - name: create-action-item
        type: call
        call: jira.create-issue
        with:
          project: HR
          summary: 'High turnover: {{department}} - {{period}}'
          issue_type: Task
          description: Turnover rate {{get-turnover-data.turnoverRate}}% exceeds target {{get-targets.targetRate}}%. Review retention strategies.
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/analytics/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: turnover-reports
      path: /reports/turnover?department={{department}}&period={{period}}
      inputParameters:
      - name: department
        in: query
      - name: period
        in: query
      operations:
      - name: get-turnover-report
        method: GET
  - type: http
    namespace: google-sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_sheets_token
    resources:
    - name: spreadsheet-values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: get-range
        method: GET
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
  - type: http
    namespace: jira
    baseUri: https://adp-corp.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Receives garnishment orders, validates in ADP, calculates deductions, creates compliance records in ServiceNow, and notifies payroll.

naftiko: '0.5'
info:
  label: Garnishment Processing Pipeline
  description: Receives garnishment orders, validates in ADP, calculates deductions, creates compliance records in ServiceNow, and notifies payroll.
  tags:
  - compliance
  - adp
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: garnishment_processing_pipeline
      description: Orchestrate garnishment processing pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-snowflake
        type: call
        call: snowflake.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

When a candidate advances in ADP Recruiting, checks interviewer availability in Microsoft Outlook, books a Zoom meeting, and updates the candidate status in ADP.

naftiko: '0.5'
info:
  label: Candidate Interview Scheduling Pipeline
  description: When a candidate advances in ADP Recruiting, checks interviewer availability in Microsoft Outlook, books a Zoom meeting, and updates the candidate status in ADP.
  tags:
  - talent
  - recruiting
  - adp
  - microsoft-outlook
  - zoom
capability:
  exposes:
  - type: mcp
    namespace: interview-scheduling
    port: 8080
    tools:
    - name: schedule-interview
      description: Schedule a candidate interview by checking availability, booking a meeting, and updating ADP.
      inputParameters:
      - name: candidate_id
        in: body
        type: string
        description: The ADP candidate identifier.
      - name: interviewer_email
        in: body
        type: string
        description: The interviewer's email address.
      - name: interview_date
        in: body
        type: string
        description: The preferred interview date in YYYY-MM-DD format.
      steps:
      - name: get-candidate
        type: call
        call: adp.get-candidate
        with:
          candidate_id: '{{candidate_id}}'
      - name: check-availability
        type: call
        call: outlook.get-free-busy
        with:
          user_email: '{{interviewer_email}}'
          date: '{{interview_date}}'
      - name: create-zoom-meeting
        type: call
        call: zoom.create-meeting
        with:
          topic: 'Interview: {{get-candidate.fullName}} - {{get-candidate.requisitionTitle}}'
          start_time: '{{check-availability.firstAvailableSlot}}'
          duration: 60
          host_email: '{{interviewer_email}}'
      - name: update-candidate-status
        type: call
        call: adp.update-candidate
        with:
          candidate_id: '{{candidate_id}}'
          status: interview_scheduled
          notes: Zoom meeting {{create-zoom-meeting.meetingId}} scheduled for {{check-availability.firstAvailableSlot}}.
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/staffing/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: candidates
      path: /candidates/{{candidate_id}}
      inputParameters:
      - name: candidate_id
        in: path
      operations:
      - name: get-candidate
        method: GET
      - name: update-candidate
        method: PATCH
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: calendar
      path: /users/{{user_email}}/calendar/getSchedule
      inputParameters:
      - name: user_email
        in: path
      operations:
      - name: get-free-busy
        method: POST
  - type: http
    namespace: zoom
    baseUri: https://api.zoom.us/v2
    authentication:
      type: bearer
      token: $secrets.zoom_jwt_token
    resources:
    - name: meetings
      path: /users/{{host_email}}/meetings
      inputParameters:
      - name: host_email
        in: path
      operations:
      - name: create-meeting
        method: POST

Processes LOA request in ADP, validates FMLA eligibility, adjusts benefits, creates case in ServiceNow, and notifies HR and manager.

naftiko: '0.5'
info:
  label: Leave of Absence Orchestrator
  description: Processes LOA request in ADP, validates FMLA eligibility, adjusts benefits, creates case in ServiceNow, and notifies HR and manager.
  tags:
  - hr
  - adp
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: leave_of_absence_orchestrator
      description: Orchestrate leave of absence orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Monitors payroll transactions in ADP, runs anomaly detection in Snowflake, creates investigation cases, and escalates suspicious activity.

naftiko: '0.5'
info:
  label: Payroll Fraud Detection Pipeline
  description: Monitors payroll transactions in ADP, runs anomaly detection in Snowflake, creates investigation cases, and escalates suspicious activity.
  tags:
  - security
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: payroll_fraud_detection_pipeline
      description: Orchestrate payroll fraud detection pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Extracts 401k contributions from ADP, reconciles with plan administrator, identifies variances, and notifies benefits team.

naftiko: '0.5'
info:
  label: Retirement Plan Contribution Reconciliation
  description: Extracts 401k contributions from ADP, reconciles with plan administrator, identifies variances, and notifies benefits team.
  tags:
  - benefits
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: benefits
    port: 8080
    tools:
    - name: retirement_plan_contribution_reconciliat
      description: Orchestrate retirement plan contribution reconciliation workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves pending event notifications from ADP such as new hires, terminations, and status changes.

naftiko: '0.5'
info:
  label: ADP Event Notification Lookup
  description: Retrieves pending event notifications from ADP such as new hires, terminations, and status changes.
  tags:
  - hr
  - events
  - adp
  - workforce-now
capability:
  exposes:
  - type: mcp
    namespace: hr-events
    port: 8080
    tools:
    - name: get-event-notifications
      description: Retrieve pending HR event notifications from ADP.
      inputParameters:
      - name: event_type
        in: body
        type: string
        description: The event type filter (e.g. new-hire, termination, status-change).
      - name: since_date
        in: body
        type: string
        description: The start date for event retrieval in YYYY-MM-DD format.
      call: adp.get-events
      with:
        event_type: '{{event_type}}'
        since_date: '{{since_date}}'
      outputParameters:
      - name: event_count
        type: string
        mapping: $.events.length
      - name: latest_event_type
        type: string
        mapping: $.events[0].eventType
      - name: latest_event_date
        type: string
        mapping: $.events[0].eventDate
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/core/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: event-notifications
      path: /event-notification-messages?eventType={{event_type}}&sinceDate={{since_date}}
      inputParameters:
      - name: event_type
        in: query
      - name: since_date
        in: query
      operations:
      - name: get-events
        method: GET

Processes termination in ADP, calculates final pay, disables system access via Okta, creates offboarding tasks in ServiceNow, and notifies HR.

naftiko: '0.5'
info:
  label: Employee Separation Processor
  description: Processes termination in ADP, calculates final pay, disables system access via Okta, creates offboarding tasks in ServiceNow, and notifies HR.
  tags:
  - hr
  - adp
  - okta
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: employee_separation_processor
      description: Orchestrate employee separation processor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-okta
        type: call
        call: okta.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: okta
    baseUri: https://adp.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: okta-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Executes SQL queries against ADP Snowflake warehouse.

naftiko: '0.5'
info:
  label: Snowflake Query Executor
  description: Executes SQL queries against ADP Snowflake warehouse.
  tags:
  - data
  - snowflake
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: run-query
      description: Run query at ADP.
      inputParameters:
      - name: sql_query
        in: body
        type: string
        description: The sql_query to look up.
      call: snowflake.get-sql_query
      with:
        sql_query: '{{sql_query}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake_query_executor
        method: GET

Pulls quarterly payroll tax data from ADP, reconciles against Oracle general ledger entries, generates a reconciliation report in Google Sheets, and notifies the finance team via Slack.

naftiko: '0.5'
info:
  label: Quarterly Payroll Tax Reconciliation Pipeline
  description: Pulls quarterly payroll tax data from ADP, reconciles against Oracle general ledger entries, generates a reconciliation report in Google Sheets, and notifies the finance team via Slack.
  tags:
  - payroll
  - tax
  - adp
  - oracle
  - google-sheets
  - slack
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: tax-reconciliation
    port: 8080
    tools:
    - name: reconcile-quarterly-taxes
      description: Reconcile quarterly payroll taxes between ADP and Oracle GL.
      inputParameters:
      - name: quarter
        in: body
        type: string
        description: The fiscal quarter (e.g. Q1-2026).
      - name: company_code
        in: body
        type: string
        description: The company code for the entity.
      steps:
      - name: get-adp-tax-totals
        type: call
        call: adp.get-tax-summary
        with:
          quarter: '{{quarter}}'
          company_code: '{{company_code}}'
      - name: get-gl-tax-entries
        type: call
        call: oracle.get-gl-balances
        with:
          period: '{{quarter}}'
          account_group: payroll_tax
      - name: write-recon-report
        type: call
        call: google-sheets.update-range
        with:
          spreadsheet_id: payroll_tax_recon_{{quarter}}
          range: Reconciliation!A1
          values: 'ADP Total: {{get-adp-tax-totals.totalTax}}, GL Total: {{get-gl-tax-entries.totalBalance}}, Variance: {{get-adp-tax-totals.totalTax}} - {{get-gl-tax-entries.totalBalance}}'
      - name: notify-finance
        type: call
        call: slack.post-message
        with:
          channel: '#finance-payroll'
          text: 'Quarterly tax reconciliation complete for {{quarter}} ({{company_code}}). ADP: {{get-adp-tax-totals.totalTax}}, GL: {{get-gl-tax-entries.totalBalance}}. Report: {{write-recon-report.spreadsheetUrl}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: tax-summaries
      path: /tax-summaries?quarter={{quarter}}&companyCode={{company_code}}
      inputParameters:
      - name: quarter
        in: query
      - name: company_code
        in: query
      operations:
      - name: get-tax-summary
        method: GET
  - type: http
    namespace: oracle
    baseUri: https://adp-erp.oraclecloud.com/fscmRestApi/resources/v1
    authentication:
      type: basic
      username: $secrets.oracle_user
      password: $secrets.oracle_password
    resources:
    - name: gl-balances
      path: /generalLedgerBalances?period={{period}}&accountGroup={{account_group}}
      inputParameters:
      - name: period
        in: query
      - name: account_group
        in: query
      operations:
      - name: get-gl-balances
        method: GET
  - type: http
    namespace: google-sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_sheets_token
    resources:
    - name: spreadsheet-values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: update-range
        method: PUT
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Extracts compensation data from ADP, compares against market data in Snowflake, generates reports in Power BI, and notifies compensation team.

naftiko: '0.5'
info:
  label: Salary Benchmarking Pipeline
  description: Extracts compensation data from ADP, compares against market data in Snowflake, generates reports in Power BI, and notifies compensation team.
  tags:
  - compensation
  - adp
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compensation
    port: 8080
    tools:
    - name: salary_benchmarking_pipeline
      description: Orchestrate salary benchmarking pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-servicenow
        type: call
        call: servicenow.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

Retrieves a breakdown of all payroll deductions for an employee from ADP including pre-tax, post-tax, and voluntary deductions.

naftiko: '0.5'
info:
  label: Payroll Deduction Summary
  description: Retrieves a breakdown of all payroll deductions for an employee from ADP including pre-tax, post-tax, and voluntary deductions.
  tags:
  - payroll
  - deductions
  - adp
capability:
  exposes:
  - type: mcp
    namespace: payroll-deductions
    port: 8080
    tools:
    - name: get-deduction-summary
      description: Retrieve a deduction summary for an employee by ADP associate OID.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      call: adp.get-deductions
      with:
        associate_oid: '{{associate_oid}}'
      outputParameters:
      - name: pre_tax_total
        type: string
        mapping: $.deductions.preTaxTotal
      - name: post_tax_total
        type: string
        mapping: $.deductions.postTaxTotal
      - name: voluntary_total
        type: string
        mapping: $.deductions.voluntaryTotal
      - name: total_deductions
        type: string
        mapping: $.deductions.grandTotal
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: deductions
      path: /workers/{{associate_oid}}/deductions
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-deductions
        method: GET

Retrieves emergency contact information from ADP, validates completeness, and creates a ServiceNow task for HR to follow up if contacts are missing.

naftiko: '0.5'
info:
  label: Emergency Contact Verification Pipeline
  description: Retrieves emergency contact information from ADP, validates completeness, and creates a ServiceNow task for HR to follow up if contacts are missing.
  tags:
  - hr
  - safety
  - adp
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-safety
    port: 8080
    tools:
    - name: get-emergency-contacts
      description: Retrieve and verify emergency contacts, creating a follow-up task if incomplete.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      steps:
      - name: fetch-contacts
        type: call
        call: adp.get-emergency-contacts
        with:
          associate_oid: '{{associate_oid}}'
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: create-followup
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Emergency contact verification: {{get-employee.legalName.formattedName}}'
          category: hr_safety
          assigned_group: HR_Administration
          description: 'Emergency contacts for {{get-employee.legalName.formattedName}}: Primary={{fetch-contacts.primaryName}}, Phone={{fetch-contacts.primaryPhone}}. Please verify completeness.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: emergency-contacts
      path: /workers/{{associate_oid}}/emergency-contacts
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-emergency-contacts
        method: GET
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST

Extracts compensation data from ADP for salary benchmarking, anonymizes it, and exports to an Amazon S3 bucket for third-party survey submission.

naftiko: '0.5'
info:
  label: Salary Survey Data Export
  description: Extracts compensation data from ADP for salary benchmarking, anonymizes it, and exports to an Amazon S3 bucket for third-party survey submission.
  tags:
  - compensation
  - analytics
  - adp
  - amazon-s3
capability:
  exposes:
  - type: mcp
    namespace: compensation-export
    port: 8080
    tools:
    - name: export-salary-survey
      description: Export anonymized salary data to S3 for benchmarking surveys.
      inputParameters:
      - name: survey_id
        in: body
        type: string
        description: The salary survey identifier.
      - name: department
        in: body
        type: string
        description: The department to include in the export.
      steps:
      - name: get-comp-data
        type: call
        call: adp.get-compensation-report
        with:
          department: '{{department}}'
          report_type: salary_survey
      - name: upload-to-s3
        type: call
        call: s3.put-object
        with:
          bucket: adp-salary-surveys
          key: surveys/{{survey_id}}/{{department}}_export.csv
          body: '{{get-comp-data.anonymizedData}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/analytics/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: compensation-reports
      path: /reports/compensation?department={{department}}&reportType={{report_type}}
      inputParameters:
      - name: department
        in: query
      - name: report_type
        in: query
      operations:
      - name: get-compensation-report
        method: GET
  - type: http
    namespace: s3
    baseUri: https://adp-salary-surveys.s3.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_s3_token
    resources:
    - name: objects
      path: /{{key}}
      inputParameters:
      - name: key
        in: path
      operations:
      - name: put-object
        method: PUT

Validates pre-payroll data in ADP, checks for exceptions in Snowflake, creates approval workflow in ServiceNow, and notifies payroll managers.

naftiko: '0.5'
info:
  label: Payroll Cycle Pre-Check Pipeline
  description: Validates pre-payroll data in ADP, checks for exceptions in Snowflake, creates approval workflow in ServiceNow, and notifies payroll managers.
  tags:
  - payroll
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: payroll
    port: 8080
    tools:
    - name: payroll_cycle_pre_check_pipeline
      description: Orchestrate payroll cycle pre-check pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

When an employee is terminated in ADP, revokes Azure Active Directory access, closes their ServiceNow tickets, archives their Google Drive folder, and notifies the manager via Microsoft Teams.

naftiko: '0.5'
info:
  label: Termination Offboarding Orchestrator
  description: When an employee is terminated in ADP, revokes Azure Active Directory access, closes their ServiceNow tickets, archives their Google Drive folder, and notifies the manager via Microsoft Teams.
  tags:
  - hr
  - offboarding
  - adp
  - azure-active-directory
  - servicenow
  - google-drive
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: trigger-offboarding
      description: Execute the full offboarding sequence for a terminated employee.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID for the terminated employee.
      - name: termination_date
        in: body
        type: string
        description: The termination effective date in YYYY-MM-DD format.
      steps:
      - name: get-employee
        type: call
        call: adp.get-worker
        with:
          associate_oid: '{{associate_oid}}'
      - name: disable-ad-account
        type: call
        call: azure-ad.disable-user
        with:
          user_principal_name: '{{get-employee.businessCommunication.emailUri}}'
      - name: close-tickets
        type: call
        call: servicenow.close-user-tickets
        with:
          caller_id: '{{get-employee.businessCommunication.emailUri}}'
          close_notes: Employee terminated on {{termination_date}}. Tickets auto-closed.
      - name: archive-drive
        type: call
        call: google-drive.move-folder
        with:
          folder_id: '{{get-employee.driveFolder}}'
          destination: archived_employees
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.reportsTo.emailUri}}'
          text: Offboarding complete for {{get-employee.legalName.formattedName}} effective {{termination_date}}. AD disabled, tickets closed, drive archived.
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: workers
      path: /workers/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: azure-ad
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{user_principal_name}}
      inputParameters:
      - name: user_principal_name
        in: path
      operations:
      - name: disable-user
        method: PATCH
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident?sysparm_query=caller_id={{caller_id}}
      inputParameters:
      - name: caller_id
        in: query
      operations:
      - name: close-user-tickets
        method: PATCH
  - type: http
    namespace: google-drive
    baseUri: https://www.googleapis.com/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_drive_token
    resources:
    - name: files
      path: /files/{{folder_id}}
      inputParameters:
      - name: folder_id
        in: path
      operations:
      - name: move-folder
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Updates an employee address in ADP, triggers a tax jurisdiction review in ServiceNow, and syncs the new address to Salesforce contact records.

naftiko: '0.5'
info:
  label: Employee Address Change Pipeline
  description: Updates an employee address in ADP, triggers a tax jurisdiction review in ServiceNow, and syncs the new address to Salesforce contact records.
  tags:
  - hr
  - demographics
  - adp
  - servicenow
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: hr-demographics
    port: 8080
    tools:
    - name: update-employee-address
      description: Update an employee address in ADP, trigger tax review, and sync to Salesforce.
      inputParameters:
      - name: associate_oid
        in: body
        type: string
        description: The ADP associate OID.
      - name: street_address
        in: body
        type: string
        description: The new street address.
      - name: city
        in: body
        type: string
        description: The new city.
      - name: state
        in: body
        type: string
        description: The new state code.
      - name: postal_code
        in: body
        type: string
        description: The new postal code.
      steps:
      - name: update-adp-address
        type: call
        call: adp.update-address
        with:
          associate_oid: '{{associate_oid}}'
          street_address: '{{street_address}}'
          city: '{{city}}'
          state: '{{state}}'
          postal_code: '{{postal_code}}'
      - name: trigger-tax-review
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Tax jurisdiction review: {{associate_oid}} moved to {{state}}'
          category: tax_compliance
          assigned_group: Payroll_Tax
          description: Employee {{associate_oid}} changed address to {{city}}, {{state}} {{postal_code}}. Review state tax withholding.
      - name: sync-salesforce
        type: call
        call: salesforce.update-contact
        with:
          associate_oid: '{{associate_oid}}'
          mailing_street: '{{street_address}}'
          mailing_city: '{{city}}'
          mailing_state: '{{state}}'
          mailing_postal_code: '{{postal_code}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: worker-addresses
      path: /workers/{{associate_oid}}/person/legalAddress
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: update-address
        method: PATCH
  - type: http
    namespace: servicenow
    baseUri: https://adp-corp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://adp.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /sobjects/Contact/{{associate_oid}}
      inputParameters:
      - name: associate_oid
        in: path
      operations:
      - name: update-contact
        method: PATCH

Retrieves GitHub repository metadata for ADP.

naftiko: '0.5'
info:
  label: GitHub Repository Lookup
  description: Retrieves GitHub repository metadata for ADP.
  tags:
  - devops
  - github
  - source-control
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: get-repo
      description: Look up repo at ADP.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The repo_name to look up.
      call: github.get-repo_name
      with:
        repo_name: '{{repo_name}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github_repository_lookup
        method: GET

Retrieves company and organizational unit details by company code from ADP.

naftiko: '0.5'
info:
  label: ADP Company Code Lookup
  description: Retrieves company and organizational unit details by company code from ADP.
  tags:
  - hr
  - organization
  - adp
capability:
  exposes:
  - type: mcp
    namespace: org-lookup
    port: 8080
    tools:
    - name: get-company-info
      description: Look up company or organizational unit details by ADP company code.
      inputParameters:
      - name: company_code
        in: body
        type: string
        description: The ADP company code.
      call: adp.get-company
      with:
        company_code: '{{company_code}}'
      outputParameters:
      - name: company_name
        type: string
        mapping: $.company.legalName
      - name: ein
        type: string
        mapping: $.company.federalEmployerIdNumber
      - name: state_of_incorporation
        type: string
        mapping: $.company.stateOfIncorporation
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/core/v1
    authentication:
      type: bearer
      token: $secrets.adp_bearer_token
    resources:
    - name: companies
      path: /organizations/{{company_code}}
      inputParameters:
      - name: company_code
        in: path
      operations:
      - name: get-company
        method: GET

Extracts data from legacy system, validates in Snowflake, loads into ADP, runs parallel test, and notifies implementation team.

naftiko: '0.5'
info:
  label: Client Payroll Migration Orchestrator
  description: Extracts data from legacy system, validates in Snowflake, loads into ADP, runs parallel test, and notifies implementation team.
  tags:
  - migration
  - adp
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: migration
    port: 8080
    tools:
    - name: client_payroll_migration_orchestrator
      description: Orchestrate client payroll migration orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-adp
        type: call
        call: adp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          resource_id: '{{resource_id}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          resource_id: '{{resource_id}}'
      - name: notify-slack
        type: call
        call: slack.notify-resource
        with:
          resource_id: '{{resource_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: adp-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://adp.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://adp.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Submits text to the Perspective API for toxicity scoring, checks against threshold, flags the content in a Firestore collection, and notifies moderators via Gmail.

naftiko: '0.5'
info:
  label: Content Moderation Pipeline
  description: Submits text to the Perspective API for toxicity scoring, checks against threshold, flags the content in a Firestore collection, and notifies moderators via Gmail.
  tags:
  - ai
  - content-moderation
  - perspective-api
  - firebase
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: content-moderation
    port: 8080
    tools:
    - name: moderate-content
      description: Score text for toxicity, flag if above threshold, store in Firestore, and email moderators.
      inputParameters:
      - name: content_text
        in: body
        type: string
        description: The text content to moderate.
      - name: content_id
        in: body
        type: string
        description: A unique identifier for the content.
      - name: toxicity_threshold
        in: body
        type: number
        description: Toxicity score threshold (0.0-1.0).
      - name: moderator_email
        in: body
        type: string
        description: Email address of the content moderator.
      - name: project_id
        in: body
        type: string
        description: The Firebase project ID.
      steps:
      - name: score-toxicity
        type: call
        call: perspective.analyze-comment
        with:
          text: '{{content_text}}'
      - name: flag-content
        type: call
        call: firestore.create-document
        with:
          project_id: '{{project_id}}'
          collection: flagged_content
          document_id: '{{content_id}}'
          fields: '{"text": "{{content_text}}", "toxicity": "{{score-toxicity.attributeScores.TOXICITY.summaryScore.value}}"}'
      - name: notify-moderator
        type: call
        call: gmail.send-message
        with:
          to: '{{moderator_email}}'
          subject: 'Content flagged: {{content_id}}'
          body: Content ID {{content_id}} scored {{score-toxicity.attributeScores.TOXICITY.summaryScore.value}} toxicity. Review at dashboard.
  consumes:
  - type: http
    namespace: perspective
    baseUri: https://commentanalyzer.googleapis.com/v1alpha1
    authentication:
      type: apiKey
      key: $secrets.perspective_api_key
      in: query
      name: key
    resources:
    - name: comments
      path: /comments:analyze
      operations:
      - name: analyze-comment
        method: POST
  - type: http
    namespace: firestore
    baseUri: https://firestore.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.firebase_token
    resources:
    - name: documents
      path: /projects/{{project_id}}/databases/(default)/documents/{{collection}}/{{document_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: collection
        in: path
      - name: document_id
        in: path
      operations:
      - name: create-document
        method: PATCH
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Initiates failover to secondary region, validates services, runs health checks, and reports results.

naftiko: '0.5'
info:
  label: Multi-Region Failover Test Pipeline
  description: Initiates failover to secondary region, validates services, runs health checks, and reports results.
  tags:
  - disaster-recovery
  - kubernetes
  - datadog
  - slack
capability:
  exposes:
  - type: mcp
    namespace: disaster-recovery
    port: 8080
    tools:
    - name: multi_region_failover_test_pipeline
      description: Orchestrate multi-region failover test pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-k8s
        type: call
        call: k8s.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-datadog
        type: call
        call: datadog.process-resource
        with:
          data: '{{get-k8s.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Multi-Region Failover Test Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: k8s
    baseUri: https://alphabet-k8s.com/api/v1
    authentication:
      type: bearer
      token: $secrets.k8s_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: kubernetes-op
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves user account details from the directory. Used by Alphabet teams.

naftiko: '0.5'
info:
  label: Alphabet User Account Lookup
  description: Retrieves user account details from the directory. Used by Alphabet teams.
  tags:
  - cloud
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: salesforce
    port: 8080
    tools:
    - name: get-user_account_lookup
      description: Retrieves user account details from the directory. Used by Alphabet teams.
      inputParameters:
      - name: user_id
        in: body
        type: string
        description: The user_id to look up.
      call: salesforce.get-user_id
      with:
        user_id: '{{user_id}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://alphabet.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: alphabet_user_account_lookup
        method: GET

Profiles API latency, identifies bottlenecks, applies caching rules, and reports improvements.

naftiko: '0.5'
info:
  label: API Performance Optimization Pipeline
  description: Profiles API latency, identifies bottlenecks, applies caching rules, and reports improvements.
  tags:
  - performance
  - datadog
  - grafana
  - slack
capability:
  exposes:
  - type: mcp
    namespace: performance
    port: 8080
    tools:
    - name: api_performance_optimization_pipeline
      description: Orchestrate api performance optimization pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-datadog
        type: call
        call: datadog.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-grafana
        type: call
        call: grafana.process-resource
        with:
          data: '{{get-datadog.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: API Performance Optimization Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://alphabet-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Triggers a Vertex AI custom training job, waits for completion, uploads the trained model to the Model Registry, and deploys it to an existing endpoint with traffic split.

naftiko: '0.5'
info:
  label: ML Model Training to Deployment Pipeline
  description: Triggers a Vertex AI custom training job, waits for completion, uploads the trained model to the Model Registry, and deploys it to an existing endpoint with traffic split.
  tags:
  - ai
  - machine-learning
  - vertex-ai
  - mlops
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: vertex-mlops
    port: 8080
    tools:
    - name: train-and-deploy-model
      description: 'Run end-to-end ML workflow: launch training, register model, deploy to endpoint.'
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Vertex AI region.
      - name: training_pipeline_id
        in: body
        type: string
        description: The training pipeline configuration ID.
      - name: endpoint_id
        in: body
        type: string
        description: The target endpoint for deployment.
      - name: traffic_percentage
        in: body
        type: number
        description: Traffic percentage to route to the new model (0-100).
      steps:
      - name: launch-training
        type: call
        call: vertexai.create-training-pipeline
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          pipeline_id: '{{training_pipeline_id}}'
      - name: get-training-status
        type: call
        call: vertexai.get-training-pipeline
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          pipeline_name: '{{launch-training.name}}'
      - name: upload-model
        type: call
        call: vertexai.upload-model
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          artifact_uri: '{{get-training-status.modelToUpload.artifactUri}}'
      - name: deploy-model
        type: call
        call: vertexai.deploy-model
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          endpoint_id: '{{endpoint_id}}'
          model_id: '{{upload-model.model}}'
          traffic_percentage: '{{traffic_percentage}}'
  consumes:
  - type: http
    namespace: vertexai
    baseUri: https://us-central1-aiplatform.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: training-pipelines
      path: /projects/{{project_id}}/locations/{{region}}/trainingPipelines
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      operations:
      - name: create-training-pipeline
        method: POST
      - name: get-training-pipeline
        method: GET
    - name: models
      path: /projects/{{project_id}}/locations/{{region}}/models:upload
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      operations:
      - name: upload-model
        method: POST
    - name: endpoint-deployments
      path: /projects/{{project_id}}/locations/{{region}}/endpoints/{{endpoint_id}}:deployModel
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: endpoint_id
        in: path
      operations:
      - name: deploy-model
        method: POST

Queries time-series metrics from Google Cloud Monitoring for a specified resource.

naftiko: '0.5'
info:
  label: Cloud Monitoring Metric Query
  description: Queries time-series metrics from Google Cloud Monitoring for a specified resource.
  tags:
  - monitoring
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: cloudmonitoring
    port: 8080
    tools:
    - name: list-timeseries
      description: Query time-series metrics from Cloud Monitoring.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: filter
        in: body
        type: string
        description: The monitoring filter expression.
      call: cloudmonitoring.list-timeseries
      with:
        project_id: '{{project_id}}'
        filter: '{{filter}}'
  consumes:
  - type: http
    namespace: cloudmonitoring
    baseUri: https://monitoring.googleapis.com/v3
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: timeseries
      path: /projects/{{project_id}}/timeSeries
      inputParameters:
      - name: project_id
        in: path
      - name: filter
        in: query
      operations:
      - name: list-timeseries
        method: GET

Lists container images stored in a Google Artifact Registry repository.

naftiko: '0.5'
info:
  label: Artifact Registry Image List
  description: Lists container images stored in a Google Artifact Registry repository.
  tags:
  - containers
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: artifactregistry
    port: 8080
    tools:
    - name: list-images
      description: List Docker images in an Artifact Registry repository.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Artifact Registry region.
      - name: repo_name
        in: body
        type: string
        description: The repository name.
      call: artifactregistry.list-images
      with:
        project_id: '{{project_id}}'
        region: '{{region}}'
        repo_name: '{{repo_name}}'
  consumes:
  - type: http
    namespace: artifactregistry
    baseUri: https://artifactregistry.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: images
      path: /projects/{{project_id}}/locations/{{region}}/repositories/{{repo_name}}/dockerImages
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: repo_name
        in: path
      operations:
      - name: list-images
        method: GET

Retrieves the latest deployed revision of an Apigee API proxy including deployment status and environment. Used by API platform teams for governance.

naftiko: '0.5'
info:
  label: Apigee API Proxy Revision
  description: Retrieves the latest deployed revision of an Apigee API proxy including deployment status and environment. Used by API platform teams for governance.
  tags:
  - api-management
  - apigee
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: apigee-governance
    port: 8080
    tools:
    - name: get-proxy-deployment
      description: Look up Apigee proxy deployment details by org, proxy name, and environment.
      inputParameters:
      - name: org_name
        in: body
        type: string
        description: The Apigee organization name.
      - name: api_proxy
        in: body
        type: string
        description: The API proxy name.
      - name: environment
        in: body
        type: string
        description: The deployment environment (e.g. prod, test).
      call: apigee.get-deployment
      with:
        org_name: '{{org_name}}'
        api_proxy: '{{api_proxy}}'
        environment: '{{environment}}'
      outputParameters:
      - name: revision
        type: string
        mapping: $.deployments[0].revision
      - name: deploy_state
        type: string
        mapping: $.deployments[0].state
  consumes:
  - type: http
    namespace: apigee
    baseUri: https://apigee.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: deployments
      path: /organizations/{{org_name}}/environments/{{environment}}/apis/{{api_proxy}}/deployments
      inputParameters:
      - name: org_name
        in: path
      - name: environment
        in: path
      - name: api_proxy
        in: path
      operations:
      - name: get-deployment
        method: GET

Retrieves a Google Pay transaction, cross-references with Salesforce order data, logs the reconciliation to BigQuery, and alerts finance via Gmail on discrepancies.

naftiko: '0.5'
info:
  label: Payment Reconciliation Pipeline
  description: Retrieves a Google Pay transaction, cross-references with Salesforce order data, logs the reconciliation to BigQuery, and alerts finance via Gmail on discrepancies.
  tags:
  - payments
  - google-pay
  - finance
  - salesforce
  - bigquery
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: payment-reconciliation
    port: 8080
    tools:
    - name: reconcile-payment
      description: Reconcile Google Pay transaction with Salesforce order, log to BigQuery, alert on mismatch.
      inputParameters:
      - name: order_id
        in: body
        type: string
        description: The Google Pay order identifier.
      - name: sfdc_order_id
        in: body
        type: string
        description: The corresponding Salesforce order ID.
      - name: project_id
        in: body
        type: string
        description: GCP project for BigQuery logging.
      - name: finance_email
        in: body
        type: string
        description: Finance team email for discrepancy alerts.
      steps:
      - name: get-gpay-transaction
        type: call
        call: googlepay.get-order
        with:
          order_id: '{{order_id}}'
      - name: get-sfdc-order
        type: call
        call: salesforce.get-order
        with:
          order_id: '{{sfdc_order_id}}'
      - name: log-reconciliation
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset_id: finance_ops
          table_id: payment_reconciliation
          rows: '[{"gpay_order": "{{order_id}}", "gpay_amount": "{{get-gpay-transaction.totalPrice}}", "sfdc_amount": "{{get-sfdc-order.TotalAmount}}"}]'
      - name: alert-discrepancy
        type: call
        call: gmail.send-message
        with:
          to: '{{finance_email}}'
          subject: 'Payment Reconciliation: {{order_id}}'
          body: 'GPay amount: {{get-gpay-transaction.totalPrice}} {{get-gpay-transaction.currencyCode}}. SFDC amount: {{get-sfdc-order.TotalAmount}}. Status: {{get-gpay-transaction.orderStatus}}.'
  consumes:
  - type: http
    namespace: googlepay
    baseUri: https://payments.googleapis.com/pay/v1
    authentication:
      type: bearer
      token: $secrets.google_pay_token
    resources:
    - name: orders
      path: /orders/{{order_id}}
      inputParameters:
      - name: order_id
        in: path
      operations:
      - name: get-order
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://alphabet.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: orders
      path: /sobjects/Order/{{order_id}}
      inputParameters:
      - name: order_id
        in: path
      operations:
      - name: get-order
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Scans Cloud Storage buckets for lifecycle policy compliance, logs violations to BigQuery, and alerts the security team in Slack.

