Queries a SEPA or SWIFT payment transaction status from the core banking system, checks processing SLA compliance against Snowflake benchmarks, and escalates overdue payments via ServiceNow.

naftiko: '0.5'
info:
  label: Payment Transaction Status with SLA Check
  description: Queries a SEPA or SWIFT payment transaction status from the core banking system, checks processing SLA compliance against Snowflake benchmarks, and escalates overdue payments via ServiceNow.
  tags:
  - payments
  - banking
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: payments
    port: 8080
    tools:
    - name: get-payment-status-with-sla
      description: Look up a payment transaction by reference, check SLA compliance, and escalate if overdue.
      inputParameters:
      - name: payment_reference
        in: body
        type: string
        description: The unique payment reference or end-to-end ID.
      - name: expected_sla_hours
        in: body
        type: number
        description: Expected SLA in hours for payment settlement.
      steps:
      - name: get-payment
        type: call
        call: core-banking.get-payment
        with:
          reference: '{{payment_reference}}'
      - name: check-sla
        type: call
        call: snowflake.execute-query
        with:
          warehouse: PAYMENTS_WH
          database: PAYMENTS_DB
          query: SELECT TIMESTAMPDIFF(hour, initiated_at, CURRENT_TIMESTAMP()) as hours_elapsed FROM payment_tracking WHERE reference = '{{payment_reference}}'
      - name: escalate-overdue
        type: call
        call: servicenow.create-record
        with:
          table: u_payment_escalation
          short_description: 'Payment SLA breach: {{payment_reference}}'
          description: 'Payment {{payment_reference}} status: {{get-payment.status}}. Hours elapsed: {{check-sla.hours_elapsed}}. Expected SLA: {{expected_sla_hours}} hours.'
          assigned_group: Payment_Operations
  consumes:
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/payments
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: transactions
      path: /transactions/{{reference}}
      inputParameters:
      - name: reference
        in: path
      operations:
      - name: get-payment
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

On AML alert, enriches with customer data from Salesforce, checks sanctions lists, creates investigation case in ServiceNow, and notifies compliance via Teams.

naftiko: '0.5'
info:
  label: AML Alert Investigation Pipeline
  description: On AML alert, enriches with customer data from Salesforce, checks sanctions lists, creates investigation case in ServiceNow, and notifies compliance via Teams.
  tags:
  - aml
  - compliance
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: aml
    port: 8080
    tools:
    - name: aml_alert_investigation_pipeline
      description: Orchestrate aml alert investigation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-alert
        type: call
        call: aml.get-alert
        with:
          alert_id: '{{resource_id}}'
      - name: get-customer
        type: call
        call: salesforce.get-customer
        with:
          customer_id: '{{get-alert.customer_id}}'
      - name: create-case
        type: call
        call: servicenow.create-case
        with:
          short_description: 'AML investigation: {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: compliance
          text: 'AML alert {{resource_id}} for {{get-customer.name}}. Case: {{create-case.number}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Retrieves real-time market data for a given security from Bloomberg Enterprise Data, checks for significant price movements against Snowflake historical data, and alerts the trading desk in Microsoft Teams if volatility thresholds are breached.

naftiko: '0.5'
info:
  label: Bloomberg Market Data Lookup with Risk Check
  description: Retrieves real-time market data for a given security from Bloomberg Enterprise Data, checks for significant price movements against Snowflake historical data, and alerts the trading desk in Microsoft Teams if volatility thresholds are breached.
  tags:
  - trading
  - market-data
  - bloomberg-enterprise-data
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading-data
    port: 8080
    tools:
    - name: get-security-quote-with-check
      description: Look up real-time market data for a security by Bloomberg ticker, compare against historical volatility, and alert if thresholds are breached.
      inputParameters:
      - name: ticker
        in: body
        type: string
        description: Bloomberg ticker symbol (e.g., ABNA NA Equity).
      - name: volatility_threshold
        in: body
        type: number
        description: Percentage threshold for volatility alerts.
      steps:
      - name: get-quote
        type: call
        call: bloomberg.get-quote
        with:
          ticker: '{{ticker}}'
      - name: get-historical
        type: call
        call: snowflake.execute-query
        with:
          warehouse: TRADING_WH
          database: MARKET_DATA_DB
          query: SELECT AVG(close_price) as avg_price, STDDEV(close_price) as std_price FROM price_history WHERE ticker = '{{ticker}}' AND trade_date >= DATEADD(day, -30, CURRENT_DATE())
      - name: alert-desk
        type: call
        call: msteams.send-message
        with:
          channel: trading-desk-alerts
          text: 'Market data alert: {{ticker}} | Last: {{get-quote.last_price}} | 30d avg: {{get-historical.avg_price}} | Std: {{get-historical.std_price}} | Threshold: {{volatility_threshold}}%'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: quotes
      path: /market/quotes/{{ticker}}
      inputParameters:
      - name: ticker
        in: path
      operations:
      - name: get-quote
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Receives credit application, runs scoring model in Snowflake, checks exposure limits, generates decision in ServiceNow, and notifies the credit committee.

naftiko: '0.5'
info:
  label: Credit Decision Engine Pipeline
  description: Receives credit application, runs scoring model in Snowflake, checks exposure limits, generates decision in ServiceNow, and notifies the credit committee.
  tags:
  - credit
  - lending
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: credit
    port: 8080
    tools:
    - name: credit_decision_engine_pipeline
      description: Orchestrate credit decision engine pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-application
        type: call
        call: lending.get-credit-app
        with:
          app_id: '{{resource_id}}'
      - name: run-scoring
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL credit_score('{{resource_id}}')
          warehouse: CREDIT_WH
      - name: create-decision
        type: call
        call: servicenow.create-record
        with:
          table: credit_decisions
          app_id: '{{resource_id}}'
          score: '{{run-scoring.score}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: credit-committee
          text: 'Credit decision for {{resource_id}}: Score {{run-scoring.score}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Monitors FX hedging positions, calculates effectiveness in Snowflake, generates reports, creates alerts for breaches, and notifies treasury.

naftiko: '0.5'
info:
  label: FX Hedging Position Monitor
  description: Monitors FX hedging positions, calculates effectiveness in Snowflake, generates reports, creates alerts for breaches, and notifies treasury.
  tags:
  - fx
  - hedging
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: fx
    port: 8080
    tools:
    - name: fx_hedging_position_monitor
      description: Orchestrate fx hedging position monitor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Searches Elasticsearch for application logs by service name and time range, returning matching log entries for troubleshooting banking system issues.

naftiko: '0.5'
info:
  label: Elasticsearch Log Search
  description: Searches Elasticsearch for application logs by service name and time range, returning matching log entries for troubleshooting banking system issues.
  tags:
  - observability
  - logging
  - elasticsearch
capability:
  exposes:
  - type: mcp
    namespace: log-search
    port: 8080
    tools:
    - name: search-logs
      description: Search Elasticsearch logs by service name and time range. Returns matching log entries.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The service name to search logs for.
      - name: time_range
        in: body
        type: string
        description: Time range (e.g., 1h, 6h, 24h).
      - name: log_level
        in: body
        type: string
        description: 'Log level filter: ERROR, WARN, INFO, DEBUG.'
      call: elasticsearch.search
      with:
        index: logs-{{service_name}}-*
        query: level:{{log_level}} AND @timestamp:[now-{{time_range}} TO now]
      outputParameters:
      - name: hit_count
        type: string
        mapping: $.hits.total.value
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://es.abnamro.com:9200
    authentication:
      type: basic
      username: $secrets.elasticsearch_user
      password: $secrets.elasticsearch_password
    resources:
    - name: search
      path: /{{index}}/_search
      inputParameters:
      - name: index
        in: path
      operations:
      - name: search
        method: POST

Retrieves the current on-call schedule for ABN AMRO incident response teams.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Schedule
  description: Retrieves the current on-call schedule for ABN AMRO incident response teams.
  tags:
  - devops
  - pagerduty
  - on-call
capability:
  exposes:
  - type: mcp
    namespace: incident-mgmt
    port: 8080
    tools:
    - name: get-on-call
      description: Get current on-call schedule by policy.
      inputParameters:
      - name: policy_id
        in: body
        type: string
        description: The policy_id to look up.
      call: pagerduty.get-policy_id
      with:
        policy_id: '{{policy_id}}'
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty_on_call_schedule
        method: GET

On role change in Workday, updates SailPoint access, modifies Okta groups, adjusts ServiceNow assignments, and notifies the employee and manager.

naftiko: '0.5'
info:
  label: Employee Role Transfer Orchestrator
  description: On role change in Workday, updates SailPoint access, modifies Okta groups, adjusts ServiceNow assignments, and notifies the employee and manager.
  tags:
  - hr
  - workday
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: employee_role_transfer_orchestrator
      description: Orchestrate employee role transfer orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-transfer
        type: call
        call: workday.get-transfer
        with:
          transfer_id: '{{resource_id}}'
      - name: update-access
        type: call
        call: sailpoint.update-roles
        with:
          user_id: '{{get-transfer.employee_id}}'
          new_role: '{{get-transfer.new_role}}'
      - name: update-tickets
        type: call
        call: servicenow.update-assignments
        with:
          employee_id: '{{get-transfer.employee_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: hr-ops
          text: Transfer {{resource_id}} processed for {{get-transfer.employee_name}}
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/abn-amro
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Runs a liquidity stress test scenario by extracting positions from Snowflake, applying shock parameters, computing liquidity coverage ratio via Databricks, and publishing results to Power BI with compliance notification.

naftiko: '0.5'
info:
  label: Liquidity Stress Test Orchestrator
  description: Runs a liquidity stress test scenario by extracting positions from Snowflake, applying shock parameters, computing liquidity coverage ratio via Databricks, and publishing results to Power BI with compliance notification.
  tags:
  - risk-management
  - liquidity
  - stress-testing
  - snowflake
  - databricks
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk-liquidity
    port: 8080
    tools:
    - name: run-liquidity-stress-test
      description: Given a scenario name and stress parameters, run liquidity stress test across Snowflake and Databricks, publish results, and notify risk committee.
      inputParameters:
      - name: scenario_name
        in: body
        type: string
        description: Stress scenario name (e.g., market_crash_2008, idiosyncratic_run).
      - name: shock_severity
        in: body
        type: string
        description: 'Shock severity: mild, moderate, or severe.'
      - name: reporting_date
        in: body
        type: string
        description: Reporting date in YYYY-MM-DD format.
      steps:
      - name: extract-positions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: RISK_WH
          database: TREASURY_DB
          query: SELECT * FROM liquidity_positions WHERE report_date = '{{reporting_date}}'
      - name: run-model
        type: call
        call: databricks.run-job
        with:
          job_id: liquidity-stress-model
          parameters:
            scenario: '{{scenario_name}}'
            severity: '{{shock_severity}}'
            position_data: '{{extract-positions.statement_handle}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: risk-management-workspace
          dataset_id: liquidity-stress-results
      - name: notify-risk-committee
        type: call
        call: msteams.send-message
        with:
          channel: risk-committee
          text: 'Liquidity stress test complete: {{scenario_name}} ({{shock_severity}}) for {{reporting_date}}. Databricks run: {{run-model.run_id}}. Dashboard refreshed. Review results in Power BI.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://adb-abnamro.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Loads stress scenario parameters, runs calculations in Snowflake, generates reports in Power BI, submits to regulators via ServiceNow, and notifies risk team.

naftiko: '0.5'
info:
  label: Stress Testing Scenario Runner
  description: Loads stress scenario parameters, runs calculations in Snowflake, generates reports in Power BI, submits to regulators via ServiceNow, and notifies risk team.
  tags:
  - risk
  - stress-testing
  - snowflake
  - power-bi
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: risk
    port: 8080
    tools:
    - name: stress_testing_scenario_runner
      description: Orchestrate stress testing scenario runner workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: load-scenario
        type: call
        call: risk-engine.get-scenario
        with:
          scenario_id: '{{resource_id}}'
      - name: run-calculations
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL run_stress_test('{{resource_id}}')
          warehouse: RISK_WH
      - name: generate-report
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: stress_testing
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: risk-team
          text: 'Stress test {{resource_id}} complete. Impact: {{run-calculations.pnl_impact}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Retrieves portfolio positions and valuations from Bloomberg AIM for a given portfolio and valuation date, returning total NAV, position count, and top holdings.

naftiko: '0.5'
info:
  label: Bloomberg AIM Portfolio Valuation
  description: Retrieves portfolio positions and valuations from Bloomberg AIM for a given portfolio and valuation date, returning total NAV, position count, and top holdings.
  tags:
  - asset-management
  - portfolio
  - bloomberg-aim
capability:
  exposes:
  - type: mcp
    namespace: portfolio-management
    port: 8080
    tools:
    - name: get-portfolio-valuation
      description: Look up portfolio valuation from Bloomberg AIM. Returns NAV, position count, and top holdings by weight.
      inputParameters:
      - name: portfolio_id
        in: body
        type: string
        description: The Bloomberg AIM portfolio identifier.
      - name: valuation_date
        in: body
        type: string
        description: Valuation date in YYYY-MM-DD format.
      call: bloomberg-aim.get-valuation
      with:
        portfolio_id: '{{portfolio_id}}'
        valuation_date: '{{valuation_date}}'
      outputParameters:
      - name: nav
        type: string
        mapping: $.portfolio.nav
      - name: position_count
        type: string
        mapping: $.portfolio.positionCount
      - name: currency
        type: string
        mapping: $.portfolio.baseCurrency
  consumes:
  - type: http
    namespace: bloomberg-aim
    baseUri: https://api.bloomberg.com/aim/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_aim_token
    resources:
    - name: portfolios
      path: /portfolios/{{portfolio_id}}/valuations?date={{valuation_date}}
      inputParameters:
      - name: portfolio_id
        in: path
      - name: valuation_date
        in: query
      operations:
      - name: get-valuation
        method: GET

Executes a SQL query against ABN AMRO's Snowflake data warehouse and returns the result set for analytics and reporting purposes.

naftiko: '0.5'
info:
  label: Snowflake Query Execution
  description: Executes a SQL query against ABN AMRO's Snowflake data warehouse and returns the result set for analytics and reporting purposes.
  tags:
  - data
  - analytics
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: data-warehouse
    port: 8080
    tools:
    - name: run-query
      description: Execute a SQL query on Snowflake. Returns the query result set and row count.
      inputParameters:
      - name: warehouse
        in: body
        type: string
        description: The Snowflake warehouse to use.
      - name: database
        in: body
        type: string
        description: The Snowflake database to query.
      - name: query
        in: body
        type: string
        description: The SQL query to execute.
      call: snowflake.execute-query
      with:
        warehouse: '{{warehouse}}'
        database: '{{database}}'
        query: '{{query}}'
      outputParameters:
      - name: statement_handle
        type: string
        mapping: $.statementHandle
      - name: row_count
        type: string
        mapping: $.resultSetMetaData.numRows
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST

Queries active user sessions in Keycloak, cross-references with Azure AD sign-in logs for anomalous locations, and creates a security incident in ServiceNow when suspicious sessions are detected.

naftiko: '0.5'
info:
  label: Keycloak Suspicious Session Audit
  description: Queries active user sessions in Keycloak, cross-references with Azure AD sign-in logs for anomalous locations, and creates a security incident in ServiceNow when suspicious sessions are detected.
  tags:
  - identity-management
  - authentication
  - keycloak
  - azure-active-directory
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: identity-sessions
    port: 8080
    tools:
    - name: audit-user-sessions
      description: List Keycloak sessions, check Azure AD sign-in logs for anomalies, and create a ServiceNow security incident if suspicious.
      inputParameters:
      - name: realm
        in: body
        type: string
        description: The Keycloak realm name.
      - name: user_id
        in: body
        type: string
        description: The Keycloak user ID.
      - name: user_principal_name
        in: body
        type: string
        description: The user's Azure AD UPN for sign-in log lookup.
      steps:
      - name: get-sessions
        type: call
        call: keycloak.get-sessions
        with:
          realm: '{{realm}}'
          user_id: '{{user_id}}'
      - name: get-signin-logs
        type: call
        call: azuread.get-signin-logs
        with:
          user_principal_name: '{{user_principal_name}}'
      - name: create-security-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: '[Session Audit] Suspicious activity — {{user_principal_name}}'
          description: 'User: {{user_principal_name}}