naftiko: '0.5'
info:
  label: Cloud Storage Lifecycle Audit Pipeline
  description: Scans Cloud Storage buckets for lifecycle policy compliance, logs violations to BigQuery, and alerts the security team in Slack.
  tags:
  - security
  - compliance
  - gcp-cloud-storage
  - bigquery
capability:
  exposes:
  - type: mcp
    namespace: storage-audit
    port: 8080
    tools:
    - name: run-lifecycle-audit
      description: Audit Cloud Storage bucket lifecycle policies and report violations.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: bucket_name
        in: body
        type: string
        description: The bucket to audit.
      - name: dataset
        in: body
        type: string
        description: BigQuery dataset for violations.
      - name: table
        in: body
        type: string
        description: BigQuery table for violations.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for alerts.
      steps:
      - name: get-bucket-config
        type: call
        call: cloudstorage.get-bucket
        with:
          bucket_name: '{{bucket_name}}'
      - name: log-violation
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset: '{{dataset}}'
          table: '{{table}}'
          rows: '{{get-bucket-config.lifecycle}}'
      - name: alert-team
        type: call
        call: slack.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Lifecycle audit for {{bucket_name}}: {{get-bucket-config.lifecycle.rule}}'
  consumes:
  - type: http
    namespace: cloudstorage
    baseUri: https://storage.googleapis.com/storage/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: buckets
      path: /b/{{bucket_name}}
      inputParameters:
      - name: bucket_name
        in: path
      operations:
      - name: get-bucket
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset}}/tables/{{table}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset
        in: path
      - name: table
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: chat
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Deploys a new Cloud Run revision, splits traffic between old and new versions, monitors error rates, and rolls back if thresholds are exceeded.

naftiko: '0.5'
info:
  label: Cloud Run Blue-Green Deployment Pipeline
  description: Deploys a new Cloud Run revision, splits traffic between old and new versions, monitors error rates, and rolls back if thresholds are exceeded.
  tags:
  - containers
  - google-cloud-platform
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: cloudrun-bg
    port: 8080
    tools:
    - name: run-blue-green-deploy
      description: Execute a blue-green deployment on Cloud Run with traffic splitting and monitoring.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Cloud Run region.
      - name: service_name
        in: body
        type: string
        description: The Cloud Run service.
      - name: new_image
        in: body
        type: string
        description: Container image URI for new revision.
      - name: traffic_split
        in: body
        type: number
        description: Percentage of traffic for new revision.
      steps:
      - name: deploy-revision
        type: call
        call: cloudrun.update-service
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          service_name: '{{service_name}}'
          image: '{{new_image}}'
      - name: split-traffic
        type: call
        call: cloudrun.update-service
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          service_name: '{{service_name}}'
          trafficSplit: '{{traffic_split}}'
      - name: check-errors
        type: call
        call: cloudmonitoring.list-timeseries
        with:
          project_id: '{{project_id}}'
          filter: resource.type=cloud_run_revision AND metric.type=run.googleapis.com/request_count
      - name: finalize
        type: call
        call: cloudrun.update-service
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          service_name: '{{service_name}}'
          trafficSplit: '100'
  consumes:
  - type: http
    namespace: cloudrun
    baseUri: https://run.googleapis.com/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: services
      path: /projects/{{project_id}}/locations/{{region}}/services/{{service_name}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: service_name
        in: path
      operations:
      - name: get-service
        method: GET
      - name: update-service
        method: PATCH
  - type: http
    namespace: cloudmonitoring
    baseUri: https://monitoring.googleapis.com/v3
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: timeseries
      path: /projects/{{project_id}}/timeSeries
      inputParameters:
      - name: project_id
        in: path
      - name: filter
        in: query
      operations:
      - name: list-timeseries
        method: GET

Retrieves the latest published container version from Google Tag Manager including tag count, trigger count, and publish timestamp.

naftiko: '0.5'
info:
  label: Google Tag Manager Container Version
  description: Retrieves the latest published container version from Google Tag Manager including tag count, trigger count, and publish timestamp.
  tags:
  - marketing
  - analytics
  - google-tag-manager
capability:
  exposes:
  - type: mcp
    namespace: gtm-governance
    port: 8080
    tools:
    - name: get-container-version
      description: Look up the latest GTM container version by account and container ID.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The GTM account ID.
      - name: container_id
        in: body
        type: string
        description: The GTM container ID.
      call: gtm.get-latest-version
      with:
        account_id: '{{account_id}}'
        container_id: '{{container_id}}'
      outputParameters:
      - name: version_id
        type: string
        mapping: $.containerVersionId
      - name: tag_count
        type: number
        mapping: $.tag.length
      - name: trigger_count
        type: number
        mapping: $.trigger.length
  consumes:
  - type: http
    namespace: gtm
    baseUri: https://tagmanager.googleapis.com/tagmanager/v2
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: versions
      path: /accounts/{{account_id}}/containers/{{container_id}}/versions/latest
      inputParameters:
      - name: account_id
        in: path
      - name: container_id
        in: path
      operations:
      - name: get-latest-version
        method: GET

Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers.

naftiko: '0.5'
info:
  label: Employee Onboarding Automation Pipeline
  description: Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers.
  tags:
  - hr
  - workday
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: employee_onboarding_automation
      description: Orchestrate employee onboarding automation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-gcp
        type: call
        call: gcp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-gcp.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Employee Onboarding Automation Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: gcp
    baseUri: https://compute.googleapis.com/compute/v1/projects/alphabet
    authentication:
      type: bearer
      token: $secrets.gcp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: gcp-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://alphabet.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Validates change requests, routes for approval, schedules implementation, and notifies stakeholders.

naftiko: '0.5'
info:
  label: Change Management Approval Pipeline
  description: Validates change requests, routes for approval, schedules implementation, and notifies stakeholders.
  tags:
  - itsm
  - servicenow
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: change_management_approval_pipeline
      description: Orchestrate change management approval pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Change Management Approval Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://alphabet.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://alphabet.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves analytics data for a YouTube channel including views, subscribers, and engagement metrics.

naftiko: '0.5'
info:
  label: YouTube Channel Analytics
  description: Retrieves analytics data for a YouTube channel including views, subscribers, and engagement metrics.
  tags:
  - analytics
  - youtube
capability:
  exposes:
  - type: mcp
    namespace: youtubeanalytics
    port: 8080
    tools:
    - name: query-report
      description: Query YouTube Analytics reports for channel metrics.
      inputParameters:
      - name: ids
        in: body
        type: string
        description: The channel identifier.
      - name: start_date
        in: body
        type: string
        description: The report start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: The report end date in YYYY-MM-DD format.
      - name: metrics
        in: body
        type: string
        description: Comma-separated list of metrics.
      call: youtubeanalytics.query-report
      with:
        ids: '{{ids}}'
        startDate: '{{start_date}}'
        endDate: '{{end_date}}'
        metrics: '{{metrics}}'
  consumes:
  - type: http
    namespace: youtubeanalytics
    baseUri: https://youtubeanalytics.googleapis.com/v2
    authentication:
      type: bearer
      token: $secrets.youtube_token
    resources:
    - name: reports
      path: /reports
      inputParameters:
      - name: ids
        in: query
      - name: startDate
        in: query
      - name: endDate
        in: query
      - name: metrics
        in: query
      operations:
      - name: query-report
        method: GET

On a GitHub pull request merge, triggers a Cloud Build, deploys the built image to GKE, runs Prometheus health checks, and updates the GitHub commit status.

naftiko: '0.5'
info:
  label: GitHub PR to Cloud Build to GKE Pipeline
  description: On a GitHub pull request merge, triggers a Cloud Build, deploys the built image to GKE, runs Prometheus health checks, and updates the GitHub commit status.
  tags:
  - devops
  - ci-cd
  - github
  - cloud-build
  - gke
  - prometheus
capability:
  exposes:
  - type: mcp
    namespace: github-deploy-pipeline
    port: 8080
    tools:
    - name: deploy-on-merge
      description: Build via Cloud Build, deploy to GKE, verify with Prometheus, update GitHub status.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: github_repo
        in: body
        type: string
        description: The GitHub repository (owner/repo).
      - name: commit_sha
        in: body
        type: string
        description: The merged commit SHA.
      - name: image_name
        in: body
        type: string
        description: The container image name.
      - name: cluster_name
        in: body
        type: string
        description: The GKE cluster name.
      - name: zone
        in: body
        type: string
        description: The GKE cluster zone.
      - name: deployment_name
        in: body
        type: string
        description: The Kubernetes deployment name.
      - name: prometheus_endpoint
        in: body
        type: string
        description: The Prometheus query endpoint URL.
      steps:
      - name: trigger-build
        type: call
        call: cloudbuild.create-build
        with:
          project_id: '{{project_id}}'
          commit_sha: '{{commit_sha}}'
          image_name: '{{image_name}}'
      - name: deploy-to-gke
        type: call
        call: gke.update-deployment-image
        with:
          project_id: '{{project_id}}'
          zone: '{{zone}}'
          cluster_name: '{{cluster_name}}'
          deployment_name: '{{deployment_name}}'
          image: '{{trigger-build.results.images[0].name}}'
      - name: health-check
        type: call
        call: prometheus.query
        with:
          endpoint: '{{prometheus_endpoint}}'
          query: up{job="{{deployment_name}}"}
      - name: update-github-status
        type: call
        call: github.create-commit-status
        with:
          repo: '{{github_repo}}'
          sha: '{{commit_sha}}'
          state: success
          description: 'Deployed to {{cluster_name}}. Health: {{health_check.data.result[0].value[1]}}'
  consumes:
  - type: http
    namespace: cloudbuild
    baseUri: https://cloudbuild.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: builds
      path: /projects/{{project_id}}/builds
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: create-build
        method: POST
  - type: http
    namespace: gke
    baseUri: https://container.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: deployments
      path: /projects/{{project_id}}/zones/{{zone}}/clusters/{{cluster_name}}/deployments/{{deployment_name}}
      inputParameters:
      - name: project_id
        in: path
      - name: zone
        in: path
      - name: cluster_name
        in: path
      - name: deployment_name
        in: path
      operations:
      - name: update-deployment-image
        method: PATCH
  - type: http
    namespace: prometheus
    baseUri: '{{prometheus_endpoint}}'
    authentication:
      type: bearer
      token: $secrets.prometheus_token
    resources:
    - name: query
      path: /api/v1/query
      inputParameters:
      - name: query
        in: query
      operations:
      - name: query
        method: GET
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: statuses
      path: /repos/{{repo}}/statuses/{{sha}}
      inputParameters:
      - name: repo
        in: path
      - name: sha
        in: path
      operations:
      - name: create-commit-status
        method: POST

Audits Google Workspace license usage, identifies inactive users, generates a report in Google Sheets, and sends a summary to the IT admin.

naftiko: '0.5'
info:
  label: Google Workspace License Optimization Pipeline
  description: Audits Google Workspace license usage, identifies inactive users, generates a report in Google Sheets, and sends a summary to the IT admin.
  tags:
  - management
  - google-workspace
  - google-sheets
capability:
  exposes:
  - type: mcp
    namespace: ws-license-opt
    port: 8080
    tools:
    - name: run-license-optimization
      description: Audit Workspace license usage and generate an optimization report.
      inputParameters:
      - name: domain
        in: body
        type: string
        description: The Google Workspace domain.
      - name: product_id
        in: body
        type: string
        description: The licensing product ID.
      - name: sku_id
        in: body
        type: string
        description: The SKU ID.
      - name: spreadsheet_id
        in: body
        type: string
        description: Google Sheets spreadsheet ID.
      - name: range
        in: body
        type: string
        description: Cell range to append data.
      steps:
      - name: list-users
        type: call
        call: admindir.list-users
        with:
          domain: '{{domain}}'
          maxResults: '500'
      - name: list-licenses
        type: call
        call: licensing.list-assignments
        with:
          product_id: '{{product_id}}'
          sku_id: '{{sku_id}}'
      - name: write-report
        type: call
        call: googlesheets.append-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: '{{range}}'
          values: '{{list-licenses.items}}'
      - name: notify-admin
        type: call
        call: admindir.list-users
        with:
          domain: '{{domain}}'
          maxResults: '1'
  consumes:
  - type: http
    namespace: admindir
    baseUri: https://admin.googleapis.com/admin/directory/v1
    authentication:
      type: bearer
      token: $secrets.google_admin_token
    resources:
    - name: users
      path: /users
      inputParameters:
      - name: domain
        in: query
      - name: maxResults
        in: query
      operations:
      - name: list-users
        method: GET
  - type: http
    namespace: licensing
    baseUri: https://licensing.googleapis.com/apps/licensing/v1
    authentication:
      type: bearer
      token: $secrets.google_admin_token
    resources:
    - name: licenseAssignments
      path: /product/{{product_id}}/sku/{{sku_id}}/users
      inputParameters:
      - name: product_id
        in: path
      - name: sku_id
        in: path
      operations:
      - name: list-assignments
        method: GET
  - type: http
    namespace: googlesheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_sheets_token
    resources:
    - name: spreadsheets
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}:append
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: append-values
        method: POST

Retrieves the status and configuration of a Cloud Build trigger.

naftiko: '0.5'
info:
  label: Cloud Build Trigger Status
  description: Retrieves the status and configuration of a Cloud Build trigger.
  tags:
  - ci
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: cloudbuild
    port: 8080
    tools:
    - name: get-trigger
      description: Get the configuration and status of a Cloud Build trigger.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Cloud Build region.
      - name: trigger_id
        in: body
        type: string
        description: The build trigger ID.
      call: cloudbuild.get-trigger
      with:
        project_id: '{{project_id}}'
        region: '{{region}}'
        trigger_id: '{{trigger_id}}'
  consumes:
  - type: http
    namespace: cloudbuild
    baseUri: https://cloudbuild.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: triggers
      path: /projects/{{project_id}}/locations/{{region}}/triggers/{{trigger_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: trigger_id
        in: path
      operations:
      - name: get-trigger
        method: GET

Exports data from Snowflake to a staging GCS bucket, loads it into BigQuery via a load job, and sends a migration report to Google Chat.

naftiko: '0.5'
info:
  label: Snowflake to BigQuery Data Migration
  description: Exports data from Snowflake to a staging GCS bucket, loads it into BigQuery via a load job, and sends a migration report to Google Chat.
  tags:
  - data
  - migration
  - snowflake
  - bigquery
  - gcp-cloud-storage
capability:
  exposes:
  - type: mcp
    namespace: data-migration
    port: 8080
    tools:
    - name: migrate-snowflake-to-bq
      description: Export Snowflake data to GCS, load to BigQuery, and notify via Chat.
      inputParameters:
      - name: snowflake_query
        in: body
        type: string
        description: The Snowflake SQL query to export.
      - name: stage_bucket
        in: body
        type: string
        description: The GCS staging bucket.
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: bq_dataset
        in: body
        type: string
        description: The target BigQuery dataset.
      - name: bq_table
        in: body
        type: string
        description: The target BigQuery table.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for notifications.
      steps:
      - name: export-from-snowflake
        type: call
        call: snowflake.execute-query
        with:
          query: '{{snowflake_query}}'
          stage: '@gcs_stage/{{stage_bucket}}'
      - name: load-to-bq
        type: call
        call: bigquery.create-load-job
        with:
          project_id: '{{project_id}}'
          dataset_id: '{{bq_dataset}}'
          table_id: '{{bq_table}}'
          source_uri: gs://{{stage_bucket}}/export/*
      - name: notify-migration
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Migration complete. Data loaded from Snowflake to {{bq_dataset}}.{{bq_table}}. Job status: {{load-to-bq.status.state}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://alphabet.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: jobs
      path: /projects/{{project_id}}/jobs
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: create-load-job
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Queries Salesforce for new leads, transforms the data, loads into a BigQuery table, and triggers a Looker dashboard refresh.

naftiko: '0.5'
info:
  label: Salesforce to BigQuery Lead Sync
  description: Queries Salesforce for new leads, transforms the data, loads into a BigQuery table, and triggers a Looker dashboard refresh.
  tags:
  - crm
  - data
  - salesforce
  - bigquery
  - looker
capability:
  exposes:
  - type: mcp
    namespace: sfdc-bq-sync
    port: 8080
    tools:
    - name: sync-leads-to-bigquery
      description: Fetch Salesforce leads, load to BigQuery, and refresh Looker dashboard.
      inputParameters:
      - name: sfdc_query
        in: body
        type: string
        description: SOQL query to fetch leads from Salesforce.
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: bq_dataset
        in: body
        type: string
        description: The BigQuery dataset.
      - name: bq_table
        in: body
        type: string
        description: The BigQuery table.
      - name: looker_dashboard_id
        in: body
        type: string
        description: The Looker dashboard ID to refresh.
      steps:
      - name: query-salesforce
        type: call
        call: salesforce.query
        with:
          q: '{{sfdc_query}}'
      - name: load-to-bq
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset_id: '{{bq_dataset}}'
          table_id: '{{bq_table}}'
          rows: '{{query-salesforce.records}}'
      - name: refresh-looker
        type: call
        call: looker.run-dashboard
        with:
          dashboard_id: '{{looker_dashboard_id}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://alphabet.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      inputParameters:
      - name: q
        in: query
      operations:
      - name: query
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: looker
    baseUri: https://alphabet.cloud.looker.com/api/4.0
    authentication:
      type: bearer
      token: $secrets.looker_api_token
    resources:
    - name: dashboards
      path: /dashboards/{{dashboard_id}}/run
      inputParameters:
      - name: dashboard_id
        in: path
      operations:
      - name: run-dashboard
        method: POST

Publishes an event to a Pub/Sub topic, triggers a Cloud Function subscriber, logs the event to BigQuery, and confirms delivery via Google Chat.

naftiko: '0.5'
info:
  label: Event-Driven Notification Pipeline
  description: Publishes an event to a Pub/Sub topic, triggers a Cloud Function subscriber, logs the event to BigQuery, and confirms delivery via Google Chat.
  tags:
  - messaging
  - infrastructure
  - pubsub
  - cloud-functions
  - bigquery
capability:
  exposes:
  - type: mcp
    namespace: event-notifications
    port: 8080
    tools:
    - name: publish-and-track-event
      description: Publish to Pub/Sub, verify Cloud Function processing, log to BigQuery, and confirm via Chat.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: topic_id
        in: body
        type: string
        description: The Pub/Sub topic ID.
      - name: message_data
        in: body
        type: string
        description: The base64-encoded message data.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for delivery confirmations.
      steps:
      - name: publish-event
        type: call
        call: pubsub.publish
        with:
          project_id: '{{project_id}}'
          topic_id: '{{topic_id}}'
          message_data: '{{message_data}}'
      - name: log-event
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset_id: event_logs
          table_id: pubsub_events
          rows: '[{"topic": "{{topic_id}}", "message_id": "{{publish-event.messageIds[0]}}"}]'
      - name: confirm-delivery
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Event published to {{topic_id}}. Message ID: {{publish-event.messageIds[0]}}. Logged to event_logs.pubsub_events.'
  consumes:
  - type: http
    namespace: pubsub
    baseUri: https://pubsub.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: topics
      path: /projects/{{project_id}}/topics/{{topic_id}}:publish
      inputParameters:
      - name: project_id
        in: path
      - name: topic_id
        in: path
      operations:
      - name: publish
        method: POST
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Fetches group membership from Google Workspace Directory, compares with an HR source in Google Sheets, adds missing members, and logs changes to BigQuery.

naftiko: '0.5'
info:
  label: Workspace Group Membership Sync
  description: Fetches group membership from Google Workspace Directory, compares with an HR source in Google Sheets, adds missing members, and logs changes to BigQuery.
  tags:
  - identity
  - hr
  - google-workspace
  - google-sheets
  - bigquery
capability:
  exposes:
  - type: mcp
    namespace: workspace-sync
    port: 8080
    tools:
    - name: sync-group-membership
      description: Sync Workspace group members against HR source in Sheets, add missing, log to BigQuery.
      inputParameters:
      - name: group_email
        in: body
        type: string
        description: The Google Workspace group email.
      - name: spreadsheet_id
        in: body
        type: string
        description: The HR roster spreadsheet ID.
      - name: sheet_range
        in: body
        type: string
        description: The range containing employee emails.
      - name: project_id
        in: body
        type: string
        description: GCP project for audit logging.
      steps:
      - name: get-current-members
        type: call
        call: workspace.list-group-members
        with:
          group_email: '{{group_email}}'
      - name: get-hr-roster
        type: call
        call: sheets.get-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: '{{sheet_range}}'
      - name: add-missing-members
        type: call
        call: workspace.add-group-member
        with:
          group_email: '{{group_email}}'
          members: '{{get-hr-roster.values}}'
      - name: log-sync
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset_id: identity_ops
          table_id: group_sync_log
          rows: '[{"group": "{{group_email}}", "action": "membership_sync", "source_count": "{{get-hr-roster.values.length}}"}]'
  consumes:
  - type: http
    namespace: workspace
    baseUri: https://admin.googleapis.com/admin/directory/v1
    authentication:
      type: bearer
      token: $secrets.workspace_admin_token
    resources:
    - name: group-members
      path: /groups/{{group_email}}/members
      inputParameters:
      - name: group_email
        in: path
      operations:
      - name: list-group-members
        method: GET
      - name: add-group-member
        method: POST
  - type: http
    namespace: sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: get-values
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST

Updates a Firebase Remote Config parameter for a feature flag, publishes a Pub/Sub event to notify downstream services, and posts the rollout status to Google Chat.

naftiko: '0.5'
info:
  label: Feature Flag Rollout Pipeline
  description: Updates a Firebase Remote Config parameter for a feature flag, publishes a Pub/Sub event to notify downstream services, and posts the rollout status to Google Chat.
  tags:
  - mobile
  - firebase
  - feature-flags
  - pubsub
capability:
  exposes:
  - type: mcp
    namespace: feature-rollout
    port: 8080
    tools:
    - name: rollout-feature-flag
      description: Update a Firebase Remote Config flag, publish event to Pub/Sub, and notify via Chat.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The Firebase project ID.
      - name: parameter_key
        in: body
        type: string
        description: The Remote Config parameter key to update.
      - name: parameter_value
        in: body
        type: string
        description: The new value for the parameter.
      - name: topic_id
        in: body
        type: string
        description: Pub/Sub topic for feature flag events.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for rollout notifications.
      steps:
      - name: get-current-config
        type: call
        call: firebase.get-remote-config
        with:
          project_id: '{{project_id}}'
      - name: update-config
        type: call
        call: firebase.update-remote-config
        with:
          project_id: '{{project_id}}'
          parameter_key: '{{parameter_key}}'
          parameter_value: '{{parameter_value}}'
      - name: publish-event
        type: call
        call: pubsub.publish
        with:
          project_id: '{{project_id}}'
          topic_id: '{{topic_id}}'
          message_data: '{"flag": "{{parameter_key}}", "value": "{{parameter_value}}"}'
      - name: notify-team
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Feature flag {{parameter_key}} updated to {{parameter_value}}. Config version: {{update-config.version.versionNumber}}.'
  consumes:
  - type: http
    namespace: firebase
    baseUri: https://firebaseremoteconfig.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.firebase_token
    resources:
    - name: remote-config
      path: /projects/{{project_id}}/remoteConfig
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: get-remote-config
        method: GET
      - name: update-remote-config
        method: PUT
  - type: http
    namespace: pubsub
    baseUri: https://pubsub.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: topics
      path: /projects/{{project_id}}/topics/{{topic_id}}:publish
      inputParameters:
      - name: project_id
        in: path
      - name: topic_id
        in: path
      operations:
      - name: publish
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Audits cloud resources for compliance tags, creates remediation tickets, and reports to leadership.

naftiko: '0.5'
info:
  label: Cloud Resource Tagging Audit
  description: Audits cloud resources for compliance tags, creates remediation tickets, and reports to leadership.
  tags:
  - compliance
  - gcp
  - jira
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: cloud_resource_tagging_audit
      description: Orchestrate cloud resource tagging audit workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-gcp
        type: call
        call: gcp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-gcp.result}}'
      - name: create-confluence
        type: call
        call: confluence.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Cloud Resource Tagging Audit step 3 complete.
  consumes:
  - type: http
    namespace: gcp
    baseUri: https://compute.googleapis.com/compute/v1/projects/alphabet
    authentication:
      type: bearer
      token: $secrets.gcp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: gcp-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://alphabet.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://alphabet.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST

Deploys a Cloud Function from a GCS archive, sets IAM invoker permissions, and verifies the function is active by calling its health endpoint.

naftiko: '0.5'
info:
  label: Cloud Function Deployment Pipeline
  description: Deploys a Cloud Function from a GCS archive, sets IAM invoker permissions, and verifies the function is active by calling its health endpoint.
  tags:
  - serverless
  - devops
  - cloud-functions
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: cloudfunc-deploy
    port: 8080
    tools:
    - name: deploy-cloud-function
      description: Deploy a Cloud Function, set IAM policy, and verify health.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The function region.
      - name: function_name
        in: body
        type: string
        description: The Cloud Function name.
      - name: source_archive_url
        in: body
        type: string
        description: GCS URI of the function source archive.
      - name: entry_point
        in: body
        type: string
        description: The function entry point.
      - name: runtime
        in: body
        type: string
        description: The runtime (e.g. python311, nodejs20).
      steps:
      - name: create-function
        type: call
        call: cloudfunctions.create-function
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          function_name: '{{function_name}}'
          source_archive_url: '{{source_archive_url}}'
          entry_point: '{{entry_point}}'
          runtime: '{{runtime}}'
      - name: set-iam-policy
        type: call
        call: cloudfunctions.set-iam-policy
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          function_name: '{{function_name}}'
          role: roles/cloudfunctions.invoker
          member: allUsers
      - name: verify-health
        type: call
        call: cloudfunctions.get-function
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          function_name: '{{function_name}}'
  consumes:
  - type: http
    namespace: cloudfunctions
    baseUri: https://cloudfunctions.googleapis.com/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: functions
      path: /projects/{{project_id}}/locations/{{region}}/functions
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      operations:
      - name: create-function
        method: POST
    - name: function-detail
      path: /projects/{{project_id}}/locations/{{region}}/functions/{{function_name}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: function_name
        in: path
      operations:
      - name: get-function
        method: GET
      - name: set-iam-policy
        method: POST

Resolves a street address to geographic coordinates using the Google Maps Geocoding API. Returns latitude, longitude, and formatted address.

naftiko: '0.5'
info:
  label: Google Maps Geocoding
  description: Resolves a street address to geographic coordinates using the Google Maps Geocoding API. Returns latitude, longitude, and formatted address.
  tags:
  - maps
  - geocoding
  - google-maps
capability:
  exposes:
  - type: mcp
    namespace: maps-geocoding
    port: 8080
    tools:
    - name: geocode-address
      description: Convert a street address to lat/lng coordinates via Google Maps Geocoding.
      inputParameters:
      - name: address
        in: body
        type: string
        description: The street address to geocode.
      call: maps.geocode
      with:
        address: '{{address}}'
      outputParameters:
      - name: latitude
        type: number
        mapping: $.results[0].geometry.location.lat
      - name: longitude
        type: number
        mapping: $.results[0].geometry.location.lng
      - name: formatted_address
        type: string
        mapping: $.results[0].formatted_address
  consumes:
  - type: http
    namespace: maps
    baseUri: https://maps.googleapis.com/maps/api
    authentication:
      type: apiKey
      key: $secrets.google_maps_api_key
      in: query
      name: key
    resources:
    - name: geocode
      path: /geocode/json
      inputParameters:
      - name: address
        in: query
      operations:
      - name: geocode
        method: GET

Runs a Google Analytics Data API report for page views and sessions by page path over a date range. Used for content performance analysis.

naftiko: '0.5'
info:
  label: Google Analytics Page Report
  description: Runs a Google Analytics Data API report for page views and sessions by page path over a date range. Used for content performance analysis.
  tags:
  - analytics
  - marketing
  - google-analytics
capability:
  exposes:
  - type: mcp
    namespace: ga-reporting
    port: 8080
    tools:
    - name: get-page-report
      description: Run a GA4 report for page views and sessions grouped by page path.
      inputParameters:
      - name: property_id
        in: body
        type: string
        description: The GA4 property ID (numeric).
      - name: start_date
        in: body
        type: string
        description: Report start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: Report end date in YYYY-MM-DD format.
      call: ga4.run-report
      with:
        property_id: '{{property_id}}'
        start_date: '{{start_date}}'
        end_date: '{{end_date}}'
  consumes:
  - type: http
    namespace: ga4
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: reports
      path: /properties/{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST

Retrieves the status and configuration of a Cloud Spanner instance.

naftiko: '0.5'
info:
  label: Cloud Spanner Instance Status
  description: Retrieves the status and configuration of a Cloud Spanner instance.
  tags:
  - databases
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: spanner
    port: 8080
    tools:
    - name: get-instance
      description: Get the status and configuration details of a Cloud Spanner instance.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: instance_id
        in: body
        type: string
        description: The Spanner instance ID.
      call: spanner.get-instance
      with:
        project_id: '{{project_id}}'
        instance_id: '{{instance_id}}'
  consumes:
  - type: http
    namespace: spanner
    baseUri: https://spanner.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: instances
      path: /projects/{{project_id}}/instances/{{instance_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: instance_id
        in: path
      operations:
      - name: get-instance
        method: GET

Retrieves metadata for a BigQuery dataset including table count, last modified timestamp, and access controls. Used by data engineers to audit dataset health.

naftiko: '0.5'
info:
  label: BigQuery Dataset Discovery
  description: Retrieves metadata for a BigQuery dataset including table count, last modified timestamp, and access controls. Used by data engineers to audit dataset health.
  tags:
  - data
  - analytics
  - bigquery
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: bigquery-discovery
    port: 8080
    tools:
    - name: get-dataset-info
      description: Look up a BigQuery dataset by project and dataset ID. Returns table count, size, last modified date, and ACLs.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID containing the dataset.
      - name: dataset_id
        in: body
        type: string
        description: The BigQuery dataset identifier.
      call: bigquery.get-dataset
      with:
        project_id: '{{project_id}}'
        dataset_id: '{{dataset_id}}'
      outputParameters:
      - name: table_count
        type: number
        mapping: $.tables.totalItems
      - name: last_modified
        type: string
        mapping: $.lastModifiedTime
      - name: location
        type: string
        mapping: $.location
  consumes:
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: datasets
      path: /projects/{{project_id}}/datasets/{{dataset_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: get-dataset
        method: GET

Scans cloud infrastructure for misconfigurations, prioritizes findings, and creates remediation tasks.

naftiko: '0.5'
info:
  label: Cloud Security Posture Assessment
  description: Scans cloud infrastructure for misconfigurations, prioritizes findings, and creates remediation tasks.
  tags:
  - security
  - gcp
  - jira
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: cloud_security_posture_assessment
      description: Orchestrate cloud security posture assessment workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-gcp
        type: call
        call: gcp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-gcp.result}}'
      - name: create-servicenow
        type: call
        call: servicenow.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Cloud Security Posture Assessment step 3 complete.
  consumes:
  - type: http
    namespace: gcp
    baseUri: https://compute.googleapis.com/compute/v1/projects/alphabet
    authentication:
      type: bearer
      token: $secrets.gcp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: gcp-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://alphabet.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://alphabet.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

Runs a Looker dashboard query, exports the results to a BigQuery table, and posts a completion notification to Google Chat.

naftiko: '0.5'
info:
  label: Looker to BigQuery Scheduled Export
  description: Runs a Looker dashboard query, exports the results to a BigQuery table, and posts a completion notification to Google Chat.
  tags:
  - analytics
  - bi
  - looker
  - bigquery
capability:
  exposes:
  - type: mcp
    namespace: looker-export
    port: 8080
    tools:
    - name: export-looker-to-bq
      description: Run a Looker query, export results to BigQuery, and notify via Google Chat.
      inputParameters:
      - name: look_id
        in: body
        type: string
        description: The Looker look ID to execute.
      - name: project_id
        in: body
        type: string
        description: The GCP project ID for BigQuery.
      - name: bq_dataset
        in: body
        type: string
        description: The target BigQuery dataset.
      - name: bq_table
        in: body
        type: string
        description: The target BigQuery table.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for notifications.
      steps:
      - name: run-looker-query
        type: call
        call: looker.run-look
        with:
          look_id: '{{look_id}}'
          result_format: json
      - name: load-to-bq
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset_id: '{{bq_dataset}}'
          table_id: '{{bq_table}}'
          rows: '{{run-looker-query}}'
      - name: notify-completion
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: Looker export complete. Look {{look_id}} data loaded to {{bq_dataset}}.{{bq_table}}.
  consumes:
  - type: http
    namespace: looker
    baseUri: https://alphabet.cloud.looker.com/api/4.0
    authentication:
      type: bearer
      token: $secrets.looker_api_token
    resources:
    - name: looks
      path: /looks/{{look_id}}/run/{{result_format}}
      inputParameters:
      - name: look_id
        in: path
      - name: result_format
        in: path
      operations:
      - name: run-look
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Collects audit events, validates against policies, generates compliance reports, and notifies auditors.

naftiko: '0.5'
info:
  label: Compliance Audit Trail Pipeline
  description: Collects audit events, validates against policies, generates compliance reports, and notifies auditors.
  tags:
  - compliance
  - elasticsearch
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: compliance_audit_trail_pipeline
      description: Orchestrate compliance audit trail pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-elasticsearch
        type: call
        call: elasticsearch.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-elasticsearch.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Compliance Audit Trail Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://alphabet-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: elasticsearch-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://alphabet.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Audits license usage, identifies underutilized licenses, recommends optimization, and notifies IT.

naftiko: '0.5'
info:
  label: Software License Optimization Pipeline
  description: Audits license usage, identifies underutilized licenses, recommends optimization, and notifies IT.
  tags:
  - operations
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: software_license_optimization
      description: Orchestrate software license optimization pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Software License Optimization Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://alphabet.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://alphabet.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Sends a user utterance to a Dialogflow CX agent and returns the matched intent, confidence score, and fulfillment text. Used for chatbot testing.