            Keycloak sessions: {{get-sessions.session_count}}

            Recent sign-in locations: {{get-signin-logs.locations}}

            Review for potential account compromise.'
          assigned_group: Security_Operations_Center
          category: security_audit
  consumes:
  - type: http
    namespace: keycloak
    baseUri: https://auth.abnamro.com/admin/realms
    authentication:
      type: bearer
      token: $secrets.keycloak_admin_token
    resources:
    - name: sessions
      path: /{{realm}}/users/{{user_id}}/sessions
      inputParameters:
      - name: realm
        in: path
      - name: user_id
        in: path
      operations:
      - name: get-sessions
        method: GET
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: signin-logs
      path: /auditLogs/signIns?$filter=userPrincipalName eq '{{user_principal_name}}'&$top=10
      inputParameters:
      - name: user_principal_name
        in: query
      operations:
      - name: get-signin-logs
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Validates client identity, screens against sanctions lists, creates client record in Salesforce, provisions ServiceNow access, and notifies relationship manager.

naftiko: '0.5'
info:
  label: Client Onboarding KYC Pipeline
  description: Validates client identity, screens against sanctions lists, creates client record in Salesforce, provisions ServiceNow access, and notifies relationship manager.
  tags:
  - kyc
  - onboarding
  - salesforce
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: kyc
    port: 8080
    tools:
    - name: client_onboarding_kyc_pipeline
      description: Orchestrate client onboarding kyc pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: validate-identity
        type: call
        call: kyc.validate-client
        with:
          client_id: '{{resource_id}}'
      - name: screen-sanctions
        type: call
        call: sanctions.check-lists
        with:
          name: '{{validate-identity.legal_name}}'
      - name: create-client
        type: call
        call: salesforce.create-account
        with:
          name: '{{validate-identity.legal_name}}'
          kyc_status: '{{screen-sanctions.result}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: client-onboarding
          text: 'KYC complete for {{resource_id}}: {{screen-sanctions.result}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

On fraud alert, collects transaction history from core banking, enriches with customer profile from Salesforce, creates investigation in ServiceNow, and escalates via PagerDuty.

naftiko: '0.5'
info:
  label: Fraud Investigation Workflow
  description: On fraud alert, collects transaction history from core banking, enriches with customer profile from Salesforce, creates investigation in ServiceNow, and escalates via PagerDuty.
  tags:
  - fraud
  - investigation
  - salesforce
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: fraud
    port: 8080
    tools:
    - name: fraud_investigation_workflow
      description: Orchestrate fraud investigation workflow workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-transactions
        type: call
        call: corebanking.get-history
        with:
          account_id: '{{resource_id}}'
      - name: get-profile
        type: call
        call: salesforce.get-customer
        with:
          account_id: '{{resource_id}}'
      - name: create-investigation
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Fraud investigation: {{resource_id}}'
      - name: escalate
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Fraud alert: {{resource_id}} - {{get-profile.name}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST

Deploys a Helm chart to Azure Kubernetes Service for banking microservices, triggers a SonarQube quality gate check beforehand, and notifies the platform team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Helm Chart Deployment to AKS
  description: Deploys a Helm chart to Azure Kubernetes Service for banking microservices, triggers a SonarQube quality gate check beforehand, and notifies the platform team in Microsoft Teams.
  tags:
  - devops
  - deployment
  - helm
  - azure-kubernetes-service
  - sonarqube
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: k8s-deploy
    port: 8080
    tools:
    - name: deploy-helm-chart
      description: Given a chart name, version, and target namespace, validate quality gate, deploy to AKS, and notify the team.
      inputParameters:
      - name: chart_name
        in: body
        type: string
        description: The Helm chart name.
      - name: chart_version
        in: body
        type: string
        description: The Helm chart version to deploy.
      - name: k8s_namespace
        in: body
        type: string
        description: The Kubernetes namespace to deploy into.
      - name: project_key
        in: body
        type: string
        description: The SonarQube project key for quality gate verification.
      steps:
      - name: check-quality-gate
        type: call
        call: sonarqube.get-quality-gate
        with:
          project_key: '{{project_key}}'
      - name: deploy-chart
        type: call
        call: azuredevops.run-pipeline
        with:
          project: banking-services
          pipeline_id: helm-deploy
          variables:
            chart: '{{chart_name}}'
            version: '{{chart_version}}'
            namespace: '{{k8s_namespace}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: platform-deployments
          text: 'Helm deploy: {{chart_name}}:{{chart_version}} to {{k8s_namespace}}. Quality gate: {{check-quality-gate.status}}. Pipeline run: {{deploy-chart.run_id}}.'
  consumes:
  - type: http
    namespace: sonarqube
    baseUri: https://sonarqube.abnamro.com/api
    authentication:
      type: bearer
      token: $secrets.sonarqube_token
    resources:
    - name: quality-gates
      path: /qualitygates/project_status?projectKey={{project_key}}
      inputParameters:
      - name: project_key
        in: query
      operations:
      - name: get-quality-gate
        method: GET
  - type: http
    namespace: azuredevops
    baseUri: https://dev.azure.com/abnamro
    authentication:
      type: bearer
      token: $secrets.azuredevops_token
    resources:
    - name: pipelines
      path: /{{project}}/_apis/pipelines/{{pipeline_id}}/runs?api-version=7.1
      inputParameters:
      - name: project
        in: path
      - name: pipeline_id
        in: path
      operations:
      - name: run-pipeline
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Detects digital banking incidents via monitoring, creates war room in Teams, gathers diagnostics from Splunk, and coordinates resolution.

naftiko: '0.5'
info:
  label: Digital Channel Incident Response
  description: Detects digital banking incidents via monitoring, creates war room in Teams, gathers diagnostics from Splunk, and coordinates resolution.
  tags:
  - incident-response
  - digital
  - splunk
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: incident-response
    port: 8080
    tools:
    - name: digital_channel_incident_response
      description: Orchestrate digital channel incident response workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Processes a GDPR data subject access request by searching for personal data across Salesforce, Snowflake, and ServiceNow, compiling results, and creating a Jira task for the DPO team to review and respond.

naftiko: '0.5'
info:
  label: GDPR Data Subject Access Request Pipeline
  description: Processes a GDPR data subject access request by searching for personal data across Salesforce, Snowflake, and ServiceNow, compiling results, and creating a Jira task for the DPO team to review and respond.
  tags:
  - privacy
  - gdpr
  - data-protection
  - salesforce
  - snowflake
  - servicenow
  - jira
capability:
  exposes:
  - type: mcp
    namespace: privacy-gdpr
    port: 8080
    tools:
    - name: process-dsar
      description: Given a data subject email and request type, search for personal data across systems and create a review task.
      inputParameters:
      - name: subject_email
        in: body
        type: string
        description: The email address of the data subject.
      - name: request_type
        in: body
        type: string
        description: 'DSAR type: access, erasure, portability, or rectification.'
      - name: request_reference
        in: body
        type: string
        description: The DSAR reference number.
      steps:
      - name: search-crm
        type: call
        call: salesforce.search-contacts
        with:
          email: '{{subject_email}}'
      - name: search-data-warehouse
        type: call
        call: snowflake.execute-query
        with:
          warehouse: PRIVACY_WH
          database: CUSTOMER_DB
          query: SELECT data_category, record_count, last_updated FROM data_inventory WHERE email = '{{subject_email}}'
      - name: search-itsm
        type: call
        call: servicenow.search-records
        with:
          table: sys_user
          query: email={{subject_email}}
      - name: create-review-task
        type: call
        call: jira.create-issue
        with:
          project_key: PRIVACY
          issuetype: Task
          summary: '[DSAR] {{request_type}} — {{subject_email}} — {{request_reference}}'
          description: 'DSAR {{request_type}} request {{request_reference}}.

            Subject: {{subject_email}}

            Salesforce records: {{search-crm.total_size}}

            Snowflake categories found: {{search-data-warehouse.row_count}}

            ServiceNow records: {{search-itsm.count}}

            Deadline: 30 days from request receipt.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /parameterizedSearch/?q={{email}}&sobject=Contact&Contact.fields=Id,Name,Email
      inputParameters:
      - name: email
        in: query
      operations:
      - name: search-contacts
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}?sysparm_query={{query}}
      inputParameters:
      - name: table
        in: path
      - name: query
        in: query
      operations:
      - name: search-records
        method: GET
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Retrieves a ServiceNow incident by number, returning status, priority, assigned group, and resolution notes for support teams.

naftiko: '0.5'
info:
  label: ServiceNow Incident Lookup
  description: Retrieves a ServiceNow incident by number, returning status, priority, assigned group, and resolution notes for support teams.
  tags:
  - it-service-management
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: get-incident
      description: Look up a ServiceNow incident by number. Returns state, priority, assigned group, short description, and resolution notes.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: The ServiceNow incident number (e.g., INC0012345).
      call: servicenow.get-incident
      with:
        incident_number: '{{incident_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.result.state
      - name: priority
        type: string
        mapping: $.result.priority
      - name: assigned_group
        type: string
        mapping: $.result.assignment_group.display_value
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident?sysparm_query=number={{incident_number}}
      inputParameters:
      - name: incident_number
        in: query
      operations:
      - name: get-incident
        method: GET

Retrieves the current status of Grafana alerts for ABN AMRO infrastructure monitoring.

naftiko: '0.5'
info:
  label: Grafana Alert Status
  description: Retrieves the current status of Grafana alerts for ABN AMRO infrastructure monitoring.
  tags:
  - monitoring
  - grafana
  - alerting
capability:
  exposes:
  - type: mcp
    namespace: monitoring
    port: 8080
    tools:
    - name: get-alert-status
      description: Get Grafana alert status by rule ID.
      inputParameters:
      - name: rule_id
        in: body
        type: string
        description: The rule_id to look up.
      call: grafana.get-rule_id
      with:
        rule_id: '{{rule_id}}'
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://abn-amro-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana_alert_status
        method: GET

Collects access control evidence from Okta, change management evidence from ServiceNow, monitoring evidence from Datadog, and compiles in Confluence.

naftiko: '0.5'
info:
  label: SOC2 Evidence Collection Pipeline
  description: Collects access control evidence from Okta, change management evidence from ServiceNow, monitoring evidence from Datadog, and compiles in Confluence.
  tags:
  - compliance
  - audit
  - servicenow
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: soc2_evidence_collection_pipeline
      description: Orchestrate soc2 evidence collection pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-access-evidence
        type: call
        call: okta.get-access-logs
        with:
          period: '{{resource_id}}'
      - name: get-change-evidence
        type: call
        call: servicenow.get-changes
        with:
          period: '{{resource_id}}'
      - name: get-monitoring-evidence
        type: call
        call: datadog.get-alerts-history
        with:
          period: '{{resource_id}}'
      - name: compile-report
        type: call
        call: confluence.create-page
        with:
          space: AUDIT
          title: 'SOC2 Evidence: {{resource_id}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://abn-amro.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: okta-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://abn-amro.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST

When a periodic access certification is due, pulls user entitlements from SailPoint, cross-references with Workday org data, and creates a Jira review task for the user's manager.

naftiko: '0.5'
info:
  label: SailPoint Access Review Orchestrator
  description: When a periodic access certification is due, pulls user entitlements from SailPoint, cross-references with Workday org data, and creates a Jira review task for the user's manager.
  tags:
  - identity-management
  - access-review
  - sailpoint
  - workday
  - jira
capability:
  exposes:
  - type: mcp
    namespace: identity-access
    port: 8080
    tools:
    - name: initiate-access-review
      description: Given a user identity ID, pull entitlements from SailPoint, get manager info from Workday, and create a Jira access review task.
      inputParameters:
      - name: identity_id
        in: body
        type: string
        description: The SailPoint identity ID.
      - name: employee_id
        in: body
        type: string
        description: The Workday employee ID.
      - name: review_campaign
        in: body
        type: string
        description: The access review campaign name.
      steps:
      - name: get-entitlements
        type: call
        call: sailpoint.get-entitlements
        with:
          identity_id: '{{identity_id}}'
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: create-review-task
        type: call
        call: jira.create-issue
        with:
          project_key: IAM
          issuetype: Task
          summary: '[Access Review] {{get-employee.full_name}} — {{review_campaign}}'
          description: 'Review entitlements for {{get-employee.full_name}} ({{identity_id}}).

            Department: {{get-employee.department}}

            Manager: {{get-employee.manager_name}}

            Entitlements count: {{get-entitlements.count}}

            Entitlements: {{get-entitlements.summary}}'
          assignee: '{{get-employee.manager_email}}'
  consumes:
  - type: http
    namespace: sailpoint
    baseUri: https://abnamro.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: identities
      path: /identities/{{identity_id}}/entitlements
      inputParameters:
      - name: identity_id
        in: path
      operations:
      - name: get-entitlements
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd3-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Retrieves SWIFT message details by reference number for ABN AMRO payment operations.

naftiko: '0.5'
info:
  label: SWIFT Message Lookup
  description: Retrieves SWIFT message details by reference number for ABN AMRO payment operations.
  tags:
  - payments
  - swift
  - banking
capability:
  exposes:
  - type: mcp
    namespace: payments
    port: 8080
    tools:
    - name: get-swift-msg
      description: Look up SWIFT message by reference.
      inputParameters:
      - name: message_ref
        in: body
        type: string
        description: The message_ref to look up.
      call: servicenow.get-message_ref
      with:
        message_ref: '{{message_ref}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: swift_message_lookup
        method: GET

Scans Azure and AWS configurations, validates against CIS benchmarks, creates findings in Jira, and notifies cloud security team.

naftiko: '0.5'
info:
  label: Cloud Security Posture Assessment
  description: Scans Azure and AWS configurations, validates against CIS benchmarks, creates findings in Jira, and notifies cloud security team.
  tags:
  - security
  - cloud
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: cloud_security_posture_assessment
      description: Orchestrate cloud security posture assessment workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Extracts regulatory reporting data from Snowflake, transforms via Informatica, and loads into Oracle for DNB (Dutch Central Bank) submission, notifying compliance via Microsoft Teams upon completion.

naftiko: '0.5'
info:
  label: Regulatory Reporting Data Pipeline
  description: Extracts regulatory reporting data from Snowflake, transforms via Informatica, and loads into Oracle for DNB (Dutch Central Bank) submission, notifying compliance via Microsoft Teams upon completion.
  tags:
  - regulatory-compliance
  - reporting
  - snowflake
  - informatica
  - oracle-cloud
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: regulatory-reporting
    port: 8080
    tools:
    - name: run-regulatory-extract
      description: Given a report type and period, extract data from Snowflake, trigger Informatica transformation, and notify compliance team.
      inputParameters:
      - name: report_type
        in: body
        type: string
        description: 'Regulatory report type: corep, finrep, anacredit, or srep.'
      - name: reporting_period
        in: body
        type: string
        description: Reporting period in YYYY-QN format (e.g., 2026-Q1).
      steps:
      - name: extract-data
        type: call
        call: snowflake.execute-query
        with:
          warehouse: REG_REPORTING_WH
          database: REGULATORY_DB
          query: CALL sp_extract_{{report_type}}('{{reporting_period}}')
      - name: trigger-transform
        type: call
        call: informatica.start-task
        with:
          task_name: '{{report_type}}_transform_{{reporting_period}}'
          task_type: mapping
      - name: notify-compliance
        type: call
        call: msteams.send-message
        with:
          channel: regulatory-reporting
          text: 'Regulatory extract complete: {{report_type}} for {{reporting_period}}. Informatica job: {{trigger-transform.run_id}}. Data staged for DNB submission review.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: informatica
    baseUri: https://dm-eu.informaticacloud.com/saas/api/v2
    authentication:
      type: bearer
      token: $secrets.informatica_token
    resources:
    - name: tasks
      path: /job
      operations:
      - name: start-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves submitted expense reports from SAP Concur, validates against Workday cost center data, and opens a ServiceNow task for finance review when policy exceptions are detected.

naftiko: '0.5'
info:
  label: SAP Expense Report Processing
  description: Retrieves submitted expense reports from SAP Concur, validates against Workday cost center data, and opens a ServiceNow task for finance review when policy exceptions are detected.
  tags:
  - finance
  - expense-management
  - sap-concur
  - workday
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: finance-expense
    port: 8080
    tools:
    - name: review-expense-report
      description: Given a Concur expense report ID and employee ID, fetch report details, validate cost center, and flag policy violations to ServiceNow.
      inputParameters:
      - name: expense_report_id
        in: body
        type: string
        description: The SAP Concur expense report ID.
      - name: employee_id
        in: body
        type: string
        description: The Workday employee ID of the expense submitter.
      steps:
      - name: get-expense-report
        type: call
        call: concur.get-expense-report
        with:
          report_id: '{{expense_report_id}}'
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: open-review-task
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Expense policy review: {{get-expense-report.report_name}} — {{get-employee.full_name}}'
          description: 'Report {{expense_report_id}} total: {{get-expense-report.total_amount}} {{get-expense-report.currency}}. Cost center: {{get-employee.cost_center}}. Submitted: {{get-expense-report.submit_date}}.'
          assigned_group: Finance_Audit
          category: expense_review
  consumes:
  - type: http
    namespace: concur
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports/{{report_id}}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-expense-report
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd3-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST

Computes daily Value-at-Risk across the trading book by pulling positions from Snowflake, running Monte Carlo simulation in Databricks, storing results, and publishing the risk report to Power BI with breach alerts.

naftiko: '0.5'
info:
  label: Market Risk VaR Reporting Pipeline
  description: Computes daily Value-at-Risk across the trading book by pulling positions from Snowflake, running Monte Carlo simulation in Databricks, storing results, and publishing the risk report to Power BI with breach alerts.
  tags:
  - risk-management
  - market-risk
  - var
  - snowflake
  - databricks
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk-market
    port: 8080
    tools:
    - name: compute-daily-var
      description: Given a trading book and date, compute VaR using Monte Carlo simulation and publish results.
      inputParameters:
      - name: trading_book
        in: body
        type: string
        description: The trading book identifier.
      - name: valuation_date
        in: body
        type: string
        description: Valuation date in YYYY-MM-DD format.
      - name: simulation_count
        in: body
        type: number
        description: Number of Monte Carlo simulations (e.g., 10000).
      steps:
      - name: extract-positions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: RISK_WH
          database: TRADING_DB
          query: SELECT * FROM trading_positions WHERE book_id = '{{trading_book}}' AND position_date = '{{valuation_date}}'
      - name: run-simulation
        type: call
        call: databricks.run-job
        with:
          job_id: monte-carlo-var
          parameters:
            book_id: '{{trading_book}}'
            date: '{{valuation_date}}'
            simulations: '{{simulation_count}}'
      - name: refresh-report
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: risk-management-workspace
          dataset_id: market-risk-var-daily
      - name: alert-risk-management
        type: call
        call: msteams.send-message
        with:
          channel: market-risk
          text: 'Daily VaR computed: {{trading_book}} for {{valuation_date}}. VaR(99%): {{run-simulation.var_99}}. VaR(95%): {{run-simulation.var_95}}. Simulations: {{simulation_count}}. Dashboard refreshed.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://adb-abnamro.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Tracks digital banking user flows, identifies friction points in Snowflake, creates improvement tasks in Jira, and notifies product.

naftiko: '0.5'
info:
  label: Digital Banking User Journey Analyzer
  description: Tracks digital banking user flows, identifies friction points in Snowflake, creates improvement tasks in Jira, and notifies product.
  tags:
  - digital-banking
  - analytics
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: digital-banking
    port: 8080
    tools:
    - name: digital_banking_user_journey_analyzer
      description: Orchestrate digital banking user journey analyzer workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Queries Apache Kafka cluster metadata for a given topic, returning partition count, replication factor, and consumer group lag for banking event streaming.

naftiko: '0.5'
info:
  label: Apache Kafka Topic Lookup
  description: Queries Apache Kafka cluster metadata for a given topic, returning partition count, replication factor, and consumer group lag for banking event streaming.
  tags:
  - messaging
  - event-streaming
  - apache-kafka
capability:
  exposes:
  - type: mcp
    namespace: event-platform
    port: 8080
    tools:
    - name: get-topic-info
      description: Look up Kafka topic metadata. Returns partition count, replication factor, and consumer lag.
      inputParameters:
      - name: topic_name
        in: body
        type: string
        description: The Kafka topic name.
      - name: cluster
        in: body
        type: string
        description: The Kafka cluster identifier.
      call: kafka.get-topic
      with:
        topic_name: '{{topic_name}}'
        cluster: '{{cluster}}'
      outputParameters:
      - name: partition_count
        type: string
        mapping: $.topic.partitions
      - name: replication_factor
        type: string
        mapping: $.topic.replicationFactor
  consumes:
  - type: http
    namespace: kafka
    baseUri: https://kafka-rest.abnamro.com/v3
    authentication:
      type: bearer
      token: $secrets.kafka_rest_token
    resources:
    - name: topics
      path: /clusters/{{cluster}}/topics/{{topic_name}}
      inputParameters:
      - name: cluster
        in: path
      - name: topic_name
        in: path
      operations:
      - name: get-topic
        method: GET

Receives complaint from Zendesk, enriches with client history from Salesforce, creates resolution workflow in ServiceNow, and sends response via email.

naftiko: '0.5'
info:
  label: Customer Complaint Resolution Pipeline
  description: Receives complaint from Zendesk, enriches with client history from Salesforce, creates resolution workflow in ServiceNow, and sends response via email.
  tags:
  - customer-service
  - zendesk
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: customer-service
    port: 8080
    tools:
    - name: customer_complaint_resolution_pipeline
      description: Orchestrate customer complaint resolution pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-complaint
        type: call
        call: zendesk.get-ticket
        with:
          ticket_id: '{{resource_id}}'
      - name: get-history
        type: call
        call: salesforce.get-client-history
        with:
          client_id: '{{get-complaint.client_id}}'
      - name: create-resolution
        type: call
        call: servicenow.create-request
        with:
          short_description: 'Complaint resolution: {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: client-service
          text: 'Complaint {{resource_id}} resolution started. Client: {{get-history.name}}'
  consumes:
  - type: http
    namespace: zendesk
    baseUri: https://abn-amro.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: zendesk-op
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Initiates a SWIFT payment through the core banking system, validates the BIC code, creates the payment instruction, and tracks the transaction status with Microsoft Teams notifications at each stage.

naftiko: '0.5'
info:
  label: SWIFT Payment Initiation and Tracking
  description: Initiates a SWIFT payment through the core banking system, validates the BIC code, creates the payment instruction, and tracks the transaction status with Microsoft Teams notifications at each stage.
  tags:
  - payments
  - swift
  - banking
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: payments-swift
    port: 8080
    tools:
    - name: initiate-swift-payment
      description: Given payment details, validate BIC, create SWIFT payment instruction, and notify the treasury team of status changes.
      inputParameters:
      - name: debtor_iban
        in: body
        type: string
        description: Debtor IBAN.
      - name: creditor_iban
        in: body
        type: string
        description: Creditor IBAN.
      - name: creditor_bic
        in: body
        type: string
        description: Creditor bank BIC/SWIFT code.
      - name: amount
        in: body
        type: number
        description: Payment amount.
      - name: currency
        in: body
        type: string
        description: Payment currency (ISO 4217).
      - name: reference
        in: body
        type: string
        description: Payment reference for the beneficiary.
      steps:
      - name: validate-bic
        type: call
        call: core-banking.validate-bic
        with:
          bic: '{{creditor_bic}}'
      - name: create-payment
        type: call
        call: core-banking.create-swift-payment
        with:
          debtor_iban: '{{debtor_iban}}'
          creditor_iban: '{{creditor_iban}}'
          creditor_bic: '{{creditor_bic}}'
          amount: '{{amount}}'
          currency: '{{currency}}'
          reference: '{{reference}}'
      - name: notify-treasury
        type: call
        call: msteams.send-message
        with:
          channel: treasury-payments
          text: 'SWIFT payment initiated: {{create-payment.payment_id}} | {{amount}} {{currency}} to {{creditor_iban}} ({{creditor_bic}}) | Reference: {{reference}} | Status: {{create-payment.status}}'
  consumes:
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/payments
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: bic-validation
      path: /bic/validate
      operations:
      - name: validate-bic
        method: POST
    - name: swift-payments
      path: /swift
      operations:
      - name: create-swift-payment
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Captures operational risk events, categorizes by Basel taxonomy, calculates capital charges in Snowflake, and notifies risk management.

naftiko: '0.5'
info:
  label: Operational Risk Event Pipeline
  description: Captures operational risk events, categorizes by Basel taxonomy, calculates capital charges in Snowflake, and notifies risk management.
  tags:
  - risk
  - operational-risk
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: risk
    port: 8080
    tools:
    - name: operational_risk_event_pipeline
      description: Orchestrate operational risk event pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Orchestrates a new loan application by pulling applicant data from Salesforce, running credit scoring via Snowflake ML models, creating a ServiceNow case for underwriting review, and notifying the relationship manager in Microsoft Teams.

naftiko: '0.5'
info:
  label: Loan Application Processing Pipeline
  description: Orchestrates a new loan application by pulling applicant data from Salesforce, running credit scoring via Snowflake ML models, creating a ServiceNow case for underwriting review, and notifying the relationship manager in Microsoft Teams.
  tags:
  - lending
  - loan-origination
  - salesforce
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: lending
    port: 8080
    tools:
    - name: process-loan-application
      description: Given a loan application ID and applicant Salesforce ID, orchestrate credit scoring and underwriting workflow.
      inputParameters:
      - name: application_id
        in: body
        type: string
        description: The loan application reference number.
      - name: applicant_id
        in: body
        type: string
        description: The Salesforce account ID of the applicant.
      - name: loan_amount
        in: body
        type: number
        description: Requested loan amount in EUR.
      - name: loan_type
        in: body
        type: string
        description: 'Loan type: mortgage, corporate, sme, or consumer.'
      steps:
      - name: get-applicant
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{applicant_id}}'
      - name: run-credit-score
        type: call
        call: snowflake.execute-query
        with:
          warehouse: LENDING_WH
          database: LENDING_DB
          query: SELECT credit_score, pd_estimate, lgd_estimate FROM ml_credit_scores WHERE customer_id = '{{applicant_id}}' ORDER BY scored_at DESC LIMIT 1
      - name: create-case
        type: call
        call: servicenow.create-record
        with:
          table: u_loan_underwriting
          short_description: 'Loan underwriting: {{get-applicant.name}} — EUR {{loan_amount}}'
          description: 'Application: {{application_id}}

            Applicant: {{get-applicant.name}}

            Type: {{loan_type}}

            Amount: EUR {{loan_amount}}

            Credit score: {{run-credit-score.credit_score}}

            PD: {{run-credit-score.pd_estimate}}'
          assigned_group: Underwriting_{{loan_type}}
      - name: notify-rm
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-applicant.owner_email}}'
          text: 'Loan application {{application_id}} for {{get-applicant.name}} (EUR {{loan_amount}}) is now in underwriting. Credit score: {{run-credit-score.credit_score}}. ServiceNow case: {{create-case.number}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Executes a foreign exchange spot trade through Reuters, validates the rate against Bloomberg market data, books the trade in the core banking system, and confirms execution to the trader via Microsoft Teams.

naftiko: '0.5'
info:
  label: FX Spot Trade Execution
  description: Executes a foreign exchange spot trade through Reuters, validates the rate against Bloomberg market data, books the trade in the core banking system, and confirms execution to the trader via Microsoft Teams.
  tags:
  - trading
  - foreign-exchange
  - reuters
  - bloomberg
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading-fx
    port: 8080
    tools:
    - name: execute-fx-spot
      description: Given a currency pair and notional, validate the rate, execute on Reuters, book internally, and confirm to the trader.
      inputParameters:
      - name: currency_pair
        in: body
        type: string
        description: Currency pair (e.g., EUR/USD).
      - name: direction
        in: body
        type: string
        description: 'Trade direction: buy or sell (base currency).'
      - name: notional
        in: body
        type: number
        description: Notional amount in base currency.
      - name: trader_upn
        in: body
        type: string
        description: The UPN of the executing trader.
      steps:
      - name: get-market-rate
        type: call
        call: bloomberg.get-fx-rate
        with:
          currency_pair: '{{currency_pair}}'
      - name: execute-trade
        type: call
        call: reuters.execute-fx-spot
        with:
          currency_pair: '{{currency_pair}}'
          direction: '{{direction}}'
          notional: '{{notional}}'
      - name: book-trade
        type: call
        call: core-banking.book-fx-trade
        with:
          trade_id: '{{execute-trade.trade_id}}'
          currency_pair: '{{currency_pair}}'
          rate: '{{execute-trade.executed_rate}}'
          notional: '{{notional}}'
          direction: '{{direction}}'
      - name: confirm-trader
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{trader_upn}}'
          text: 'FX Spot executed: {{direction}} {{notional}} {{currency_pair}} at {{execute-trade.executed_rate}}. Trade ID: {{execute-trade.trade_id}}. Booked: {{book-trade.booking_ref}}. Settlement: {{execute-trade.value_date}}.'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: fx-rates
      path: /market/fx/{{currency_pair}}
      inputParameters:
      - name: currency_pair
        in: path
      operations:
      - name: get-fx-rate
        method: GET
  - type: http
    namespace: reuters
    baseUri: https://api.refinitiv.com/trading/fx/v1
    authentication:
      type: bearer
      token: $secrets.reuters_token
    resources:
    - name: spot-orders
      path: /spot/execute
      operations:
      - name: execute-fx-spot
        method: POST
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/trading
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: fx-bookings
      path: /fx/book
      operations:
      - name: book-fx-trade
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

On P1 incident, creates a Teams channel, pulls recent deployments from GitHub, gathers logs from Splunk, creates a bridge call, and updates StatusPage.

naftiko: '0.5'
info:
  label: Incident War Room Orchestrator
  description: On P1 incident, creates a Teams channel, pulls recent deployments from GitHub, gathers logs from Splunk, creates a bridge call, and updates StatusPage.
  tags:
  - incident-management
  - github
  - splunk
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: incident-management
    port: 8080
    tools:
    - name: incident_war_room_orchestrator
      description: Orchestrate incident war room orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-incident
        type: call
        call: pagerduty.get-incident
        with:
          incident_id: '{{resource_id}}'
      - name: get-deployments
        type: call
        call: github.get-recent-deployments
        with:
          repo: '{{get-incident.service}}'
      - name: get-logs
        type: call
        call: splunk.search-logs
        with:
          query: '{{get-incident.service}} error'
          time_range: -1h
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: war-room
          text: 'P1: {{get-incident.title}}. Recent deploys: {{get-deployments.count}}. Errors: {{get-logs.count}}'
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github-op
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://abn-amro-splunk.com/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: splunk-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Orchestrates collateral valuation by pulling positions from the core banking system, fetching market prices from Bloomberg, computing haircuts via Databricks, and updating the collateral management system in Snowflake.

naftiko: '0.5'
info:
  label: Collateral Valuation Pipeline
  description: Orchestrates collateral valuation by pulling positions from the core banking system, fetching market prices from Bloomberg, computing haircuts via Databricks, and updating the collateral management system in Snowflake.
  tags:
  - collateral-management
  - risk-management
  - bloomberg
  - databricks
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: collateral
    port: 8080
    tools:
    - name: revalue-collateral
      description: Given a collateral pool ID and valuation date, revalue all positions using market data and apply regulatory haircuts.
      inputParameters:
      - name: pool_id
        in: body
        type: string
        description: The collateral pool identifier.
      - name: valuation_date
        in: body
        type: string
        description: Valuation date in YYYY-MM-DD format.
      steps:
      - name: get-positions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: COLLATERAL_WH
          database: COLLATERAL_DB
          query: SELECT security_id, quantity, collateral_type FROM collateral_positions WHERE pool_id = '{{pool_id}}'
      - name: get-market-prices
        type: call
        call: bloomberg.get-bulk-prices
        with:
          securities: '{{get-positions.security_ids}}'
          date: '{{valuation_date}}'
      - name: compute-haircuts
        type: call
        call: databricks.run-job
        with:
          job_id: collateral-haircut-model
          parameters:
            pool_id: '{{pool_id}}'
            valuation_date: '{{valuation_date}}'
      - name: update-valuations
        type: call
        call: snowflake.execute-query
        with:
          warehouse: COLLATERAL_WH
          database: COLLATERAL_DB
          query: CALL sp_update_collateral_valuations('{{pool_id}}', '{{valuation_date}}')
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: bulk-prices
      path: /market/prices/bulk
      operations:
      - name: get-bulk-prices
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://adb-abnamro.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST

Triggers a Power BI dataset refresh, validates the refresh completed successfully by checking status, and notifies the analytics team in Microsoft Teams with the result.