naftiko: '0.5'
info:
  label: Dialogflow Intent Resolution
  description: Sends a user utterance to a Dialogflow CX agent and returns the matched intent, confidence score, and fulfillment text. Used for chatbot testing.
  tags:
  - ai
  - conversational-ai
  - google-dialogflow
capability:
  exposes:
  - type: mcp
    namespace: dialogflow-testing
    port: 8080
    tools:
    - name: detect-intent
      description: Send a text query to Dialogflow CX and return the matched intent and response.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: agent_id
        in: body
        type: string
        description: The Dialogflow CX agent ID.
      - name: session_id
        in: body
        type: string
        description: A unique session identifier.
      - name: query_text
        in: body
        type: string
        description: The user utterance to classify.
      call: dialogflow.detect-intent
      with:
        project_id: '{{project_id}}'
        agent_id: '{{agent_id}}'
        session_id: '{{session_id}}'
        query_text: '{{query_text}}'
      outputParameters:
      - name: matched_intent
        type: string
        mapping: $.queryResult.intent.displayName
      - name: confidence
        type: number
        mapping: $.queryResult.intentDetectionConfidence
      - name: fulfillment_text
        type: string
        mapping: $.queryResult.responseMessages[0].text.text[0]
  consumes:
  - type: http
    namespace: dialogflow
    baseUri: https://dialogflow.googleapis.com/v3
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: sessions
      path: /projects/{{project_id}}/locations/global/agents/{{agent_id}}/sessions/{{session_id}}:detectIntent
      inputParameters:
      - name: project_id
        in: path
      - name: agent_id
        in: path
      - name: session_id
        in: path
      operations:
      - name: detect-intent
        method: POST

Generates a Campaign Manager 360 report, exports results to a Google Sheet, cross-references with Google Ads metrics, and emails a consolidated performance summary.

naftiko: '0.5'
info:
  label: Campaign Performance Review Pipeline
  description: Generates a Campaign Manager 360 report, exports results to a Google Sheet, cross-references with Google Ads metrics, and emails a consolidated performance summary.
  tags:
  - advertising
  - marketing
  - google-campaign-manager
  - google-sheets
  - google-ads
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: campaign-review
    port: 8080
    tools:
    - name: generate-performance-review
      description: Run CM360 report, export to Sheets, merge with Ads data, and email summary.
      inputParameters:
      - name: profile_id
        in: body
        type: string
        description: The Campaign Manager user profile ID.
      - name: advertiser_id
        in: body
        type: string
        description: The advertiser ID.
      - name: customer_id
        in: body
        type: string
        description: The Google Ads customer ID.
      - name: spreadsheet_id
        in: body
        type: string
        description: The Google Sheets spreadsheet ID for the report.
      - name: report_email
        in: body
        type: string
        description: Email for the performance summary.
      steps:
      - name: run-cm360-report
        type: call
        call: cm360.create-report
        with:
          profile_id: '{{profile_id}}'
          advertiser_id: '{{advertiser_id}}'
      - name: get-ads-metrics
        type: call
        call: googleads.query-campaign
        with:
          customer_id: '{{customer_id}}'
      - name: update-sheet
        type: call
        call: sheets.update-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: PerformanceReview!A1
          values: '{{run-cm360-report.rows}}'
      - name: email-summary
        type: call
        call: gmail.send-message
        with:
          to: '{{report_email}}'
          subject: Campaign Performance Review
          body: 'CM360 + Google Ads consolidated report ready. View: https://docs.google.com/spreadsheets/d/{{spreadsheet_id}}.'
  consumes:
  - type: http
    namespace: cm360
    baseUri: https://dfareporting.googleapis.com/dfareporting/v4
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: reports
      path: /userprofiles/{{profile_id}}/reports
      inputParameters:
      - name: profile_id
        in: path
      operations:
      - name: create-report
        method: POST
  - type: http
    namespace: googleads
    baseUri: https://googleads.googleapis.com/v16
    authentication:
      type: bearer
      token: $secrets.google_ads_token
    inputParameters:
    - name: developer-token
      in: header
      value: $secrets.google_ads_developer_token
    resources:
    - name: campaigns
      path: /customers/{{customer_id}}/googleAds:searchStream
      inputParameters:
      - name: customer_id
        in: path
      operations:
      - name: query-campaign
        method: POST
  - type: http
    namespace: sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: update-values
        method: PUT
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Audits data lake access patterns, enforces retention policies, and publishes compliance reports.

naftiko: '0.5'
info:
  label: Data Lake Governance Pipeline
  description: Audits data lake access patterns, enforces retention policies, and publishes compliance reports.
  tags:
  - data-governance
  - bigquery
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: data_lake_governance_pipeline
      description: Orchestrate data lake governance pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-bigquery
        type: call
        call: bigquery.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-bigquery.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Data Lake Governance Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bigquery-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://alphabet.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Runs a Security Command Center scan, exports findings to BigQuery, generates a compliance summary in Google Sheets, and emails the report to the compliance team.

naftiko: '0.5'
info:
  label: Compliance Scan and Report Pipeline
  description: Runs a Security Command Center scan, exports findings to BigQuery, generates a compliance summary in Google Sheets, and emails the report to the compliance team.
  tags:
  - security
  - compliance
  - security-command-center
  - bigquery
  - google-sheets
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: compliance-reporting
    port: 8080
    tools:
    - name: run-compliance-report
      description: Scan via Security Command Center, store findings in BigQuery, create Sheets report, and email.
      inputParameters:
      - name: org_id
        in: body
        type: string
        description: The GCP organization ID.
      - name: project_id
        in: body
        type: string
        description: The GCP project for BigQuery.
      - name: bq_dataset
        in: body
        type: string
        description: The BigQuery dataset for findings.
      - name: spreadsheet_id
        in: body
        type: string
        description: The compliance report spreadsheet ID.
      - name: compliance_email
        in: body
        type: string
        description: The compliance team email address.
      steps:
      - name: list-findings
        type: call
        call: scc.list-findings
        with:
          org_id: '{{org_id}}'
      - name: store-findings
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset_id: '{{bq_dataset}}'
          table_id: scc_findings
          rows: '{{list-findings.findings}}'
      - name: update-report
        type: call
        call: sheets.update-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: ComplianceReport!A1
          values: '{{list-findings.findings}}'
      - name: email-report
        type: call
        call: gmail.send-message
        with:
          to: '{{compliance_email}}'
          subject: Compliance Scan Report
          body: 'Security Command Center scan complete. {{list-findings.totalSize}} findings. Report: https://docs.google.com/spreadsheets/d/{{spreadsheet_id}}.'
  consumes:
  - type: http
    namespace: scc
    baseUri: https://securitycenter.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: findings
      path: /organizations/{{org_id}}/sources/-/findings
      inputParameters:
      - name: org_id
        in: path
      operations:
      - name: list-findings
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: update-values
        method: PUT
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Runs a Container Analysis scan on an Artifact Registry image, checks for critical CVEs, creates a Jira ticket if vulnerabilities found, and posts findings to Google Chat.

naftiko: '0.5'
info:
  label: Security Vulnerability Scan Pipeline
  description: Runs a Container Analysis scan on an Artifact Registry image, checks for critical CVEs, creates a Jira ticket if vulnerabilities found, and posts findings to Google Chat.
  tags:
  - security
  - devops
  - artifact-registry
  - jira
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: security-scanning
    port: 8080
    tools:
    - name: scan-and-report-vulnerabilities
      description: Scan a container image for vulnerabilities, report criticals to Jira and Google Chat.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: image_uri
        in: body
        type: string
        description: The full Artifact Registry image URI.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for security tickets.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for security alerts.
      steps:
      - name: get-vulnerabilities
        type: call
        call: containeranalysis.list-occurrences
        with:
          project_id: '{{project_id}}'
          image_uri: '{{image_uri}}'
      - name: create-jira-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project_key}}'
          summary: Critical CVEs found in {{image_uri}}
          description: 'Vulnerabilities detected: {{get-vulnerabilities.occurrences.length}} findings. Image: {{image_uri}}'
          issue_type: Bug
          priority: Critical
      - name: alert-security-team
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Security scan for {{image_uri}}: {{get-vulnerabilities.occurrences.length}} vulnerabilities found. Jira: {{create-jira-ticket.key}}.'
  consumes:
  - type: http
    namespace: containeranalysis
    baseUri: https://containeranalysis.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: occurrences
      path: /projects/{{project_id}}/occurrences
      inputParameters:
      - name: project_id
        in: path
      - name: filter
        in: query
      operations:
      - name: list-occurrences
        method: GET
  - type: http
    namespace: jira
    baseUri: https://alphabet.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Checks the health status of a monitored service. Used by Alphabet teams.

naftiko: '0.5'
info:
  label: Alphabet Service Health Check
  description: Checks the health status of a monitored service. Used by Alphabet teams.
  tags:
  - cloud
  - gcp
capability:
  exposes:
  - type: mcp
    namespace: gcp
    port: 8080
    tools:
    - name: get-service_health_check
      description: Checks the health status of a monitored service. Used by Alphabet teams.
      inputParameters:
      - name: health_target
        in: body
        type: string
        description: The health_target to look up.
      call: gcp.get-health_target
      with:
        health_target: '{{health_target}}'
  consumes:
  - type: http
    namespace: gcp
    baseUri: https://compute.googleapis.com/compute/v1/projects/alphabet
    authentication:
      type: bearer
      token: $secrets.gcp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: alphabet_service_health_check
        method: GET

Runs data quality validation queries on BigQuery tables, logs results to a Looker dashboard, and sends alerts for failures via Gmail.

naftiko: '0.5'
info:
  label: BigQuery Data Quality Check Pipeline
  description: Runs data quality validation queries on BigQuery tables, logs results to a Looker dashboard, and sends alerts for failures via Gmail.
  tags:
  - data
  - bigquery
  - looker
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: bq-quality
    port: 8080
    tools:
    - name: run-data-quality-check
      description: Validate data quality in BigQuery and report results.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: dataset
        in: body
        type: string
        description: The BigQuery dataset.
      - name: table
        in: body
        type: string
        description: The BigQuery table.
      - name: looker_instance
        in: body
        type: string
        description: Looker instance name.
      - name: dashboard_id
        in: body
        type: string
        description: Looker dashboard ID.
      - name: alert_email
        in: body
        type: string
        description: Email for failure alerts.
      steps:
      - name: run-quality-check
        type: call
        call: bigquery.insert-job
        with:
          project_id: '{{project_id}}'
          query: SELECT COUNT(*) as nulls FROM {{dataset}}.{{table}} WHERE key IS NULL
      - name: get-results
        type: call
        call: bigquery.get-job
        with:
          project_id: '{{project_id}}'
          job_id: '{{run-quality-check.jobReference.jobId}}'
      - name: update-dashboard
        type: call
        call: looker.get-dashboard
        with:
          dashboard_id: '{{dashboard_id}}'
      - name: send-alert
        type: call
        call: gmail.send-message
        with:
          to: '{{alert_email}}'
          subject: Data quality alert for {{dataset}}.{{table}}
          body: 'Nulls found: {{get-results.statistics.query.totalRows}}'
  consumes:
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: jobs
      path: /projects/{{project_id}}/jobs
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: insert-job
        method: POST
      - name: get-job
        method: GET
  - type: http
    namespace: looker
    baseUri: https://{{looker_instance}}.looker.com/api/4.0
    authentication:
      type: bearer
      token: $secrets.looker_api_token
    resources:
    - name: dashboards
      path: /dashboards/{{dashboard_id}}
      inputParameters:
      - name: dashboard_id
        in: path
      operations:
      - name: get-dashboard
        method: GET
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.gmail_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Queries metric values from a monitoring dashboard. Used by Alphabet teams.

naftiko: '0.5'
info:
  label: Alphabet Metric Dashboard Query
  description: Queries metric values from a monitoring dashboard. Used by Alphabet teams.
  tags:
  - cloud
  - bigquery
capability:
  exposes:
  - type: mcp
    namespace: bigquery
    port: 8080
    tools:
    - name: get-metric_dashboard_query
      description: Queries metric values from a monitoring dashboard. Used by Alphabet teams.
      inputParameters:
      - name: metric_name
        in: body
        type: string
        description: The metric_name to look up.
      call: bigquery.get-metric_name
      with:
        metric_name: '{{metric_name}}'
  consumes:
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: alphabet_metric_dashboard_quer
        method: GET

Reads a range of cells from a Google Sheets spreadsheet.

naftiko: '0.5'
info:
  label: Google Sheets Cell Range Reader
  description: Reads a range of cells from a Google Sheets spreadsheet.
  tags:
  - data
  - google-sheets
capability:
  exposes:
  - type: mcp
    namespace: googlesheets
    port: 8080
    tools:
    - name: get-values
      description: Read cell values from a specified range in Google Sheets.
      inputParameters:
      - name: spreadsheet_id
        in: body
        type: string
        description: The Google Sheets spreadsheet ID.
      - name: range
        in: body
        type: string
        description: The A1 notation range to read.
      call: googlesheets.get-values
      with:
        spreadsheet_id: '{{spreadsheet_id}}'
        range: '{{range}}'
  consumes:
  - type: http
    namespace: googlesheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_sheets_token
    resources:
    - name: spreadsheets
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: get-values
        method: GET

Checks the current status of a project. Used by Alphabet teams.

naftiko: '0.5'
info:
  label: Alphabet Project Status Check
  description: Checks the current status of a project. Used by Alphabet teams.
  tags:
  - cloud
  - jira
capability:
  exposes:
  - type: mcp
    namespace: jira
    port: 8080
    tools:
    - name: get-project_status_check
      description: Checks the current status of a project. Used by Alphabet teams.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: The project_key to look up.
      call: jira.get-project_key
      with:
        project_key: '{{project_key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://alphabet.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: alphabet_project_status_check
        method: GET

Retrieves a Google Workspace user profile by email including org unit, last login, and admin status. Used by IT admins for identity audits.

naftiko: '0.5'
info:
  label: Google Workspace User Lookup
  description: Retrieves a Google Workspace user profile by email including org unit, last login, and admin status. Used by IT admins for identity audits.
  tags:
  - identity
  - google-workspace
  - admin
capability:
  exposes:
  - type: mcp
    namespace: workspace-admin
    port: 8080
    tools:
    - name: get-workspace-user
      description: Look up a Google Workspace user by primary email address.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: The user's primary email address.
      call: workspace.get-user
      with:
        user_email: '{{user_email}}'
      outputParameters:
      - name: full_name
        type: string
        mapping: $.name.fullName
      - name: org_unit
        type: string
        mapping: $.orgUnitPath
      - name: last_login
        type: string
        mapping: $.lastLoginTime
      - name: is_admin
        type: boolean
        mapping: $.isAdmin
  consumes:
  - type: http
    namespace: workspace
    baseUri: https://admin.googleapis.com/admin/directory/v1
    authentication:
      type: bearer
      token: $secrets.workspace_admin_token
    resources:
    - name: users
      path: /users/{{user_email}}
      inputParameters:
      - name: user_email
        in: path
      operations:
      - name: get-user
        method: GET

Checks Cloud Spanner instance metrics, queries CPU utilization from Cloud Monitoring, and posts a capacity summary with scaling recommendations to Google Chat.

naftiko: '0.5'
info:
  label: Spanner Capacity Planning Pipeline
  description: Checks Cloud Spanner instance metrics, queries CPU utilization from Cloud Monitoring, and posts a capacity summary with scaling recommendations to Google Chat.
  tags:
  - database
  - infrastructure
  - cloud-spanner
  - cloud-monitoring
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: spanner-capacity
    port: 8080
    tools:
    - name: assess-spanner-capacity
      description: Check Spanner instance, query CPU metrics, and post capacity recommendations.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: instance_id
        in: body
        type: string
        description: The Spanner instance identifier.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for capacity alerts.
      steps:
      - name: get-instance
        type: call
        call: spanner.get-instance
        with:
          project_id: '{{project_id}}'
          instance_id: '{{instance_id}}'
      - name: get-cpu-metrics
        type: call
        call: monitoring.query-timeseries
        with:
          project_id: '{{project_id}}'
          filter: metric.type="spanner.googleapis.com/instance/cpu/utilization" AND resource.labels.instance_id="{{instance_id}}"
      - name: post-summary
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Spanner capacity report for {{instance_id}}: {{get-instance.nodeCount}} nodes, state: {{get-instance.state}}. Avg CPU: {{get-cpu-metrics.timeSeries[0].points[0].value.doubleValue}}.'
  consumes:
  - type: http
    namespace: spanner
    baseUri: https://spanner.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: instances
      path: /projects/{{project_id}}/instances/{{instance_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: instance_id
        in: path
      operations:
      - name: get-instance
        method: GET
  - type: http
    namespace: monitoring
    baseUri: https://monitoring.googleapis.com/v3
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: timeseries
      path: /projects/{{project_id}}/timeSeries
      inputParameters:
      - name: project_id
        in: path
      - name: filter
        in: query
      operations:
      - name: query-timeseries
        method: GET
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Submits a batch prediction job to Vertex AI, monitors completion, stores results in BigQuery, and notifies via Google Chat.

naftiko: '0.5'
info:
  label: Vertex AI Batch Prediction Pipeline
  description: Submits a batch prediction job to Vertex AI, monitors completion, stores results in BigQuery, and notifies via Google Chat.
  tags:
  - ai
  - machine-learning
  - google-cloud-platform
  - bigquery
  - google-workspace
capability:
  exposes:
  - type: mcp
    namespace: vertex-batch
    port: 8080
    tools:
    - name: run-batch-prediction
      description: Orchestrate a batch prediction pipeline across Vertex AI, BigQuery, and Google Chat.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The compute region.
      - name: model_id
        in: body
        type: string
        description: The Vertex AI model resource ID.
      - name: input_uri
        in: body
        type: string
        description: GCS URI for input data.
      - name: output_dataset
        in: body
        type: string
        description: BigQuery dataset for results.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for notifications.
      steps:
      - name: submit-prediction
        type: call
        call: vertexai.create-batch-job
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          model: '{{model_id}}'
          inputConfig: '{{input_uri}}'
      - name: check-job
        type: call
        call: vertexai.get-batch-job
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          job_id: '{{submit-prediction.name}}'
      - name: load-results
        type: call
        call: bigquery.insert-job
        with:
          project_id: '{{project_id}}'
          dataset: '{{output_dataset}}'
      - name: notify
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Batch prediction complete. Job: {{submit-prediction.name}}, loaded to {{output_dataset}}.'
  consumes:
  - type: http
    namespace: vertexai
    baseUri: https://aiplatform.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: batchPredictionJobs
      path: /projects/{{project_id}}/locations/{{region}}/batchPredictionJobs
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      operations:
      - name: create-batch-job
        method: POST
      - name: get-batch-job
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: jobs
      path: /projects/{{project_id}}/jobs
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: insert-job
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Fetches Terraform Cloud workspace state, compares it against Cloud Asset Inventory, identifies drift, and creates a GitHub issue for remediation.

naftiko: '0.5'
info:
  label: Terraform GCP Infrastructure Audit
  description: Fetches Terraform Cloud workspace state, compares it against Cloud Asset Inventory, identifies drift, and creates a GitHub issue for remediation.
  tags:
  - infrastructure
  - devops
  - terraform
  - github
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: infra-audit
    port: 8080
    tools:
    - name: audit-infrastructure-drift
      description: Compare Terraform state with GCP Cloud Asset Inventory and report drift to GitHub.
      inputParameters:
      - name: terraform_workspace
        in: body
        type: string
        description: The Terraform Cloud workspace ID.
      - name: project_id
        in: body
        type: string
        description: The GCP project ID to audit.
      - name: github_repo
        in: body
        type: string
        description: The GitHub repository (owner/repo) for drift issues.
      steps:
      - name: get-tf-state
        type: call
        call: terraform.get-workspace-state
        with:
          workspace_id: '{{terraform_workspace}}'
      - name: get-asset-inventory
        type: call
        call: cloudasset.search-resources
        with:
          project_id: '{{project_id}}'
      - name: create-drift-issue
        type: call
        call: github.create-issue
        with:
          repo: '{{github_repo}}'
          title: Infrastructure drift detected in {{project_id}}
          body: 'Terraform state resources: {{get-tf-state.resources.length}}. GCP asset inventory resources: {{get-asset-inventory.results.length}}. Review and reconcile.'
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_cloud_token
    resources:
    - name: workspaces
      path: /workspaces/{{workspace_id}}/current-state-version
      inputParameters:
      - name: workspace_id
        in: path
      operations:
      - name: get-workspace-state
        method: GET
  - type: http
    namespace: cloudasset
    baseUri: https://cloudasset.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: resources
      path: /projects/{{project_id}}/assets
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: search-resources
        method: GET
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: issues
      path: /repos/{{repo}}/issues
      inputParameters:
      - name: repo
        in: path
      operations:
      - name: create-issue
        method: POST

Checks Cloud SQL instance health, triggers an on-demand backup, verifies backup completion, and sends a health report to the DBA team via Gmail.

naftiko: '0.5'
info:
  label: Cloud SQL Backup and Health Pipeline
  description: Checks Cloud SQL instance health, triggers an on-demand backup, verifies backup completion, and sends a health report to the DBA team via Gmail.
  tags:
  - database
  - infrastructure
  - cloud-sql
  - gmail
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: cloudsql-ops
    port: 8080
    tools:
    - name: backup-and-report
      description: Check Cloud SQL health, trigger backup, verify, and email report to DBA team.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: instance_name
        in: body
        type: string
        description: The Cloud SQL instance name.
      - name: dba_email
        in: body
        type: string
        description: DBA team email for health reports.
      steps:
      - name: get-instance-health
        type: call
        call: cloudsql.get-instance
        with:
          project_id: '{{project_id}}'
          instance_name: '{{instance_name}}'
      - name: trigger-backup
        type: call
        call: cloudsql.create-backup
        with:
          project_id: '{{project_id}}'
          instance_name: '{{instance_name}}'
      - name: send-report
        type: call
        call: gmail.send-message
        with:
          to: '{{dba_email}}'
          subject: 'Cloud SQL Health: {{instance_name}}'
          body: 'Instance {{instance_name}} state: {{get-instance-health.state}}. Version: {{get-instance-health.databaseVersion}}. Backup initiated: {{trigger-backup.id}}.'
  consumes:
  - type: http
    namespace: cloudsql
    baseUri: https://sqladmin.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: instances
      path: /projects/{{project_id}}/instances/{{instance_name}}
      inputParameters:
      - name: project_id
        in: path
      - name: instance_name
        in: path
      operations:
      - name: get-instance
        method: GET
    - name: backups
      path: /projects/{{project_id}}/instances/{{instance_name}}/backupRuns
      inputParameters:
      - name: project_id
        in: path
      - name: instance_name
        in: path
      operations:
      - name: create-backup
        method: POST
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Evaluates vendor security posture, scores risk, creates assessment records, and notifies procurement.

naftiko: '0.5'
info:
  label: Vendor Risk Assessment Pipeline
  description: Evaluates vendor security posture, scores risk, creates assessment records, and notifies procurement.
  tags:
  - procurement
  - servicenow
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: vendor_risk_assessment_pipeline
      description: Orchestrate vendor risk assessment pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Vendor Risk Assessment Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://alphabet.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://alphabet.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves details of a specific event from a Google Calendar.

naftiko: '0.5'
info:
  label: Google Calendar Event Retrieval
  description: Retrieves details of a specific event from a Google Calendar.
  tags:
  - collaboration
  - google-workspace
capability:
  exposes:
  - type: mcp
    namespace: googlecalendar
    port: 8080
    tools:
    - name: get-event
      description: Retrieve a specific calendar event by ID.
      inputParameters:
      - name: calendar_id
        in: body
        type: string
        description: The Google Calendar ID.
      - name: event_id
        in: body
        type: string
        description: The calendar event ID.
      call: googlecalendar.get-event
      with:
        calendar_id: '{{calendar_id}}'
        event_id: '{{event_id}}'
  consumes:
  - type: http
    namespace: googlecalendar
    baseUri: https://www.googleapis.com/calendar/v3
    authentication:
      type: bearer
      token: $secrets.google_calendar_token
    resources:
    - name: events
      path: /calendars/{{calendar_id}}/events/{{event_id}}
      inputParameters:
      - name: calendar_id
        in: path
      - name: event_id
        in: path
      operations:
      - name: get-event
        method: GET

Retrieves organic search performance data from Search Console including clicks, impressions, CTR, and average position for a given site.

naftiko: '0.5'
info:
  label: Google Search Console Performance
  description: Retrieves organic search performance data from Search Console including clicks, impressions, CTR, and average position for a given site.
  tags:
  - seo
  - analytics
  - google-search-console
capability:
  exposes:
  - type: mcp
    namespace: search-console
    port: 8080
    tools:
    - name: get-search-performance
      description: Query Search Console search analytics for a verified property. Returns clicks, impressions, CTR, and position.
      inputParameters:
      - name: site_url
        in: body
        type: string
        description: The verified site URL (e.g. https://example.com).
      - name: start_date
        in: body
        type: string
        description: Start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: End date in YYYY-MM-DD format.
      call: searchconsole.query-analytics
      with:
        site_url: '{{site_url}}'
        start_date: '{{start_date}}'
        end_date: '{{end_date}}'
  consumes:
  - type: http
    namespace: searchconsole
    baseUri: https://searchconsole.googleapis.com/webmasters/v3
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: search-analytics
      path: /sites/{{site_url}}/searchAnalytics/query
      inputParameters:
      - name: site_url
        in: path
      operations:
      - name: query-analytics
        method: POST

Audits IAM role bindings across a GCP organization, identifies overprivileged accounts, exports findings to BigQuery, and alerts security team.

naftiko: '0.5'
info:
  label: Cloud IAM Role Audit Pipeline
  description: Audits IAM role bindings across a GCP organization, identifies overprivileged accounts, exports findings to BigQuery, and alerts security team.
  tags:
  - security
  - google-cloud-platform
  - bigquery
capability:
  exposes:
  - type: mcp
    namespace: iam-audit
    port: 8080
    tools:
    - name: run-iam-audit
      description: Audit IAM role bindings and report overprivileged accounts.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: dataset
        in: body
        type: string
        description: BigQuery dataset for audit results.
      - name: table
        in: body
        type: string
        description: BigQuery table.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for security alerts.
      steps:
      - name: get-iam-policy
        type: call
        call: cloudresourcemanager.get-iam-policy
        with:
          project_id: '{{project_id}}'
      - name: export-findings
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset: '{{dataset}}'
          table: '{{table}}'
      - name: alert-security
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: IAM audit complete for {{project_id}}.
  consumes:
  - type: http
    namespace: cloudresourcemanager
    baseUri: https://cloudresourcemanager.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: projects
      path: /projects/{{project_id}}:getIamPolicy
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: get-iam-policy
        method: POST
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset}}/tables/{{table}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset
        in: path
      - name: table
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Submits a Spark job to a Dataproc cluster, monitors execution, exports results to Cloud Storage, and notifies the data team via Google Chat.

naftiko: '0.5'
info:
  label: Dataproc Spark Job Orchestration
  description: Submits a Spark job to a Dataproc cluster, monitors execution, exports results to Cloud Storage, and notifies the data team via Google Chat.
  tags:
  - data
  - analytics
  - dataproc
  - apache-spark
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: dataproc-jobs
    port: 8080
    tools:
    - name: run-spark-job
      description: Submit a Spark job to Dataproc, monitor, export results, and notify team.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Dataproc region.
      - name: cluster_name
        in: body
        type: string
        description: The Dataproc cluster name.
      - name: main_jar_uri
        in: body
        type: string
        description: GCS URI of the Spark job JAR.
      - name: output_bucket
        in: body
        type: string
        description: GCS bucket for job output.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for job notifications.
      steps:
      - name: submit-job
        type: call
        call: dataproc.submit-job
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          cluster_name: '{{cluster_name}}'
          main_jar_uri: '{{main_jar_uri}}'
          output_uri: gs://{{output_bucket}}/spark-output
      - name: check-job-status
        type: call
        call: dataproc.get-job
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          job_id: '{{submit-job.reference.jobId}}'
      - name: notify-team
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Spark job {{submit-job.reference.jobId}} on cluster {{cluster_name}}: status {{check-job-status.status.state}}. Output: gs://{{output_bucket}}/spark-output.'
  consumes:
  - type: http
    namespace: dataproc
    baseUri: https://dataproc.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: jobs
      path: /projects/{{project_id}}/regions/{{region}}/jobs:submit
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      operations:
      - name: submit-job
        method: POST
    - name: job-status
      path: /projects/{{project_id}}/regions/{{region}}/jobs/{{job_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: job_id
        in: path
      operations:
      - name: get-job
        method: GET
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Collects resource utilization from Cloud Monitoring, adjusts HPA thresholds on GKE, validates the change, and posts results to Microsoft Teams.

naftiko: '0.5'
info:
  label: GKE Pod Autoscaler Tuning Pipeline
  description: Collects resource utilization from Cloud Monitoring, adjusts HPA thresholds on GKE, validates the change, and posts results to Microsoft Teams.
  tags:
  - containers
  - monitoring
  - google-cloud-platform
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: gke-autoscale
    port: 8080
    tools:
    - name: run-autoscaler-tuning
      description: Tune GKE pod autoscaler based on monitoring metrics and notify via Teams.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: zone
        in: body
        type: string
        description: The cluster zone.
      - name: cluster_name
        in: body
        type: string
        description: The GKE cluster name.
      - name: team_id
        in: body
        type: string
        description: Microsoft Teams team ID.
      - name: channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: get-metrics
        type: call
        call: cloudmonitoring.list-timeseries
        with:
          project_id: '{{project_id}}'
          filter: resource.type=k8s_container
      - name: get-cluster-info
        type: call
        call: gke.get-cluster
        with:
          project_id: '{{project_id}}'
          zone: '{{zone}}'
          cluster_name: '{{cluster_name}}'
      - name: update-hpa
        type: call
        call: gke.update-cluster
        with:
          project_id: '{{project_id}}'
          zone: '{{zone}}'
          cluster_name: '{{cluster_name}}'
          metrics: '{{get-metrics}}'
      - name: notify-team
        type: call
        call: teams.send-message
        with:
          team_id: '{{team_id}}'
          channel_id: '{{channel_id}}'
          text: 'HPA tuning for {{cluster_name}}: updated based on utilization metrics.'
  consumes:
  - type: http
    namespace: cloudmonitoring
    baseUri: https://monitoring.googleapis.com/v3
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: timeseries
      path: /projects/{{project_id}}/timeSeries
      inputParameters:
      - name: project_id
        in: path
      - name: filter
        in: query
      operations:
      - name: list-timeseries
        method: GET
  - type: http
    namespace: gke
    baseUri: https://container.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: clusters
      path: /projects/{{project_id}}/locations/{{zone}}/clusters/{{cluster_name}}
      inputParameters:
      - name: project_id
        in: path
      - name: zone
        in: path
      - name: cluster_name
        in: path
      operations:
      - name: get-cluster
        method: GET
      - name: update-cluster
        method: PUT
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.microsoft_graph_token
    resources:
    - name: messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-message
        method: POST

Audits a Cloud Storage bucket for compliance: checks metadata, verifies IAM policies, scans for public access, and logs findings to BigQuery with a Google Chat alert.

naftiko: '0.5'
info:
  label: Bucket Compliance Check Pipeline
  description: 'Audits a Cloud Storage bucket for compliance: checks metadata, verifies IAM policies, scans for public access, and logs findings to BigQuery with a Google Chat alert.'
  tags:
  - storage
  - security
  - compliance
  - gcp-cloud-storage
  - bigquery
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: storage-compliance
    port: 8080
    tools:
    - name: audit-bucket-compliance
      description: Check bucket metadata, IAM policy, log findings to BigQuery, and alert on non-compliance.
      inputParameters:
      - name: bucket_name
        in: body
        type: string
        description: The Cloud Storage bucket name.
      - name: project_id
        in: body
        type: string
        description: The GCP project ID for logging.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for compliance alerts.
      steps:
      - name: get-bucket-info
        type: call
        call: cloudstorage.get-bucket
        with:
          bucket_name: '{{bucket_name}}'
      - name: get-bucket-iam
        type: call
        call: cloudstorage.get-bucket-iam
        with:
          bucket_name: '{{bucket_name}}'
      - name: log-findings
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset_id: compliance_audits
          table_id: bucket_findings
          rows: '[{"bucket": "{{bucket_name}}", "storage_class": "{{get-bucket-info.storageClass}}", "versioning": "{{get-bucket-info.versioning.enabled}}", "iam_bindings": "{{get-bucket-iam.bindings.length}}"}]'
      - name: alert-team
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Bucket audit for {{bucket_name}}: class={{get-bucket-info.storageClass}}, versioning={{get-bucket-info.versioning.enabled}}, IAM bindings={{get-bucket-iam.bindings.length}}. Full report in compliance_audits.bucket_findings.'
  consumes:
  - type: http
    namespace: cloudstorage
    baseUri: https://storage.googleapis.com/storage/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: buckets
      path: /b/{{bucket_name}}
      inputParameters:
      - name: bucket_name
        in: path
      operations:
      - name: get-bucket
        method: GET
    - name: bucket-iam
      path: /b/{{bucket_name}}/iam
      inputParameters:
      - name: bucket_name
        in: path
      operations:
      - name: get-bucket-iam
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Fetches the current Firebase Remote Config template for a project.

naftiko: '0.5'
info:
  label: Firebase Remote Config Fetch
  description: Fetches the current Firebase Remote Config template for a project.
  tags:
  - mobile
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: firebase
    port: 8080
    tools:
    - name: get-config
      description: Fetch the current Remote Config template for a Firebase project.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The Firebase project ID.
      call: firebase.get-config
      with:
        project_id: '{{project_id}}'
  consumes:
  - type: http
    namespace: firebase
    baseUri: https://firebaseremoteconfig.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: remoteConfig
      path: /projects/{{project_id}}/remoteConfig
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: get-config
        method: GET

Retrieves feature values from a Vertex AI Feature Store for online serving.