naftiko: '0.5'
info:
  label: Power BI Dashboard Refresh with Validation
  description: Triggers a Power BI dataset refresh, validates the refresh completed successfully by checking status, and notifies the analytics team in Microsoft Teams with the result.
  tags:
  - analytics
  - reporting
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: refresh-and-validate-powerbi
      description: Trigger a Power BI dataset refresh, check completion status, and notify the analytics team.
      inputParameters:
      - name: group_id
        in: body
        type: string
        description: The Power BI workspace (group) ID.
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID.
      - name: report_name
        in: body
        type: string
        description: Human-readable report name for notifications.
      steps:
      - name: trigger-refresh
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: '{{group_id}}'
          dataset_id: '{{dataset_id}}'
      - name: check-status
        type: call
        call: powerbi.get-refresh-history
        with:
          group_id: '{{group_id}}'
          dataset_id: '{{dataset_id}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: analytics-reports
          text: 'Power BI refresh: {{report_name}} | Status: {{check-status.status}} | Duration: {{check-status.duration}} | Dataset: {{dataset_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
      - name: get-refresh-history
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Extracts payment batches from SWIFT, reconciles against core banking ledger, identifies breaks, creates Jira tickets, and reports to operations.

naftiko: '0.5'
info:
  label: Payment Processing Reconciliation
  description: Extracts payment batches from SWIFT, reconciles against core banking ledger, identifies breaks, creates Jira tickets, and reports to operations.
  tags:
  - payments
  - reconciliation
  - jira
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: payments
    port: 8080
    tools:
    - name: payment_processing_reconciliation
      description: Orchestrate payment processing reconciliation workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-payments
        type: call
        call: swift.get-batch
        with:
          batch_id: '{{resource_id}}'
      - name: reconcile
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL reconcile_payments('{{resource_id}}')
          warehouse: PAYMENTS_WH
      - name: create-breaks
        type: call
        call: jira.create-issue
        with:
          project: PAY
          summary: 'Payment breaks: batch {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: payment-ops
          text: 'Reconciliation complete for batch {{resource_id}}. Breaks: {{reconcile.break_count}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abn-amro.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Validates change request in ServiceNow, runs pre-deployment tests, executes Terraform plan, monitors Datadog health, and sends post-change report.

naftiko: '0.5'
info:
  label: IT Change Management Pipeline
  description: Validates change request in ServiceNow, runs pre-deployment tests, executes Terraform plan, monitors Datadog health, and sends post-change report.
  tags:
  - change-management
  - servicenow
  - datadog
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: it_change_management_pipeline
      description: Orchestrate it change management pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-change
        type: call
        call: servicenow.get-change
        with:
          change_id: '{{resource_id}}'
      - name: run-tests
        type: call
        call: postman.run-collection
        with:
          collection_id: pre_change_{{resource_id}}
      - name: check-health
        type: call
        call: datadog.get-monitors
        with:
          tag: change:{{resource_id}}
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: change-mgmt
          text: 'Change {{resource_id}} executed. Health: {{check-health.status}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Retrieves the service dependency map from Datadog for ABN AMRO microservices.

naftiko: '0.5'
info:
  label: Datadog Service Map Lookup
  description: Retrieves the service dependency map from Datadog for ABN AMRO microservices.
  tags:
  - observability
  - datadog
  - service-map
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: get-service-map
      description: Get Datadog service map for a service.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The service_name to look up.
      call: datadog.get-service_name
      with:
        service_name: '{{service_name}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog_service_map_lookup
        method: GET

Triggers a Postman collection run for banking API regression tests, logs results to Snowflake for trend analysis, and notifies the QA team in Microsoft Teams with pass/fail summary.

naftiko: '0.5'
info:
  label: Postman API Regression Suite with Reporting
  description: Triggers a Postman collection run for banking API regression tests, logs results to Snowflake for trend analysis, and notifies the QA team in Microsoft Teams with pass/fail summary.
  tags:
  - testing
  - api-testing
  - postman
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: api-testing
    port: 8080
    tools:
    - name: run-api-regression-suite
      description: Run a Postman collection, log results to Snowflake, and notify the QA team.
      inputParameters:
      - name: collection_id
        in: body
        type: string
        description: The Postman collection UID.
      - name: environment_id
        in: body
        type: string
        description: The Postman environment UID.
      - name: suite_name
        in: body
        type: string
        description: Human-readable test suite name.
      steps:
      - name: run-tests
        type: call
        call: postman.run-collection
        with:
          collection: '{{collection_id}}'
          environment: '{{environment_id}}'
      - name: log-results
        type: call
        call: snowflake.execute-query
        with:
          warehouse: QA_WH
          database: QA_DB
          query: INSERT INTO api_test_results (suite_name, run_id, status, executed_at) VALUES ('{{suite_name}}', '{{run-tests.run_id}}', '{{run-tests.status}}', CURRENT_TIMESTAMP())
      - name: notify-qa
        type: call
        call: msteams.send-message
        with:
          channel: qa-api-testing
          text: 'API Regression: {{suite_name}} | Run: {{run-tests.run_id}} | Status: {{run-tests.status}} | Results logged to Snowflake.'
  consumes:
  - type: http
    namespace: postman
    baseUri: https://api.getpostman.com
    authentication:
      type: bearer
      token: $secrets.postman_api_key
    resources:
    - name: collection-runs
      path: /collections/{{collection}}/runs
      inputParameters:
      - name: collection
        in: path
      operations:
      - name: run-collection
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Traces data lineage from Snowflake, identifies downstream dependencies in Alation catalog, assesses impact of schema changes, creates change requests in ServiceNow.

naftiko: '0.5'
info:
  label: Data Lineage Impact Analyzer
  description: Traces data lineage from Snowflake, identifies downstream dependencies in Alation catalog, assesses impact of schema changes, creates change requests in ServiceNow.
  tags:
  - data-governance
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: data_lineage_impact_analyzer
      description: Orchestrate data lineage impact analyzer workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-lineage
        type: call
        call: snowflake.get-lineage
        with:
          table: '{{resource_id}}'
      - name: get-dependencies
        type: call
        call: alation.get-downstream
        with:
          table: '{{resource_id}}'
      - name: create-change
        type: call
        call: servicenow.create-change
        with:
          short_description: 'Schema change impact: {{resource_id}}'
          downstream_count: '{{get-dependencies.count}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: data-eng
          text: 'Impact analysis for {{resource_id}}: {{get-dependencies.count}} downstream consumers'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Validates a bond trade against pre-trade compliance limits in Snowflake, submits the order to Tradeweb for execution, books the trade in the core banking system, and confirms to the trader via Microsoft Teams.

naftiko: '0.5'
info:
  label: Tradeweb Bond Execution with Compliance Check
  description: Validates a bond trade against pre-trade compliance limits in Snowflake, submits the order to Tradeweb for execution, books the trade in the core banking system, and confirms to the trader via Microsoft Teams.
  tags:
  - trading
  - fixed-income
  - tradeweb
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading-execution
    port: 8080
    tools:
    - name: execute-bond-trade
      description: Validate pre-trade limits, submit a bond trade to Tradeweb, book internally, and confirm to the trader.
      inputParameters:
      - name: isin
        in: body
        type: string
        description: The ISIN of the bond to trade.
      - name: direction
        in: body
        type: string
        description: 'Trade direction: buy or sell.'
      - name: notional
        in: body
        type: number
        description: Notional amount in the bond's denomination currency.
      - name: trader_upn
        in: body
        type: string
        description: The UPN of the executing trader.
      steps:
      - name: check-limits
        type: call
        call: snowflake.execute-query
        with:
          warehouse: TRADING_WH
          database: COMPLIANCE_DB
          query: SELECT remaining_limit FROM pre_trade_limits WHERE isin = '{{isin}}' AND direction = '{{direction}}'
      - name: submit-order
        type: call
        call: tradeweb.submit-order
        with:
          isin: '{{isin}}'
          direction: '{{direction}}'
          notional: '{{notional}}'
      - name: book-trade
        type: call
        call: core-banking.book-trade
        with:
          trade_id: '{{submit-order.trade_id}}'
          isin: '{{isin}}'
          direction: '{{direction}}'
          notional: '{{notional}}'
          price: '{{submit-order.execution_price}}'
      - name: confirm-trader
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{trader_upn}}'
          text: 'Bond trade executed: {{direction}} {{notional}} {{isin}} at {{submit-order.execution_price}}. Yield: {{submit-order.yield}}. Settlement: {{submit-order.settlement_date}}. Trade ID: {{submit-order.trade_id}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: tradeweb
    baseUri: https://api.tradeweb.com/v2
    authentication:
      type: bearer
      token: $secrets.tradeweb_token
    resources:
    - name: orders
      path: /orders
      operations:
      - name: submit-order
        method: POST
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/trading
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: bookings
      path: /book
      operations:
      - name: book-trade
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Performs Know Your Customer screening by querying Salesforce for client data, running sanctions checks against Bloomberg Enterprise Data, and logging results in ServiceNow for compliance audit.

naftiko: '0.5'
info:
  label: KYC Customer Screening
  description: Performs Know Your Customer screening by querying Salesforce for client data, running sanctions checks against Bloomberg Enterprise Data, and logging results in ServiceNow for compliance audit.
  tags:
  - compliance
  - kyc
  - salesforce
  - bloomberg-enterprise-data
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance-kyc
    port: 8080
    tools:
    - name: screen-customer
      description: Given a customer ID, retrieve Salesforce profile, check Bloomberg sanctions, and log screening outcome in ServiceNow.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: The Salesforce account ID for the customer.
      - name: screening_type
        in: body
        type: string
        description: 'Type of screening: initial, periodic, or event-triggered.'
      steps:
      - name: get-customer
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{customer_id}}'
      - name: check-sanctions
        type: call
        call: bloomberg.search-sanctions
        with:
          entity_name: '{{get-customer.name}}'
          country: '{{get-customer.billing_country}}'
      - name: log-screening
        type: call
        call: servicenow.create-record
        with:
          table: u_kyc_screening
          short_description: 'KYC {{screening_type}} screening: {{get-customer.name}}'
          description: 'Customer: {{get-customer.name}} ({{customer_id}}). Sanctions result: {{check-sanctions.match_status}}. Score: {{check-sanctions.risk_score}}.'
          assigned_group: Compliance_KYC
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: sanctions
      path: /sanctions/screen
      operations:
      - name: search-sanctions
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

Downloads updated sanctions lists from Bloomberg, updates the screening database in Snowflake, triggers a batch re-screening of all active clients, and notifies compliance of any new matches via Jira and Microsoft Teams.

naftiko: '0.5'
info:
  label: Sanctions List Update and Screening Refresh
  description: Downloads updated sanctions lists from Bloomberg, updates the screening database in Snowflake, triggers a batch re-screening of all active clients, and notifies compliance of any new matches via Jira and Microsoft Teams.
  tags:
  - compliance
  - sanctions
  - bloomberg
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: compliance-sanctions
    port: 8080
    tools:
    - name: refresh-sanctions-screening
      description: Download latest sanctions lists, update screening database, run batch re-screening, and alert on new matches.
      inputParameters:
      - name: list_type
        in: body
        type: string
        description: 'Sanctions list type: eu, ofac, un, or all.'
      - name: trigger_date
        in: body
        type: string
        description: The date of the list update in YYYY-MM-DD format.
      steps:
      - name: download-lists
        type: call
        call: bloomberg.get-sanctions-lists
        with:
          list_type: '{{list_type}}'
          effective_date: '{{trigger_date}}'
      - name: update-database
        type: call
        call: snowflake.execute-query
        with:
          warehouse: COMPLIANCE_WH
          database: SANCTIONS_DB
          query: CALL sp_update_sanctions_list('{{list_type}}', '{{trigger_date}}')
      - name: run-batch-screening
        type: call
        call: snowflake.execute-query
        with:
          warehouse: COMPLIANCE_WH
          database: SANCTIONS_DB
          query: CALL sp_batch_screen_active_clients('{{list_type}}')
      - name: create-review-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: SANCTIONS
          issuetype: Task
          summary: '[Sanctions Update] {{list_type}} list refresh — {{trigger_date}}'
          description: 'Sanctions list updated: {{list_type}} as of {{trigger_date}}.

            New entries: {{download-lists.new_entries_count}}

            Batch screening complete. Review any new matches.'
      - name: notify-compliance
        type: call
        call: msteams.send-message
        with:
          channel: compliance-sanctions
          text: 'Sanctions list refreshed: {{list_type}} ({{trigger_date}}). New entries: {{download-lists.new_entries_count}}. Batch re-screening complete. Jira: {{create-review-ticket.key}}'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: sanctions-lists
      path: /sanctions/lists
      operations:
      - name: get-sanctions-lists
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

When a Datadog monitor triggers a critical alert for a banking service, creates a Jira incident ticket and posts a notification to the engineering Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Datadog Alert to Jira Incident
  description: When a Datadog monitor triggers a critical alert for a banking service, creates a Jira incident ticket and posts a notification to the engineering Microsoft Teams channel.
  tags:
  - observability
  - incident-management
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: handle-datadog-alert
      description: Given a Datadog alert ID, create a Jira incident and notify the engineering team in Microsoft Teams.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Datadog monitor alert ID.
      - name: service_name
        in: body
        type: string
        description: The affected banking service name.
      - name: severity
        in: body
        type: string
        description: 'Alert severity: critical, warning, or info.'
      steps:
      - name: get-alert-details
        type: call
        call: datadog.get-monitor
        with:
          monitor_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: jira.create-issue
        with:
          project_key: INC
          issuetype: Incident
          summary: '[{{severity}}] {{service_name}} — {{get-alert-details.name}}'
          description: 'Datadog alert {{alert_id}} triggered.

            Service: {{service_name}}

            Severity: {{severity}}

            Message: {{get-alert-details.message}}

            Monitor URL: {{get-alert-details.url}}'
          priority: '{{severity}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: platform-engineering-alerts
          text: 'Incident Created: {{create-incident.key}} | {{service_name}} | {{severity}} | {{get-alert-details.name}} | Jira: {{create-incident.url}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.eu/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{monitor_id}}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Queries vendor data from SAP Ariba, runs risk scoring in Snowflake, creates assessment record in ServiceNow, and notifies procurement.

naftiko: '0.5'
info:
  label: Vendor Risk Assessment Pipeline
  description: Queries vendor data from SAP Ariba, runs risk scoring in Snowflake, creates assessment record in ServiceNow, and notifies procurement.
  tags:
  - procurement
  - vendor-risk
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: vendor_risk_assessment_pipeline
      description: Orchestrate vendor risk assessment pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-vendor
        type: call
        call: sap.get-vendor
        with:
          vendor_id: '{{resource_id}}'
      - name: score-risk
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL score_vendor_risk('{{resource_id}}')
          warehouse: PROC_WH
      - name: create-assessment
        type: call
        call: servicenow.create-record
        with:
          table: vendor_assessments
          vendor_id: '{{resource_id}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: procurement
          text: 'Vendor {{resource_id}} risk score: {{score-risk.risk_level}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://abn-amro-sap.com/api/v1
    authentication:
      type: bearer
      token: $secrets.sap_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: sap-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Aggregates client information from Salesforce CRM, Bloomberg financial data, and Snowflake transaction history to produce a unified 360-degree view for relationship managers.

naftiko: '0.5'
info:
  label: Client Relationship 360 View
  description: Aggregates client information from Salesforce CRM, Bloomberg financial data, and Snowflake transaction history to produce a unified 360-degree view for relationship managers.
  tags:
  - client-management
  - crm
  - salesforce
  - bloomberg
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: client-360
    port: 8080
    tools:
    - name: get-client-360
      description: Given a client Salesforce ID, aggregate CRM data, Bloomberg financials, and transaction history into a unified view.
      inputParameters:
      - name: client_id
        in: body
        type: string
        description: The Salesforce account ID for the client.
      steps:
      - name: get-crm-data
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{client_id}}'
      - name: get-financials
        type: call
        call: bloomberg.get-company
        with:
          company_name: '{{get-crm-data.name}}'
      - name: get-transactions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: CRM_WH
          database: CLIENT_DB
          query: SELECT product_type, SUM(volume) as total_volume, COUNT(*) as txn_count FROM client_transactions WHERE client_id = '{{client_id}}' AND txn_date >= DATEADD(month, -12, CURRENT_DATE()) GROUP BY product_type
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: companies
      path: /companies/search
      operations:
      - name: get-company
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST

Retrieves employee details from Workday by worker ID, returning name, department, manager, cost center, and employment status.

naftiko: '0.5'
info:
  label: Workday Employee Lookup
  description: Retrieves employee details from Workday by worker ID, returning name, department, manager, cost center, and employment status.
  tags:
  - hr
  - employee-data
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-data
    port: 8080
    tools:
    - name: get-employee
      description: Look up an employee in Workday by worker ID. Returns full name, department, manager, cost center, and status.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: The Workday worker ID.
      call: workday.get-worker
      with:
        worker_id: '{{worker_id}}'
      outputParameters:
      - name: full_name
        type: string
        mapping: $.worker.fullName
      - name: department
        type: string
        mapping: $.worker.department
      - name: manager
        type: string
        mapping: $.worker.managerName
      - name: cost_center
        type: string
        mapping: $.worker.costCenter
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd3-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET

Executes read-only queries against ABN AMRO Azure SQL databases for reporting.

naftiko: '0.5'
info:
  label: Azure SQL Query Runner
  description: Executes read-only queries against ABN AMRO Azure SQL databases for reporting.
  tags:
  - data
  - azure
  - sql
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: run-sql-query
      description: Execute a SQL query and return results.
      inputParameters:
      - name: sql_query
        in: body
        type: string
        description: The sql_query to look up.
      call: snowflake.get-sql_query
      with:
        sql_query: '{{sql_query}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: azure_sql_query_runner
        method: GET

Calculates derivatives portfolio risk metrics by extracting positions from Snowflake, computing Greeks and VaR via Databricks ML models, publishing to Power BI, and alerting the risk desk when thresholds are breached.

naftiko: '0.5'
info:
  label: Derivatives Risk Calculation Pipeline
  description: Calculates derivatives portfolio risk metrics by extracting positions from Snowflake, computing Greeks and VaR via Databricks ML models, publishing to Power BI, and alerting the risk desk when thresholds are breached.
  tags:
  - risk-management
  - derivatives
  - trading
  - snowflake
  - databricks
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk-derivatives
    port: 8080
    tools:
    - name: calculate-derivatives-risk
      description: Given a portfolio and valuation date, compute Greeks and VaR for the derivatives book and alert on threshold breaches.
      inputParameters:
      - name: portfolio_id
        in: body
        type: string
        description: The derivatives portfolio identifier.
      - name: valuation_date
        in: body
        type: string
        description: Valuation date in YYYY-MM-DD format.
      - name: var_confidence
        in: body
        type: string
        description: 'VaR confidence level: 95 or 99.'
      steps:
      - name: extract-positions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: RISK_WH
          database: DERIVATIVES_DB
          query: SELECT * FROM derivatives_positions WHERE portfolio_id = '{{portfolio_id}}' AND position_date = '{{valuation_date}}'
      - name: compute-risk
        type: call
        call: databricks.run-job
        with:
          job_id: derivatives-risk-engine
          parameters:
            portfolio_id: '{{portfolio_id}}'
            valuation_date: '{{valuation_date}}'
            confidence: '{{var_confidence}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: trading-risk-workspace
          dataset_id: derivatives-risk-daily
      - name: alert-risk-desk
        type: call
        call: msteams.send-message
        with:
          channel: trading-risk-alerts
          text: 'Derivatives risk calculation complete: Portfolio {{portfolio_id}} for {{valuation_date}}. VaR({{var_confidence}}%): {{compute-risk.var_amount}}. Delta: {{compute-risk.total_delta}}. Gamma: {{compute-risk.total_gamma}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://adb-abnamro.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

When a transaction monitoring alert fires, retrieves alert details from the AML system, enriches with customer data from Salesforce, checks Bloomberg sanctions, and creates a Jira investigation ticket for the financial crime team.

naftiko: '0.5'
info:
  label: AML Transaction Monitoring Alert Triage
  description: When a transaction monitoring alert fires, retrieves alert details from the AML system, enriches with customer data from Salesforce, checks Bloomberg sanctions, and creates a Jira investigation ticket for the financial crime team.
  tags:
  - compliance
  - aml
  - transaction-monitoring
  - salesforce
  - bloomberg
  - jira
capability:
  exposes:
  - type: mcp
    namespace: compliance-aml
    port: 8080
    tools:
    - name: triage-aml-alert
      description: Given an AML alert ID, enrich with customer data, run sanctions check, and open a Jira investigation case.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The AML system alert identifier.
      - name: customer_id
        in: body
        type: string
        description: The Salesforce account ID associated with the flagged transaction.
      steps:
      - name: get-alert
        type: call
        call: core-banking.get-aml-alert
        with:
          alert_id: '{{alert_id}}'
      - name: get-customer
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{customer_id}}'
      - name: sanctions-check
        type: call
        call: bloomberg.search-sanctions
        with:
          entity_name: '{{get-customer.name}}'
          country: '{{get-customer.billing_country}}'
      - name: create-investigation
        type: call
        call: jira.create-issue
        with:
          project_key: FINCRIME
          issuetype: Investigation
          summary: '[AML Alert] {{get-alert.rule_name}} — {{get-customer.name}}'
          description: 'Alert: {{alert_id}}

            Rule: {{get-alert.rule_name}}

            Amount: {{get-alert.amount}} {{get-alert.currency}}

            Customer: {{get-customer.name}}

            Sanctions match: {{sanctions-check.match_status}}

            Risk score: {{sanctions-check.risk_score}}'
  consumes:
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/aml
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: alerts
      path: /alerts/{{alert_id}}
      inputParameters:
      - name: alert_id
        in: path
      operations:
      - name: get-aml-alert
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: sanctions
      path: /sanctions/screen
      operations:
      - name: search-sanctions
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Triggers an Informatica data quality profiling job, stores quality scores in Snowflake for trend analysis, and alerts the data governance team in Microsoft Teams when quality thresholds are breached.

naftiko: '0.5'
info:
  label: Informatica Data Quality Pipeline with Reporting
  description: Triggers an Informatica data quality profiling job, stores quality scores in Snowflake for trend analysis, and alerts the data governance team in Microsoft Teams when quality thresholds are breached.
  tags:
  - data-quality
  - data-management
  - informatica
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: run-quality-profile-with-reporting
      description: Trigger Informatica quality profiling, store scores in Snowflake, and alert on threshold breaches.
      inputParameters:
      - name: task_name
        in: body
        type: string
        description: The Informatica data quality task name.
      - name: data_domain
        in: body
        type: string
        description: The data domain to profile (e.g., customer, transaction, risk).
      - name: quality_threshold
        in: body
        type: number
        description: Minimum acceptable quality score percentage.
      steps:
      - name: run-profiling
        type: call
        call: informatica.start-quality-task
        with:
          task_name: '{{task_name}}'
          data_domain: '{{data_domain}}'
      - name: store-results
        type: call
        call: snowflake.execute-query
        with:
          warehouse: DQ_WH
          database: DATA_QUALITY_DB
          query: INSERT INTO dq_scores (domain, task_name, run_id, score, profiled_at) VALUES ('{{data_domain}}', '{{task_name}}', '{{run-profiling.run_id}}', '{{run-profiling.quality_score}}', CURRENT_TIMESTAMP())
      - name: notify-governance
        type: call
        call: msteams.send-message
        with:
          channel: data-governance
          text: 'Data Quality: {{data_domain}} ({{task_name}}) | Run: {{run-profiling.run_id}} | Score: {{run-profiling.quality_score}}% | Threshold: {{quality_threshold}}%'
  consumes:
  - type: http
    namespace: informatica
    baseUri: https://dm-eu.informaticacloud.com/saas/api/v2
    authentication:
      type: bearer
      token: $secrets.informatica_token
    resources:
    - name: jobs
      path: /job
      operations:
      - name: start-quality-task
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves a secret value from Azure Key Vault for secure credential injection in downstream banking system integrations.

naftiko: '0.5'
info:
  label: Azure Key Vault Secret Retrieval
  description: Retrieves a secret value from Azure Key Vault for secure credential injection in downstream banking system integrations.
  tags:
  - security
  - secrets-management
  - azure-key-vault
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: get-secret
      description: Retrieve a secret from Azure Key Vault by name. Returns the secret value and version.
      inputParameters:
      - name: secret_name
        in: body
        type: string
        description: The name of the secret in Azure Key Vault.
      call: keyvault.get-secret
      with:
        secret_name: '{{secret_name}}'
      outputParameters:
      - name: value
        type: string
        mapping: $.value
      - name: version
        type: string
        mapping: $.id
  consumes:
  - type: http
    namespace: keyvault
    baseUri: https://abnamro-vault.vault.azure.net
    authentication:
      type: bearer
      token: $secrets.azure_keyvault_token
    resources:
    - name: secrets
      path: /secrets/{{secret_name}}?api-version=7.4
      inputParameters:
      - name: secret_name
        in: path
      operations:
      - name: get-secret
        method: GET

Pulls credit exposure data from Snowflake, aggregates by counterparty, and publishes a summary dashboard refresh to Power BI for the risk management team.

naftiko: '0.5'
info:
  label: Credit Risk Exposure Report
  description: Pulls credit exposure data from Snowflake, aggregates by counterparty, and publishes a summary dashboard refresh to Power BI for the risk management team.
  tags:
  - risk-management
  - credit-risk
  - snowflake
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: risk-credit
    port: 8080
    tools:
    - name: refresh-credit-exposure
      description: Given a reporting date and portfolio segment, query Snowflake for exposure data and trigger a Power BI dataset refresh.
      inputParameters:
      - name: reporting_date
        in: body
        type: string
        description: The reporting date in YYYY-MM-DD format.
      - name: portfolio_segment
        in: body
        type: string
        description: 'Portfolio segment: corporate, retail, or sme.'
      steps:
      - name: query-exposures
        type: call
        call: snowflake.execute-query
        with:
          warehouse: RISK_WH
          database: RISK_DB
          query: SELECT counterparty, SUM(exposure) as total_exposure, MAX(pd) as max_pd FROM credit_exposures WHERE report_date = '{{reporting_date}}' AND segment = '{{portfolio_segment}}' GROUP BY counterparty ORDER BY total_exposure DESC
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: risk-management-workspace
          dataset_id: credit-exposure-daily
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

Retrieves the status of a GitHub pull request including checks, review status, and merge readiness for banking application repositories.

naftiko: '0.5'
info:
  label: GitHub Pull Request Status
  description: Retrieves the status of a GitHub pull request including checks, review status, and merge readiness for banking application repositories.
  tags:
  - devops
  - code-review
  - github
capability:
  exposes:
  - type: mcp
    namespace: source-control
    port: 8080
    tools:
    - name: get-pr-status
      description: Look up a GitHub pull request by repo and PR number. Returns status, checks, and review state.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: The GitHub repository in owner/repo format.
      - name: pr_number
        in: body
        type: string
        description: The pull request number.
      call: github.get-pull-request
      with:
        repo: '{{repo}}'
        pr_number: '{{pr_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.state
      - name: mergeable
        type: string
        mapping: $.mergeable
      - name: title
        type: string
        mapping: $.title
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pull-requests
      path: /repos/{{repo}}/pulls/{{pr_number}}
      inputParameters:
      - name: repo
        in: path
      - name: pr_number
        in: path
      operations:
      - name: get-pull-request
        method: GET

Processes corporate actions for portfolio adjustments, updates positions in trading systems, reconciles in Snowflake, and notifies portfolio managers.

naftiko: '0.5'
info:
  label: Corporate Action Processing Pipeline
  description: Processes corporate actions for portfolio adjustments, updates positions in trading systems, reconciles in Snowflake, and notifies portfolio managers.
  tags:
  - trading
  - corporate-actions
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading
    port: 8080
    tools:
    - name: corporate_action_processing_pipeline
      description: Orchestrate corporate action processing pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Retrieves employee compensation details from Workday for ABN AMRO HR operations.

naftiko: '0.5'
info:
  label: Workday Compensation Lookup
  description: Retrieves employee compensation details from Workday for ABN AMRO HR operations.
  tags:
  - hr
  - workday
  - compensation
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: get-compensation
      description: Look up employee compensation by ID.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The employee_id to look up.
      call: workday.get-employee_id
      with:
        employee_id: '{{employee_id}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/abn-amro
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday_compensation_lookup
        method: GET

When Microsoft Defender raises a security alert, enriches with Azure AD user context, creates a ServiceNow security incident, and notifies the SOC team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Microsoft Defender Threat Alert Triage
  description: When Microsoft Defender raises a security alert, enriches with Azure AD user context, creates a ServiceNow security incident, and notifies the SOC team in Microsoft Teams.
  tags:
  - security
  - threat-detection
  - microsoft-defender
  - azure-active-directory
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security-ops
    port: 8080
    tools:
    - name: triage-defender-alert
      description: Given a Defender alert ID, enrich with user context, create a security incident, and notify the SOC.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Microsoft Defender alert ID.
      - name: user_principal_name
        in: body
        type: string
        description: The UPN of the affected user.
      steps:
      - name: get-alert
        type: call
        call: defender.get-alert
        with:
          alert_id: '{{alert_id}}'
      - name: get-user-context
        type: call
        call: azuread.get-user
        with:
          user_principal_name: '{{user_principal_name}}'
      - name: create-security-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: '[Security] {{get-alert.title}} — {{get-user-context.display_name}}'
          description: 'Defender Alert: {{alert_id}}

            Severity: {{get-alert.severity}}

            Category: {{get-alert.category}}

            User: {{get-user-context.display_name}} ({{user_principal_name}})

            Department: {{get-user-context.department}}

            Description: {{get-alert.description}}'
          assigned_group: Security_Operations_Center
          impact: '2'
      - name: notify-soc
        type: call
        call: msteams.send-message
        with:
          channel: soc-alerts
          text: 'Security Alert: {{get-alert.title}} | Severity: {{get-alert.severity}} | User: {{get-user-context.display_name}} | ServiceNow: {{create-security-incident.number}}'
  consumes:
  - type: http
    namespace: defender
    baseUri: https://api.security.microsoft.com/api
    authentication:
      type: bearer
      token: $secrets.defender_token
    resources:
    - name: alerts
      path: /alerts/{{alert_id}}
      inputParameters:
      - name: alert_id
        in: path
      operations:
      - name: get-alert
        method: GET
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{user_principal_name}}
      inputParameters:
      - name: user_principal_name
        in: path
      operations:
      - name: get-user
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Monitors employee personal trading activity, validates against restricted lists, creates compliance cases, and notifies compliance officer.

naftiko: '0.5'
info:
  label: Employee Trading Compliance Monitor
  description: Monitors employee personal trading activity, validates against restricted lists, creates compliance cases, and notifies compliance officer.
  tags:
  - compliance
  - employee-trading
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: employee_trading_compliance_monitor
      description: Orchestrate employee trading compliance monitor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Extracts position data from trading systems, calculates RWA in Snowflake, generates Basel III reports, files with DNB via API, and notifies risk management.

naftiko: '0.5'
info:
  label: Regulatory Capital Reporting Pipeline
  description: Extracts position data from trading systems, calculates RWA in Snowflake, generates Basel III reports, files with DNB via API, and notifies risk management.
  tags:
  - regulatory
  - capital
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: regulatory
    port: 8080
    tools:
    - name: regulatory_capital_reporting_pipeline
      description: Orchestrate regulatory capital reporting pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-positions
        type: call
        call: trading.get-positions
        with:
          date: '{{resource_id}}'
      - name: calculate-rwa
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL calculate_rwa('{{resource_id}}')
          warehouse: CAPITAL_WH
      - name: file-report
        type: call
        call: servicenow.create-record
        with:
          table: regulatory_filings
          report_date: '{{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: risk-management
          text: 'Capital report filed for {{resource_id}}. RWA: {{calculate-rwa.total_rwa}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Retrieves a Jira issue by key, returning summary, status, assignee, and priority for project tracking.

naftiko: '0.5'
info:
  label: Jira Issue Lookup
  description: Retrieves a Jira issue by key, returning summary, status, assignee, and priority for project tracking.
  tags:
  - project-management
  - jira
capability:
  exposes:
  - type: mcp
    namespace: project-tracking
    port: 8080
    tools:
    - name: get-jira-issue
      description: Look up a Jira issue by key. Returns summary, status, assignee, priority, and created date.
      inputParameters:
      - name: issue_key
        in: body
        type: string
        description: The Jira issue key (e.g., RISK-1234).
      call: jira.get-issue
      with:
        issue_key: '{{issue_key}}'
      outputParameters:
      - name: summary
        type: string
        mapping: $.fields.summary
      - name: status
        type: string
        mapping: $.fields.status.name
      - name: assignee
        type: string
        mapping: $.fields.assignee.displayName
  consumes:
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue/{{issue_key}}
      inputParameters:
      - name: issue_key
        in: path
      operations:
      - name: get-issue
        method: GET

Monitors corporate lending covenant compliance by pulling financial ratios from Snowflake, comparing against covenant thresholds, and alerting the credit team via Jira and Microsoft Teams when breaches are detected.

naftiko: '0.5'
info:
  label: Corporate Lending Covenant Monitoring
  description: Monitors corporate lending covenant compliance by pulling financial ratios from Snowflake, comparing against covenant thresholds, and alerting the credit team via Jira and Microsoft Teams when breaches are detected.
  tags:
  - lending
  - credit-risk
  - covenant-monitoring
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: lending-covenants
    port: 8080
    tools:
    - name: check-covenant-compliance
      description: Given a facility ID and reporting date, check covenant compliance and alert on breaches.
      inputParameters:
      - name: facility_id
        in: body
        type: string
        description: The lending facility identifier.
      - name: reporting_date
        in: body
        type: string
        description: The covenant test date in YYYY-MM-DD format.
      - name: borrower_name
        in: body
        type: string
        description: The borrower legal entity name.
      steps:
      - name: get-financial-ratios
        type: call
        call: snowflake.execute-query
        with:
          warehouse: LENDING_WH
          database: LENDING_DB
          query: SELECT covenant_type, actual_value, threshold_value, CASE WHEN actual_value > threshold_value THEN 'BREACH' ELSE 'COMPLIANT' END as status FROM covenant_monitoring WHERE facility_id = '{{facility_id}}' AND test_date = '{{reporting_date}}'
      - name: create-breach-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: CREDIT
          issuetype: Task
          summary: '[Covenant Check] {{borrower_name}} — {{facility_id}} — {{reporting_date}}'
          description: 'Covenant compliance check for {{borrower_name}} ({{facility_id}}) as of {{reporting_date}}.