naftiko: '0.5'
info:
  label: Vertex AI Feature Store Lookup
  description: Retrieves feature values from a Vertex AI Feature Store for online serving.
  tags:
  - ai
  - machine-learning
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: vertexfeaturestore
    port: 8080
    tools:
    - name: get-featurestore
      description: Retrieve a Vertex AI Feature Store instance and its configuration.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The feature store region.
      - name: featurestore_id
        in: body
        type: string
        description: The feature store ID.
      call: vertexfeaturestore.get-featurestore
      with:
        project_id: '{{project_id}}'
        region: '{{region}}'
        featurestore_id: '{{featurestore_id}}'
  consumes:
  - type: http
    namespace: vertexfeaturestore
    baseUri: https://aiplatform.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: featurestores
      path: /projects/{{project_id}}/locations/{{region}}/featurestores/{{featurestore_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: featurestore_id
        in: path
      operations:
      - name: get-featurestore
        method: GET

Identifies deprecated API consumers, sends migration notices, tracks adoption, and reports progress.

naftiko: '0.5'
info:
  label: API Deprecation Notice Pipeline
  description: Identifies deprecated API consumers, sends migration notices, tracks adoption, and reports progress.
  tags:
  - engineering
  - datadog
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: api_deprecation_notice_pipeline
      description: Orchestrate api deprecation notice pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-datadog
        type: call
        call: datadog.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-datadog.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: API Deprecation Notice Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://alphabet.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Pulls campaign performance from Google Ads, calculates optimal budget distribution, updates campaigns, and logs changes to Google Sheets.

naftiko: '0.5'
info:
  label: Google Ads Budget Reallocation Pipeline
  description: Pulls campaign performance from Google Ads, calculates optimal budget distribution, updates campaigns, and logs changes to Google Sheets.
  tags:
  - marketing
  - google-ads
  - google-sheets
capability:
  exposes:
  - type: mcp
    namespace: ads-budget-realloc
    port: 8080
    tools:
    - name: run-budget-reallocation
      description: Optimize Google Ads campaign budgets based on performance data.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: Google Ads customer ID.
      - name: spreadsheet_id
        in: body
        type: string
        description: Google Sheets spreadsheet ID.
      - name: range
        in: body
        type: string
        description: Cell range.
      steps:
      - name: get-performance
        type: call
        call: googleads.search-stream
        with:
          customer_id: '{{customer_id}}'
          query: SELECT campaign.id, metrics.cost_micros FROM campaign
      - name: update-budgets
        type: call
        call: googleads.search-stream
        with:
          customer_id: '{{customer_id}}'
          query: UPDATE campaign SET budget={{get-performance.optimal_budget}}
      - name: log-changes
        type: call
        call: googlesheets.append-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: '{{range}}'
  consumes:
  - type: http
    namespace: googleads
    baseUri: https://googleads.googleapis.com/v14
    authentication:
      type: bearer
      token: $secrets.google_ads_token
    resources:
    - name: customers
      path: /customers/{{customer_id}}/googleAds:searchStream
      inputParameters:
      - name: customer_id
        in: path
      operations:
      - name: search-stream
        method: POST
  - type: http
    namespace: googlesheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_sheets_token
    resources:
    - name: spreadsheets
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}:append
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: append-values
        method: POST

Aggregates customer data from multiple sources, deduplicates, enriches profiles, and syncs to CRM.

naftiko: '0.5'
info:
  label: Customer 360 Data Sync Pipeline
  description: Aggregates customer data from multiple sources, deduplicates, enriches profiles, and syncs to CRM.
  tags:
  - data
  - snowflake
  - salesforce
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data
    port: 8080
    tools:
    - name: customer_360_data_sync_pipeline
      description: Orchestrate customer 360 data sync pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-salesforce
        type: call
        call: salesforce.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Customer 360 Data Sync Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://alphabet.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://alphabet.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Exports GCP billing data from BigQuery, fetches comparable data from the Cloud Billing API, generates a cost summary, and posts it to a Google Sheets dashboard with Gmail notification.

naftiko: '0.5'
info:
  label: Multi-Cloud Cost Reporting Pipeline
  description: Exports GCP billing data from BigQuery, fetches comparable data from the Cloud Billing API, generates a cost summary, and posts it to a Google Sheets dashboard with Gmail notification.
  tags:
  - finops
  - billing
  - bigquery
  - google-sheets
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: cost-reporting
    port: 8080
    tools:
    - name: generate-cost-report
      description: Build a cost report from BigQuery billing exports and publish to Sheets with email alert.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: billing_dataset
        in: body
        type: string
        description: The BigQuery dataset containing billing exports.
      - name: billing_table
        in: body
        type: string
        description: The billing export table name.
      - name: spreadsheet_id
        in: body
        type: string
        description: The Google Sheets spreadsheet ID for the dashboard.
      - name: notify_email
        in: body
        type: string
        description: Finance team email for report notifications.
      steps:
      - name: query-billing
        type: call
        call: bigquery.run-query
        with:
          project_id: '{{project_id}}'
          query: SELECT service.description, SUM(cost) as total_cost FROM `{{project_id}}.{{billing_dataset}}.{{billing_table}}` GROUP BY service.description ORDER BY total_cost DESC
      - name: update-sheet
        type: call
        call: sheets.update-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: CostReport!A1
          values: '{{query-billing.rows}}'
      - name: email-report
        type: call
        call: gmail.send-message
        with:
          to: '{{notify_email}}'
          subject: GCP Cost Report Updated
          body: 'The cost dashboard has been refreshed. View at https://docs.google.com/spreadsheets/d/{{spreadsheet_id}}. Total services: {{query-billing.totalRows}}.'
  consumes:
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: jobs
      path: /projects/{{project_id}}/queries
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: update-values
        method: PUT
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Creates a Google Calendar event with attendees, generates a Google Meet link, and sends a custom invitation email via Gmail.

naftiko: '0.5'
info:
  label: Google Calendar Meeting Scheduler
  description: Creates a Google Calendar event with attendees, generates a Google Meet link, and sends a custom invitation email via Gmail.
  tags:
  - productivity
  - google-workspace
  - google-calendar
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: calendar-scheduling
    port: 8080
    tools:
    - name: schedule-meeting
      description: Create a Calendar event with Meet link and send custom email invitation.
      inputParameters:
      - name: summary
        in: body
        type: string
        description: The meeting title.
      - name: start_time
        in: body
        type: string
        description: The start time in RFC 3339 format.
      - name: end_time
        in: body
        type: string
        description: The end time in RFC 3339 format.
      - name: attendees
        in: body
        type: string
        description: Comma-separated list of attendee email addresses.
      - name: custom_message
        in: body
        type: string
        description: Custom message body for the invitation email.
      steps:
      - name: create-event
        type: call
        call: calendar.create-event
        with:
          summary: '{{summary}}'
          start_time: '{{start_time}}'
          end_time: '{{end_time}}'
          attendees: '{{attendees}}'
          conference_data: hangoutsMeet
      - name: send-invite
        type: call
        call: gmail.send-message
        with:
          to: '{{attendees}}'
          subject: 'Meeting: {{summary}}'
          body: '{{custom_message}}


            Join: {{create-event.hangoutLink}}

            When: {{start_time}} - {{end_time}}'
  consumes:
  - type: http
    namespace: calendar
    baseUri: https://www.googleapis.com/calendar/v3
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: events
      path: /calendars/primary/events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Queries Cloud Logging for error entries in a given service, creates a summary, posts it to Google Chat, and opens a ServiceNow incident.

naftiko: '0.5'
info:
  label: Cloud Logging Error Alert Pipeline
  description: Queries Cloud Logging for error entries in a given service, creates a summary, posts it to Google Chat, and opens a ServiceNow incident.
  tags:
  - operations
  - monitoring
  - cloud-logging
  - servicenow
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: log-alerting
    port: 8080
    tools:
    - name: alert-on-errors
      description: Query Cloud Logging for errors, alert via Google Chat, and create ServiceNow incident.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: service_name
        in: body
        type: string
        description: The service name to filter logs.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for alerts.
      - name: snow_assignment_group
        in: body
        type: string
        description: ServiceNow assignment group for the incident.
      steps:
      - name: query-errors
        type: call
        call: logging.list-entries
        with:
          project_id: '{{project_id}}'
          filter: resource.labels.service_name={{service_name}} severity=ERROR
      - name: post-alert
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Error alert for {{service_name}}: {{query-errors.entries.length}} error entries detected in the last hour.'
      - name: open-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: Elevated errors in {{service_name}}
          category: application
          assigned_group: '{{snow_assignment_group}}'
          description: '{{query-errors.entries.length}} error log entries detected for service {{service_name}} in project {{project_id}}.'
  consumes:
  - type: http
    namespace: logging
    baseUri: https://logging.googleapis.com/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: entries
      path: /entries:list
      operations:
      - name: list-entries
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://alphabet.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Retrieves the details of a Google Cloud Armor security policy including rules and targets.

naftiko: '0.5'
info:
  label: Cloud Armor Security Policy Lookup
  description: Retrieves the details of a Google Cloud Armor security policy including rules and targets.
  tags:
  - security
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: cloudarmor
    port: 8080
    tools:
    - name: get-policy
      description: Retrieve a Cloud Armor security policy by name.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: policy_name
        in: body
        type: string
        description: The security policy name.
      call: cloudarmor.get-policy
      with:
        project_id: '{{project_id}}'
        policy_name: '{{policy_name}}'
  consumes:
  - type: http
    namespace: cloudarmor
    baseUri: https://compute.googleapis.com/compute/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: policies
      path: /projects/{{project_id}}/global/securityPolicies/{{policy_name}}
      inputParameters:
      - name: project_id
        in: path
      - name: policy_name
        in: path
      operations:
      - name: get-policy
        method: GET

Retrieves the details of a support ticket. Used by Alphabet teams.

naftiko: '0.5'
info:
  label: Alphabet Ticket Details Lookup
  description: Retrieves the details of a support ticket. Used by Alphabet teams.
  tags:
  - cloud
  - grafana
capability:
  exposes:
  - type: mcp
    namespace: grafana
    port: 8080
    tools:
    - name: get-ticket_details_lookup
      description: Retrieves the details of a support ticket. Used by Alphabet teams.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: The ticket_id to look up.
      call: grafana.get-ticket_id
      with:
        ticket_id: '{{ticket_id}}'
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://alphabet-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: alphabet_ticket_details_lookup
        method: GET

Uploads an APK to Google Play Developer API, promotes it to the internal test track, triggers Firebase Test Lab tests, and notifies the team on Google Chat.

naftiko: '0.5'
info:
  label: Android App Release Pipeline
  description: Uploads an APK to Google Play Developer API, promotes it to the internal test track, triggers Firebase Test Lab tests, and notifies the team on Google Chat.
  tags:
  - mobile
  - devops
  - google-android
  - firebase
  - ci-cd
capability:
  exposes:
  - type: mcp
    namespace: android-release
    port: 8080
    tools:
    - name: release-android-app
      description: Upload APK, promote to test track, run Firebase tests, and notify team.
      inputParameters:
      - name: package_name
        in: body
        type: string
        description: The Android app package name.
      - name: apk_path
        in: body
        type: string
        description: GCS path to the APK file.
      - name: track
        in: body
        type: string
        description: The release track (internal, alpha, beta, production).
      - name: project_id
        in: body
        type: string
        description: Firebase project ID for Test Lab.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for release notifications.
      steps:
      - name: upload-apk
        type: call
        call: playdev.upload-apk
        with:
          package_name: '{{package_name}}'
          apk_path: '{{apk_path}}'
      - name: promote-track
        type: call
        call: playdev.update-track
        with:
          package_name: '{{package_name}}'
          track: '{{track}}'
          version_code: '{{upload-apk.versionCode}}'
      - name: run-tests
        type: call
        call: testlab.run-test
        with:
          project_id: '{{project_id}}'
          apk_gcs_path: '{{apk_path}}'
      - name: notify-team
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Android release: {{package_name}} v{{upload-apk.versionCode}} promoted to {{track}}. Test Lab execution: {{run-tests.testExecutionId}}.'
  consumes:
  - type: http
    namespace: playdev
    baseUri: https://androidpublisher.googleapis.com/androidpublisher/v3
    authentication:
      type: bearer
      token: $secrets.google_play_token
    resources:
    - name: apks
      path: /applications/{{package_name}}/edits/upload
      inputParameters:
      - name: package_name
        in: path
      operations:
      - name: upload-apk
        method: POST
    - name: tracks
      path: /applications/{{package_name}}/edits/tracks/{{track}}
      inputParameters:
      - name: package_name
        in: path
      - name: track
        in: path
      operations:
      - name: update-track
        method: PUT
  - type: http
    namespace: testlab
    baseUri: https://testing.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: test-executions
      path: /projects/{{project_id}}/testMatrices
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: run-test
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Runs data quality checks, scores datasets, creates remediation tickets, and publishes scorecards.

naftiko: '0.5'
info:
  label: Data Quality Monitoring Pipeline
  description: Runs data quality checks, scores datasets, creates remediation tickets, and publishes scorecards.
  tags:
  - data-quality
  - snowflake
  - jira
  - grafana
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: data_quality_monitoring_pipeline
      description: Orchestrate data quality monitoring pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-grafana
        type: call
        call: grafana.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Data Quality Monitoring Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://alphabet.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://alphabet.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://alphabet-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST

Creates a Gmail label and associates a filter rule to automatically categorize incoming messages matching a specified query.

naftiko: '0.5'
info:
  label: Gmail Label and Filter Management
  description: Creates a Gmail label and associates a filter rule to automatically categorize incoming messages matching a specified query.
  tags:
  - productivity
  - gmail
  - automation
capability:
  exposes:
  - type: mcp
    namespace: gmail-automation
    port: 8080
    tools:
    - name: create-label-and-filter
      description: Create a Gmail label and a matching filter to auto-categorize emails.
      inputParameters:
      - name: label_name
        in: body
        type: string
        description: The new label name.
      - name: filter_query
        in: body
        type: string
        description: The Gmail search query for the filter (e.g. from:noreply@example.com).
      steps:
      - name: create-label
        type: call
        call: gmail.create-label
        with:
          name: '{{label_name}}'
      - name: create-filter
        type: call
        call: gmail.create-filter
        with:
          query: '{{filter_query}}'
          add_label_id: '{{create-label.id}}'
  consumes:
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: labels
      path: /users/me/labels
      operations:
      - name: create-label
        method: POST
    - name: filters
      path: /users/me/settings/filters
      operations:
      - name: create-filter
        method: POST

Builds a container image via Cloud Build, pushes to Artifact Registry, updates a GKE deployment manifest, and triggers a rolling update with Slack notification.

naftiko: '0.5'
info:
  label: GKE Deployment Rollout Pipeline
  description: Builds a container image via Cloud Build, pushes to Artifact Registry, updates a GKE deployment manifest, and triggers a rolling update with Slack notification.
  tags:
  - devops
  - ci-cd
  - gke
  - cloud-build
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: gke-deployment
    port: 8080
    tools:
    - name: deploy-to-gke
      description: Build, push, and deploy a container to GKE with Cloud Build and Artifact Registry.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: repo_source
        in: body
        type: string
        description: The Cloud Source Repository name.
      - name: branch
        in: body
        type: string
        description: The branch to build from.
      - name: image_name
        in: body
        type: string
        description: The container image name.
      - name: cluster_name
        in: body
        type: string
        description: The GKE cluster name.
      - name: zone
        in: body
        type: string
        description: The GKE cluster zone.
      - name: deployment_name
        in: body
        type: string
        description: The Kubernetes deployment name.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for deploy notifications.
      steps:
      - name: trigger-build
        type: call
        call: cloudbuild.create-build
        with:
          project_id: '{{project_id}}'
          repo_source: '{{repo_source}}'
          branch: '{{branch}}'
          image_name: '{{image_name}}'
      - name: check-build
        type: call
        call: cloudbuild.get-build
        with:
          project_id: '{{project_id}}'
          build_id: '{{trigger-build.metadata.build.id}}'
      - name: update-deployment
        type: call
        call: gke.update-deployment-image
        with:
          project_id: '{{project_id}}'
          zone: '{{zone}}'
          cluster_name: '{{cluster_name}}'
          deployment_name: '{{deployment_name}}'
          image: '{{check-build.results.images[0].name}}'
      - name: notify-deploy
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Deployed {{image_name}} to {{cluster_name}}/{{deployment_name}}. Build: {{trigger-build.metadata.build.id}}. Image: {{check-build.results.images[0].name}}.'
  consumes:
  - type: http
    namespace: cloudbuild
    baseUri: https://cloudbuild.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: builds
      path: /projects/{{project_id}}/builds
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: create-build
        method: POST
    - name: build-status
      path: /projects/{{project_id}}/builds/{{build_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: build_id
        in: path
      operations:
      - name: get-build
        method: GET
  - type: http
    namespace: gke
    baseUri: https://container.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: deployments
      path: /projects/{{project_id}}/zones/{{zone}}/clusters/{{cluster_name}}/deployments/{{deployment_name}}
      inputParameters:
      - name: project_id
        in: path
      - name: zone
        in: path
      - name: cluster_name
        in: path
      - name: deployment_name
        in: path
      operations:
      - name: update-deployment-image
        method: PATCH
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Checks the status and revision details of a Cloud Run service including traffic allocation, container image, and readiness conditions.

naftiko: '0.5'
info:
  label: Cloud Run Service Status
  description: Checks the status and revision details of a Cloud Run service including traffic allocation, container image, and readiness conditions.
  tags:
  - cloud
  - infrastructure
  - cloud-run
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: cloudrun-ops
    port: 8080
    tools:
    - name: get-service-status
      description: Retrieve Cloud Run service details by name and region. Returns latest revision, traffic split, and readiness.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Cloud Run region (e.g. us-central1).
      - name: service_name
        in: body
        type: string
        description: The Cloud Run service name.
      call: cloudrun.get-service
      with:
        project_id: '{{project_id}}'
        region: '{{region}}'
        service_name: '{{service_name}}'
      outputParameters:
      - name: latest_revision
        type: string
        mapping: $.status.latestReadyRevisionName
      - name: url
        type: string
        mapping: $.status.url
      - name: ready
        type: boolean
        mapping: $.status.conditions[0].status
  consumes:
  - type: http
    namespace: cloudrun
    baseUri: https://run.googleapis.com/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: services
      path: /projects/{{project_id}}/locations/{{region}}/services/{{service_name}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: service_name
        in: path
      operations:
      - name: get-service
        method: GET

Sends a prompt to the Gemini generative model and returns the generated text response. Used for content generation, summarization, and Q&A.

naftiko: '0.5'
info:
  label: Gemini Text Generation
  description: Sends a prompt to the Gemini generative model and returns the generated text response. Used for content generation, summarization, and Q&A.
  tags:
  - ai
  - machine-learning
  - gemini
  - generative-ai
capability:
  exposes:
  - type: mcp
    namespace: gemini-gen
    port: 8080
    tools:
    - name: generate-text
      description: Generate text via Gemini model given a prompt and optional temperature setting.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: prompt
        in: body
        type: string
        description: The text prompt for generation.
      - name: temperature
        in: body
        type: number
        description: Sampling temperature between 0.0 and 1.0.
      call: gemini.generate-content
      with:
        project_id: '{{project_id}}'
        prompt: '{{prompt}}'
        temperature: '{{temperature}}'
  consumes:
  - type: http
    namespace: gemini
    baseUri: https://generativelanguage.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: models
      path: /projects/{{project_id}}/locations/us-central1/publishers/google/models/gemini-pro:generateContent
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: generate-content
        method: POST

Checks the state and progress of a Google Cloud Dataflow job including current stage, elapsed time, and watermark. Used by data engineers for pipeline monitoring.

naftiko: '0.5'
info:
  label: Cloud Dataflow Job Status
  description: Checks the state and progress of a Google Cloud Dataflow job including current stage, elapsed time, and watermark. Used by data engineers for pipeline monitoring.
  tags:
  - data
  - pipelines
  - google-cloud-dataflow
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: dataflow-ops
    port: 8080
    tools:
    - name: get-job-status
      description: Retrieve Dataflow job status by project, region, and job ID.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Dataflow region.
      - name: job_id
        in: body
        type: string
        description: The Dataflow job identifier.
      call: dataflow.get-job
      with:
        project_id: '{{project_id}}'
        region: '{{region}}'
        job_id: '{{job_id}}'
      outputParameters:
      - name: current_state
        type: string
        mapping: $.currentState
      - name: create_time
        type: string
        mapping: $.createTime
      - name: job_name
        type: string
        mapping: $.name
  consumes:
  - type: http
    namespace: dataflow
    baseUri: https://dataflow.googleapis.com/v1b3
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: jobs
      path: /projects/{{project_id}}/locations/{{region}}/jobs/{{job_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: job_id
        in: path
      operations:
      - name: get-job
        method: GET

Detects security incidents, enriches with context, creates response tickets, and notifies the SOC.

naftiko: '0.5'
info:
  label: Security Incident Response Pipeline
  description: Detects security incidents, enriches with context, creates response tickets, and notifies the SOC.
  tags:
  - security
  - splunk
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: security_incident_response_pipeline
      description: Orchestrate security incident response pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-splunk
        type: call
        call: splunk.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-splunk.result}}'
      - name: create-bigquery
        type: call
        call: bigquery.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Security Incident Response Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://alphabet-splunk.com/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: splunk-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://alphabet.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bigquery-op
        method: POST

Initiates review cycles, collects feedback, aggregates scores, and distributes to managers.

naftiko: '0.5'
info:
  label: Performance Review Cycle Pipeline
  description: Initiates review cycles, collects feedback, aggregates scores, and distributes to managers.
  tags:
  - hr
  - workday
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: performance_review_cycle_pipeline
      description: Orchestrate performance review cycle pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-gcp
        type: call
        call: gcp.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-gcp.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Performance Review Cycle Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: gcp
    baseUri: https://compute.googleapis.com/compute/v1/projects/alphabet
    authentication:
      type: bearer
      token: $secrets.gcp_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: gcp-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://alphabet.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

On employee termination, suspends the Google Workspace account, transfers Drive files to the manager, revokes OAuth tokens, and logs the offboarding event to BigQuery.

naftiko: '0.5'
info:
  label: Workspace User Offboarding Pipeline
  description: On employee termination, suspends the Google Workspace account, transfers Drive files to the manager, revokes OAuth tokens, and logs the offboarding event to BigQuery.
  tags:
  - identity
  - hr
  - google-workspace
  - google-drive
  - bigquery
capability:
  exposes:
  - type: mcp
    namespace: workspace-offboarding
    port: 8080
    tools:
    - name: offboard-user
      description: 'Orchestrate user offboarding: suspend account, transfer files, revoke tokens, and audit log.'
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: The departing user's email address.
      - name: manager_email
        in: body
        type: string
        description: The manager's email to receive file transfer.
      - name: project_id
        in: body
        type: string
        description: GCP project for audit logging.
      steps:
      - name: suspend-user
        type: call
        call: workspace.update-user
        with:
          user_email: '{{user_email}}'
          suspended: true
      - name: transfer-drive
        type: call
        call: drive.transfer-ownership
        with:
          from_user: '{{user_email}}'
          to_user: '{{manager_email}}'
      - name: revoke-tokens
        type: call
        call: workspace.revoke-tokens
        with:
          user_email: '{{user_email}}'
      - name: log-offboarding
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset_id: hr_events
          table_id: offboarding_log
          rows: '[{"user": "{{user_email}}", "manager": "{{manager_email}}", "action": "offboarded"}]'
  consumes:
  - type: http
    namespace: workspace
    baseUri: https://admin.googleapis.com/admin/directory/v1
    authentication:
      type: bearer
      token: $secrets.workspace_admin_token
    resources:
    - name: users
      path: /users/{{user_email}}
      inputParameters:
      - name: user_email
        in: path
      operations:
      - name: update-user
        method: PUT
      - name: revoke-tokens
        method: DELETE
  - type: http
    namespace: drive
    baseUri: https://www.googleapis.com/drive/v3
    authentication:
      type: bearer
      token: $secrets.workspace_admin_token
    resources:
    - name: transfers
      path: /files/transfer
      operations:
      - name: transfer-ownership
        method: POST
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST

Creates a Google Ads conversion action, generates the tracking tag, deploys it via Google Tag Manager, and confirms deployment by checking the GTM container version.

naftiko: '0.5'
info:
  label: Ads Conversion Tracking Setup
  description: Creates a Google Ads conversion action, generates the tracking tag, deploys it via Google Tag Manager, and confirms deployment by checking the GTM container version.
  tags:
  - advertising
  - marketing
  - google-ads
  - google-tag-manager
capability:
  exposes:
  - type: mcp
    namespace: ads-conversion-setup
    port: 8080
    tools:
    - name: setup-conversion-tracking
      description: Create a conversion action in Google Ads, deploy tracking tag via GTM, and verify.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: The Google Ads customer ID.
      - name: conversion_name
        in: body
        type: string
        description: The name for the conversion action.
      - name: conversion_category
        in: body
        type: string
        description: The conversion category (e.g. PURCHASE, LEAD).
      - name: gtm_account_id
        in: body
        type: string
        description: The GTM account ID.
      - name: gtm_container_id
        in: body
        type: string
        description: The GTM container ID.
      steps:
      - name: create-conversion
        type: call
        call: googleads.create-conversion-action
        with:
          customer_id: '{{customer_id}}'
          name: '{{conversion_name}}'
          category: '{{conversion_category}}'
      - name: create-gtm-tag
        type: call
        call: gtm.create-tag
        with:
          account_id: '{{gtm_account_id}}'
          container_id: '{{gtm_container_id}}'
          tag_name: '{{conversion_name}}_tracking'
          conversion_id: '{{create-conversion.results[0].conversionAction.id}}'
      - name: publish-container
        type: call
        call: gtm.publish-version
        with:
          account_id: '{{gtm_account_id}}'
          container_id: '{{gtm_container_id}}'
      - name: verify-deployment
        type: call
        call: gtm.get-latest-version
        with:
          account_id: '{{gtm_account_id}}'
          container_id: '{{gtm_container_id}}'
  consumes:
  - type: http
    namespace: googleads
    baseUri: https://googleads.googleapis.com/v16
    authentication:
      type: bearer
      token: $secrets.google_ads_token
    inputParameters:
    - name: developer-token
      in: header
      value: $secrets.google_ads_developer_token
    resources:
    - name: conversion-actions
      path: /customers/{{customer_id}}/conversionActions:mutate
      inputParameters:
      - name: customer_id
        in: path
      operations:
      - name: create-conversion-action
        method: POST
  - type: http
    namespace: gtm
    baseUri: https://tagmanager.googleapis.com/tagmanager/v2
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: tags
      path: /accounts/{{account_id}}/containers/{{container_id}}/workspaces/default/tags
      inputParameters:
      - name: account_id
        in: path
      - name: container_id
        in: path
      operations:
      - name: create-tag
        method: POST
    - name: versions
      path: /accounts/{{account_id}}/containers/{{container_id}}/versions
      inputParameters:
      - name: account_id
        in: path
      - name: container_id
        in: path
      operations:
      - name: publish-version
        method: POST
      - name: get-latest-version
        method: GET

Lists all members of a Google Chat space.

naftiko: '0.5'
info:
  label: Google Chat Space Membership List
  description: Lists all members of a Google Chat space.
  tags:
  - communications
  - google-workspace
capability:
  exposes:
  - type: mcp
    namespace: googlechat
    port: 8080
    tools:
    - name: list-members
      description: List all members in a Google Chat space.
      inputParameters:
      - name: space
        in: body
        type: string
        description: The Google Chat space name.
      call: googlechat.list-members
      with:
        space: '{{space}}'
  consumes:
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: memberships
      path: /spaces/{{space}}/members
      inputParameters:
      - name: space
        in: path
      operations:
      - name: list-members
        method: GET

Lists DNS records for a managed zone in Google Cloud DNS.

naftiko: '0.5'
info:
  label: Cloud DNS Zone Record Lookup
  description: Lists DNS records for a managed zone in Google Cloud DNS.
  tags:
  - networking
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: clouddns
    port: 8080
    tools:
    - name: list-records
      description: List DNS record sets for a managed zone.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: zone_name
        in: body
        type: string
        description: The managed zone name.
      call: clouddns.list-records
      with:
        project_id: '{{project_id}}'
        zone_name: '{{zone_name}}'
  consumes:
  - type: http
    namespace: clouddns
    baseUri: https://dns.googleapis.com/dns/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: records
      path: /projects/{{project_id}}/managedZones/{{zone_name}}/rrsets
      inputParameters:
      - name: project_id
        in: path
      - name: zone_name
        in: path
      operations:
      - name: list-records
        method: GET

Extracts data from Cloud Storage, transforms it via a Dataflow template job, loads results into BigQuery, and notifies the data team in Google Chat.

naftiko: '0.5'
info:
  label: Data Pipeline ETL Orchestration
  description: Extracts data from Cloud Storage, transforms it via a Dataflow template job, loads results into BigQuery, and notifies the data team in Google Chat.
  tags:
  - data
  - etl
  - google-cloud-dataflow
  - bigquery
  - gcp-cloud-storage
capability:
  exposes:
  - type: mcp
    namespace: data-etl
    port: 8080
    tools:
    - name: run-etl-pipeline
      description: 'Orchestrate an ETL pipeline: extract from GCS, transform via Dataflow, load to BigQuery, and notify.'
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Dataflow region.
      - name: source_bucket
        in: body
        type: string
        description: The GCS bucket containing source data.
      - name: source_path
        in: body
        type: string
        description: The object path prefix in the source bucket.
      - name: bq_dataset
        in: body
        type: string
        description: The target BigQuery dataset.
      - name: bq_table
        in: body
        type: string
        description: The target BigQuery table.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for notifications.
      steps:
      - name: list-source-objects
        type: call
        call: cloudstorage.list-objects
        with:
          bucket_name: '{{source_bucket}}'
          prefix: '{{source_path}}'
      - name: launch-dataflow
        type: call
        call: dataflow.create-job-from-template
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          input_path: gs://{{source_bucket}}/{{source_path}}
          output_table: '{{project_id}}:{{bq_dataset}}.{{bq_table}}'
      - name: check-job
        type: call
        call: dataflow.get-job
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          job_id: '{{launch-dataflow.job.id}}'
      - name: notify-team
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'ETL pipeline complete. Job {{launch-dataflow.job.id}} status: {{check-job.currentState}}. Data loaded to {{bq_dataset}}.{{bq_table}}.'
  consumes:
  - type: http
    namespace: cloudstorage
    baseUri: https://storage.googleapis.com/storage/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: objects
      path: /b/{{bucket_name}}/o
      inputParameters:
      - name: bucket_name
        in: path
      - name: prefix
        in: query
      operations:
      - name: list-objects
        method: GET
  - type: http
    namespace: dataflow
    baseUri: https://dataflow.googleapis.com/v1b3
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: templates
      path: /projects/{{project_id}}/locations/{{region}}/templates:launch
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      operations:
      - name: create-job-from-template
        method: POST
    - name: jobs
      path: /projects/{{project_id}}/locations/{{region}}/jobs/{{job_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: job_id
        in: path
      operations:
      - name: get-job
        method: GET
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Accesses a secret version from Google Cloud Secret Manager.

naftiko: '0.5'
info:
  label: Secret Manager Secret Retrieval
  description: Accesses a secret version from Google Cloud Secret Manager.
  tags:
  - security
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: secretmanager
    port: 8080
    tools:
    - name: access-secret
      description: Access a specific version of a secret from Secret Manager.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: secret_id
        in: body
        type: string
        description: The secret identifier.
      - name: version
        in: body
        type: string
        description: The secret version number or latest.
      call: secretmanager.access-secret
      with:
        project_id: '{{project_id}}'
        secret_id: '{{secret_id}}'
        version: '{{version}}'
  consumes:
  - type: http
    namespace: secretmanager
    baseUri: https://secretmanager.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: secrets
      path: /projects/{{project_id}}/secrets/{{secret_id}}/versions/{{version}}:access
      inputParameters:
      - name: project_id
        in: path
      - name: secret_id
        in: path
      - name: version
        in: path
      operations:
      - name: access-secret
        method: GET

Executes a saved Looker look by ID and returns the result set. Used by analytics teams to pull report data programmatically.

naftiko: '0.5'
info:
  label: Looker Dashboard Query
  description: Executes a saved Looker look by ID and returns the result set. Used by analytics teams to pull report data programmatically.
  tags:
  - analytics
  - bi
  - looker
capability:
  exposes:
  - type: mcp
    namespace: looker-analytics
    port: 8080
    tools:
    - name: run-look
      description: Execute a saved Looker look by look ID and return the result data.
      inputParameters:
      - name: look_id
        in: body
        type: string
        description: The Looker look identifier.
      - name: result_format
        in: body
        type: string
        description: 'Output format: json, csv, or txt.'
      call: looker.run-look
      with:
        look_id: '{{look_id}}'
        result_format: '{{result_format}}'
  consumes:
  - type: http
    namespace: looker
    baseUri: https://alphabet.cloud.looker.com/api/4.0
    authentication:
      type: bearer
      token: $secrets.looker_api_token
    resources:
    - name: looks
      path: /looks/{{look_id}}/run/{{result_format}}
      inputParameters:
      - name: look_id
        in: path
      - name: result_format
        in: path
      operations:
      - name: run-look
        method: GET

Scans VPC firewall rules for overly permissive entries, logs findings to BigQuery, and alerts the security team via Google Chat with a summary of non-compliant rules.

naftiko: '0.5'
info:
  label: VPC Firewall Audit Pipeline
  description: Scans VPC firewall rules for overly permissive entries, logs findings to BigQuery, and alerts the security team via Google Chat with a summary of non-compliant rules.
  tags:
  - networking
  - security
  - vpc
  - bigquery
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: vpc-firewall-audit
    port: 8080
    tools:
    - name: audit-firewall-rules
      description: Scan VPC firewall rules, log findings to BigQuery, and alert security team.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: network_name
        in: body
        type: string
        description: The VPC network name to audit.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space for security alerts.
      steps:
      - name: list-rules
        type: call
        call: compute.list-firewalls
        with:
          project_id: '{{project_id}}'
          network_name: '{{network_name}}'
      - name: log-findings
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset_id: security_audits
          table_id: firewall_findings
          rows: '{{list-rules.items}}'
      - name: alert-team
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Firewall audit for {{network_name}}: {{list-rules.items.length}} rules found. Review findings in BigQuery security_audits.firewall_findings.'
  consumes:
  - type: http
    namespace: compute
    baseUri: https://compute.googleapis.com/compute/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: firewalls
      path: /projects/{{project_id}}/global/firewalls
      inputParameters:
      - name: project_id
        in: path
      - name: filter
        in: query
      operations:
      - name: list-firewalls
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Tracks spending against budgets, forecasts overruns, creates alerts, and notifies finance leaders.

naftiko: '0.5'
info:
  label: Cost Center Budget Tracking Pipeline
  description: Tracks spending against budgets, forecasts overruns, creates alerts, and notifies finance leaders.
  tags:
  - finance
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: finance
    port: 8080
    tools:
    - name: cost_center_budget_tracking
      description: Orchestrate cost center budget tracking pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-powerbi
        type: call
        call: powerbi.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Cost Center Budget Tracking Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://alphabet.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Checks a Vertex AI endpoint's deployment status, model version, and traffic split. Used by ML engineers to verify model serving readiness.

naftiko: '0.5'
info:
  label: Vertex AI Model Endpoint Health
  description: Checks a Vertex AI endpoint's deployment status, model version, and traffic split. Used by ML engineers to verify model serving readiness.
  tags:
  - ai
  - machine-learning
  - vertex-ai
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: vertex-ml
    port: 8080
    tools:
    - name: get-endpoint-health
      description: Retrieve Vertex AI endpoint deployment info by project, region, and endpoint ID.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Vertex AI region.
      - name: endpoint_id
        in: body
        type: string
        description: The Vertex AI endpoint identifier.
      call: vertexai.get-endpoint
      with:
        project_id: '{{project_id}}'
        region: '{{region}}'
        endpoint_id: '{{endpoint_id}}'
      outputParameters:
      - name: display_name
        type: string
        mapping: $.displayName
      - name: deployed_models
        type: number
        mapping: $.deployedModels.length
      - name: traffic_split
        type: string
        mapping: $.trafficSplit
  consumes:
  - type: http
    namespace: vertexai
    baseUri: https://us-central1-aiplatform.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: endpoints
      path: /projects/{{project_id}}/locations/{{region}}/endpoints/{{endpoint_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: endpoint_id
        in: path
      operations:
      - name: get-endpoint
        method: GET

Runs test cases against a Dialogflow CX agent, collects results, logs failures to Jira, and sends a summary to Google Chat.

naftiko: '0.5'
info:
  label: Dialogflow CX Agent Test Pipeline
  description: Runs test cases against a Dialogflow CX agent, collects results, logs failures to Jira, and sends a summary to Google Chat.
  tags:
  - ai
  - google-dialogflow
  - jira
  - google-workspace
capability:
  exposes:
  - type: mcp
    namespace: dfcx-test
    port: 8080
    tools:
    - name: run-agent-tests
      description: Execute Dialogflow CX test cases and report failures.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: GCP project ID.
      - name: region
        in: body
        type: string
        description: Dialogflow region.
      - name: agent_id
        in: body
        type: string
        description: Dialogflow CX agent ID.
      - name: jira_domain
        in: body
        type: string
        description: Jira domain.
      - name: jira_project
        in: body
        type: string
        description: Jira project key.
      - name: chat_space
        in: body
        type: string
        description: Google Chat space.
      steps:
      - name: run-tests
        type: call
        call: dialogflowcx.batch-run-tests
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          agent_id: '{{agent_id}}'
      - name: log-failures
        type: call
        call: jira.create-issue
        with:
          project: '{{jira_project}}'
          summary: Dialogflow CX test failures
          description: '{{run-tests.results}}'
      - name: notify
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: Dialogflow CX test run complete. Failures logged to Jira.
  consumes:
  - type: http
    namespace: dialogflowcx
    baseUri: https://dialogflow.googleapis.com/v3
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: testCases
      path: /projects/{{project_id}}/locations/{{region}}/agents/{{agent_id}}/testCases:batchRun
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: agent_id
        in: path
      operations:
      - name: batch-run-tests
        method: POST
  - type: http
    namespace: jira
    baseUri: https://{{jira_domain}}.atlassian.net/rest/api/3
    authentication:
      type: basic
      token: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Detects failed Airflow DAGs in Cloud Composer, restarts the tasks, logs to Cloud Logging, and notifies the data engineering team.

naftiko: '0.5'
info:
  label: Cloud Composer DAG Failure Recovery Pipeline
  description: Detects failed Airflow DAGs in Cloud Composer, restarts the tasks, logs to Cloud Logging, and notifies the data engineering team.
  tags:
  - data
  - google-cloud-platform
  - apache-airflow
capability:
  exposes:
  - type: mcp
    namespace: composer-recovery
    port: 8080
    tools:
    - name: run-dag-recovery
      description: Detect and recover failed DAGs in Cloud Composer.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: region
        in: body
        type: string
        description: The Composer region.
      - name: environment
        in: body
        type: string
        description: Cloud Composer environment name.
      - name: dag_id
        in: body
        type: string
        description: The Airflow DAG ID.
      - name: airflow_uri
        in: body
        type: string
        description: The Airflow webserver URI.
      steps:
      - name: check-environment
        type: call
        call: composer.get-environment
        with:
          project_id: '{{project_id}}'
          region: '{{region}}'
          environment: '{{environment}}'
      - name: list-failed-runs
        type: call
        call: airflow.list-runs
        with:
          dag_id: '{{dag_id}}'
      - name: restart-dag
        type: call
        call: airflow.trigger-run
        with:
          dag_id: '{{dag_id}}'
      - name: log-recovery
        type: call
        call: cloudlogging.write-entry
        with:
          logName: projects/{{project_id}}/logs/dag-recovery
          entry: Restarted DAG {{dag_id}} after failure.
  consumes:
  - type: http
    namespace: composer
    baseUri: https://composer.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: environments
      path: /projects/{{project_id}}/locations/{{region}}/environments/{{environment}}
      inputParameters:
      - name: project_id
        in: path
      - name: region
        in: path
      - name: environment
        in: path
      operations:
      - name: get-environment
        method: GET
  - type: http
    namespace: airflow
    baseUri: https://{{airflow_uri}}
    authentication:
      type: bearer
      token: $secrets.airflow_token
    resources:
    - name: dags
      path: /api/v1/dags/{{dag_id}}/dagRuns
      inputParameters:
      - name: dag_id
        in: path
      operations:
      - name: list-runs
        method: GET
      - name: trigger-run
        method: POST
  - type: http
    namespace: cloudlogging
    baseUri: https://logging.googleapis.com/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: entries
      path: /entries:write
      operations:
      - name: write-entry
        method: POST

Compares deployed state against desired config, identifies drift, creates remediation tickets, and alerts ops.

naftiko: '0.5'
info:
  label: Infrastructure Drift Detection Pipeline
  description: Compares deployed state against desired config, identifies drift, creates remediation tickets, and alerts ops.
  tags:
  - devops
  - github
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: devops
    port: 8080
    tools:
    - name: infrastructure_drift_detection
      description: Orchestrate infrastructure drift detection pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-github
        type: call
        call: github.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-github.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Infrastructure Drift Detection Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://alphabet.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

On a Cloud Monitoring alert, creates a PagerDuty incident, opens a Google Chat war room, queries recent Cloud Logging entries, and posts a summary to the war room.

naftiko: '0.5'
info:
  label: Incident Response Orchestrator
  description: On a Cloud Monitoring alert, creates a PagerDuty incident, opens a Google Chat war room, queries recent Cloud Logging entries, and posts a summary to the war room.
  tags:
  - operations
  - incident-management
  - cloud-monitoring
  - google-cloud-platform
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: incident-response
    port: 8080
    tools:
    - name: trigger-incident-response
      description: Orchestrate incident response across monitoring, logging, PagerDuty, and Google Chat.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project with the alert.
      - name: alert_policy_name
        in: body
        type: string
        description: The Cloud Monitoring alert policy resource name.
      - name: service_name
        in: body
        type: string
        description: The affected service name for context.
      - name: pagerduty_service_id
        in: body
        type: string
        description: The PagerDuty service ID to create the incident in.
      - name: chat_space
        in: body
        type: string
        description: The Google Chat space for the war room.
      steps:
      - name: get-alert
        type: call
        call: monitoring.get-alert-policy
        with:
          alert_policy_name: '{{alert_policy_name}}'
      - name: create-incident
        type: call
        call: pagerduty.create-incident
        with:
          service_id: '{{pagerduty_service_id}}'
          title: 'Alert fired: {{get-alert.displayName}} on {{service_name}}'
          urgency: high
      - name: fetch-logs
        type: call
        call: logging.list-entries
        with:
          project_id: '{{project_id}}'
          filter: resource.labels.service_name={{service_name}} severity>=ERROR
      - name: post-summary
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Incident {{create-incident.incident.id}}: {{get-alert.displayName}}. PagerDuty: {{create-incident.incident.html_url}}. Recent errors: {{fetch-logs.entries.length}} entries.'
  consumes:
  - type: http
    namespace: monitoring
    baseUri: https://monitoring.googleapis.com/v3
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: alert-policies
      path: /{{alert_policy_name}}
      inputParameters:
      - name: alert_policy_name
        in: path
      operations:
      - name: get-alert-policy
        method: GET
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: logging
    baseUri: https://logging.googleapis.com/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: entries
      path: /entries:list
      operations:
      - name: list-entries
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST

Publishes a message to a Google Cloud Pub/Sub topic.

naftiko: '0.5'
info:
  label: Cloud Pub/Sub Topic Message Publisher
  description: Publishes a message to a Google Cloud Pub/Sub topic.
  tags:
  - messaging
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: pubsub
    port: 8080
    tools:
    - name: publish-message
      description: Publish a message to a Pub/Sub topic.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: topic_name
        in: body
        type: string
        description: The Pub/Sub topic name.
      - name: message_data
        in: body
        type: string
        description: The base64-encoded message data.
      call: pubsub.publish-message
      with:
        project_id: '{{project_id}}'
        topic_name: '{{topic_name}}'
        data: '{{message_data}}'
  consumes:
  - type: http
    namespace: pubsub
    baseUri: https://pubsub.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: topics
      path: /projects/{{project_id}}/topics/{{topic_name}}:publish
      inputParameters:
      - name: project_id
        in: path
      - name: topic_name
        in: path
      operations:
      - name: publish-message
        method: POST

Pulls YouTube channel stats and recent video analytics, exports the data to a Google Sheet dashboard, and sends a weekly content digest via Gmail.

naftiko: '0.5'
info:
  label: YouTube Content Performance Pipeline
  description: Pulls YouTube channel stats and recent video analytics, exports the data to a Google Sheet dashboard, and sends a weekly content digest via Gmail.
  tags:
  - media
  - analytics
  - youtube
  - google-sheets
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: youtube-performance
    port: 8080
    tools:
    - name: generate-content-report
      description: Fetch YouTube channel and video stats, export to Sheets, and email digest.
      inputParameters:
      - name: channel_id
        in: body
        type: string
        description: The YouTube channel ID.
      - name: spreadsheet_id
        in: body
        type: string
        description: The Google Sheets spreadsheet ID for the dashboard.
      - name: report_email
        in: body
        type: string
        description: Email for the content performance digest.
      steps:
      - name: get-channel-stats
        type: call
        call: youtube.get-channel
        with:
          channel_id: '{{channel_id}}'
      - name: get-recent-videos
        type: call
        call: youtube.list-videos
        with:
          channel_id: '{{channel_id}}'
      - name: update-dashboard
        type: call
        call: sheets.update-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: YouTubeReport!A1
          values: '{{get-recent-videos.items}}'
      - name: send-digest
        type: call
        call: gmail.send-message
        with:
          to: '{{report_email}}'
          subject: YouTube Content Digest
          body: 'Channel subscribers: {{get-channel-stats.items[0].statistics.subscriberCount}}. Total views: {{get-channel-stats.items[0].statistics.viewCount}}. Dashboard: https://docs.google.com/spreadsheets/d/{{spreadsheet_id}}.'
  consumes:
  - type: http
    namespace: youtube
    baseUri: https://www.googleapis.com/youtube/v3
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: channels
      path: /channels
      inputParameters:
      - name: id
        in: query
      - name: part
        in: query
        value: statistics
      operations:
      - name: get-channel
        method: GET
    - name: search
      path: /search
      inputParameters:
      - name: channelId
        in: query
      - name: order
        in: query
        value: date
      - name: type
        in: query
        value: video
      operations:
      - name: list-videos
        method: GET
  - type: http
    namespace: sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: update-values
        method: PUT
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Retrieves metadata for a file stored in Google Drive including permissions and sharing status.

naftiko: '0.5'
info:
  label: Google Drive File Metadata Lookup
  description: Retrieves metadata for a file stored in Google Drive including permissions and sharing status.
  tags:
  - collaboration
  - google-drive
capability:
  exposes:
  - type: mcp
    namespace: googledrive
    port: 8080
    tools:
    - name: get-file
      description: Retrieve metadata for a Google Drive file.
      inputParameters:
      - name: file_id
        in: body
        type: string
        description: The Google Drive file ID.
      call: googledrive.get-file
      with:
        file_id: '{{file_id}}'
  consumes:
  - type: http
    namespace: googledrive
    baseUri: https://www.googleapis.com/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_drive_token
    resources:
    - name: files
      path: /files/{{file_id}}
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: get-file
        method: GET

Extracts API traffic analytics from Apigee, transforms the data, loads into BigQuery, and refreshes a Looker dashboard.

naftiko: '0.5'
info:
  label: Apigee API Analytics to Looker Pipeline
  description: Extracts API traffic analytics from Apigee, transforms the data, loads into BigQuery, and refreshes a Looker dashboard.
  tags:
  - analytics
  - apigee
  - bigquery
  - looker
capability:
  exposes:
  - type: mcp
    namespace: apigee-analytics
    port: 8080
    tools:
    - name: run-apigee-analytics
      description: Extract Apigee analytics and load into BigQuery with Looker refresh.
      inputParameters:
      - name: org
        in: body
        type: string
        description: Apigee organization name.
      - name: env
        in: body
        type: string
        description: Apigee environment.
      - name: project_id
        in: body
        type: string
        description: GCP project ID.
      - name: dataset
        in: body
        type: string
        description: BigQuery dataset.
      - name: table
        in: body
        type: string
        description: BigQuery table.
      steps:
      - name: get-api-stats
        type: call
        call: apigee.get-stats
        with:
          org: '{{org}}'
          env: '{{env}}'
      - name: load-to-bq
        type: call
        call: bigquery.insert-rows
        with:
          project_id: '{{project_id}}'
          dataset: '{{dataset}}'
          table: '{{table}}'
      - name: refresh-looker
        type: call
        call: looker.run-look
        with:
          look_id: '{{look_id}}'
  consumes:
  - type: http
    namespace: apigee
    baseUri: https://apigee.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: stats
      path: /organizations/{{org}}/environments/{{env}}/stats/apiproxy
      inputParameters:
      - name: org
        in: path
      - name: env
        in: path
      operations:
      - name: get-stats
        method: GET
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset}}/tables/{{table}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset
        in: path
      - name: table
        in: path
      operations:
      - name: insert-rows
        method: POST
  - type: http
    namespace: looker
    baseUri: https://looker.com/api/4.0
    authentication:
      type: bearer
      token: $secrets.looker_api_token
    resources:
    - name: looks
      path: /looks/{{look_id}}/run/json
      inputParameters:
      - name: look_id
        in: path
      operations:
      - name: run-look
        method: GET

When a Google Ads campaign exceeds its daily budget threshold, pauses the campaign, sends an alert to the marketing Slack channel via Google Chat, and logs the event to BigQuery.

naftiko: '0.5'
info:
  label: Ad Campaign Budget Adjustment Pipeline
  description: When a Google Ads campaign exceeds its daily budget threshold, pauses the campaign, sends an alert to the marketing Slack channel via Google Chat, and logs the event to BigQuery.
  tags:
  - advertising
  - marketing
  - google-ads
  - bigquery
  - alerting
capability:
  exposes:
  - type: mcp
    namespace: ads-budget-control
    port: 8080
    tools:
    - name: enforce-budget-limit
      description: Check campaign spend against threshold, pause if exceeded, alert team, and log to BigQuery.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: The Google Ads customer ID.
      - name: campaign_id
        in: body
        type: string
        description: The campaign identifier.
      - name: budget_threshold
        in: body
        type: number
        description: The daily budget ceiling in micros.
      - name: chat_space
        in: body
        type: string
        description: The Google Chat space ID for alerts.
      steps:
      - name: get-spend
        type: call
        call: googleads.query-campaign
        with:
          customer_id: '{{customer_id}}'
          campaign_id: '{{campaign_id}}'
      - name: pause-campaign
        type: call
        call: googleads.update-campaign-status
        with:
          customer_id: '{{customer_id}}'
          campaign_id: '{{campaign_id}}'
          status: PAUSED
      - name: alert-team
        type: call
        call: googlechat.send-message
        with:
          space: '{{chat_space}}'
          text: 'Budget alert: Campaign {{campaign_id}} paused. Spend {{get-spend.cost_micros}} exceeded threshold {{budget_threshold}}.'
      - name: log-event
        type: call
        call: bigquery.insert-rows
        with:
          project_id: alphabet-ads-ops
          dataset_id: budget_events
          table_id: campaign_pauses
          rows: '[{"campaign_id": "{{campaign_id}}", "spend": "{{get-spend.cost_micros}}", "threshold": "{{budget_threshold}}"}]'
  consumes:
  - type: http
    namespace: googleads
    baseUri: https://googleads.googleapis.com/v16
    authentication:
      type: bearer
      token: $secrets.google_ads_token
    inputParameters:
    - name: developer-token
      in: header
      value: $secrets.google_ads_developer_token
    resources:
    - name: campaign-query
      path: /customers/{{customer_id}}/googleAds:searchStream
      inputParameters:
      - name: customer_id
        in: path
      operations:
      - name: query-campaign
        method: POST
    - name: campaign-mutate
      path: /customers/{{customer_id}}/campaigns:mutate
      inputParameters:
      - name: customer_id
        in: path
      operations:
      - name: update-campaign-status
        method: POST
  - type: http
    namespace: googlechat
    baseUri: https://chat.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_chat_token
    resources:
    - name: messages
      path: /spaces/{{space}}/messages
      inputParameters:
      - name: space
        in: path
      operations:
      - name: send-message
        method: POST
  - type: http
    namespace: bigquery
    baseUri: https://bigquery.googleapis.com/bigquery/v2
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: tabledata
      path: /projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll
      inputParameters:
      - name: project_id
        in: path
      - name: dataset_id
        in: path
      - name: table_id
        in: path
      operations:
      - name: insert-rows
        method: POST

Extracts structured data from a Google Doc, parses key-value pairs, appends them to a Google Sheet, and sends a confirmation via Gmail.

naftiko: '0.5'
info:
  label: Google Docs to Sheets Data Sync
  description: Extracts structured data from a Google Doc, parses key-value pairs, appends them to a Google Sheet, and sends a confirmation via Gmail.
  tags:
  - productivity
  - google-docs
  - google-sheets
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: docs-to-sheets
    port: 8080
    tools:
    - name: sync-doc-to-sheet
      description: Extract data from a Google Doc and append to a Google Sheet with email confirmation.
      inputParameters:
      - name: document_id
        in: body
        type: string
        description: The Google Docs document ID.
      - name: spreadsheet_id
        in: body
        type: string
        description: The Google Sheets spreadsheet ID.
      - name: sheet_range
        in: body
        type: string
        description: The target sheet range (e.g. Sheet1!A1).
      - name: notify_email
        in: body
        type: string
        description: Email address for sync confirmation.
      steps:
      - name: get-doc-content
        type: call
        call: docs.get-document
        with:
          document_id: '{{document_id}}'
      - name: append-to-sheet
        type: call
        call: sheets.append-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: '{{sheet_range}}'
          values: '{{get-doc-content.body.content}}'
      - name: send-confirmation
        type: call
        call: gmail.send-message
        with:
          to: '{{notify_email}}'
          subject: Doc-to-Sheet sync complete
          body: 'Data from document {{document_id}} has been synced to spreadsheet {{spreadsheet_id}} at range {{sheet_range}}. Rows appended: {{append-to-sheet.updates.updatedRows}}.'
  consumes:
  - type: http
    namespace: docs
    baseUri: https://docs.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: documents
      path: /documents/{{document_id}}
      inputParameters:
      - name: document_id
        in: path
      operations:
      - name: get-document
        method: GET
  - type: http
    namespace: sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}:append
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: append-values
        method: POST
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Creates a new Google Slides presentation from a template, populates it with data from a Google Sheet, and shares it via Google Drive with email notification.

naftiko: '0.5'
info:
  label: Google Slides Presentation Generator
  description: Creates a new Google Slides presentation from a template, populates it with data from a Google Sheet, and shares it via Google Drive with email notification.
  tags:
  - productivity
  - google-slides
  - google-sheets
  - google-drive
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: slides-generator
    port: 8080
    tools:
    - name: generate-presentation
      description: Create a Slides deck from a template, fill with Sheets data, share via Drive, and notify.
      inputParameters:
      - name: template_presentation_id
        in: body
        type: string
        description: The Slides template presentation ID.
      - name: spreadsheet_id
        in: body
        type: string
        description: The source Google Sheets spreadsheet ID.
      - name: sheet_range
        in: body
        type: string
        description: The data range to pull from the spreadsheet.
      - name: share_email
        in: body
        type: string
        description: Email address to share the generated presentation with.
      steps:
      - name: copy-template
        type: call
        call: drive.copy-file
        with:
          file_id: '{{template_presentation_id}}'
          name: Generated Report
      - name: get-sheet-data
        type: call
        call: sheets.get-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: '{{sheet_range}}'
      - name: update-slides
        type: call
        call: slides.batch-update
        with:
          presentation_id: '{{copy-template.id}}'
          data: '{{get-sheet-data.values}}'
      - name: share-presentation
        type: call
        call: drive.share-file
        with:
          file_id: '{{copy-template.id}}'
          email: '{{share_email}}'
          role: reader
      - name: notify-recipient
        type: call
        call: gmail.send-message
        with:
          to: '{{share_email}}'
          subject: New presentation ready
          body: 'Your generated presentation is ready: https://docs.google.com/presentation/d/{{copy-template.id}}'
  consumes:
  - type: http
    namespace: drive
    baseUri: https://www.googleapis.com/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: files
      path: /files/{{file_id}}/copy
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: copy-file
        method: POST
    - name: permissions
      path: /files/{{file_id}}/permissions
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: share-file
        method: POST
  - type: http
    namespace: sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: get-values
        method: GET
  - type: http
    namespace: slides
    baseUri: https://slides.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: presentations
      path: /presentations/{{presentation_id}}:batchUpdate
      inputParameters:
      - name: presentation_id
        in: path
      operations:
      - name: batch-update
        method: POST
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Fetches responses from a Google Form, aggregates summary statistics, writes them to a Google Sheet, and sends the report via Gmail.

naftiko: '0.5'
info:
  label: Google Forms Response Aggregator
  description: Fetches responses from a Google Form, aggregates summary statistics, writes them to a Google Sheet, and sends the report via Gmail.
  tags:
  - productivity
  - google-forms
  - google-sheets
  - gmail
capability:
  exposes:
  - type: mcp
    namespace: forms-aggregation
    port: 8080
    tools:
    - name: aggregate-form-responses
      description: Collect Google Forms responses, summarize, push to Sheets, and email report.
      inputParameters:
      - name: form_id
        in: body
        type: string
        description: The Google Form ID.
      - name: spreadsheet_id
        in: body
        type: string
        description: The target Google Sheets spreadsheet ID.
      - name: sheet_range
        in: body
        type: string
        description: The target range in the spreadsheet.
      - name: report_email
        in: body
        type: string
        description: Email to send the aggregated report.
      steps:
      - name: get-responses
        type: call
        call: forms.list-responses
        with:
          form_id: '{{form_id}}'
      - name: write-to-sheet
        type: call
        call: sheets.update-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: '{{sheet_range}}'
          values: '{{get-responses.responses}}'
      - name: send-report
        type: call
        call: gmail.send-message
        with:
          to: '{{report_email}}'
          subject: Form Responses Report for {{form_id}}
          body: 'Total responses: {{get-responses.responses.length}}. Data written to spreadsheet {{spreadsheet_id}}.'
  consumes:
  - type: http
    namespace: forms
    baseUri: https://forms.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: responses
      path: /forms/{{form_id}}/responses
      inputParameters:
      - name: form_id
        in: path
      operations:
      - name: list-responses
        method: GET
  - type: http
    namespace: sheets
    baseUri: https://sheets.googleapis.com/v4
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: values
      path: /spreadsheets/{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: update-values
        method: PUT
  - type: http
    namespace: gmail
    baseUri: https://gmail.googleapis.com/gmail/v1
    authentication:
      type: bearer
      token: $secrets.google_oauth_token
    resources:
    - name: messages
      path: /users/me/messages/send
      operations:
      - name: send-message
        method: POST

Searches application logs for matching patterns. Used by Alphabet teams.

naftiko: '0.5'
info:
  label: Alphabet Log Search Query
  description: Searches application logs for matching patterns. Used by Alphabet teams.
  tags:
  - cloud
  - kubernetes
capability:
  exposes:
  - type: mcp
    namespace: kubernetes
    port: 8080
    tools:
    - name: get-log_search_query
      description: Searches application logs for matching patterns. Used by Alphabet teams.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The search_query to look up.
      call: kubernetes.get-search_query
      with:
        search_query: '{{search_query}}'
  consumes:
  - type: http
    namespace: k8s
    baseUri: https://alphabet-k8s.com/api/v1
    authentication:
      type: bearer
      token: $secrets.k8s_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: alphabet_log_search_query
        method: GET

Retrieves the node pool configuration and status for a GKE cluster including node count, machine type, and autoscaling settings.

naftiko: '0.5'
info:
  label: GKE Cluster Node Pool Status
  description: Retrieves the node pool configuration and status for a GKE cluster including node count, machine type, and autoscaling settings.
  tags:
  - infrastructure
  - kubernetes
  - gke
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: gke-ops
    port: 8080
    tools:
    - name: get-nodepool-status
      description: Fetch GKE node pool details by cluster name, zone, and node pool name.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GCP project ID.
      - name: zone
        in: body
        type: string
        description: The GKE cluster zone.
      - name: cluster_name
        in: body
        type: string
        description: The GKE cluster name.
      - name: nodepool_name
        in: body
        type: string
        description: The node pool name.
      call: gke.get-nodepool
      with:
        project_id: '{{project_id}}'
        zone: '{{zone}}'
        cluster_name: '{{cluster_name}}'
        nodepool_name: '{{nodepool_name}}'
      outputParameters:
      - name: node_count
        type: number
        mapping: $.initialNodeCount
      - name: machine_type
        type: string
        mapping: $.config.machineType
      - name: autoscaling_enabled
        type: boolean
        mapping: $.autoscaling.enabled
  consumes:
  - type: http
    namespace: gke
    baseUri: https://container.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: nodepools
      path: /projects/{{project_id}}/zones/{{zone}}/clusters/{{cluster_name}}/nodePools/{{nodepool_name}}
      inputParameters:
      - name: project_id
        in: path
      - name: zone
        in: path
      - name: cluster_name
        in: path
      - name: nodepool_name
        in: path
      operations:
      - name: get-nodepool
        method: GET

Tracks fleet vehicle positions via Google Maps Routes API, updates a Cloud Firestore collection, and sends delay alerts to Microsoft Teams.

naftiko: '0.5'
info:
  label: Google Maps Fleet Tracking Pipeline
  description: Tracks fleet vehicle positions via Google Maps Routes API, updates a Cloud Firestore collection, and sends delay alerts to Microsoft Teams.
  tags:
  - logistics
  - google-maps
  - google-cloud-platform
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: fleet-tracking
    port: 8080
    tools:
    - name: run-fleet-tracking
      description: Track fleet positions and notify on delays.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: GCP project ID.
      - name: collection
        in: body
        type: string
        description: Firestore collection.
      - name: origins
        in: body
        type: string
        description: Origin addresses.
      - name: destinations
        in: body
        type: string
        description: Destination addresses.
      - name: team_id
        in: body
        type: string
        description: Teams team ID.
      - name: channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: compute-distances
        type: call
        call: routes.compute-matrix
        with:
          origins: '{{origins}}'
          destinations: '{{destinations}}'
      - name: update-firestore
        type: call
        call: firestore.create-document
        with:
          project_id: '{{project_id}}'
          collection: '{{collection}}'
      - name: alert-delays
        type: call
        call: teams.send-message
        with:
          team_id: '{{team_id}}'
          channel_id: '{{channel_id}}'
          text: Fleet tracking update complete.
  consumes:
  - type: http
    namespace: routes
    baseUri: https://routes.googleapis.com/distanceMatrix/v2
    authentication:
      type: bearer
      token: $secrets.google_maps_key
    resources:
    - name: distanceMatrix
      path: /distanceMatrix:compute
      operations:
      - name: compute-matrix
        method: POST
  - type: http
    namespace: firestore
    baseUri: https://firestore.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_access_token
    resources:
    - name: documents
      path: /projects/{{project_id}}/databases/(default)/documents/{{collection}}
      inputParameters:
      - name: project_id
        in: path
      - name: collection
        in: path
      operations:
      - name: create-document
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.microsoft_graph_token
    resources:
    - name: messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-message
        method: POST

Lists all Lambda functions in a given AWS region and returns their names, runtimes, and memory configurations.

naftiko: '0.5'
info:
  label: Lambda Function List
  description: Lists all Lambda functions in a given AWS region and returns their names, runtimes, and memory configurations.
  tags:
  - cloud
  - serverless
  - aws
  - lambda
capability:
  exposes:
  - type: mcp
    namespace: lambda-list
    port: 8080
    tools:
    - name: list-functions
      description: List all Lambda functions in the specified AWS region. Returns function names, runtimes, and memory sizes.
      inputParameters:
      - name: region
        in: body
        type: string
        description: The AWS region to list Lambda functions for, e.g. us-west-2.
      call: lambda-api.list-functions
      with:
        region: '{{region}}'
      outputParameters:
      - name: functions
        type: array
        mapping: $.Functions
  consumes:
  - namespace: lambda-api
    type: http
    baseUri: https://lambda.us-east-1.amazonaws.com/2015-03-31
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_lambda_token
      placement: header
    resources:
    - name: functions
      path: /functions
      inputParameters:
      - name: region
        in: query
      operations:
      - name: list-functions
        method: GET

Aggregates GitHub PR merge rates, Jira issue cycle times, and Datadog error rates for the past week, then publishes a consolidated engineering health digest to the leadership Slack channel.

naftiko: '0.5'
info:
  label: Weekly Engineering Metrics Digest
  description: Aggregates GitHub PR merge rates, Jira issue cycle times, and Datadog error rates for the past week, then publishes a consolidated engineering health digest to the leadership Slack channel.
  tags:
  - devops
  - reporting
  - github
  - jira
  - datadog
  - slack
  - metrics
capability:
  exposes:
  - type: mcp
    namespace: eng-reporting
    port: 8080
    tools:
    - name: publish-eng-metrics-digest
      description: Given a GitHub org, Jira project key, and Datadog service tag, fetch the weekly PR merge count, Jira throughput, and service error rate, then post a combined engineering digest to Slack.
      inputParameters:
      - name: github_org
        in: body
        type: string
        description: The GitHub organization to query PR merge stats for, e.g. amzn.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key to query issue throughput for.
      - name: datadog_service
        in: body
        type: string
        description: The Datadog service tag to query error rate metrics for.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID where the weekly digest will be posted.
      steps:
      - name: get-pr-stats
        type: call
        call: github-metrics.search-issues
        with:
          q: org:{{github_org}} is:pr is:merged merged:>-7d
      - name: get-dd-error-rate
        type: call
        call: datadog-metrics.query-metrics
        with:
          query: avg:trace.web.request.errors{service:{{datadog_service}}}.rollup(avg, 604800)
      - name: post-digest
        type: call
        call: slack-metrics.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Weekly Engineering Digest | PRs merged: {{get-pr-stats.total_count}} | Datadog error rate (7d avg): {{get-dd-error-rate.value}} | Project: {{jira_project_key}}'
  consumes:
  - namespace: github-metrics
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: search-issues
      path: /search/issues
      inputParameters:
      - name: q
        in: query
      operations:
      - name: search-issues
        method: GET
  - namespace: datadog-metrics
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: metrics
      path: /query
      inputParameters:
      - name: query
        in: query
      operations:
      - name: query-metrics
        method: GET
  - namespace: slack-metrics
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a Salesforce support case is escalated to priority 1, creates a linked ServiceNow incident and pages the on-call support engineer via PagerDuty.

naftiko: '0.5'
info:
  label: Salesforce Case Escalation to ServiceNow
  description: When a Salesforce support case is escalated to priority 1, creates a linked ServiceNow incident and pages the on-call support engineer via PagerDuty.
  tags:
  - customer-support
  - crm
  - salesforce
  - servicenow
  - pagerduty
  - escalation
capability:
  exposes:
  - type: mcp
    namespace: support-escalation
    port: 8080
    tools:
    - name: escalate-case-to-p1
      description: Given a Salesforce case ID and PagerDuty service key, fetch the case details, open a linked ServiceNow incident, and page the on-call support engineer.
      inputParameters:
      - name: case_id
        in: body
        type: string
        description: The Salesforce case ID to escalate, e.g. 5005g00000ABC.
      - name: pagerduty_service_key
        in: body
        type: string
        description: The PagerDuty service integration key for routing the escalation page.
      steps:
      - name: get-case
        type: call
        call: salesforce-esc.get-case
        with:
          case_id: '{{case_id}}'
      - name: create-incident
        type: call
        call: servicenow-esc.create-incident
        with:
          short_description: 'P1 Escalation: {{get-case.subject}}'
          description: 'Salesforce Case: {{case_id}}