            Results: {{get-financial-ratios.row_count}} covenants tested.

            Review financial ratios and escalate any breaches.'
      - name: notify-credit-team
        type: call
        call: msteams.send-message
        with:
          channel: credit-monitoring
          text: 'Covenant check complete: {{borrower_name}} ({{facility_id}}) — {{reporting_date}}. Jira: {{create-breach-ticket.key}}. Review results for potential breaches.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Reconciles ADP payroll data with Workday employee records and Snowflake cost center budgets, creating ServiceNow tasks for discrepancies found during the monthly payroll cycle.

naftiko: '0.5'
info:
  label: ADP Payroll Reconciliation
  description: Reconciles ADP payroll data with Workday employee records and Snowflake cost center budgets, creating ServiceNow tasks for discrepancies found during the monthly payroll cycle.
  tags:
  - hr
  - payroll
  - adp
  - workday
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-payroll
    port: 8080
    tools:
    - name: reconcile-payroll
      description: Given a pay period, reconcile ADP payroll with Workday and Snowflake budget data, flagging discrepancies.
      inputParameters:
      - name: pay_period
        in: body
        type: string
        description: The pay period in YYYY-MM format.
      - name: business_unit
        in: body
        type: string
        description: The business unit to reconcile.
      steps:
      - name: get-payroll-data
        type: call
        call: adp.get-payroll-summary
        with:
          pay_period: '{{pay_period}}'
          business_unit: '{{business_unit}}'
      - name: get-headcount
        type: call
        call: snowflake.execute-query
        with:
          warehouse: HR_WH
          database: HR_DB
          query: SELECT department, COUNT(*) as headcount, SUM(budgeted_salary) as budget_total FROM employee_budget WHERE business_unit = '{{business_unit}}' AND period = '{{pay_period}}' GROUP BY department
      - name: create-reconciliation-task
        type: call
        call: servicenow.create-record
        with:
          table: u_payroll_reconciliation
          short_description: 'Payroll reconciliation: {{business_unit}} — {{pay_period}}'
          description: 'ADP total: {{get-payroll-data.total_gross}}. Budget total from Snowflake. Review and resolve discrepancies.'
          assigned_group: HR_Payroll
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: payroll
      path: /workers/payroll-summary?payPeriod={{pay_period}}&businessUnit={{business_unit}}
      inputParameters:
      - name: pay_period
        in: query
      - name: business_unit
        in: query
      operations:
      - name: get-payroll-summary
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

Triggers portfolio rebalancing based on drift analysis, executes trades, updates positions, generates client reports, and notifies advisors.

naftiko: '0.5'
info:
  label: Client Portfolio Rebalancing Pipeline
  description: Triggers portfolio rebalancing based on drift analysis, executes trades, updates positions, generates client reports, and notifies advisors.
  tags:
  - wealth-management
  - portfolio
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: wealth-management
    port: 8080
    tools:
    - name: client_portfolio_rebalancing_pipeline
      description: Orchestrate client portfolio rebalancing pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Reconciles trade settlement data between Bloomberg Tradebook and the core banking system, identifies breaks, and creates Jira tickets for operations to investigate discrepancies.

naftiko: '0.5'
info:
  label: Trade Settlement Reconciliation
  description: Reconciles trade settlement data between Bloomberg Tradebook and the core banking system, identifies breaks, and creates Jira tickets for operations to investigate discrepancies.
  tags:
  - operations
  - settlement
  - reconciliation
  - bloomberg-tradebook
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: trade-ops
    port: 8080
    tools:
    - name: reconcile-settlements
      description: Given a trade date, compare Tradebook and core banking settlement records, identify breaks, and create Jira tickets.
      inputParameters:
      - name: trade_date
        in: body
        type: string
        description: The trade date to reconcile in YYYY-MM-DD format.
      - name: asset_class
        in: body
        type: string
        description: 'Asset class: equities, fixed_income, fx, or derivatives.'
      steps:
      - name: get-tradebook-settlements
        type: call
        call: bloomberg-tradebook.get-settlements
        with:
          trade_date: '{{trade_date}}'
          asset_class: '{{asset_class}}'
      - name: get-internal-settlements
        type: call
        call: snowflake.execute-query
        with:
          warehouse: OPS_WH
          database: SETTLEMENTS_DB
          query: SELECT trade_id, counterparty, amount, currency, status FROM settlements WHERE trade_date = '{{trade_date}}' AND asset_class = '{{asset_class}}'
      - name: create-break-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: TRADEOPS
          issuetype: Task
          summary: '[Settlement Break] {{asset_class}} — {{trade_date}}'
          description: 'Reconciliation results for {{trade_date}} ({{asset_class}}).

            Tradebook records: {{get-tradebook-settlements.count}}

            Internal records: {{get-internal-settlements.row_count}}

            Review breaks and resolve.'
  consumes:
  - type: http
    namespace: bloomberg-tradebook
    baseUri: https://api.bloomberg.com/tradebook/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_tradebook_token
    resources:
    - name: settlements
      path: /settlements?tradeDate={{trade_date}}&assetClass={{asset_class}}
      inputParameters:
      - name: trade_date
        in: query
      - name: asset_class
        in: query
      operations:
      - name: get-settlements
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Validates proposed trades against investment guidelines, checks exposure limits in Snowflake, approves or blocks, and logs decisions.

naftiko: '0.5'
info:
  label: Investment Compliance Pre-Trade Check
  description: Validates proposed trades against investment guidelines, checks exposure limits in Snowflake, approves or blocks, and logs decisions.
  tags:
  - compliance
  - trading
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: investment_compliance_pre_trade_check
      description: Orchestrate investment compliance pre-trade check workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Fetches yield curve data from Bloomberg, runs VaR calculations in Snowflake, generates risk report in Power BI, and notifies treasury via Teams.

naftiko: '0.5'
info:
  label: Interest Rate Risk Calculator
  description: Fetches yield curve data from Bloomberg, runs VaR calculations in Snowflake, generates risk report in Power BI, and notifies treasury via Teams.
  tags:
  - risk
  - treasury
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk
    port: 8080
    tools:
    - name: interest_rate_risk_calculator
      description: Orchestrate interest rate risk calculator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-yield-curve
        type: call
        call: bloomberg.get-yield-curve
        with:
          currency: '{{resource_id}}'
      - name: calculate-var
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL calculate_var('{{resource_id}}')
          warehouse: RISK_WH
      - name: refresh-report
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: interest_rate_risk
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: treasury
          text: 'IR risk report updated for {{resource_id}}. VaR: {{calculate-var.var_amount}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Queries Microsoft Entra for conditional access policies applied to a user, returning policy names, grant controls, and session controls for security audit.

naftiko: '0.5'
info:
  label: Microsoft Entra Conditional Access Policy Check
  description: Queries Microsoft Entra for conditional access policies applied to a user, returning policy names, grant controls, and session controls for security audit.
  tags:
  - security
  - identity-management
  - microsoft-entra
capability:
  exposes:
  - type: mcp
    namespace: identity-security
    port: 8080
    tools:
    - name: get-conditional-access
      description: List conditional access policies affecting a user. Returns policy names, states, and grant conditions.
      inputParameters:
      - name: user_principal_name
        in: body
        type: string
        description: The user principal name (UPN) to check policies for.
      call: entra.get-policies
      with:
        user_principal_name: '{{user_principal_name}}'
      outputParameters:
      - name: policy_count
        type: string
        mapping: $.value.length
  consumes:
  - type: http
    namespace: entra
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: policies
      path: /identity/conditionalAccess/policies?$filter=conditions/users/includeUsers/any(u:u eq '{{user_principal_name}}')
      inputParameters:
      - name: user_principal_name
        in: query
      operations:
      - name: get-policies
        method: GET

Collects cash positions from multiple bank accounts, aggregates in Snowflake, updates treasury dashboard in Power BI, and sends morning report to CFO.

naftiko: '0.5'
info:
  label: Treasury Cash Position Aggregator
  description: Collects cash positions from multiple bank accounts, aggregates in Snowflake, updates treasury dashboard in Power BI, and sends morning report to CFO.
  tags:
  - treasury
  - cash-management
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: treasury
    port: 8080
    tools:
    - name: treasury_cash_position_aggregator
      description: Orchestrate treasury cash position aggregator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-positions
        type: call
        call: swift.get-mt940
        with:
          date: '{{resource_id}}'
      - name: aggregate
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL aggregate_cash('{{resource_id}}')
          warehouse: TREASURY_WH
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: cash_positions
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: treasury-mgmt
          text: 'Cash position report for {{resource_id}}: Total: {{aggregate.total_balance}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Searches ABN AMRO transaction logs in Elasticsearch by criteria.

naftiko: '0.5'
info:
  label: Elasticsearch Transaction Search
  description: Searches ABN AMRO transaction logs in Elasticsearch by criteria.
  tags:
  - data
  - elasticsearch
  - transactions
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: search-transactions
      description: Search transactions by query.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The search_query to look up.
      call: elasticsearch.get-search_query
      with:
        search_query: '{{search_query}}'
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://abn-amro-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: elasticsearch_transaction_sear
        method: GET

On PR merge, runs SAST scan via SonarQube, checks dependency vulnerabilities, validates container image, approves or blocks deployment, and notifies dev team.

naftiko: '0.5'
info:
  label: CI/CD Security Gate Pipeline
  description: On PR merge, runs SAST scan via SonarQube, checks dependency vulnerabilities, validates container image, approves or blocks deployment, and notifies dev team.
  tags:
  - devops
  - security
  - github
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: devops
    port: 8080
    tools:
    - name: cicd_security_gate_pipeline
      description: Orchestrate ci/cd security gate pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-pr
        type: call
        call: github.get-pull-request
        with:
          pr_id: '{{resource_id}}'
      - name: run-sast
        type: call
        call: sonarqube.analyze-project
        with:
          project_key: '{{get-pr.repo}}'
      - name: check-deps
        type: call
        call: snyk.test-project
        with:
          project_id: '{{get-pr.repo}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: security-reviews
          text: 'Security gate for {{resource_id}}: SAST {{run-sast.status}}, Deps {{check-deps.issues}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abn-amro.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves change request details by number from ABN AMRO ServiceNow instance.

naftiko: '0.5'
info:
  label: ServiceNow Change Request Lookup
  description: Retrieves change request details by number from ABN AMRO ServiceNow instance.
  tags:
  - itsm
  - servicenow
  - change-management
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: get-change-request
      description: Look up a change request by number.
      inputParameters:
      - name: change_number
        in: body
        type: string
        description: The change_number to look up.
      call: servicenow.get-change_number
      with:
        change_number: '{{change_number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow_change_request_look
        method: GET

Scans API gateway for deprecated endpoints, identifies consuming applications, sends deprecation notices via email, creates migration tasks in Jira, and updates Confluence docs.

naftiko: '0.5'
info:
  label: API Deprecation Notification Pipeline
  description: Scans API gateway for deprecated endpoints, identifies consuming applications, sends deprecation notices via email, creates migration tasks in Jira, and updates Confluence docs.
  tags:
  - api-management
  - jira
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: api-management
    port: 8080
    tools:
    - name: api_deprecation_notification_pipeline
      description: Orchestrate api deprecation notification pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: scan-apis
        type: call
        call: kong.get-deprecated-routes
        with:
          gateway_id: '{{resource_id}}'
      - name: identify-consumers
        type: call
        call: apigee.get-consumers
        with:
          route_id: '{{scan-apis.route_id}}'
      - name: create-migration
        type: call
        call: jira.create-issue
        with:
          project: API
          summary: 'Migrate from deprecated API: {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: api-platform
          text: 'API deprecation: {{resource_id}}. Migration ticket: {{create-migration.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://abn-amro.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://abn-amro.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Validates incoming market data feeds against expected patterns, identifies anomalies in Snowflake, creates alerts in PagerDuty, and logs quality metrics in Grafana.

naftiko: '0.5'
info:
  label: Market Data Quality Monitor
  description: Validates incoming market data feeds against expected patterns, identifies anomalies in Snowflake, creates alerts in PagerDuty, and logs quality metrics in Grafana.
  tags:
  - market-data
  - quality
  - snowflake
  - pagerduty
  - grafana
capability:
  exposes:
  - type: mcp
    namespace: market-data
    port: 8080
    tools:
    - name: market_data_quality_monitor
      description: Orchestrate market data quality monitor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: validate-feeds
        type: call
        call: bloomberg.validate-feed
        with:
          feed_id: '{{resource_id}}'
      - name: check-anomalies
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL check_market_data_quality('{{resource_id}}')
          warehouse: MARKET_WH
      - name: create-alert
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Market data quality: {{resource_id}}'
          severity: '{{check-anomalies.severity}}'
      - name: log-metrics
        type: call
        call: grafana.push-metrics
        with:
          dashboard_uid: market-data-quality
          quality_score: '{{check-anomalies.score}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://abn-amro-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST

Triggers a Microsoft Purview data classification scan on a specified data source and returns scan status and discovered sensitive data types for data governance compliance.

naftiko: '0.5'
info:
  label: Microsoft Purview Data Classification Scan
  description: Triggers a Microsoft Purview data classification scan on a specified data source and returns scan status and discovered sensitive data types for data governance compliance.
  tags:
  - data-governance
  - classification
  - microsoft-purview
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: trigger-classification-scan
      description: Trigger a Purview classification scan on a data source. Returns scan run ID and status.
      inputParameters:
      - name: data_source_name
        in: body
        type: string
        description: The Purview registered data source name.
      - name: scan_name
        in: body
        type: string
        description: The scan definition name.
      call: purview.run-scan
      with:
        data_source_name: '{{data_source_name}}'
        scan_name: '{{scan_name}}'
      outputParameters:
      - name: run_id
        type: string
        mapping: $.scanRunId
      - name: status
        type: string
        mapping: $.status
  consumes:
  - type: http
    namespace: purview
    baseUri: https://abnamro-purview.purview.azure.com
    authentication:
      type: bearer
      token: $secrets.purview_token
    resources:
    - name: scans
      path: /scan/datasources/{{data_source_name}}/scans/{{scan_name}}/runs?api-version=2023-09-01
      inputParameters:
      - name: data_source_name
        in: path
      - name: scan_name
        in: path
      operations:
      - name: run-scan
        method: POST