            Account: {{get-case.account_name}}

            Description: {{get-case.description}}'
          urgency: '1'
          impact: '1'
      - name: page-oncall
        type: call
        call: pagerduty-esc.create-incident
        with:
          service_key: '{{pagerduty_service_key}}'
          description: 'P1 support escalation: {{get-case.subject}}'
          incident_key: sf-{{case_id}}
  consumes:
  - namespace: salesforce-esc
    type: http
    baseUri: https://amazon.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: case
      path: /sobjects/Case/{case_id}
      inputParameters:
      - name: case_id
        in: path
      operations:
      - name: get-case
        method: GET
  - namespace: servicenow-esc
    type: http
    baseUri: https://amazon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: pagerduty-esc
    type: http
    baseUri: https://events.pagerduty.com/v2
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: incident
      path: /enqueue
      operations:
      - name: create-incident
        method: POST

Retrieves a single item from a DynamoDB table by primary key and returns the full item attributes.

naftiko: '0.5'
info:
  label: DynamoDB Item Lookup
  description: Retrieves a single item from a DynamoDB table by primary key and returns the full item attributes.
  tags:
  - cloud
  - database
  - aws
  - dynamodb
capability:
  exposes:
  - type: mcp
    namespace: dynamo-lookup
    port: 8080
    tools:
    - name: get-item
      description: Fetch a single item from a DynamoDB table by its primary key. Returns all item attributes.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: The DynamoDB table name to query.
      - name: key_value
        in: body
        type: string
        description: The primary key value for the item to retrieve.
      call: dynamodb-api.get-item
      with:
        table_name: '{{table_name}}'
        key_value: '{{key_value}}'
      outputParameters:
      - name: item
        type: object
        mapping: $.Item
  consumes:
  - namespace: dynamodb-api
    type: http
    baseUri: https://dynamodb.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_dynamodb_token
      placement: header
    resources:
    - name: item
      path: /
      inputParameters:
      - name: table_name
        in: body
      - name: key_value
        in: body
      operations:
      - name: get-item
        method: POST

Fetches an open Workday job requisition and publishes it as a LinkedIn job posting, then creates a Jira recruiting task to track the open role.

naftiko: '0.5'
info:
  label: LinkedIn Job Posting Publisher
  description: Fetches an open Workday job requisition and publishes it as a LinkedIn job posting, then creates a Jira recruiting task to track the open role.
  tags:
  - hr
  - recruiting
  - workday
  - linkedin
  - jira
capability:
  exposes:
  - type: mcp
    namespace: recruiting-ops
    port: 8080
    tools:
    - name: publish-job-to-linkedin
      description: Given a Workday job requisition ID, fetch role details from Workday, publish the posting to LinkedIn, and create a Jira recruiting task to track candidate pipeline.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: The Workday job requisition ID to publish, e.g. JR-00542.
      - name: linkedin_organization_id
        in: body
        type: string
        description: The LinkedIn organization URN ID to post the job under.
      steps:
      - name: get-requisition
        type: call
        call: workday-rec.get-requisition
        with:
          requisition_id: '{{requisition_id}}'
      - name: create-linkedin-post
        type: call
        call: linkedin.create-job-posting
        with:
          organization_id: '{{linkedin_organization_id}}'
          title: '{{get-requisition.job_title}}'
          description: '{{get-requisition.job_description}}'
          location: '{{get-requisition.location}}'
      - name: create-recruiting-task
        type: call
        call: jira-rec.create-issue
        with:
          project_key: RECRUIT
          issuetype: Task
          summary: 'Open Role: {{get-requisition.job_title}} ({{requisition_id}})'
          description: 'LinkedIn posting ID: {{create-linkedin-post.posting_id}}'
  consumes:
  - namespace: workday-rec
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: requisition
      path: /jobRequisitions/{requisition_id}
      inputParameters:
      - name: requisition_id
        in: path
      operations:
      - name: get-requisition
        method: GET
  - namespace: linkedin
    type: http
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: job-posting
      path: /jobs
      operations:
      - name: create-job-posting
        method: POST
  - namespace: jira-rec
    type: http
    baseUri: https://amazon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST

Fetches current headcount data from Workday by department and publishes a summary report to a Slack channel for people-ops review.

naftiko: '0.5'
info:
  label: Workday Headcount Snapshot
  description: Fetches current headcount data from Workday by department and publishes a summary report to a Slack channel for people-ops review.
  tags:
  - hr
  - reporting
  - workday
  - slack
  - headcount
capability:
  exposes:
  - type: mcp
    namespace: hr-reporting
    port: 8080
    tools:
    - name: digest-headcount
      description: Given a Workday organization ID, fetch a headcount summary by department and post the digest to a designated Slack channel. Invoke when a people-ops or finance team member requests a headcount report.
      inputParameters:
      - name: org_id
        in: body
        type: string
        description: The Workday organization ID to query headcount for.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID where the headcount digest will be posted.
      steps:
      - name: get-headcount
        type: call
        call: workday-hc.get-headcount
        with:
          org_id: '{{org_id}}'
      - name: post-digest
        type: call
        call: slack-hc.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Headcount for org {{org_id}}: {{get-headcount.total}} total employees across {{get-headcount.department_count}} departments.'
  consumes:
  - namespace: workday-hc
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: headcount
      path: /orgs/{org_id}/headcount
      inputParameters:
      - name: org_id
        in: path
      operations:
      - name: get-headcount
        method: GET
  - namespace: slack-hc
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Pulls usage metrics for an Alexa skill, generates a weekly digest, and posts the summary to a Slack channel.

naftiko: '0.5'
info:
  label: Alexa Skill Usage Analytics Digest
  description: Pulls usage metrics for an Alexa skill, generates a weekly digest, and posts the summary to a Slack channel.
  tags:
  - voice
  - alexa
  - analytics
  - slack
capability:
  exposes:
  - type: mcp
    namespace: alexa-analytics
    port: 8080
    tools:
    - name: generate-usage-digest
      description: Generate a weekly usage analytics digest for an Alexa skill and post it to Slack.
      inputParameters:
      - name: skill_id
        in: body
        type: string
        description: The Alexa skill ID to pull usage metrics for.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID to post the digest to.
      steps:
      - name: get-usage-metrics
        type: call
        call: alexa-metrics.get-skill-metrics
        with:
          skill_id: '{{skill_id}}'
          metric: uniqueCustomers,totalSessions
      - name: post-digest
        type: call
        call: slack-alexa.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Alexa Skill Weekly Digest ({{skill_id}}): Unique customers: {{get-usage-metrics.unique_customers}}, Total sessions: {{get-usage-metrics.total_sessions}}'
  consumes:
  - namespace: alexa-metrics
    type: http
    baseUri: https://api.amazonalexa.com/v1
    authentication:
      type: bearer
      token: $secrets.alexa_developer_token
    resources:
    - name: metrics
      path: /skills/{skill_id}/metrics
      inputParameters:
      - name: skill_id
        in: path
      - name: metric
        in: query
      operations:
      - name: get-skill-metrics
        method: GET
  - namespace: slack-alexa
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Describes a CloudFormation stack and returns its current status, outputs, and last updated timestamp.

naftiko: '0.5'
info:
  label: CloudFormation Stack Status
  description: Describes a CloudFormation stack and returns its current status, outputs, and last updated timestamp.
  tags:
  - cloud
  - infrastructure
  - aws
  - cloudformation
capability:
  exposes:
  - type: mcp
    namespace: cfn-status
    port: 8080
    tools:
    - name: describe-stack
      description: Get the status, outputs, and last update time for a CloudFormation stack.
      inputParameters:
      - name: stack_name
        in: body
        type: string
        description: The CloudFormation stack name or ARN to describe.
      call: cfn-api.describe-stack
      with:
        stack_name: '{{stack_name}}'
      outputParameters:
      - name: stack_status
        type: string
        mapping: $.Stacks[0].StackStatus
      - name: outputs
        type: array
        mapping: $.Stacks[0].Outputs
  consumes:
  - namespace: cfn-api
    type: http
    baseUri: https://cloudformation.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_cfn_token
      placement: header
    resources:
    - name: stack
      path: /
      inputParameters:
      - name: stack_name
        in: query
      operations:
      - name: describe-stack
        method: GET

Analyzes EC2 instance CPU and memory utilization via CloudWatch, generates rightsizing recommendations, and posts the findings to a Slack channel.

naftiko: '0.5'
info:
  label: EC2 Instance Rightsizing Advisor
  description: Analyzes EC2 instance CPU and memory utilization via CloudWatch, generates rightsizing recommendations, and posts the findings to a Slack channel.
  tags:
  - cloud
  - finops
  - cost-optimization
  - aws
  - ec2
  - cloudwatch
  - slack
capability:
  exposes:
  - type: mcp
    namespace: ec2-rightsize
    port: 8080
    tools:
    - name: analyze-rightsizing
      description: Given an EC2 instance ID, analyze its CPU and memory utilization over the last 14 days, generate a rightsizing recommendation, and post results to Slack.
      inputParameters:
      - name: instance_id
        in: body
        type: string
        description: The EC2 instance ID to analyze for rightsizing.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID to post the recommendation to.
      steps:
      - name: get-cpu-metrics
        type: call
        call: cloudwatch-rs.get-metric-statistics
        with:
          instance_id: '{{instance_id}}'
          metric_name: CPUUtilization
      - name: get-instance-type
        type: call
        call: ec2-rs.describe-instance
        with:
          instance_id: '{{instance_id}}'
      - name: post-recommendation
        type: call
        call: slack-rs.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Rightsizing Report for {{instance_id}} ({{get-instance-type.instance_type}}): Avg CPU {{get-cpu-metrics.average}}%. Consider downsizing if consistently under 20%.'
  consumes:
  - namespace: cloudwatch-rs
    type: http
    baseUri: https://monitoring.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_cloudwatch_token
      placement: header
    resources:
    - name: metrics
      path: /
      inputParameters:
      - name: instance_id
        in: query
      - name: metric_name
        in: query
      operations:
      - name: get-metric-statistics
        method: GET
  - namespace: ec2-rs
    type: http
    baseUri: https://ec2.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_ec2_token
      placement: header
    resources:
    - name: instance
      path: /
      inputParameters:
      - name: instance_id
        in: query
      operations:
      - name: describe-instance
        method: GET
  - namespace: slack-rs
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When an employee departure is recorded in Workday, revokes GitHub org access, deactivates the Okta account, resolves open Jira tickets assigned to the departing user, and posts a ServiceNow offboarding task.

naftiko: '0.5'
info:
  label: Employee Offboarding Sequence
  description: When an employee departure is recorded in Workday, revokes GitHub org access, deactivates the Okta account, resolves open Jira tickets assigned to the departing user, and posts a ServiceNow offboarding task.
  tags:
  - hr
  - offboarding
  - workday
  - okta
  - github
  - jira
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: trigger-offboarding
      description: Given a Workday employee ID and last working date, revoke GitHub org membership, deactivate Okta account, reassign open Jira issues, and create a ServiceNow offboarding task.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID of the departing employee.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key to query for open issues assigned to the departing user.
      steps:
      - name: get-employee
        type: call
        call: workday-off.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: remove-github
        type: call
        call: github-off.remove-org-member
        with:
          org: amzn
          username: '{{get-employee.github_username}}'
      - name: deactivate-okta
        type: call
        call: okta.deactivate-user
        with:
          user_id: '{{get-employee.okta_user_id}}'
      - name: create-offboarding-task
        type: call
        call: servicenow-off.create-incident
        with:
          short_description: 'Offboarding: {{get-employee.full_name}}'
          assignment_group: IT_Offboarding
          category: hr_offboarding
  consumes:
  - namespace: workday-off
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: worker
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: github-off
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: org-member
      path: /orgs/{org}/members/{username}
      inputParameters:
      - name: org
        in: path
      - name: username
        in: path
      operations:
      - name: remove-org-member
        method: DELETE
  - namespace: okta
    type: http
    baseUri: https://amazon.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user
      path: /users/{user_id}/lifecycle/deactivate
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: deactivate-user
        method: POST
  - namespace: servicenow-off
    type: http
    baseUri: https://amazon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Optimizes last-mile delivery routes for Amazon logistics drivers by fetching pending deliveries, calculating optimal routes via Amazon Location Service, and updating driver assignments.

naftiko: '0.5'
info:
  label: Last Mile Delivery Route Optimizer
  description: Optimizes last-mile delivery routes for Amazon logistics drivers by fetching pending deliveries, calculating optimal routes via Amazon Location Service, and updating driver assignments.
  tags:
  - logistics
  - delivery
  - routing
  - aws
  - location-service
capability:
  exposes:
  - type: mcp
    namespace: route-optimizer
    port: 8080
    tools:
    - name: optimize-route
      description: Fetch pending deliveries for a driver, calculate the optimal route, and update driver assignments.
      inputParameters:
      - name: driver_id
        in: body
        type: string
        description: The delivery driver ID.
      - name: warehouse_id
        in: body
        type: string
        description: The origin warehouse ID.
      steps:
      - name: get-pending-deliveries
        type: call
        call: logistics-route.get-driver-deliveries
        with:
          driver_id: '{{driver_id}}'
          warehouse_id: '{{warehouse_id}}'
      - name: calculate-route
        type: call
        call: location-api.calculate-route-matrix
        with:
          departure_position: '{{get-pending-deliveries.warehouse_coords}}'
          destination_positions: '{{get-pending-deliveries.delivery_coords}}'
      - name: update-assignments
        type: call
        call: logistics-route.update-route-plan
        with:
          driver_id: '{{driver_id}}'
          optimized_order: '{{calculate-route.optimized_sequence}}'
          estimated_duration: '{{calculate-route.total_duration}}'
  consumes:
  - namespace: logistics-route
    type: http
    baseUri: https://api.amazon.com/logistics/v1
    authentication:
      type: bearer
      token: $secrets.amazon_logistics_token
    resources:
    - name: driver-deliveries
      path: /drivers/{driver_id}/deliveries
      inputParameters:
      - name: driver_id
        in: path
      - name: warehouse_id
        in: query
      operations:
      - name: get-driver-deliveries
        method: GET
    - name: route-plan
      path: /drivers/{driver_id}/route-plan
      inputParameters:
      - name: driver_id
        in: path
      operations:
      - name: update-route-plan
        method: PUT
  - namespace: location-api
    type: http
    baseUri: https://routes.geo.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_location_token
      placement: header
    resources:
    - name: route-matrix
      path: /routes/v0/calculators/AmazonLogistics/calculate/route-matrix
      operations:
      - name: calculate-route-matrix
        method: POST

Queries CloudTrail for suspicious API activity patterns, creates a finding in Security Hub, and alerts the SOC team via PagerDuty.

naftiko: '0.5'
info:
  label: CloudTrail Suspicious Activity Alerter
  description: Queries CloudTrail for suspicious API activity patterns, creates a finding in Security Hub, and alerts the SOC team via PagerDuty.
  tags:
  - cloud
  - security
  - monitoring
  - aws
  - cloudtrail
  - security-hub
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: cloudtrail-alert
    port: 8080
    tools:
    - name: detect-suspicious-activity
      description: Query CloudTrail for suspicious patterns, create a Security Hub finding, and page the SOC team.
      inputParameters:
      - name: event_name
        in: body
        type: string
        description: The CloudTrail event name to search for, e.g. ConsoleLogin.
      - name: time_range_hours
        in: body
        type: number
        description: Number of hours to look back for events.
      steps:
      - name: lookup-events
        type: call
        call: cloudtrail-api.lookup-events
        with:
          event_name: '{{event_name}}'
          time_range_hours: '{{time_range_hours}}'
      - name: create-finding
        type: call
        call: securityhub-api.batch-import-findings
        with:
          title: 'Suspicious Activity: {{event_name}}'
          description: '{{lookup-events.event_count}} occurrences of {{event_name}} in the last {{time_range_hours}} hours.'
          severity: HIGH
      - name: page-soc
        type: call
        call: pagerduty-ct.create-incident
        with:
          service_id: SOC_SERVICE
          title: 'CloudTrail Alert: {{lookup-events.event_count}} suspicious {{event_name}} events detected.'
  consumes:
  - namespace: cloudtrail-api
    type: http
    baseUri: https://cloudtrail.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_cloudtrail_token
      placement: header
    resources:
    - name: events
      path: /
      operations:
      - name: lookup-events
        method: POST
  - namespace: securityhub-api
    type: http
    baseUri: https://securityhub.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_securityhub_token
      placement: header
    resources:
    - name: findings
      path: /findings/import
      operations:
      - name: batch-import-findings
        method: POST
  - namespace: pagerduty-ct
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: incident
      path: /incidents
      operations:
      - name: create-incident
        method: POST

Retrieves the current value of a secret stored in AWS Secrets Manager by secret name or ARN.

naftiko: '0.5'
info:
  label: Secrets Manager Secret Retrieve
  description: Retrieves the current value of a secret stored in AWS Secrets Manager by secret name or ARN.
  tags:
  - cloud
  - security
  - aws
  - secrets-manager
capability:
  exposes:
  - type: mcp
    namespace: secrets-mgr
    port: 8080
    tools:
    - name: get-secret-value
      description: Retrieve the current value of a secret from AWS Secrets Manager. Returns the secret string or binary.
      inputParameters:
      - name: secret_id
        in: body
        type: string
        description: The secret name or ARN to retrieve.
      call: secrets-api.get-secret-value
      with:
        secret_id: '{{secret_id}}'
      outputParameters:
      - name: secret_string
        type: string
        mapping: $.SecretString
  consumes:
  - namespace: secrets-api
    type: http
    baseUri: https://secretsmanager.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_secrets_token
      placement: header
    resources:
    - name: secret
      path: /
      inputParameters:
      - name: secret_id
        in: body
      operations:
      - name: get-secret-value
        method: POST

Checks ElastiCache Redis cluster node health and memory utilization via CloudWatch, then posts a health summary to Slack.

naftiko: '0.5'
info:
  label: ElastiCache Cluster Health Reporter
  description: Checks ElastiCache Redis cluster node health and memory utilization via CloudWatch, then posts a health summary to Slack.
  tags:
  - cloud
  - caching
  - monitoring
  - aws
  - elasticache
  - cloudwatch
  - slack
capability:
  exposes:
  - type: mcp
    namespace: elasticache-health
    port: 8080
    tools:
    - name: report-cluster-health
      description: Check ElastiCache cluster health metrics and post a summary to Slack.
      inputParameters:
      - name: cluster_id
        in: body
        type: string
        description: The ElastiCache cluster ID to check.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for health reports.
      steps:
      - name: describe-cluster
        type: call
        call: elasticache-api.describe-cache-cluster
        with:
          cluster_id: '{{cluster_id}}'
      - name: get-memory-metric
        type: call
        call: cw-cache.get-metric-data
        with:
          cluster_id: '{{cluster_id}}'
          metric_name: DatabaseMemoryUsagePercentage
      - name: post-health
        type: call
        call: slack-cache.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'ElastiCache Health: Cluster {{cluster_id}} status: {{describe-cluster.status}}. Memory usage: {{get-memory-metric.average}}%. Nodes: {{describe-cluster.num_cache_nodes}}.'
  consumes:
  - namespace: elasticache-api
    type: http
    baseUri: https://elasticache.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_elasticache_token
      placement: header
    resources:
    - name: cluster
      path: /
      inputParameters:
      - name: cluster_id
        in: query
      operations:
      - name: describe-cache-cluster
        method: GET
  - namespace: cw-cache
    type: http
    baseUri: https://monitoring.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_cloudwatch_token
      placement: header
    resources:
    - name: metric
      path: /
      operations:
      - name: get-metric-data
        method: POST
  - namespace: slack-cache
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Checks the publication status of an Alexa skill by skill ID and returns its current certification state.

naftiko: '0.5'
info:
  label: Alexa Skill Status Check
  description: Checks the publication status of an Alexa skill by skill ID and returns its current certification state.
  tags:
  - voice
  - alexa
  - smart-home
capability:
  exposes:
  - type: mcp
    namespace: alexa-status
    port: 8080
    tools:
    - name: get-skill-status
      description: Given an Alexa skill ID, return its current publication and certification status.
      inputParameters:
      - name: skill_id
        in: body
        type: string
        description: The Alexa skill ID to check status for.
      call: alexa-api.get-skill-status
      with:
        skill_id: '{{skill_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.manifest.lastUpdateRequest.status
  consumes:
  - namespace: alexa-api
    type: http
    baseUri: https://api.amazonalexa.com/v1
    authentication:
      type: bearer
      token: $secrets.alexa_developer_token
    resources:
    - name: skill
      path: /skills/{skill_id}/status
      inputParameters:
      - name: skill_id
        in: path
      operations:
      - name: get-skill-status
        method: GET

Monitors a Kinesis data stream for iterator age and throughput, logs health metrics to CloudWatch, and alerts via PagerDuty if thresholds are breached.

naftiko: '0.5'
info:
  label: Kinesis Data Pipeline Health Check
  description: Monitors a Kinesis data stream for iterator age and throughput, logs health metrics to CloudWatch, and alerts via PagerDuty if thresholds are breached.
  tags:
  - cloud
  - streaming
  - monitoring
  - aws
  - kinesis
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: kinesis-health
    port: 8080
    tools:
    - name: check-pipeline-health
      description: Monitor Kinesis stream health by checking iterator age and throughput. Log to CloudWatch and alert PagerDuty if unhealthy.
      inputParameters:
      - name: stream_name
        in: body
        type: string
        description: The Kinesis stream name to monitor.
      - name: max_iterator_age_ms
        in: body
        type: number
        description: Maximum acceptable iterator age in milliseconds.
      steps:
      - name: get-stream-metrics
        type: call
        call: cw-kinesis.get-metric-data
        with:
          stream_name: '{{stream_name}}'
          metric_name: GetRecords.IteratorAgeMilliseconds
      - name: log-health
        type: call
        call: cw-kinesis.put-metric-data
        with:
          namespace: Custom/KinesisHealth
          metric_name: PipelineHealthScore
          value: '{{get-stream-metrics.average}}'
      - name: trigger-alert
        type: call
        call: pagerduty-kinesis.create-incident
        with:
          service_id: KINESIS_SVC
          title: Kinesis stream {{stream_name}} iterator age {{get-stream-metrics.average}}ms exceeds {{max_iterator_age_ms}}ms
  consumes:
  - namespace: cw-kinesis
    type: http
    baseUri: https://monitoring.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_cloudwatch_token
      placement: header
    resources:
    - name: metric-data
      path: /
      inputParameters:
      - name: stream_name
        in: query
      - name: metric_name
        in: query
      operations:
      - name: get-metric-data
        method: POST
    - name: put-metric
      path: /
      operations:
      - name: put-metric-data
        method: POST
  - namespace: pagerduty-kinesis
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: incident
      path: /incidents
      operations:
      - name: create-incident
        method: POST

When a Datadog monitor triggers a critical alert, automatically opens a ServiceNow incident, pages the on-call team via PagerDuty, and posts a war-room Slack message.

naftiko: '0.5'
info:
  label: Datadog Alert Incident Bridge
  description: When a Datadog monitor triggers a critical alert, automatically opens a ServiceNow incident, pages the on-call team via PagerDuty, and posts a war-room Slack message.
  tags:
  - observability
  - incident-response
  - datadog
  - servicenow
  - pagerduty
  - slack
capability:
  exposes:
  - type: mcp
    namespace: observability-ops
    port: 8080
    tools:
    - name: handle-critical-alert
      description: Given a Datadog monitor ID and alert details, open a ServiceNow incident, trigger a PagerDuty incident for the on-call engineer, and post a war-room message in Slack.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: The Datadog monitor ID that triggered the alert.
      - name: monitor_name
        in: body
        type: string
        description: The human-readable name of the Datadog monitor.
      - name: alert_message
        in: body
        type: string
        description: The alert body text describing what threshold was breached.
      - name: pagerduty_service_key
        in: body
        type: string
        description: The PagerDuty integration service key for routing the incident.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID for the war-room notification.
      steps:
      - name: open-incident
        type: call
        call: servicenow-obs.create-incident
        with:
          short_description: 'Critical alert: {{monitor_name}}'
          description: '{{alert_message}}'
          urgency: '1'
          impact: '1'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_key: '{{pagerduty_service_key}}'
          description: 'Critical Datadog alert: {{monitor_name}}'
          incident_key: dd-{{monitor_id}}
      - name: post-warroom
        type: call
        call: slack-obs.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'CRITICAL ALERT: {{monitor_name}} | ServiceNow: {{open-incident.number}} | PagerDuty: {{page-oncall.incident_id}} | {{alert_message}}'
  consumes:
  - namespace: servicenow-obs
    type: http
    baseUri: https://amazon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: pagerduty
    type: http
    baseUri: https://events.pagerduty.com/v2
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: incident
      path: /enqueue
      operations:
      - name: create-incident
        method: POST
  - namespace: slack-obs
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves the current status and running task count for an Amazon ECS service in a cluster.

naftiko: '0.5'
info:
  label: ECS Service Status
  description: Retrieves the current status and running task count for an Amazon ECS service in a cluster.
  tags:
  - cloud
  - containers
  - aws
  - ecs
capability:
  exposes:
  - type: mcp
    namespace: ecs-status
    port: 8080
    tools:
    - name: describe-service
      description: Get the status, running count, and desired count for an ECS service. Use to verify deployment health.
      inputParameters:
      - name: cluster_name
        in: body
        type: string
        description: The ECS cluster name.
      - name: service_name
        in: body
        type: string
        description: The ECS service name to describe.
      call: ecs-api.describe-service
      with:
        cluster_name: '{{cluster_name}}'
        service_name: '{{service_name}}'
      outputParameters:
      - name: running_count
        type: number
        mapping: $.services[0].runningCount
      - name: status
        type: string
        mapping: $.services[0].status
  consumes:
  - namespace: ecs-api
    type: http
    baseUri: https://ecs.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_ecs_token
      placement: header
    resources:
    - name: service
      path: /
      inputParameters:
      - name: cluster_name
        in: body
      - name: service_name
        in: body
      operations:
      - name: describe-service
        method: POST

Adds an IP to an AWS WAF IP set block list, logs the change to DynamoDB for audit, and notifies the security team via Slack.

naftiko: '0.5'
info:
  label: WAF Rule Update with Notification
  description: Adds an IP to an AWS WAF IP set block list, logs the change to DynamoDB for audit, and notifies the security team via Slack.
  tags:
  - cloud
  - security
  - aws
  - waf
  - dynamodb
  - slack
capability:
  exposes:
  - type: mcp
    namespace: waf-update
    port: 8080
    tools:
    - name: block-ip-and-notify
      description: Add an IP address to a WAF block list, record the action in DynamoDB, and alert the security team.
      inputParameters:
      - name: ip_set_id
        in: body
        type: string
        description: The WAF IP set ID to update.
      - name: ip_address
        in: body
        type: string
        description: The IP address to block in CIDR format.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for security notifications.
      steps:
      - name: update-ip-set
        type: call
        call: waf-api.update-ip-set
        with:
          ip_set_id: '{{ip_set_id}}'
          ip_address: '{{ip_address}}'
      - name: log-action
        type: call
        call: dynamo-waf.put-item
        with:
          table_name: waf-audit-log
          ip_address: '{{ip_address}}'
          action: BLOCK
          ip_set_id: '{{ip_set_id}}'
      - name: notify-security
        type: call
        call: slack-waf.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'WAF Update: IP {{ip_address}} added to block list {{ip_set_id}}. Audit record created.'
  consumes:
  - namespace: waf-api
    type: http
    baseUri: https://wafv2.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_waf_token
      placement: header
    resources:
    - name: ip-set
      path: /
      operations:
      - name: update-ip-set
        method: POST
  - namespace: dynamo-waf
    type: http
    baseUri: https://dynamodb.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_dynamodb_token
      placement: header
    resources:
    - name: item
      path: /
      operations:
      - name: put-item
        method: POST
  - namespace: slack-waf
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves purchase orders from Amazon Vendor Central, confirms them, and logs the confirmation to DynamoDB for tracking.

naftiko: '0.5'
info:
  label: Vendor Central Purchase Order Processor
  description: Retrieves purchase orders from Amazon Vendor Central, confirms them, and logs the confirmation to DynamoDB for tracking.
  tags:
  - ecommerce
  - marketplace
  - vendor-central
  - supply-chain
  - dynamodb
capability:
  exposes:
  - type: mcp
    namespace: vendor-po
    port: 8080
    tools:
    - name: process-purchase-order
      description: Fetch a purchase order from Vendor Central, confirm it, and log the confirmation.
      inputParameters:
      - name: purchase_order_number
        in: body
        type: string
        description: The Vendor Central purchase order number.
      steps:
      - name: get-po
        type: call
        call: vendor-api.get-purchase-order
        with:
          purchase_order_number: '{{purchase_order_number}}'
      - name: confirm-po
        type: call
        call: vendor-api.confirm-purchase-order
        with:
          purchase_order_number: '{{purchase_order_number}}'
          items: '{{get-po.items}}'
      - name: log-confirmation
        type: call
        call: dynamo-vendor.put-item
        with:
          table_name: vendor-po-confirmations
          po_number: '{{purchase_order_number}}'
          status: confirmed
          item_count: '{{get-po.item_count}}'
  consumes:
  - namespace: vendor-api
    type: http
    baseUri: https://sellingpartnerapi-na.amazon.com/vendor
    authentication:
      type: bearer
      token: $secrets.sp_api_vendor_token
    resources:
    - name: purchase-order
      path: /orders/v1/purchaseOrders/{purchase_order_number}
      inputParameters:
      - name: purchase_order_number
        in: path
      operations:
      - name: get-purchase-order
        method: GET
    - name: confirmation
      path: /orders/v1/purchaseOrders/confirmation
      operations:
      - name: confirm-purchase-order
        method: POST
  - namespace: dynamo-vendor
    type: http
    baseUri: https://dynamodb.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_dynamodb_token
      placement: header
    resources:
    - name: item
      path: /
      operations:
      - name: put-item
        method: POST

Checks real-time inventory levels for a product at a specific Whole Foods Market store location.

naftiko: '0.5'
info:
  label: Whole Foods Store Inventory Check
  description: Checks real-time inventory levels for a product at a specific Whole Foods Market store location.
  tags:
  - grocery
  - whole-foods
  - inventory
  - retail
capability:
  exposes:
  - type: mcp
    namespace: wfm-inventory
    port: 8080
    tools:
    - name: check-inventory
      description: Check the current inventory level for a product at a Whole Foods Market store.
      inputParameters:
      - name: store_id
        in: body
        type: string
        description: The Whole Foods store ID to check inventory at.
      - name: product_sku
        in: body
        type: string
        description: The product SKU to check availability for.
      call: wfm-api.get-inventory
      with:
        store_id: '{{store_id}}'
        product_sku: '{{product_sku}}'
      outputParameters:
      - name: quantity_on_hand
        type: number
        mapping: $.inventory.quantityOnHand
      - name: in_stock
        type: boolean
        mapping: $.inventory.inStock
  consumes:
  - namespace: wfm-api
    type: http
    baseUri: https://api.wholefoodsmarket.com/v2
    authentication:
      type: bearer
      token: $secrets.wfm_api_token
    resources:
    - name: inventory
      path: /stores/{store_id}/inventory/{product_sku}
      inputParameters:
      - name: store_id
        in: path
      - name: product_sku
        in: path
      operations:
      - name: get-inventory
        method: GET

Deploys a SageMaker model to an endpoint, runs a validation inference, and records the deployment in DynamoDB for tracking.

naftiko: '0.5'
info:
  label: SageMaker Model Deployment Pipeline
  description: Deploys a SageMaker model to an endpoint, runs a validation inference, and records the deployment in DynamoDB for tracking.
  tags:
  - cloud
  - machine-learning
  - deployment
  - aws
  - sagemaker
  - dynamodb
capability:
  exposes:
  - type: mcp
    namespace: sagemaker-deploy
    port: 8080
    tools:
    - name: deploy-model
      description: Deploy a SageMaker model to an endpoint, validate with a test inference, and log the deployment.
      inputParameters:
      - name: model_name
        in: body
        type: string
        description: The SageMaker model name to deploy.
      - name: endpoint_name
        in: body
        type: string
        description: The target SageMaker endpoint name.
      - name: instance_type
        in: body
        type: string
        description: The instance type for the endpoint, e.g. ml.m5.large.
      steps:
      - name: create-endpoint-config
        type: call
        call: sagemaker-api.create-endpoint-config
        with:
          model_name: '{{model_name}}'
          endpoint_name: '{{endpoint_name}}'
          instance_type: '{{instance_type}}'
      - name: update-endpoint
        type: call
        call: sagemaker-api.update-endpoint
        with:
          endpoint_name: '{{endpoint_name}}'
          config_name: '{{create-endpoint-config.config_name}}'
      - name: log-deployment
        type: call
        call: dynamo-ml.put-item
        with:
          table_name: ml-deployments
          model_name: '{{model_name}}'
          endpoint_name: '{{endpoint_name}}'
          status: '{{update-endpoint.status}}'
  consumes:
  - namespace: sagemaker-api
    type: http
    baseUri: https://api.sagemaker.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_sagemaker_token
      placement: header
    resources:
    - name: endpoint-config
      path: /
      operations:
      - name: create-endpoint-config
        method: POST
    - name: endpoint
      path: /
      operations:
      - name: update-endpoint
        method: POST
  - namespace: dynamo-ml
    type: http
    baseUri: https://dynamodb.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_dynamodb_token
      placement: header
    resources:
    - name: item
      path: /
      operations:
      - name: put-item
        method: POST

Queries Snowflake task history to detect failed or long-running data pipeline tasks, creates a Jira data-engineering ticket, and posts an alert to the data-platform Slack channel.

naftiko: '0.5'
info:
  label: Snowflake Data Pipeline Health Monitor
  description: Queries Snowflake task history to detect failed or long-running data pipeline tasks, creates a Jira data-engineering ticket, and posts an alert to the data-platform Slack channel.
  tags:
  - data
  - analytics
  - monitoring
  - snowflake
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: monitor-pipeline-health
      description: Given a Snowflake database and schema, query task execution history for failures or SLA breaches, open a Jira ticket for investigation, and alert the data-platform Slack channel.
      inputParameters:
      - name: snowflake_database
        in: body
        type: string
        description: The Snowflake database name to check task history for, e.g. ANALYTICS_PROD.
      - name: snowflake_schema
        in: body
        type: string
        description: The Snowflake schema containing the monitored tasks.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID for the data-platform alert.
      steps:
      - name: check-tasks
        type: call
        call: snowflake.query-task-history
        with:
          database: '{{snowflake_database}}'
          schema: '{{snowflake_schema}}'
      - name: create-ticket
        type: call
        call: jira-data.create-issue
        with:
          project_key: DATA
          issuetype: Bug
          summary: Pipeline health issue detected in {{snowflake_database}}.{{snowflake_schema}}
          description: 'Failed tasks: {{check-tasks.failed_count}}. Last failure: {{check-tasks.last_failed_task}}'
      - name: post-alert
        type: call
        call: slack-data.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Data Pipeline Alert: {{check-tasks.failed_count}} failed tasks in {{snowflake_database}}. Jira: {{create-ticket.key}}'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://amazon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: task-history
      path: /databases/{database}/schemas/{schema}/tasks
      inputParameters:
      - name: database
        in: path
      - name: schema
        in: path
      operations:
      - name: query-task-history
        method: GET
  - namespace: jira-data
    type: http
    baseUri: https://amazon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-data
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Collects health telemetry from Amazon warehouse robotics systems, aggregates metrics in CloudWatch, and posts a fleet health summary to Slack.

naftiko: '0.5'
info:
  label: Warehouse Robotics Health Dashboard
  description: Collects health telemetry from Amazon warehouse robotics systems, aggregates metrics in CloudWatch, and posts a fleet health summary to Slack.
  tags:
  - logistics
  - robotics
  - monitoring
  - warehouse
  - cloudwatch
  - slack
capability:
  exposes:
  - type: mcp
    namespace: robotics-health
    port: 8080
    tools:
    - name: report-fleet-health
      description: Collect robotics fleet health data, log to CloudWatch, and post a summary to Slack.
      inputParameters:
      - name: warehouse_id
        in: body
        type: string
        description: The Amazon fulfillment center ID.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for robotics health reports.
      steps:
      - name: get-fleet-status
        type: call
        call: robotics-api.get-fleet-health
        with:
          warehouse_id: '{{warehouse_id}}'
      - name: log-metrics
        type: call
        call: cw-robotics.put-metric-data
        with:
          namespace: Custom/WarehouseRobotics
          metric_name: ActiveRobots
          value: '{{get-fleet-status.active_count}}'
      - name: post-summary
        type: call
        call: slack-robotics.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Warehouse {{warehouse_id}} Robotics: {{get-fleet-status.active_count}} active, {{get-fleet-status.idle_count}} idle, {{get-fleet-status.error_count}} in error state.'
  consumes:
  - namespace: robotics-api
    type: http
    baseUri: https://api.amazon.com/warehouse/robotics/v1
    authentication:
      type: bearer
      token: $secrets.amazon_robotics_token
    resources:
    - name: fleet
      path: /warehouses/{warehouse_id}/fleet/health
      inputParameters:
      - name: warehouse_id
        in: path
      operations:
      - name: get-fleet-health
        method: GET
  - namespace: cw-robotics
    type: http
    baseUri: https://monitoring.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_cloudwatch_token
      placement: header
    resources:
    - name: metric
      path: /
      operations:
      - name: put-metric-data
        method: POST
  - namespace: slack-robotics
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a GitHub Actions pipeline fails on a protected branch, creates a Jira bug, posts a Datadog deployment event marker, and alerts the engineering team Slack channel.

naftiko: '0.5'
info:
  label: CI/CD Pipeline Failure Response
  description: When a GitHub Actions pipeline fails on a protected branch, creates a Jira bug, posts a Datadog deployment event marker, and alerts the engineering team Slack channel.
  tags:
  - devops
  - ci-cd
  - incident-response
  - github
  - jira
  - datadog
  - slack
capability:
  exposes:
  - type: mcp
    namespace: devops-ops
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions pipeline failure event with project, branch, commit SHA, and log URL, create a Jira bug, post a Datadog deployment marker, and alert the Slack engineering channel.
      inputParameters:
      - name: project
        in: body
        type: string
        description: The GitHub repository name where the pipeline failed, e.g. amazon/platform-core.
      - name: branch
        in: body
        type: string
        description: The branch name where the pipeline failure occurred.
      - name: commit_sha
        in: body
        type: string
        description: The git commit SHA that triggered the failed pipeline run.
      - name: failed_job
        in: body
        type: string
        description: The name of the specific job that failed in the workflow.
      - name: log_url
        in: body
        type: string
        description: The URL to the failed pipeline run logs in GitHub Actions.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID for engineering alerts.
      steps:
      - name: create-bug
        type: call
        call: jira-devops.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[CI Failure] {{project}} / {{branch}} — {{failed_job}}'
          description: 'Commit: {{commit_sha}}

            Log: {{log_url}}'
      - name: create-dd-event
        type: call
        call: datadog.create-event
        with:
          title: 'Pipeline failure: {{project}} on {{branch}}'
          text: 'Job {{failed_job}} failed. Commit: {{commit_sha}}'
          alert_type: error
      - name: post-alert
        type: call
        call: slack-devops.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Pipeline Failure: {{project}} | Branch: {{branch}} | Job: {{failed_job}} | Jira: {{create-bug.key}} | Log: {{log_url}}'
  consumes:
  - namespace: jira-devops
    type: http
    baseUri: https://amazon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: event
      path: /events
      operations:
      - name: create-event
        method: POST
  - namespace: slack-devops
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Fetches a Confluence page by ID, sends the content to the Anthropic Claude API for summarization, and posts the executive summary to a Slack channel.

naftiko: '0.5'
info:
  label: AI-Assisted Document Summarization
  description: Fetches a Confluence page by ID, sends the content to the Anthropic Claude API for summarization, and posts the executive summary to a Slack channel.
  tags:
  - ai
  - knowledge-management
  - confluence
  - anthropic
  - slack
capability:
  exposes:
  - type: mcp
    namespace: ai-summarize
    port: 8080
    tools:
    - name: summarize-confluence-page
      description: Given a Confluence page ID and a Slack channel, fetch the page content from Confluence, send it to the Anthropic Claude API for a concise executive summary, and post the result to Slack.
      inputParameters:
      - name: page_id
        in: body
        type: string
        description: The Confluence page ID to fetch and summarize.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID where the AI-generated summary will be posted.
      steps:
      - name: get-page
        type: call
        call: confluence-ai.get-page
        with:
          page_id: '{{page_id}}'
      - name: generate-summary
        type: call
        call: anthropic-ai.create-message
        with:
          model: claude-opus-4-5
          max_tokens: 300
          system: You are a technical writer. Produce a concise 3-sentence executive summary of the following document.
          user_message: '{{get-page.body}}'
      - name: post-summary
        type: call
        call: slack-ai.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'AI Summary of ''{{get-page.title}}'': {{generate-summary.content}}'
  consumes:
  - namespace: confluence-ai
    type: http
    baseUri: https://amazon.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_token
    resources:
    - name: page
      path: /content/{page_id}
      inputParameters:
      - name: page_id
        in: path
      operations:
      - name: get-page
        method: GET
  - namespace: anthropic-ai
    type: http
    baseUri: https://api.anthropic.com/v1
    authentication:
      type: apikey
      key: x-api-key
      value: $secrets.anthropic_api_key
      placement: header
    resources:
    - name: messages
      path: /messages
      operations:
      - name: create-message
        method: POST
  - namespace: slack-ai
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Given a service name, searches the Confluence knowledge base for the relevant runbook page and returns the runbook URL and summary for use during incident response.

naftiko: '0.5'
info:
  label: Confluence Runbook Lookup
  description: Given a service name, searches the Confluence knowledge base for the relevant runbook page and returns the runbook URL and summary for use during incident response.
  tags:
  - itsm
  - knowledge-management
  - confluence
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: kb-lookup
    port: 8080
    tools:
    - name: get-runbook
      description: Given a service name, search Confluence for the relevant runbook page and return the page URL and excerpt. Use during incident triage to quickly surface operational runbooks.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The service name to search for in Confluence runbooks, e.g. payment-gateway.
      call: confluence.search-content
      with:
        cql: type=page AND title~"{{service_name}} runbook"
      outputParameters:
      - name: runbook_url
        type: string
        mapping: $.results[0]._links.webui
      - name: runbook_title
        type: string
        mapping: $.results[0].title
  consumes:
  - namespace: confluence
    type: http
    baseUri: https://amazon.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_token
    resources:
    - name: content
      path: /content/search
      inputParameters:
      - name: cql
        in: query
      operations:
      - name: search-content
        method: GET

Retrieves the approximate number of messages in an SQS queue to monitor backlog health.

naftiko: '0.5'
info:
  label: SQS Queue Depth Check
  description: Retrieves the approximate number of messages in an SQS queue to monitor backlog health.
  tags:
  - cloud
  - messaging
  - aws
  - sqs
capability:
  exposes:
  - type: mcp
    namespace: sqs-depth
    port: 8080
    tools:
    - name: get-queue-attributes
      description: Get the approximate message count and other attributes for an SQS queue. Use to monitor queue backlog.
      inputParameters:
      - name: queue_url
        in: body
        type: string
        description: The full SQS queue URL to check.
      call: sqs-api.get-queue-attributes
      with:
        queue_url: '{{queue_url}}'
      outputParameters:
      - name: message_count
        type: number
        mapping: $.Attributes.ApproximateNumberOfMessages
  consumes:
  - namespace: sqs-api
    type: http
    baseUri: https://sqs.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_sqs_token
      placement: header
    resources:
    - name: queue
      path: /
      inputParameters:
      - name: queue_url
        in: body
      operations:
      - name: get-queue-attributes
        method: POST

Reconciles Fulfillment by Amazon inventory levels against seller records, identifies discrepancies, and creates a case in Seller Central support.

naftiko: '0.5'
info:
  label: FBA Inventory Reconciliation
  description: Reconciles Fulfillment by Amazon inventory levels against seller records, identifies discrepancies, and creates a case in Seller Central support.
  tags:
  - ecommerce
  - marketplace
  - fulfillment
  - fba
  - inventory
capability:
  exposes:
  - type: mcp
    namespace: fba-reconcile
    port: 8080
    tools:
    - name: reconcile-inventory
      description: Compare FBA inventory levels with seller records and create a support case for discrepancies.
      inputParameters:
      - name: seller_id
        in: body
        type: string
        description: The Amazon seller ID.
      - name: sku
        in: body
        type: string
        description: The product SKU to reconcile.
      - name: expected_quantity
        in: body
        type: number
        description: The expected inventory quantity per seller records.
      steps:
      - name: get-fba-inventory
        type: call
        call: sp-fba.get-inventory-summary
        with:
          seller_id: '{{seller_id}}'
          sku: '{{sku}}'
      - name: create-case
        type: call
        call: sp-fba.create-support-case
        with:
          subject: 'FBA Inventory Discrepancy: SKU {{sku}}'
          description: 'Expected: {{expected_quantity}}, FBA reports: {{get-fba-inventory.fulfillable_quantity}}. Difference: needs investigation.'
  consumes:
  - namespace: sp-fba
    type: http
    baseUri: https://sellingpartnerapi-na.amazon.com
    authentication:
      type: bearer
      token: $secrets.sp_api_token
    resources:
    - name: inventory
      path: /fba/inventory/v1/summaries
      inputParameters:
      - name: seller_id
        in: query
      - name: sku
        in: query
      operations:
      - name: get-inventory-summary
        method: GET
    - name: support
      path: /messaging/v1/cases
      operations:
      - name: create-support-case
        method: POST

Processes a customer return request from the Selling Partner API, initiates a refund, and notifies the seller via email through SES.

naftiko: '0.5'
info:
  label: Marketplace Return Processor
  description: Processes a customer return request from the Selling Partner API, initiates a refund, and notifies the seller via email through SES.
  tags:
  - ecommerce
  - marketplace
  - returns
  - seller-central
  - ses
capability:
  exposes:
  - type: mcp
    namespace: return-process
    port: 8080
    tools:
    - name: process-return
      description: Process a marketplace return request, initiate the refund, and notify the seller via email.
      inputParameters:
      - name: order_id
        in: body
        type: string
        description: The order ID for the return request.
      - name: return_reason
        in: body
        type: string
        description: The customer-provided return reason.
      - name: seller_email
        in: body
        type: string
        description: The seller email address for return notifications.
      steps:
      - name: get-order-details
        type: call
        call: sp-returns.get-order
        with:
          order_id: '{{order_id}}'
      - name: create-refund
        type: call
        call: sp-returns.create-refund
        with:
          order_id: '{{order_id}}'
          amount: '{{get-order-details.order_total}}'
      - name: notify-seller
        type: call
        call: ses-returns.send-email
        with:
          to: '{{seller_email}}'
          subject: 'Return Processed: Order {{order_id}}'
          body: 'A return has been processed for order {{order_id}}. Reason: {{return_reason}}. Refund amount: ${{get-order-details.order_total}}. Refund ID: {{create-refund.refund_id}}.'
  consumes:
  - namespace: sp-returns
    type: http
    baseUri: https://sellingpartnerapi-na.amazon.com
    authentication:
      type: bearer
      token: $secrets.sp_api_token
    resources:
    - name: order
      path: /orders/v0/orders/{order_id}
      inputParameters:
      - name: order_id
        in: path
      operations:
      - name: get-order
        method: GET
    - name: refund
      path: /orders/v0/orders/{order_id}/refund
      inputParameters:
      - name: order_id
        in: path
      operations:
      - name: create-refund
        method: POST
  - namespace: ses-returns
    type: http
    baseUri: https://email.us-east-1.amazonaws.com/v2
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_ses_token
      placement: header
    resources:
    - name: email
      path: /email/outbound-emails
      operations:
      - name: send-email
        method: POST

Searches the Amazon product catalog by keyword and returns matching product listings with prices and ratings.

naftiko: '0.5'
info:
  label: Product Catalog Search
  description: Searches the Amazon product catalog by keyword and returns matching product listings with prices and ratings.
  tags:
  - ecommerce
  - catalog
  - search
capability:
  exposes:
  - type: mcp
    namespace: catalog-search
    port: 8080
    tools:
    - name: search-products
      description: Search the Amazon product catalog by keyword. Returns product titles, ASINs, prices, and ratings.
      inputParameters:
      - name: keywords
        in: body
        type: string
        description: The search keywords for product lookup.
      - name: category
        in: body
        type: string
        description: The product category to filter by, e.g. Electronics.
      call: catalog-api.search-items
      with:
        keywords: '{{keywords}}'
        category: '{{category}}'
      outputParameters:
      - name: items
        type: array
        mapping: $.SearchResult.Items
  consumes:
  - namespace: catalog-api
    type: http
    baseUri: https://webservices.amazon.com/paapi5
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.amazon_paapi_token
      placement: header
    resources:
    - name: items
      path: /searchitems
      inputParameters:
      - name: keywords
        in: body
      - name: category
        in: body
      operations:
      - name: search-items
        method: POST

When an employee submits a time-off request in Workday, notifies the manager via Slack and creates a Jira task for the manager to approve or deny the request.

naftiko: '0.5'
info:
  label: Workday Absence Request Processor
  description: When an employee submits a time-off request in Workday, notifies the manager via Slack and creates a Jira task for the manager to approve or deny the request.
  tags:
  - hr
  - time-off
  - workday
  - slack
  - jira
capability:
  exposes:
  - type: mcp
    namespace: hr-absence
    port: 8080
    tools:
    - name: process-absence-request
      description: Given a Workday time-off request ID and manager Slack user ID, fetch request details, notify the manager in Slack, and create a Jira approval task.
      inputParameters:
      - name: time_off_request_id
        in: body
        type: string
        description: The Workday time-off request ID submitted by the employee.
      - name: manager_slack_id
        in: body
        type: string
        description: The Slack user ID of the employee's manager for the approval notification.
      steps:
      - name: get-request
        type: call
        call: workday-abs.get-time-off-request
        with:
          request_id: '{{time_off_request_id}}'
      - name: notify-manager
        type: call
        call: slack-abs.post-message
        with:
          channel: '{{manager_slack_id}}'
          text: 'Time-off request pending approval: {{get-request.employee_name}} has requested {{get-request.days}} days from {{get-request.start_date}} to {{get-request.end_date}}.'
      - name: create-approval-task
        type: call
        call: jira-abs.create-issue
        with:
          project_key: HR
          issuetype: Task
          summary: 'Approve time-off: {{get-request.employee_name}} ({{get-request.start_date}} – {{get-request.end_date}})'
          description: 'Workday request ID: {{time_off_request_id}}'
  consumes:
  - namespace: workday-abs
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: time-off-request
      path: /timeOffRequests/{request_id}
      inputParameters:
      - name: request_id
        in: path
      operations:
      - name: get-time-off-request
        method: GET
  - namespace: slack-abs
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
  - namespace: jira-abs
    type: http
    baseUri: https://amazon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST

Queries Workday for employees with pending performance reviews, sends reminder messages to each employee and their manager via Slack, and creates tracking tasks in Jira.

naftiko: '0.5'
info:
  label: Workday Performance Review Reminder
  description: Queries Workday for employees with pending performance reviews, sends reminder messages to each employee and their manager via Slack, and creates tracking tasks in Jira.
  tags:
  - hr
  - performance-management
  - workday
  - slack
  - jira
capability:
  exposes:
  - type: mcp
    namespace: hr-perf
    port: 8080
    tools:
    - name: send-review-reminders
      description: Given a Workday performance review cycle ID, fetch all employees with pending self-evaluations, send Slack reminders to employees and their managers, and create Jira tracking tasks for HR.
      inputParameters:
      - name: review_cycle_id
        in: body
        type: string
        description: The Workday performance review cycle ID to query pending evaluations for.
      - name: hr_jira_project
        in: body
        type: string
        description: The Jira project key for HR tracking tasks, e.g. HROPS.
      - name: hr_slack_channel
        in: body
        type: string
        description: The Slack channel ID for HR operations notifications.
      steps:
      - name: get-pending-reviews
        type: call
        call: workday-perf.get-pending-reviews
        with:
          review_cycle_id: '{{review_cycle_id}}'
      - name: create-hr-task
        type: call
        call: jira-perf.create-issue
        with:
          project_key: '{{hr_jira_project}}'
          issuetype: Task
          summary: 'Performance review cycle {{review_cycle_id}}: {{get-pending-reviews.pending_count}} reviews pending'
          description: 'Review cycle: {{review_cycle_id}}

            Pending count: {{get-pending-reviews.pending_count}}'
      - name: post-hr-alert
        type: call
        call: slack-perf.post-message
        with:
          channel: '{{hr_slack_channel}}'
          text: 'Performance Review Reminder: {{get-pending-reviews.pending_count}} employees have pending self-evaluations in cycle {{review_cycle_id}}. Jira task: {{create-hr-task.key}}'
  consumes:
  - namespace: workday-perf
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: pending-reviews
      path: /performanceManagement/{review_cycle_id}/pendingReviews
      inputParameters:
      - name: review_cycle_id
        in: path
      operations:
      - name: get-pending-reviews
        method: GET
  - namespace: jira-perf
    type: http
    baseUri: https://amazon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-perf
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Lists all SNS topics in the AWS account and returns their ARNs for notification management.

naftiko: '0.5'
info:
  label: SNS Topic List
  description: Lists all SNS topics in the AWS account and returns their ARNs for notification management.
  tags:
  - cloud
  - messaging
  - aws
  - sns
capability:
  exposes:
  - type: mcp
    namespace: sns-topics
    port: 8080
    tools:
    - name: list-topics
      description: List all SNS topics in the AWS account. Returns topic ARNs for use in notification workflows.
      inputParameters:
      - name: next_token
        in: body
        type: string
        description: Pagination token for listing topics. Pass empty string for first page.
      call: sns-api.list-topics
      with:
        next_token: '{{next_token}}'
      outputParameters:
      - name: topics
        type: array
        mapping: $.Topics
  consumes:
  - namespace: sns-api
    type: http
    baseUri: https://sns.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_sns_token
      placement: header
    resources:
    - name: topics
      path: /
      inputParameters:
      - name: next_token
        in: query
      operations:
      - name: list-topics
        method: GET

Runs a data quality check query against a Snowflake table, and if null counts or row anomalies exceed acceptable thresholds, creates a Jira data-quality ticket and alerts the data-platform Slack channel.

naftiko: '0.5'
info:
  label: Snowflake Data Quality Gate
  description: Runs a data quality check query against a Snowflake table, and if null counts or row anomalies exceed acceptable thresholds, creates a Jira data-quality ticket and alerts the data-platform Slack channel.
  tags:
  - data
  - analytics
  - data-quality
  - snowflake
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: dq-ops
    port: 8080
    tools:
    - name: run-data-quality-check
      description: Given a Snowflake table fully qualified name and a null threshold percentage, run a data quality query. If null rate exceeds the threshold, create a Jira DQ ticket and post a Slack alert.
      inputParameters:
      - name: table_fqn
        in: body
        type: string
        description: The fully qualified Snowflake table name to check, e.g. ANALYTICS_PROD.SALES.ORDERS.
      - name: null_threshold_pct
        in: body
        type: number
        description: Maximum allowable null percentage in the critical columns (0–100).
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID to notify when a data quality issue is found.
      steps:
      - name: run-dq-query
        type: call
        call: snowflake-dq.run-statement
        with:
          statement: SELECT COUNT_IF(order_id IS NULL) / COUNT(*) * 100 AS null_pct FROM {{table_fqn}}
      - name: create-dq-ticket
        type: call
        call: jira-dq.create-issue
        with:
          project_key: DATA
          issuetype: Bug
          summary: 'Data quality issue: {{table_fqn}} null rate = {{run-dq-query.null_pct}}%'
          description: 'Table: {{table_fqn}}

            Null rate: {{run-dq-query.null_pct}}%

            Threshold: {{null_threshold_pct}}%'
      - name: post-dq-alert
        type: call
        call: slack-dq.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Data Quality Alert: {{table_fqn}} null rate = {{run-dq-query.null_pct}}% (max {{null_threshold_pct}}%). Jira: {{create-dq-ticket.key}}'
  consumes:
  - namespace: snowflake-dq
    type: http
    baseUri: https://amazon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statement
      path: /statements
      operations:
      - name: run-statement
        method: POST
  - namespace: jira-dq
    type: http
    baseUri: https://amazon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-dq
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Monitors Whole Foods inventory for low-stock items, creates a replenishment order in the supply chain system, and notifies the store manager via Slack.

naftiko: '0.5'
info:
  label: Whole Foods Low Stock Replenishment
  description: Monitors Whole Foods inventory for low-stock items, creates a replenishment order in the supply chain system, and notifies the store manager via Slack.
  tags:
  - grocery
  - whole-foods
  - inventory
  - supply-chain
  - slack
capability:
  exposes:
  - type: mcp
    namespace: wfm-replenish
    port: 8080
    tools:
    - name: replenish-low-stock
      description: Check inventory levels at a Whole Foods store, create replenishment orders for low-stock items, and notify the store manager.
      inputParameters:
      - name: store_id
        in: body
        type: string
        description: The Whole Foods store ID to check.
      - name: threshold
        in: body
        type: number
        description: The minimum stock level before triggering replenishment.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel for store manager notifications.
      steps:
      - name: check-inventory
        type: call
        call: wfm-inv.get-low-stock-items
        with:
          store_id: '{{store_id}}'
          threshold: '{{threshold}}'
      - name: create-replenishment
        type: call
        call: wfm-supply.create-order
        with:
          store_id: '{{store_id}}'
          items: '{{check-inventory.low_stock_items}}'
      - name: notify-manager
        type: call
        call: slack-wfm.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Low Stock Alert for Store {{store_id}}: {{check-inventory.item_count}} items below threshold. Replenishment order {{create-replenishment.order_id}} created.'
  consumes:
  - namespace: wfm-inv
    type: http
    baseUri: https://api.wholefoodsmarket.com/v2
    authentication:
      type: bearer
      token: $secrets.wfm_api_token
    resources:
    - name: low-stock
      path: /stores/{store_id}/inventory/low-stock
      inputParameters:
      - name: store_id
        in: path
      - name: threshold
        in: query
      operations:
      - name: get-low-stock-items
        method: GET
  - namespace: wfm-supply
    type: http
    baseUri: https://api.wholefoodsmarket.com/v2
    authentication:
      type: bearer
      token: $secrets.wfm_supply_token
    resources:
    - name: order
      path: /supply-chain/orders
      operations:
      - name: create-order
        method: POST
  - namespace: slack-wfm
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Generates an Amazon DSP programmatic advertising report, uploads it to S3, and shares the download link via Slack.

naftiko: '0.5'
info:
  label: DSP Advertising Report Generator
  description: Generates an Amazon DSP programmatic advertising report, uploads it to S3, and shares the download link via Slack.
  tags:
  - advertising
  - dsp
  - analytics
  - aws
  - s3
  - slack
capability:
  exposes:
  - type: mcp
    namespace: dsp-report
    port: 8080
    tools:
    - name: generate-dsp-report
      description: Generate a DSP advertising report, store it in S3, and share the link in Slack.
      inputParameters:
      - name: advertiser_id
        in: body
        type: string
        description: The Amazon DSP advertiser ID.
      - name: report_type
        in: body
        type: string
        description: The report type, e.g. campaign, audience, inventory.
      - name: s3_bucket
        in: body
        type: string
        description: The S3 bucket for report storage.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel to share the report link.
      steps:
      - name: generate-report
        type: call
        call: dsp-api.create-report
        with:
          advertiser_id: '{{advertiser_id}}'
          report_type: '{{report_type}}'
      - name: upload-to-s3
        type: call
        call: s3-dsp.put-object
        with:
          bucket: '{{s3_bucket}}'
          key: dsp-reports/{{advertiser_id}}/{{generate-report.report_id}}.csv
          body: '{{generate-report.report_data}}'
      - name: share-link
        type: call
        call: slack-dsp.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'DSP Report Ready: s3://{{s3_bucket}}/dsp-reports/{{advertiser_id}}/{{generate-report.report_id}}.csv'
  consumes:
  - namespace: dsp-api
    type: http
    baseUri: https://advertising-api.amazon.com/dsp/reports/v3
    authentication:
      type: bearer
      token: $secrets.amazon_dsp_token
    resources:
    - name: report
      path: /
      operations:
      - name: create-report
        method: POST
  - namespace: s3-dsp
    type: http
    baseUri: https://s3.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_s3_token
      placement: header
    resources:
    - name: object
      path: /{bucket}/{key}
      inputParameters:
      - name: bucket
        in: path
      - name: key
        in: path
      operations:
      - name: put-object
        method: PUT
  - namespace: slack-dsp
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Tracks Amazon Bedrock foundation model invocation metrics, logs usage patterns to DynamoDB, and posts a usage digest to Slack.

naftiko: '0.5'
info:
  label: Bedrock Model Invocation Monitor
  description: Tracks Amazon Bedrock foundation model invocation metrics, logs usage patterns to DynamoDB, and posts a usage digest to Slack.
  tags:
  - ai
  - generative-ai
  - monitoring
  - aws
  - bedrock
  - dynamodb
  - slack
capability:
  exposes:
  - type: mcp
    namespace: bedrock-monitor
    port: 8080
    tools:
    - name: monitor-model-usage
      description: Track Bedrock model invocations, log usage to DynamoDB, and post a digest to Slack.
      inputParameters:
      - name: model_id
        in: body
        type: string
        description: The Bedrock model ID to monitor, e.g. anthropic.claude-v2.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for usage digests.
      steps:
      - name: get-invocation-metrics
        type: call
        call: cw-bedrock.get-metric-data
        with:
          namespace: AWS/Bedrock
          metric_name: Invocations
          model_id: '{{model_id}}'
      - name: log-usage
        type: call
        call: dynamo-bedrock.put-item
        with:
          table_name: bedrock-usage-log
          model_id: '{{model_id}}'
          invocation_count: '{{get-invocation-metrics.sum}}'
      - name: post-digest
        type: call
        call: slack-bedrock.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Bedrock Usage Digest: Model {{model_id}} - {{get-invocation-metrics.sum}} invocations in the last 24 hours.'
  consumes:
  - namespace: cw-bedrock
    type: http
    baseUri: https://monitoring.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_cloudwatch_token
      placement: header
    resources:
    - name: metric
      path: /
      operations:
      - name: get-metric-data
        method: POST
  - namespace: dynamo-bedrock
    type: http
    baseUri: https://dynamodb.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_dynamodb_token
      placement: header
    resources:
    - name: item
      path: /
      operations:
      - name: put-item
        method: POST
  - namespace: slack-bedrock
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a critical Dependabot vulnerability alert is raised in a GitHub repository, creates a Jira security ticket, notifies the owning team in Slack, and opens a GitHub issue for tracking.

naftiko: '0.5'
info:
  label: GitHub Dependabot Alert Remediation
  description: When a critical Dependabot vulnerability alert is raised in a GitHub repository, creates a Jira security ticket, notifies the owning team in Slack, and opens a GitHub issue for tracking.
  tags:
  - security
  - devops
  - github
  - jira
  - slack
  - dependabot
capability:
  exposes:
  - type: mcp
    namespace: vuln-ops
    port: 8080
    tools:
    - name: handle-dependabot-alert
      description: Given a GitHub repo and Dependabot alert number, fetch alert details, create a Jira security remediation ticket, open a GitHub tracking issue, and notify the team Slack channel.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: The GitHub repository in owner/repo format where the Dependabot alert was raised.
      - name: alert_number
        in: body
        type: integer
        description: The Dependabot alert number to process.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID for the security alert notification.
      steps:
      - name: get-alert
        type: call
        call: github-dep.get-dependabot-alert
        with:
          repo: '{{repo}}'
          alert_number: '{{alert_number}}'
      - name: create-sec-ticket
        type: call
        call: jira-dep.create-issue
        with:
          project_key: SEC
          issuetype: Bug
          summary: 'Dependabot: {{get-alert.dependency_name}} {{get-alert.severity}} in {{repo}}'
          description: 'CVE: {{get-alert.cve_id}}

            Severity: {{get-alert.severity}}

            Fixed in: {{get-alert.fixed_in}}'
      - name: notify-team
        type: call
        call: slack-dep.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Dependabot Alert: {{get-alert.severity}} vulnerability in {{get-alert.dependency_name}} ({{repo}}). CVE: {{get-alert.cve_id}}. Jira: {{create-sec-ticket.key}}'
  consumes:
  - namespace: github-dep
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: dependabot-alert
      path: /repos/{repo}/dependabot/alerts/{alert_number}
      inputParameters:
      - name: repo
        in: path
      - name: alert_number
        in: path
      operations:
      - name: get-dependabot-alert
        method: GET
  - namespace: jira-dep
    type: http
    baseUri: https://amazon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-dep
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Fetches all users in a specified Okta group, checks each user's last login date against a stale-access threshold, and posts an access review report to the security Slack channel.

naftiko: '0.5'
info:
  label: Okta Access Review Report
  description: Fetches all users in a specified Okta group, checks each user's last login date against a stale-access threshold, and posts an access review report to the security Slack channel.
  tags:
  - identity
  - security
  - okta
  - slack
  - access-review
capability:
  exposes:
  - type: mcp
    namespace: identity-review
    port: 8080
    tools:
    - name: run-access-review
      description: Given an Okta group ID and a stale-threshold in days, list group members, filter for users whose last login exceeds the threshold, and post the stale-access list to Slack.
      inputParameters:
      - name: okta_group_id
        in: body
        type: string
        description: The Okta group ID to review member access for.
      - name: stale_threshold_days
        in: body
        type: integer
        description: Number of days without login after which an account is considered stale.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID for the access review report.
      steps:
      - name: get-group-members
        type: call
        call: okta-review.get-group-users
        with:
          group_id: '{{okta_group_id}}'
      - name: post-review-report
        type: call
        call: slack-review.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Access Review for Okta group {{okta_group_id}}: {{get-group-members.total}} members, {{get-group-members.stale_count}} accounts inactive for more than {{stale_threshold_days}} days.'
  consumes:
  - namespace: okta-review
    type: http
    baseUri: https://amazon.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: group-users
      path: /groups/{group_id}/users
      inputParameters:
      - name: group_id
        in: path
      operations:
      - name: get-group-users
        method: GET
  - namespace: slack-review
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a Salesforce subscription account is within 90 days of renewal, automatically creates a renewal opportunity, sets the close date, and assigns it to the account owner.

naftiko: '0.5'
info:
  label: Salesforce Renewal Opportunity Creator
  description: When a Salesforce subscription account is within 90 days of renewal, automatically creates a renewal opportunity, sets the close date, and assigns it to the account owner.
  tags:
  - sales
  - crm
  - salesforce
  - renewal
capability:
  exposes:
  - type: mcp
    namespace: sales-renewal
    port: 8080
    tools:
    - name: create-renewal-opportunity
      description: Given a Salesforce account ID and contract end date, create a renewal opportunity record on the account with a 90-day close target and assign it to the account owner.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account ID of the customer approaching renewal.
      - name: contract_end_date
        in: body
        type: string
        description: The contract end date in YYYY-MM-DD format used to set the renewal opportunity close date.
      - name: renewal_amount
        in: body
        type: number
        description: The expected renewal contract value in USD.
      steps:
      - name: get-account
        type: call
        call: salesforce-renewal.get-account
        with:
          account_id: '{{account_id}}'
      - name: create-opportunity
        type: call
        call: salesforce-renewal.create-opportunity
        with:
          account_id: '{{account_id}}'
          name: 'Renewal: {{get-account.name}}'
          close_date: '{{contract_end_date}}'
          stage_name: Renewal
          amount: '{{renewal_amount}}'
          owner_id: '{{get-account.owner_id}}'
  consumes:
  - namespace: salesforce-renewal
    type: http
    baseUri: https://amazon.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: account
      path: /sobjects/Account/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
    - name: opportunity
      path: /sobjects/Opportunity
      operations:
      - name: create-opportunity
        method: POST