Identifies incomplete client records, creates remediation tasks, tracks completion progress, and reports to client data management.

naftiko: '0.5'
info:
  label: Client Data Remediation Pipeline
  description: Identifies incomplete client records, creates remediation tasks, tracks completion progress, and reports to client data management.
  tags:
  - data-quality
  - client-data
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: client_data_remediation_pipeline
      description: Orchestrate client data remediation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

On new hire creation in Workday, opens a ServiceNow onboarding ticket, provisions Azure Active Directory account, and sends a Microsoft Teams welcome message.

naftiko: '0.5'
info:
  label: Employee Onboarding Orchestrator
  description: On new hire creation in Workday, opens a ServiceNow onboarding ticket, provisions Azure Active Directory account, and sends a Microsoft Teams welcome message.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - azure-active-directory
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-onboarding
      description: Given a Workday employee ID and start date, orchestrate onboarding across ServiceNow, Azure AD, and Microsoft Teams.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the new hire.
      - name: start_date
        in: body
        type: string
        description: The employee start date in YYYY-MM-DD format.
      - name: department
        in: body
        type: string
        description: The department the new hire is joining.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: open-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'New hire onboarding: {{get-employee.full_name}}'
          category: hr_onboarding
          assigned_group: IT_Onboarding
          description: Onboarding for {{get-employee.full_name}} starting {{start_date}} in {{department}}.
      - name: provision-account
        type: call
        call: azuread.create-user
        with:
          display_name: '{{get-employee.full_name}}'
          user_principal_name: '{{get-employee.work_email}}'
          department: '{{department}}'
      - name: send-welcome
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.work_email}}'
          text: Welcome to ABN AMRO, {{get-employee.first_name}}! Your IT onboarding ticket is {{open-ticket.number}}. Your Azure AD account has been provisioned.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd3-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the current sprint status and velocity for an ABN AMRO engineering team board.

naftiko: '0.5'
info:
  label: Jira Sprint Status
  description: Retrieves the current sprint status and velocity for an ABN AMRO engineering team board.
  tags:
  - devops
  - jira
  - agile
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: get-sprint
      description: Get current sprint status by board ID.
      inputParameters:
      - name: board_id
        in: body
        type: string
        description: The board_id to look up.
      call: jira.get-board_id
      with:
        board_id: '{{board_id}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://abn-amro.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira_sprint_status
        method: GET

Checks if a user has access to a specific Okta application at ABN AMRO.

naftiko: '0.5'
info:
  label: Okta Application Assignment Check
  description: Checks if a user has access to a specific Okta application at ABN AMRO.
  tags:
  - security
  - okta
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: identity
    port: 8080
    tools:
    - name: check-app-access
      description: Check user application access in Okta.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: The user_email to look up.
      call: okta.get-user_email
      with:
        user_email: '{{user_email}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://abn-amro.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: okta_application_assignment_ch
        method: GET

Searches Splunk SIEM for security events matching a query pattern at ABN AMRO.

naftiko: '0.5'
info:
  label: Splunk Security Log Search
  description: Searches Splunk SIEM for security events matching a query pattern at ABN AMRO.
  tags:
  - security
  - splunk
  - siem
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: search-security-logs
      description: Search security logs by query.
      inputParameters:
      - name: query
        in: body
        type: string
        description: The query to look up.
      call: splunk.get-query
      with:
        query: '{{query}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://abn-amro-splunk.com/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: splunk_security_log_search
        method: GET

Audits data catalog completeness, validates data classifications, creates remediation tasks, and notifies data stewards.

naftiko: '0.5'
info:
  label: Data Catalog Governance Pipeline
  description: Audits data catalog completeness, validates data classifications, creates remediation tasks, and notifies data stewards.
  tags:
  - data-governance
  - catalog
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: data_catalog_governance_pipeline
      description: Orchestrate data catalog governance pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Retrieves a Salesforce opportunity by ID, returning stage, amount, close date, and owner for the sales team.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Lookup
  description: Retrieves a Salesforce opportunity by ID, returning stage, amount, close date, and owner for the sales team.
  tags:
  - sales
  - crm
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: sales-crm
    port: 8080
    tools:
    - name: get-opportunity
      description: Look up a Salesforce opportunity by ID. Returns name, stage, amount, close date, and owner.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID.
      call: salesforce.get-opportunity
      with:
        opportunity_id: '{{opportunity_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.Name
      - name: stage
        type: string
        mapping: $.StageName
      - name: amount
        type: string
        mapping: $.Amount
      - name: close_date
        type: string
        mapping: $.CloseDate
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET

Analyzes trade execution quality metrics, compares against benchmarks in Snowflake, identifies improvements, and reports to trading desk.

naftiko: '0.5'
info:
  label: Trade Execution Quality Analyzer
  description: Analyzes trade execution quality metrics, compares against benchmarks in Snowflake, identifies improvements, and reports to trading desk.
  tags:
  - trading
  - analytics
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading
    port: 8080
    tools:
    - name: trade_execution_quality_analyzer
      description: Orchestrate trade execution quality analyzer workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Queries Dynatrace for application performance metrics, compares against historical baselines in Snowflake, and creates a Jira performance ticket when degradation is detected.

naftiko: '0.5'
info:
  label: Dynatrace Performance Baseline Comparison
  description: Queries Dynatrace for application performance metrics, compares against historical baselines in Snowflake, and creates a Jira performance ticket when degradation is detected.
  tags:
  - observability
  - performance
  - dynatrace
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: observability-metrics
    port: 8080
    tools:
    - name: check-performance-baseline
      description: Query Dynatrace for metrics, compare against Snowflake baselines, and create a Jira ticket on degradation.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The Dynatrace entity ID of the service.
      - name: service_name
        in: body
        type: string
        description: Human-readable service name.
      - name: time_range
        in: body
        type: string
        description: Time range for metrics (e.g., last2h, last24h, last7d).
      steps:
      - name: get-current-metrics
        type: call
        call: dynatrace.get-metrics
        with:
          entity_id: '{{entity_id}}'
          time_range: '{{time_range}}'
      - name: get-baseline
        type: call
        call: snowflake.execute-query
        with:
          warehouse: OPS_WH
          database: OBSERVABILITY_DB
          query: SELECT avg_response_time, avg_error_rate, p95_response_time FROM service_baselines WHERE entity_id = '{{entity_id}}'
      - name: create-perf-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: PERF
          issuetype: Task
          summary: '[Performance] {{service_name}} — baseline deviation'
          description: 'Service: {{service_name}} ({{entity_id}})

            Current response time: {{get-current-metrics.response_time_ms}}ms

            Baseline: {{get-baseline.avg_response_time}}ms

            Current error rate: {{get-current-metrics.error_rate}}%

            Baseline error rate: {{get-baseline.avg_error_rate}}%'
  consumes:
  - type: http
    namespace: dynatrace
    baseUri: https://abnamro.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: metrics
      path: /metrics/query?entityId={{entity_id}}&from={{time_range}}
      inputParameters:
      - name: entity_id
        in: query
      - name: time_range
        in: query
      operations:
      - name: get-metrics
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Triggers a Terraform deployment through Azure DevOps pipelines for banking infrastructure changes, with approval gating and Teams notification.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Deployment
  description: Triggers a Terraform deployment through Azure DevOps pipelines for banking infrastructure changes, with approval gating and Teams notification.
  tags:
  - infrastructure
  - devops
  - terraform
  - azure-devops
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: infra-deploy
    port: 8080
    tools:
    - name: deploy-infrastructure
      description: Given a Terraform workspace and environment, trigger an Azure DevOps pipeline run and notify the platform team.
      inputParameters:
      - name: workspace
        in: body
        type: string
        description: The Terraform workspace name.
      - name: environment
        in: body
        type: string
        description: 'Target environment: dev, staging, or production.'
      - name: change_ticket
        in: body
        type: string
        description: The ServiceNow change request number for audit trail.
      steps:
      - name: trigger-pipeline
        type: call
        call: azuredevops.run-pipeline
        with:
          project: banking-infra
          pipeline_id: terraform-apply
          variables:
            workspace: '{{workspace}}'
            environment: '{{environment}}'
            change_ticket: '{{change_ticket}}'
      - name: notify-platform
        type: call
        call: msteams.send-message
        with:
          channel: platform-deployments
          text: 'Infrastructure deployment triggered: {{workspace}} to {{environment}}. Pipeline run: {{trigger-pipeline.run_id}}. Change ticket: {{change_ticket}}.'
  consumes:
  - type: http
    namespace: azuredevops
    baseUri: https://dev.azure.com/abnamro
    authentication:
      type: bearer
      token: $secrets.azuredevops_token
    resources:
    - name: pipelines
      path: /{{project}}/_apis/pipelines/{{pipeline_id}}/runs?api-version=7.1
      inputParameters:
      - name: project
        in: path
      - name: pipeline_id
        in: path
      operations:
      - name: run-pipeline
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves a document from SharePoint by site and document path, returning the download URL, modified date, and author for banking document management.

naftiko: '0.5'
info:
  label: SharePoint Document Retrieval
  description: Retrieves a document from SharePoint by site and document path, returning the download URL, modified date, and author for banking document management.
  tags:
  - document-management
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: document-mgmt
    port: 8080
    tools:
    - name: get-document
      description: Retrieve a document from SharePoint. Returns download URL, last modified date, and author.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The SharePoint site ID.
      - name: document_path
        in: body
        type: string
        description: The document path relative to the site root.
      call: sharepoint.get-document
      with:
        site_id: '{{site_id}}'
        document_path: '{{document_path}}'
      outputParameters:
      - name: download_url
        type: string
        mapping: $.@microsoft.graph.downloadUrl
      - name: last_modified
        type: string
        mapping: $.lastModifiedDateTime
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{document_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: document_path
        in: path
      operations:
      - name: get-document
        method: GET

Reconciles nostro accounts with correspondent banks, identifies breaks in Snowflake, creates resolution tickets, and notifies operations.

naftiko: '0.5'
info:
  label: Nostro Reconciliation Pipeline
  description: Reconciles nostro accounts with correspondent banks, identifies breaks in Snowflake, creates resolution tickets, and notifies operations.
  tags:
  - operations
  - reconciliation
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: nostro_reconciliation_pipeline
      description: Orchestrate nostro reconciliation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

When a critical banking service goes down, sends mass notifications via Everbridge to affected stakeholders and creates a ServiceNow major incident record.

naftiko: '0.5'
info:
  label: Everbridge Mass Notification for IT Incidents
  description: When a critical banking service goes down, sends mass notifications via Everbridge to affected stakeholders and creates a ServiceNow major incident record.
  tags:
  - incident-management
  - business-continuity
  - everbridge
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: crisis-management
    port: 8080
    tools:
    - name: trigger-mass-notification
      description: Given an incident description and impacted service, send Everbridge notifications, create a ServiceNow major incident, and post to Teams.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The name of the impacted banking service.
      - name: incident_summary
        in: body
        type: string
        description: Brief description of the incident.
      - name: severity
        in: body
        type: string
        description: 'Incident severity: P1, P2, P3.'
      - name: contact_group
        in: body
        type: string
        description: The Everbridge contact group to notify.
      steps:
      - name: send-notification
        type: call
        call: everbridge.send-notification
        with:
          notification_type: Standard
          subject: '[{{severity}}] {{service_name}} — Service Disruption'
          body: '{{incident_summary}}'
          contact_group: '{{contact_group}}'
      - name: create-major-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: '[{{severity}}] {{service_name}} — {{incident_summary}}'
          impact: '1'
          urgency: '1'
          assigned_group: Major_Incident_Management
          category: service_disruption
      - name: post-to-teams
        type: call
        call: msteams.send-message
        with:
          channel: major-incidents
          text: 'MAJOR INCIDENT: {{severity}} | {{service_name}} | {{incident_summary}} | ServiceNow: {{create-major-incident.number}} | Everbridge notification sent to {{contact_group}}'
  consumes:
  - type: http
    namespace: everbridge
    baseUri: https://api.everbridge.net/rest
    authentication:
      type: bearer
      token: $secrets.everbridge_token
    resources:
    - name: notifications
      path: /notifications
      operations:
      - name: send-notification
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Checks the last refresh status of a Power BI dataset used for ABN AMRO reporting.

naftiko: '0.5'
info:
  label: Power BI Dataset Refresh Status
  description: Checks the last refresh status of a Power BI dataset used for ABN AMRO reporting.
  tags:
  - analytics
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: get-refresh-status
      description: Get Power BI dataset refresh status.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: The dataset_id to look up.
      call: powerbi.get-dataset_id
      with:
        dataset_id: '{{dataset_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: power_bi_dataset_refresh_statu
        method: GET

Receives mortgage application, runs credit check, validates documents in SharePoint, creates workflow in ServiceNow, and notifies the applicant via email.

naftiko: '0.5'
info:
  label: Mortgage Application Processor
  description: Receives mortgage application, runs credit check, validates documents in SharePoint, creates workflow in ServiceNow, and notifies the applicant via email.
  tags:
  - lending
  - mortgage
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: lending
    port: 8080
    tools:
    - name: mortgage_application_processor
      description: Orchestrate mortgage application processor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-application
        type: call
        call: lending.get-application
        with:
          app_id: '{{resource_id}}'
      - name: run-credit-check
        type: call
        call: creditbureau.check-score
        with:
          ssn: '{{get-application.ssn}}'
      - name: create-workflow
        type: call
        call: servicenow.create-request
        with:
          short_description: 'Mortgage: {{resource_id}}'
          credit_score: '{{run-credit-check.score}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: lending-ops
          text: 'Mortgage {{resource_id}} processed. Score: {{run-credit-check.score}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Searches ABN AMRO Confluence knowledge base for articles matching a query.

naftiko: '0.5'
info:
  label: Confluence Knowledge Search
  description: Searches ABN AMRO Confluence knowledge base for articles matching a query.
  tags:
  - collaboration
  - confluence
  - knowledge-base
capability:
  exposes:
  - type: mcp
    namespace: collaboration
    port: 8080
    tools:
    - name: search-articles
      description: Search Confluence articles by query.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The search_query to look up.
      call: confluence.get-search_query
      with:
        search_query: '{{search_query}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://abn-amro.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence_knowledge_search
        method: GET

When a real-time fraud detection model flags a suspicious transaction in Snowflake, enriches the alert with customer data from Salesforce, blocks the card via Mastercard API, and notifies the fraud operations team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Fraud Detection Alert Pipeline
  description: When a real-time fraud detection model flags a suspicious transaction in Snowflake, enriches the alert with customer data from Salesforce, blocks the card via Mastercard API, and notifies the fraud operations team in Microsoft Teams.
  tags:
  - fraud-detection
  - security
  - snowflake
  - salesforce
  - mastercard
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: fraud-ops
    port: 8080
    tools:
    - name: handle-fraud-alert
      description: Given a fraud alert ID, enrich with customer data, optionally block the card, and notify fraud ops.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The fraud detection alert ID from the ML pipeline.
      - name: customer_id
        in: body
        type: string
        description: The Salesforce customer account ID.
      - name: card_number_token
        in: body
        type: string
        description: Tokenized card number for Mastercard API.
      - name: block_card
        in: body
        type: string
        description: 'Whether to block the card: true or false.'
      steps:
      - name: get-alert-data
        type: call
        call: snowflake.execute-query
        with:
          warehouse: FRAUD_WH
          database: FRAUD_DB
          query: SELECT * FROM fraud_alerts WHERE alert_id = '{{alert_id}}'
      - name: get-customer
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{customer_id}}'
      - name: block-card
        type: call
        call: mastercard.block-card
        with:
          card_token: '{{card_number_token}}'
          reason: fraud_suspected
      - name: notify-fraud-ops
        type: call
        call: msteams.send-message
        with:
          channel: fraud-operations
          text: 'Fraud Alert: {{alert_id}} | Customer: {{get-customer.name}} | Card blocked: {{block_card}} | Transaction details from Snowflake query. Review immediately.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: mastercard
    baseUri: https://api.mastercard.com/fraud/v1
    authentication:
      type: bearer
      token: $secrets.mastercard_token
    resources:
    - name: cards
      path: /cards/block
      operations:
      - name: block-card
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Checks the review status and approval state of a GitHub pull request.

naftiko: '0.5'
info:
  label: GitHub PR Review Status
  description: Checks the review status and approval state of a GitHub pull request.
  tags:
  - devops
  - github
  - code-review
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: get-pr-status
      description: Get PR review status by number.
      inputParameters:
      - name: pr_number
        in: body
        type: string
        description: The pr_number to look up.
      call: github.get-pr_number
      with:
        pr_number: '{{pr_number}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github_pr_review_status
        method: GET

Queries the MuleSoft Anypoint Platform for API deployment status and health metrics, compares against SLA thresholds in Datadog, and creates a ServiceNow incident when error rates exceed acceptable levels.

naftiko: '0.5'
info:
  label: MuleSoft API Health Check with Incident Creation
  description: Queries the MuleSoft Anypoint Platform for API deployment status and health metrics, compares against SLA thresholds in Datadog, and creates a ServiceNow incident when error rates exceed acceptable levels.
  tags:
  - api-management
  - integration
  - mulesoft
  - datadog
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: api-gateway
    port: 8080
    tools:
    - name: check-api-health-with-escalation
      description: Check MuleSoft API health, compare against Datadog SLA metrics, and create a ServiceNow incident on degradation.
      inputParameters:
      - name: api_id
        in: body
        type: string
        description: The MuleSoft Anypoint API instance ID.
      - name: environment
        in: body
        type: string
        description: 'Deployment environment: sandbox or production.'
      - name: error_rate_threshold
        in: body
        type: number
        description: Error rate threshold percentage for escalation.
      steps:
      - name: get-api-status
        type: call
        call: mulesoft.get-api-status
        with:
          api_id: '{{api_id}}'
          environment: '{{environment}}'
      - name: get-datadog-metrics
        type: call
        call: datadog.get-metrics
        with:
          query: avg:mulesoft.api.error_rate{api_id:{{api_id}},env:{{environment}}}
          time_range: 1h
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'API degradation: {{api_id}} in {{environment}}'
          description: 'MuleSoft API {{api_id}} ({{environment}}) is degraded.