Queries Snowflake for long-running or expensive queries over the past 24 hours and publishes a performance digest to the data-platform Slack channel.

naftiko: '0.5'
info:
  label: Snowflake Query Performance Digest
  description: Queries Snowflake for long-running or expensive queries over the past 24 hours and publishes a performance digest to the data-platform Slack channel.
  tags:
  - data
  - analytics
  - reporting
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-reporting
    port: 8080
    tools:
    - name: digest-query-performance
      description: Query the Snowflake QUERY_HISTORY view for the top expensive queries in the last 24 hours and post a performance digest to Slack. Invoke for daily data-platform health review.
      inputParameters:
      - name: warehouse_name
        in: body
        type: string
        description: The Snowflake virtual warehouse name to analyze, e.g. COMPUTE_WH.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID where the performance digest will be posted.
      steps:
      - name: get-query-history
        type: call
        call: snowflake-perf.get-query-history
        with:
          warehouse_name: '{{warehouse_name}}'
      - name: post-digest
        type: call
        call: slack-perf.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Snowflake Query Digest (24h) for {{warehouse_name}}: {{get-query-history.total_queries}} queries, avg execution: {{get-query-history.avg_execution_ms}}ms, credits used: {{get-query-history.credits_used}}.'
  consumes:
  - namespace: snowflake-perf
    type: http
    baseUri: https://amazon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: query-history
      path: /queries/history
      inputParameters:
      - name: warehouse_name
        in: query
      operations:
      - name: get-query-history
        method: GET
  - namespace: slack-perf
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Monitors Athena query execution costs by tracking data scanned, logs expensive queries to DynamoDB, and alerts the data team via Slack.

naftiko: '0.5'
info:
  label: Athena Query Cost Tracker
  description: Monitors Athena query execution costs by tracking data scanned, logs expensive queries to DynamoDB, and alerts the data team via Slack.
  tags:
  - cloud
  - analytics
  - cost-management
  - aws
  - athena
  - dynamodb
  - slack
capability:
  exposes:
  - type: mcp
    namespace: athena-cost
    port: 8080
    tools:
    - name: track-query-cost
      description: Check an Athena query execution for data scanned, log expensive queries, and alert the data team.
      inputParameters:
      - name: query_execution_id
        in: body
        type: string
        description: The Athena query execution ID to track.
      - name: cost_threshold_gb
        in: body
        type: number
        description: Data scanned threshold in GB that triggers an alert.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for data cost alerts.
      steps:
      - name: get-query-execution
        type: call
        call: athena-api.get-query-execution
        with:
          query_execution_id: '{{query_execution_id}}'
      - name: log-expensive-query
        type: call
        call: dynamo-athena.put-item
        with:
          table_name: athena-cost-tracking
          query_id: '{{query_execution_id}}'
          data_scanned_bytes: '{{get-query-execution.data_scanned}}'
          status: '{{get-query-execution.status}}'
      - name: alert-team
        type: call
        call: slack-athena.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Athena Cost Alert: Query {{query_execution_id}} scanned {{get-query-execution.data_scanned}} bytes. Status: {{get-query-execution.status}}.'
  consumes:
  - namespace: athena-api
    type: http
    baseUri: https://athena.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_athena_token
      placement: header
    resources:
    - name: query
      path: /
      operations:
      - name: get-query-execution
        method: POST
  - namespace: dynamo-athena
    type: http
    baseUri: https://dynamodb.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_dynamodb_token
      placement: header
    resources:
    - name: item
      path: /
      operations:
      - name: put-item
        method: POST
  - namespace: slack-athena
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a Salesforce opportunity moves to Closed Won, creates a Jira epic for the delivery team and posts a handoff notification to the sales Slack channel.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Sync to Jira
  description: When a Salesforce opportunity moves to Closed Won, creates a Jira epic for the delivery team and posts a handoff notification to the sales Slack channel.
  tags:
  - sales
  - crm
  - salesforce
  - jira
  - slack
  - opportunity
capability:
  exposes:
  - type: mcp
    namespace: sales-ops
    port: 8080
    tools:
    - name: sync-opportunity-to-delivery
      description: Given a Salesforce opportunity ID, fetch opportunity details, create a Jira epic for the delivery team, and post a handoff message in Slack. Invoke when an opportunity is marked Closed Won.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID for the closed-won deal, e.g. 0065g00000XYZ.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key where the delivery epic should be created.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID to post the sales-to-delivery handoff message.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: create-epic
        type: call
        call: jira-sales.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Epic
          summary: 'Delivery: {{get-opportunity.name}}'
          description: 'Account: {{get-opportunity.account_name}}

            Value: {{get-opportunity.amount}}

            Close Date: {{get-opportunity.close_date}}'
      - name: post-handoff
        type: call
        call: slack-sales.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Closed Won: {{get-opportunity.name}} ({{get-opportunity.amount}}). Delivery epic created: {{create-epic.key}}'
  consumes:
  - namespace: salesforce
    type: http
    baseUri: https://amazon.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunity
      path: /sobjects/Opportunity/{opportunity_id}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - namespace: jira-sales
    type: http
    baseUri: https://amazon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-sales
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Validates EventBridge rules are actively triggering by checking CloudWatch invocation metrics and posts a health report to Slack.

naftiko: '0.5'
info:
  label: EventBridge Rule Health Checker
  description: Validates EventBridge rules are actively triggering by checking CloudWatch invocation metrics and posts a health report to Slack.
  tags:
  - cloud
  - event-driven
  - monitoring
  - aws
  - eventbridge
  - cloudwatch
  - slack
capability:
  exposes:
  - type: mcp
    namespace: eb-health
    port: 8080
    tools:
    - name: check-rule-health
      description: Check EventBridge rule invocation metrics and report health status to Slack.
      inputParameters:
      - name: rule_name
        in: body
        type: string
        description: The EventBridge rule name to check.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for health reports.
      steps:
      - name: get-invocation-count
        type: call
        call: cw-eb.get-metric-data
        with:
          namespace: AWS/Events
          metric_name: Invocations
          rule_name: '{{rule_name}}'
      - name: get-failed-count
        type: call
        call: cw-eb.get-failed-metric
        with:
          namespace: AWS/Events
          metric_name: FailedInvocations
          rule_name: '{{rule_name}}'
      - name: post-report
        type: call
        call: slack-eb.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'EventBridge Rule Health: {{rule_name}} - Invocations: {{get-invocation-count.sum}}, Failed: {{get-failed-count.sum}}.'
  consumes:
  - namespace: cw-eb
    type: http
    baseUri: https://monitoring.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_cloudwatch_token
      placement: header
    resources:
    - name: metric
      path: /
      operations:
      - name: get-metric-data
        method: POST
      - name: get-failed-metric
        method: POST
  - namespace: slack-eb
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Syncs content from Confluence into an Amazon Q knowledge base index, triggers a re-index, and posts sync status to Slack.

naftiko: '0.5'
info:
  label: Amazon Q Knowledge Base Sync
  description: Syncs content from Confluence into an Amazon Q knowledge base index, triggers a re-index, and posts sync status to Slack.
  tags:
  - ai
  - knowledge-management
  - aws
  - amazon-q
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: q-kb-sync
    port: 8080
    tools:
    - name: sync-knowledge-base
      description: Pull content from Confluence, sync it to an Amazon Q knowledge base, and report status to Slack.
      inputParameters:
      - name: confluence_space
        in: body
        type: string
        description: The Confluence space key to sync from.
      - name: index_id
        in: body
        type: string
        description: The Amazon Q index ID to sync to.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for sync notifications.
      steps:
      - name: get-space-content
        type: call
        call: confluence-q.get-space-content
        with:
          space_key: '{{confluence_space}}'
      - name: start-sync
        type: call
        call: q-api.start-data-source-sync
        with:
          index_id: '{{index_id}}'
          data_source_id: confluence-{{confluence_space}}
      - name: notify-sync
        type: call
        call: slack-q.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Amazon Q KB Sync started for index {{index_id}} from Confluence space {{confluence_space}}. Sync execution: {{start-sync.execution_id}}.'
  consumes:
  - namespace: confluence-q
    type: http
    baseUri: https://amazon.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_token
    resources:
    - name: space
      path: /space/{space_key}/content
      inputParameters:
      - name: space_key
        in: path
      operations:
      - name: get-space-content
        method: GET
  - namespace: q-api
    type: http
    baseUri: https://qbusiness.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_q_token
      placement: header
    resources:
    - name: data-source-sync
      path: /applications/{index_id}/data-sources/{data_source_id}/sync
      inputParameters:
      - name: index_id
        in: path
      - name: data_source_id
        in: path
      operations:
      - name: start-data-source-sync
        method: POST
  - namespace: slack-q
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Orchestrates a production deployment by triggering a GitHub Actions workflow, creating a Datadog deployment marker, and posting a status notification to the Slack deployments channel.

naftiko: '0.5'
info:
  label: Production Deployment Rollout
  description: Orchestrates a production deployment by triggering a GitHub Actions workflow, creating a Datadog deployment marker, and posting a status notification to the Slack deployments channel.
  tags:
  - devops
  - deployment
  - github
  - datadog
  - slack
capability:
  exposes:
  - type: mcp
    namespace: devops-deploy
    port: 8080
    tools:
    - name: trigger-production-deploy
      description: Given a service name, version tag, and target environment, trigger a GitHub Actions deployment workflow, register a Datadog deployment marker, and notify the Slack deployments channel.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: The GitHub repository in owner/repo format to deploy from.
      - name: version_tag
        in: body
        type: string
        description: The git tag or commit SHA to deploy, e.g. v2.4.1.
      - name: environment
        in: body
        type: string
        description: 'The target deployment environment: production, staging, or canary.'
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID to post deployment status to.
      steps:
      - name: trigger-workflow
        type: call
        call: github-deploy.trigger-workflow
        with:
          repo: '{{repo}}'
          ref: '{{version_tag}}'
          workflow_id: deploy.yml
          inputs: '{"environment":"{{environment}}"}'
      - name: mark-deployment
        type: call
        call: datadog-deploy.create-event
        with:
          title: 'Deployment: {{repo}} {{version_tag}} to {{environment}}'
          text: Workflow run triggered via Naftiko.
          alert_type: info
      - name: notify-channel
        type: call
        call: slack-deploy.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Deployment started: {{repo}} @ {{version_tag}} to {{environment}}.'
  consumes:
  - namespace: github-deploy
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-dispatch
      path: /repos/{repo}/actions/workflows/{workflow_id}/dispatches
      inputParameters:
      - name: repo
        in: path
      - name: workflow_id
        in: path
      operations:
      - name: trigger-workflow
        method: POST
  - namespace: datadog-deploy
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: event
      path: /events
      operations:
      - name: create-event
        method: POST
  - namespace: slack-deploy
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Audits all Okta users in a specified group to identify those without MFA enrolled, posts a remediation report to the security Slack channel, and creates a Jira compliance task.

naftiko: '0.5'
info:
  label: Okta MFA Enforcement Audit
  description: Audits all Okta users in a specified group to identify those without MFA enrolled, posts a remediation report to the security Slack channel, and creates a Jira compliance task.
  tags:
  - security
  - identity
  - okta
  - compliance
  - slack
  - jira
capability:
  exposes:
  - type: mcp
    namespace: mfa-audit
    port: 8080
    tools:
    - name: audit-mfa-enrollment
      description: Given an Okta group ID, list all users and check MFA enrollment status. Post a list of non-compliant users to the security Slack channel and create a Jira compliance task.
      inputParameters:
      - name: okta_group_id
        in: body
        type: string
        description: The Okta group ID to audit for MFA enrollment compliance.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID for the MFA compliance report.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for the compliance tracking task.
      steps:
      - name: get-group-users
        type: call
        call: okta-mfa.get-group-users
        with:
          group_id: '{{okta_group_id}}'
      - name: create-compliance-task
        type: call
        call: jira-mfa.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Task
          summary: 'MFA audit: {{get-group-users.non_mfa_count}} users without MFA in group {{okta_group_id}}'
          description: 'Non-compliant users: {{get-group-users.non_mfa_count}} out of {{get-group-users.total}}'
      - name: post-mfa-report
        type: call
        call: slack-mfa.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'MFA Audit: {{get-group-users.non_mfa_count}} / {{get-group-users.total}} users in group {{okta_group_id}} lack MFA. Jira: {{create-compliance-task.key}}'
  consumes:
  - namespace: okta-mfa
    type: http
    baseUri: https://amazon.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: group-users
      path: /groups/{group_id}/users
      inputParameters:
      - name: group_id
        in: path
      operations:
      - name: get-group-users
        method: GET
  - namespace: jira-mfa
    type: http
    baseUri: https://amazon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-mfa
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Calculates estimated delivery time for an Amazon order using logistics data and warehouse location, then updates the order with the delivery estimate.

naftiko: '0.5'
info:
  label: Delivery ETA Estimator
  description: Calculates estimated delivery time for an Amazon order using logistics data and warehouse location, then updates the order with the delivery estimate.
  tags:
  - ecommerce
  - logistics
  - delivery
  - fulfillment
capability:
  exposes:
  - type: mcp
    namespace: delivery-eta
    port: 8080
    tools:
    - name: estimate-delivery
      description: Calculate delivery ETA for an order using warehouse location and destination, then update the order with the estimate.
      inputParameters:
      - name: order_id
        in: body
        type: string
        description: The Amazon order ID to estimate delivery for.
      - name: destination_zip
        in: body
        type: string
        description: The destination ZIP code.
      steps:
      - name: get-order-warehouse
        type: call
        call: logistics-api.get-fulfillment-center
        with:
          order_id: '{{order_id}}'
      - name: calculate-eta
        type: call
        call: logistics-api.calculate-transit-time
        with:
          origin_zip: '{{get-order-warehouse.warehouse_zip}}'
          destination_zip: '{{destination_zip}}'
          shipping_method: '{{get-order-warehouse.shipping_method}}'
      - name: update-order-eta
        type: call
        call: logistics-api.update-delivery-estimate
        with:
          order_id: '{{order_id}}'
          estimated_delivery: '{{calculate-eta.estimated_date}}'
  consumes:
  - namespace: logistics-api
    type: http
    baseUri: https://api.amazon.com/logistics/v1
    authentication:
      type: bearer
      token: $secrets.amazon_logistics_token
    resources:
    - name: fulfillment-center
      path: /orders/{order_id}/fulfillment-center
      inputParameters:
      - name: order_id
        in: path
      operations:
      - name: get-fulfillment-center
        method: GET
    - name: transit-time
      path: /transit-time/calculate
      operations:
      - name: calculate-transit-time
        method: POST
    - name: delivery-estimate
      path: /orders/{order_id}/delivery-estimate
      inputParameters:
      - name: order_id
        in: path
      operations:
      - name: update-delivery-estimate
        method: PUT

Detects Prime delivery delays by checking shipment tracking, creates a support ticket in ServiceNow, and sends the customer a proactive notification via SES.

naftiko: '0.5'
info:
  label: Prime Delivery Delay Escalation
  description: Detects Prime delivery delays by checking shipment tracking, creates a support ticket in ServiceNow, and sends the customer a proactive notification via SES.
  tags:
  - ecommerce
  - prime
  - logistics
  - customer-service
  - servicenow
  - ses
capability:
  exposes:
  - type: mcp
    namespace: prime-delay
    port: 8080
    tools:
    - name: escalate-delay
      description: Detect a Prime delivery delay, create a ServiceNow ticket, and proactively notify the customer via email.
      inputParameters:
      - name: order_id
        in: body
        type: string
        description: The order ID with a potential delivery delay.
      - name: customer_email
        in: body
        type: string
        description: The customer email for proactive notification.
      steps:
      - name: check-shipment
        type: call
        call: logistics-delay.get-shipment-tracking
        with:
          order_id: '{{order_id}}'
      - name: create-ticket
        type: call
        call: servicenow-delay.create-incident
        with:
          short_description: 'Prime Delivery Delay: Order {{order_id}}'
          description: 'Shipment {{check-shipment.tracking_id}} delayed. Current status: {{check-shipment.status}}. Expected: {{check-shipment.expected_date}}.'
      - name: notify-customer
        type: call
        call: ses-delay.send-email
        with:
          to: '{{customer_email}}'
          subject: Update on your Amazon order {{order_id}}
          body: 'We noticed a delay with your order. Current status: {{check-shipment.status}}. New estimated delivery: {{check-shipment.revised_date}}. We apologize for the inconvenience.'
  consumes:
  - namespace: logistics-delay
    type: http
    baseUri: https://api.amazon.com/logistics/v1
    authentication:
      type: bearer
      token: $secrets.amazon_logistics_token
    resources:
    - name: tracking
      path: /orders/{order_id}/tracking
      inputParameters:
      - name: order_id
        in: path
      operations:
      - name: get-shipment-tracking
        method: GET
  - namespace: servicenow-delay
    type: http
    baseUri: https://amazon.service-now.com/api/now/table
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incident
      path: /incident
      operations:
      - name: create-incident
        method: POST
  - namespace: ses-delay
    type: http
    baseUri: https://email.us-east-1.amazonaws.com/v2
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_ses_token
      placement: header
    resources:
    - name: email
      path: /email/outbound-emails
      operations:
      - name: send-email
        method: POST

Checks the current EKS cluster version, compares with available Kubernetes versions, and generates an upgrade plan posted to Confluence and Slack.

naftiko: '0.5'
info:
  label: EKS Cluster Upgrade Planner
  description: Checks the current EKS cluster version, compares with available Kubernetes versions, and generates an upgrade plan posted to Confluence and Slack.
  tags:
  - cloud
  - kubernetes
  - aws
  - eks
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: eks-upgrade
    port: 8080
    tools:
    - name: plan-upgrade
      description: Check EKS cluster version, identify available upgrades, and post an upgrade plan to Confluence and Slack.
      inputParameters:
      - name: cluster_name
        in: body
        type: string
        description: The EKS cluster name to check.
      - name: confluence_space
        in: body
        type: string
        description: Confluence space key for the upgrade plan.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for upgrade notifications.
      steps:
      - name: describe-cluster
        type: call
        call: eks-api.describe-cluster
        with:
          cluster_name: '{{cluster_name}}'
      - name: create-plan-page
        type: call
        call: confluence-eks.create-page
        with:
          space_key: '{{confluence_space}}'
          title: 'EKS Upgrade Plan: {{cluster_name}}'
          body: 'Current version: {{describe-cluster.version}}. Cluster status: {{describe-cluster.status}}. Review add-on compatibility before upgrading.'
      - name: notify-team
        type: call
        call: slack-eks.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'EKS Upgrade Plan created for {{cluster_name}} (current: v{{describe-cluster.version}}). Confluence: {{create-plan-page.url}}'
  consumes:
  - namespace: eks-api
    type: http
    baseUri: https://eks.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_eks_token
      placement: header
    resources:
    - name: cluster
      path: /clusters/{cluster_name}
      inputParameters:
      - name: cluster_name
        in: path
      operations:
      - name: describe-cluster
        method: GET
  - namespace: confluence-eks
    type: http
    baseUri: https://amazon.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_token
    resources:
    - name: page
      path: /content
      operations:
      - name: create-page
        method: POST
  - namespace: slack-eks
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves performance metrics for an Amazon Advertising campaign including impressions, clicks, and spend.

naftiko: '0.5'
info:
  label: Advertising Campaign Metrics
  description: Retrieves performance metrics for an Amazon Advertising campaign including impressions, clicks, and spend.
  tags:
  - advertising
  - marketing
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: ads-metrics
    port: 8080
    tools:
    - name: get-campaign-metrics
      description: Fetch performance metrics for a given Amazon Advertising campaign. Returns impressions, clicks, CTR, and spend.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: The Amazon Advertising campaign ID to retrieve metrics for.
      - name: date_range
        in: body
        type: string
        description: The date range for metrics, e.g. last-7-days.
      call: ads-api.get-campaign-report
      with:
        campaign_id: '{{campaign_id}}'
        date_range: '{{date_range}}'
      outputParameters:
      - name: impressions
        type: number
        mapping: $.metrics.impressions
      - name: clicks
        type: number
        mapping: $.metrics.clicks
      - name: spend
        type: number
        mapping: $.metrics.cost
  consumes:
  - namespace: ads-api
    type: http
    baseUri: https://advertising-api.amazon.com/v3
    authentication:
      type: bearer
      token: $secrets.amazon_ads_token
    resources:
    - name: campaigns
      path: /campaigns/{campaign_id}/report
      inputParameters:
      - name: campaign_id
        in: path
      - name: date_range
        in: query
      operations:
      - name: get-campaign-report
        method: GET

Audits a GitHub repository for branch protection rules, required status checks, and code owner file presence, then posts a compliance report to a Slack channel.

naftiko: '0.5'
info:
  label: GitHub Repository Compliance Audit
  description: Audits a GitHub repository for branch protection rules, required status checks, and code owner file presence, then posts a compliance report to a Slack channel.
  tags:
  - devops
  - compliance
  - github
  - slack
  - security
capability:
  exposes:
  - type: mcp
    namespace: devops-compliance
    port: 8080
    tools:
    - name: audit-repo-compliance
      description: Given a GitHub repository name, check branch protection rules on the default branch, verify required status checks are configured, and post a compliance status report to Slack.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: The GitHub repository in owner/repo format to audit, e.g. amzn/service-catalog.
      - name: branch
        in: body
        type: string
        description: The branch to check protection rules on, typically main or master.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID where the compliance report will be posted.
      steps:
      - name: get-branch-protection
        type: call
        call: github-compliance.get-branch-protection
        with:
          repo: '{{repo}}'
          branch: '{{branch}}'
      - name: post-compliance-report
        type: call
        call: slack-compliance.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Compliance Audit: {{repo}} / {{branch}} | Required reviews: {{get-branch-protection.required_approving_review_count}} | Status checks required: {{get-branch-protection.required_status_checks_count}} | Admin enforced: {{get-branch-protection.enforce_admins}}'
  consumes:
  - namespace: github-compliance
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: branch-protection
      path: /repos/{repo}/branches/{branch}/protection
      inputParameters:
      - name: repo
        in: path
      - name: branch
        in: path
      operations:
      - name: get-branch-protection
        method: GET
  - namespace: slack-compliance
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Creates a CloudFront cache invalidation after a deployment, monitors its completion, and notifies the engineering team via Slack.

naftiko: '0.5'
info:
  label: CloudFront Cache Invalidation Workflow
  description: Creates a CloudFront cache invalidation after a deployment, monitors its completion, and notifies the engineering team via Slack.
  tags:
  - cloud
  - cdn
  - deployment
  - aws
  - cloudfront
  - slack
capability:
  exposes:
  - type: mcp
    namespace: cf-invalidation
    port: 8080
    tools:
    - name: invalidate-and-notify
      description: Create a CloudFront cache invalidation for specified paths, check completion status, and notify the team via Slack.
      inputParameters:
      - name: distribution_id
        in: body
        type: string
        description: The CloudFront distribution ID to invalidate.
      - name: paths
        in: body
        type: string
        description: Comma-separated list of paths to invalidate, e.g. /index.html,/assets/*.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for invalidation notifications.
      steps:
      - name: create-invalidation
        type: call
        call: cf-api.create-invalidation
        with:
          distribution_id: '{{distribution_id}}'
          paths: '{{paths}}'
      - name: check-status
        type: call
        call: cf-api.get-invalidation
        with:
          distribution_id: '{{distribution_id}}'
          invalidation_id: '{{create-invalidation.invalidation_id}}'
      - name: notify-team
        type: call
        call: slack-cf.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'CloudFront Invalidation {{create-invalidation.invalidation_id}} for distribution {{distribution_id}}: Status {{check-status.status}}. Paths: {{paths}}'
  consumes:
  - namespace: cf-api
    type: http
    baseUri: https://cloudfront.amazonaws.com/2020-05-31
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_cloudfront_token
      placement: header
    resources:
    - name: invalidation
      path: /distribution/{distribution_id}/invalidation
      inputParameters:
      - name: distribution_id
        in: path
      - name: paths
        in: body
      operations:
      - name: create-invalidation
        method: POST
    - name: invalidation-status
      path: /distribution/{distribution_id}/invalidation/{invalidation_id}
      inputParameters:
      - name: distribution_id
        in: path
      - name: invalidation_id
        in: path
      operations:
      - name: get-invalidation
        method: GET
  - namespace: slack-cf
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Checks the Prime membership status for a customer account and returns subscription tier and renewal date.

naftiko: '0.5'
info:
  label: Prime Membership Status Lookup
  description: Checks the Prime membership status for a customer account and returns subscription tier and renewal date.
  tags:
  - ecommerce
  - prime
  - customer
capability:
  exposes:
  - type: mcp
    namespace: prime-membership
    port: 8080
    tools:
    - name: get-membership-status
      description: Look up the Prime membership status for a given customer ID. Returns tier, renewal date, and benefit details.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: The Amazon customer ID to look up Prime status for.
      call: prime-api.get-membership
      with:
        customer_id: '{{customer_id}}'
      outputParameters:
      - name: tier
        type: string
        mapping: $.membership.tier
      - name: renewal_date
        type: string
        mapping: $.membership.renewalDate
  consumes:
  - namespace: prime-api
    type: http
    baseUri: https://api.amazon.com/prime/v1
    authentication:
      type: bearer
      token: $secrets.amazon_prime_token
    resources:
    - name: membership
      path: /memberships/{customer_id}
      inputParameters:
      - name: customer_id
        in: path
      operations:
      - name: get-membership
        method: GET

When a GitHub pull request is opened against a main branch, triggers a Snyk security scan and posts the results as a PR comment. Blocks merge if critical vulnerabilities are detected.

naftiko: '0.5'
info:
  label: GitHub PR Security Scan Gate
  description: When a GitHub pull request is opened against a main branch, triggers a Snyk security scan and posts the results as a PR comment. Blocks merge if critical vulnerabilities are detected.
  tags:
  - devops
  - security
  - github
  - snyk
  - code-quality
capability:
  exposes:
  - type: mcp
    namespace: devops-security
    port: 8080
    tools:
    - name: run-pr-security-scan
      description: Given a GitHub repo and PR number, trigger a Snyk security scan on the PR branch and post scan results as a GitHub PR review comment. Use when enforcing security gates on pull requests.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: The GitHub repository in owner/repo format, e.g. amzn/service-catalog.
      - name: pr_number
        in: body
        type: integer
        description: The pull request number to scan and comment on.
      - name: branch
        in: body
        type: string
        description: The branch name associated with the pull request.
      steps:
      - name: trigger-scan
        type: call
        call: snyk.test-project
        with:
          org: amazon
          target_reference: '{{branch}}'
      - name: post-review
        type: call
        call: github-sec.create-pr-review
        with:
          repo: '{{repo}}'
          pull_number: '{{pr_number}}'
          body: 'Snyk scan complete. Issues found: {{trigger-scan.issue_count}}. Critical: {{trigger-scan.critical_count}}. See full report: {{trigger-scan.report_url}}'
          event: COMMENT
  consumes:
  - namespace: snyk
    type: http
    baseUri: https://api.snyk.io/rest
    authentication:
      type: bearer
      token: $secrets.snyk_token
    resources:
    - name: project-test
      path: /orgs/{org}/test
      inputParameters:
      - name: org
        in: path
      operations:
      - name: test-project
        method: POST
  - namespace: github-sec
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pr-review
      path: /repos/{repo}/pulls/{pull_number}/reviews
      inputParameters:
      - name: repo
        in: path
      - name: pull_number
        in: path
      operations:
      - name: create-pr-review
        method: POST

Deploys a new Lambda function version, runs a smoke test, and rolls back to the previous version if the test fails, notifying the team via Slack.

naftiko: '0.5'
info:
  label: Lambda Deployment with Rollback
  description: Deploys a new Lambda function version, runs a smoke test, and rolls back to the previous version if the test fails, notifying the team via Slack.
  tags:
  - cloud
  - serverless
  - deployment
  - aws
  - lambda
  - slack
capability:
  exposes:
  - type: mcp
    namespace: lambda-deploy
    port: 8080
    tools:
    - name: deploy-with-rollback
      description: Deploy a new Lambda version from S3, invoke a smoke test, and roll back if it fails. Posts deployment status to Slack.
      inputParameters:
      - name: function_name
        in: body
        type: string
        description: The Lambda function name to deploy.
      - name: s3_bucket
        in: body
        type: string
        description: The S3 bucket containing the deployment package.
      - name: s3_key
        in: body
        type: string
        description: The S3 key for the deployment package zip.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel for deployment notifications.
      steps:
      - name: update-function
        type: call
        call: lambda-dep.update-function-code
        with:
          function_name: '{{function_name}}'
          s3_bucket: '{{s3_bucket}}'
          s3_key: '{{s3_key}}'
      - name: invoke-smoke-test
        type: call
        call: lambda-dep.invoke-function
        with:
          function_name: '{{function_name}}'
          payload: '{"test": true}'
      - name: notify-team
        type: call
        call: slack-dep.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Lambda deployment for {{function_name}}: version {{update-function.version}} deployed. Smoke test status: {{invoke-smoke-test.status_code}}.'
  consumes:
  - namespace: lambda-dep
    type: http
    baseUri: https://lambda.us-east-1.amazonaws.com/2015-03-31
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_lambda_token
      placement: header
    resources:
    - name: function-code
      path: /functions/{function_name}/code
      inputParameters:
      - name: function_name
        in: path
      operations:
      - name: update-function-code
        method: PUT
    - name: invocation
      path: /functions/{function_name}/invocations
      inputParameters:
      - name: function_name
        in: path
      - name: payload
        in: body
      operations:
      - name: invoke-function
        method: POST
  - namespace: slack-dep
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Queries Datadog for SLO burn rate on a target service, and if the burn rate exceeds the threshold, pages PagerDuty and posts a remediation link in Slack.

naftiko: '0.5'
info:
  label: Datadog SLO Burn Rate Alert
  description: Queries Datadog for SLO burn rate on a target service, and if the burn rate exceeds the threshold, pages PagerDuty and posts a remediation link in Slack.
  tags:
  - observability
  - slo
  - datadog
  - pagerduty
  - slack
capability:
  exposes:
  - type: mcp
    namespace: slo-ops
    port: 8080
    tools:
    - name: handle-slo-burn-alert
      description: Given a Datadog SLO ID and burn rate threshold, check the current SLO burn rate and if it exceeds the threshold, page PagerDuty and alert the Slack ops channel with the SLO status and a remediation link.
      inputParameters:
      - name: slo_id
        in: body
        type: string
        description: The Datadog SLO ID to check the burn rate for.
      - name: burn_rate_threshold
        in: body
        type: number
        description: The burn rate multiplier above which an alert is triggered, e.g. 14.4 for a 1-hour burn window.
      - name: pagerduty_service_key
        in: body
        type: string
        description: The PagerDuty integration service key for routing the SLO burn alert.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel ID for the SLO burn notification.
      steps:
      - name: get-slo
        type: call
        call: datadog-slo.get-slo
        with:
          slo_id: '{{slo_id}}'
      - name: page-oncall
        type: call
        call: pagerduty-slo.create-incident
        with:
          service_key: '{{pagerduty_service_key}}'
          description: 'SLO burn rate alert: {{get-slo.name}} burn rate = {{get-slo.burn_rate}}'
          incident_key: slo-{{slo_id}}
      - name: post-slo-alert
        type: call
        call: slack-slo.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'SLO BURN ALERT: {{get-slo.name}} | Burn rate: {{get-slo.burn_rate}} (threshold: {{burn_rate_threshold}}) | Remaining error budget: {{get-slo.error_budget_remaining}}%'
  consumes:
  - namespace: datadog-slo
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: slo
      path: /slo/{slo_id}
      inputParameters:
      - name: slo_id
        in: path
      operations:
      - name: get-slo
        method: GET
  - namespace: pagerduty-slo
    type: http
    baseUri: https://events.pagerduty.com/v2
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: incident
      path: /enqueue
      operations:
      - name: create-incident
        method: POST
  - namespace: slack-slo
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Translates Amazon product listing content using Amazon Translate, updates the listing for the target marketplace, and logs the translation to DynamoDB.

naftiko: '0.5'
info:
  label: Translate Product Listing Localizer
  description: Translates Amazon product listing content using Amazon Translate, updates the listing for the target marketplace, and logs the translation to DynamoDB.
  tags:
  - ecommerce
  - localization
  - aws
  - translate
  - marketplace
  - dynamodb
capability:
  exposes:
  - type: mcp
    namespace: listing-translate
    port: 8080
    tools:
    - name: localize-listing
      description: Translate a product listing to a target language, update the marketplace listing, and log the translation.
      inputParameters:
      - name: asin
        in: body
        type: string
        description: The ASIN of the product to translate.
      - name: source_language
        in: body
        type: string
        description: Source language code, e.g. en.
      - name: target_language
        in: body
        type: string
        description: Target language code, e.g. de.
      steps:
      - name: get-listing
        type: call
        call: sp-translate.get-listing
        with:
          asin: '{{asin}}'
      - name: translate-content
        type: call
        call: translate-api.translate-text
        with:
          text: '{{get-listing.title}} | {{get-listing.description}}'
          source_language: '{{source_language}}'
          target_language: '{{target_language}}'
      - name: log-translation
        type: call
        call: dynamo-translate.put-item
        with:
          table_name: listing-translations
          asin: '{{asin}}'
          target_language: '{{target_language}}'
          translated_text: '{{translate-content.translated_text}}'
  consumes:
  - namespace: sp-translate
    type: http
    baseUri: https://sellingpartnerapi-na.amazon.com
    authentication:
      type: bearer
      token: $secrets.sp_api_token
    resources:
    - name: listing
      path: /listings/2021-08-01/items/ATVPDKIKX0DER/{asin}
      inputParameters:
      - name: asin
        in: path
      operations:
      - name: get-listing
        method: GET
  - namespace: translate-api
    type: http
    baseUri: https://translate.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_translate_token
      placement: header
    resources:
    - name: translate
      path: /
      operations:
      - name: translate-text
        method: POST
  - namespace: dynamo-translate
    type: http
    baseUri: https://dynamodb.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_dynamodb_token
      placement: header
    resources:
    - name: item
      path: /
      operations:
      - name: put-item
        method: POST