            Status: {{get-api-status.status}}

            Error rate: {{get-datadog-metrics.error_rate}}%

            Threshold: {{error_rate_threshold}}%'
          assigned_group: API_Platform
          category: api_degradation
  consumes:
  - type: http
    namespace: mulesoft
    baseUri: https://anypoint.mulesoft.com/apimanager/api/v1
    authentication:
      type: bearer
      token: $secrets.mulesoft_token
    resources:
    - name: apis
      path: /organizations/{{org_id}}/environments/{{environment}}/apis/{{api_id}}
      inputParameters:
      - name: api_id
        in: path
      - name: environment
        in: path
      operations:
      - name: get-api-status
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.eu/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: get-metrics
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Queries Prometheus for active alerts on Kubernetes-hosted banking microservices, enriches with Datadog APM trace data, and creates Jira incident tickets for critical alerts.

naftiko: '0.5'
info:
  label: Prometheus Alert Triage and Escalation
  description: Queries Prometheus for active alerts on Kubernetes-hosted banking microservices, enriches with Datadog APM trace data, and creates Jira incident tickets for critical alerts.
  tags:
  - observability
  - alerting
  - prometheus
  - datadog
  - jira
capability:
  exposes:
  - type: mcp
    namespace: monitoring
    port: 8080
    tools:
    - name: triage-prometheus-alerts
      description: Query Prometheus alerts, enrich with Datadog traces, and create Jira incidents for critical ones.
      inputParameters:
      - name: namespace
        in: body
        type: string
        description: The Kubernetes namespace to filter alerts.
      - name: severity_filter
        in: body
        type: string
        description: 'Minimum severity to triage: critical, warning, or info.'
      steps:
      - name: get-alerts
        type: call
        call: prometheus.query-alerts
        with:
          namespace: '{{namespace}}'
      - name: get-traces
        type: call
        call: datadog.get-traces
        with:
          service: '{{namespace}}'
          time_range: 1h
      - name: create-incident
        type: call
        call: jira.create-issue
        with:
          project_key: INC
          issuetype: Incident
          summary: '[Prometheus] {{namespace}} — {{get-alerts.alert_count}} active alerts'
          description: 'Namespace: {{namespace}}

            Active alerts: {{get-alerts.alert_count}}

            Severity filter: {{severity_filter}}

            Datadog traces available for correlation.'
  consumes:
  - type: http
    namespace: prometheus
    baseUri: https://prometheus.abnamro.com/api/v1
    authentication:
      type: bearer
      token: $secrets.prometheus_token
    resources:
    - name: alerts
      path: /alerts?filter=namespace%3D{{namespace}}
      inputParameters:
      - name: namespace
        in: query
      operations:
      - name: query-alerts
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.eu/api/v2
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: traces
      path: /traces?service={{service}}&timeRange={{time_range}}
      inputParameters:
      - name: service
        in: query
      - name: time_range
        in: query
      operations:
      - name: get-traces
        method: GET
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Validates wire transfers against AML rules, screens beneficiaries, creates compliance records, and notifies compliance team.

naftiko: '0.5'
info:
  label: Wire Transfer Compliance Pipeline
  description: Validates wire transfers against AML rules, screens beneficiaries, creates compliance records, and notifies compliance team.
  tags:
  - payments
  - compliance
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: payments
    port: 8080
    tools:
    - name: wire_transfer_compliance_pipeline
      description: Orchestrate wire transfer compliance pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Generates annual client review documents from portfolio data, compliance records, and performance metrics, and sends to advisors.

naftiko: '0.5'
info:
  label: Annual Review Document Generator
  description: Generates annual client review documents from portfolio data, compliance records, and performance metrics, and sends to advisors.
  tags:
  - client-management
  - documents
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: client-management
    port: 8080
    tools:
    - name: annual_review_document_generator
      description: Orchestrate annual review document generator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Fetches real-time market data from Bloomberg Terminal API for ABN AMRO trading desks.

naftiko: '0.5'
info:
  label: Bloomberg Terminal Data Fetch
  description: Fetches real-time market data from Bloomberg Terminal API for ABN AMRO trading desks.
  tags:
  - trading
  - bloomberg
  - market-data
capability:
  exposes:
  - type: mcp
    namespace: trading
    port: 8080
    tools:
    - name: get-market-data
      description: Fetch Bloomberg market data by ticker.
      inputParameters:
      - name: ticker
        in: body
        type: string
        description: The ticker to look up.
      call: salesforce.get-ticker
      with:
        ticker: '{{ticker}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bloomberg_terminal_data_fetch
        method: GET

Queries distributed traces from the OpenTelemetry-backed tracing backend for a given trace ID, returning span details and latency breakdown for banking microservice debugging.

naftiko: '0.5'
info:
  label: OpenTelemetry Trace Lookup
  description: Queries distributed traces from the OpenTelemetry-backed tracing backend for a given trace ID, returning span details and latency breakdown for banking microservice debugging.
  tags:
  - observability
  - tracing
  - opentelemetry
capability:
  exposes:
  - type: mcp
    namespace: distributed-tracing
    port: 8080
    tools:
    - name: get-trace
      description: Look up a distributed trace by trace ID. Returns span tree, total duration, and error spans.
      inputParameters:
      - name: trace_id
        in: body
        type: string
        description: The OpenTelemetry trace ID (32-char hex).
      call: otel.get-trace
      with:
        trace_id: '{{trace_id}}'
      outputParameters:
      - name: span_count
        type: string
        mapping: $.spans.length
      - name: total_duration_ms
        type: string
        mapping: $.duration
  consumes:
  - type: http
    namespace: otel
    baseUri: https://tracing.abnamro.com/api/v2
    authentication:
      type: bearer
      token: $secrets.otel_token
    resources:
    - name: traces
      path: /traces/{{trace_id}}
      inputParameters:
      - name: trace_id
        in: path
      operations:
      - name: get-trace
        method: GET

Triggers a reserve calculation by pulling loss triangles from Snowflake, posting to SAP GL, and notifying the chief actuary via Teams.

naftiko: '0.5'
info:
  label: Actuarial Reserve Calculation Workflow
  description: Triggers a reserve calculation by pulling loss triangles from Snowflake, posting to SAP GL, and notifying the chief actuary via Teams.
  tags:
  - insurance
  - actuarial
  - finance
  - snowflake
  - sap
capability:
  exposes:
  - type: mcp
    namespace: reserve-ops
    port: 8080
    tools:
    - name: trigger-reserve-calc
      description: Given a valuation date and LOB, extract loss data from Snowflake, post the reserve entry to SAP, and notify the actuary.
      inputParameters:
      - name: valuation_date
        in: body
        type: string
        description: Valuation date.
      - name: line_of_business
        in: body
        type: string
        description: LOB.
      - name: actuary_upn
        in: body
        type: string
        description: Chief actuary UPN.
      steps:
      - name: get-data
        type: call
        call: snowflake.run-query
        with:
          query: SELECT * FROM reserve_triangles WHERE lob='{{line_of_business}}'
      - name: post-gl
        type: call
        call: sap-fi.post-journal
        with:
          PostingDate: '{{valuation_date}}'
          Description: 'Reserve: {{line_of_business}}'
      - name: notify-actuary
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{actuary_upn}}'
          text: 'Reserve calc: {{line_of_business}} as of {{valuation_date}}. GL: {{post-gl.document_number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: journal-entries
      path: /A_JournalEntry
      operations:
      - name: post-journal
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Fetches a Jira issue by key and returns the summary, status, assignee, and priority.

naftiko: '0.5'
info:
  label: Jira Issue Detail Lookup
  description: Fetches a Jira issue by key and returns the summary, status, assignee, and priority.
  tags:
  - insurance
  - engineering
  - jira
  - project-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: eng-ops
    port: 8080
    tools:
    - name: get-jira-issue
      description: Given a Jira issue key, return the issue summary, status, assignee, and priority.
      inputParameters:
      - name: issue_key
        in: body
        type: string
        description: Jira issue key.
      call: jira.get-issue
      with:
        issueKey: '{{issue_key}}'
      outputParameters:
      - name: summary
        type: string
        mapping: $.fields.summary
      - name: status
        type: string
        mapping: $.fields.status.name
      - name: assignee
        type: string
        mapping: $.fields.assignee.displayName
  consumes:
  - namespace: jira
    type: http
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: eng-ops
      path: /{{id}}
      operations:
      - name: get-issue
        method: GET

Audits MFA enrollment by querying Okta for unenrolled users, creating compliance tasks in ServiceNow, and notifying IT security via Teams.

naftiko: '0.5'
info:
  label: Okta MFA Enrollment Compliance Audit
  description: Audits MFA enrollment by querying Okta for unenrolled users, creating compliance tasks in ServiceNow, and notifying IT security via Teams.
  tags:
  - insurance
  - security
  - okta
  - mfa
  - servicenow
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: mfa-ops
    port: 8080
    tools:
    - name: audit-mfa-compliance
      description: Query Okta for users without MFA, create a compliance task in ServiceNow, and notify IT security in Teams.
      inputParameters:
      - name: department
        in: body
        type: string
        description: Department to audit.
      - name: security_lead_upn
        in: body
        type: string
        description: UPN of security lead.
      steps:
      - name: get-unenrolled
        type: call
        call: okta.list-unenrolled
        with:
          department: '{{department}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'MFA non-compliance: {{department}}'
          description: 'Unenrolled: {{get-unenrolled.count}}'
      - name: notify-lead
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{security_lead_upn}}'
          text: 'MFA audit: {{department}} — {{get-unenrolled.count}} unenrolled. Task: {{create-task.number}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://aig.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: users
      path: /users?filter=profile.department eq "{{department}}"
      inputParameters:
      - name: department
        in: query
      operations:
      - name: list-unenrolled
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_compliance_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Triggers SAP S/4HANA period close for the fiscal month, validates journal postings, and notifies the finance team in Teams.

naftiko: '0.5'
info:
  label: Monthly Financial Period Close
  description: Triggers SAP S/4HANA period close for the fiscal month, validates journal postings, and notifies the finance team in Teams.
  tags:
  - finance
  - erp
  - period-close
  - sap
  - accounting
capability:
  exposes:
  - type: mcp
    namespace: finance-close
    port: 8080
    tools:
    - name: trigger-period-close
      description: Given a fiscal period and company code, initiate the SAP period close sequence, validate journal completeness, and post completion status to the finance Teams channel. Use at month end to automate AIG's financial close workflow.
      inputParameters:
      - name: fiscal_period
        in: body
        type: string
        description: Fiscal period in YYYYPP format, e.g. '202603'.
      - name: company_code
        in: body
        type: string
        description: SAP company code, e.g. 'AIGI'.
      - name: finance_channel_id
        in: body
        type: string
        description: Finance Teams channel ID.
      steps:
      - name: close-period
        type: call
        call: sap-fi.close-period
        with:
          fiscal_period: '{{fiscal_period}}'
          company_code: '{{company_code}}'
      - name: validate-journals
        type: call
        call: sap-journals.check-completeness
        with:
          fiscal_period: '{{fiscal_period}}'
          company_code: '{{company_code}}'
      - name: notify-finance
        type: call
        call: msteams-finance.post-channel-message
        with:
          channel_id: '{{finance_channel_id}}'
          text: 'Period {{fiscal_period}} closed for {{company_code}}. Journal status: {{validate-journals.status}} | Open items: {{validate-journals.open_count}}'
  consumes:
  - type: http
    namespace: sap-fi
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/FAR_PERIOD_CLOSE_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: period-close
      path: /PeriodClose
      operations:
      - name: close-period
        method: POST
  - type: http
    namespace: sap-journals
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/FAR_JOURNAL_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: journal-validation
      path: /JournalEntryCompleteness
      inputParameters:
      - name: fiscal_period
        in: query
      - name: company_code
        in: query
      operations:
      - name: check-completeness
        method: GET
  - type: http
    namespace: msteams-finance
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Coordinates BC drills by pulling participant lists from Workday, creating tasks in ServiceNow, and distributing instructions via Teams.

naftiko: '0.5'
info:
  label: Business Continuity Drill Coordinator
  description: Coordinates BC drills by pulling participant lists from Workday, creating tasks in ServiceNow, and distributing instructions via Teams.
  tags:
  - insurance
  - operations
  - business-continuity
  - workday
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: bcp-ops
    port: 8080
    tools:
    - name: coordinate-bc-drill
      description: Given a drill scenario and date, pull department staff from Workday, create drill tasks in ServiceNow, and post instructions to Teams.
      inputParameters:
      - name: drill_scenario
        in: body
        type: string
        description: Drill scenario.
      - name: drill_date
        in: body
        type: string
        description: Drill date.
      - name: bcp_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: get-participants
        type: call
        call: workday.get-staff
        with:
          scenario: '{{drill_scenario}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'BC Drill: {{drill_scenario}} — {{drill_date}}'
          description: 'Participants: {{get-participants.count}}'
      - name: notify-channel
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{bcp_channel_id}}'
          text: 'BC Drill: {{drill_scenario}} on {{drill_date}}. Participants: {{get-participants.count}}. Task: {{create-task.number}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Human_Resources/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: staff
      path: /workers
      operations:
      - name: get-staff
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_bc_drill
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Validates period-end journal entries by pulling entries from SAP, cross-checking balances in Snowflake, and notifying the controller via Teams.

naftiko: '0.5'
info:
  label: SAP Period-End Journal Entry Validation
  description: Validates period-end journal entries by pulling entries from SAP, cross-checking balances in Snowflake, and notifying the controller via Teams.
  tags:
  - insurance
  - finance
  - accounting
  - sap
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: gl-ops
    port: 8080
    tools:
    - name: validate-journal-entries
      description: Given a company code and posting period, retrieve journal entries from SAP, validate against Snowflake, and notify the controller of discrepancies.
      inputParameters:
      - name: company_code
        in: body
        type: string
        description: SAP company code.
      - name: posting_period
        in: body
        type: string
        description: Posting period.
      - name: controller_upn
        in: body
        type: string
        description: UPN of controller.
      steps:
      - name: get-entries
        type: call
        call: sap-fi.get-journal-entries
        with:
          company_code: '{{company_code}}'
          period: '{{posting_period}}'
      - name: validate-balances
        type: call
        call: snowflake.check-recon
        with:
          company_code: '{{company_code}}'
          period: '{{posting_period}}'
      - name: notify-controller
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{controller_upn}}'
          text: 'Period-end validation: {{company_code}} — {{posting_period}}. Entries: {{get-entries.count}} | Status: {{validate-balances.status}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: entries
      path: /A_JournalEntry?$filter=CompanyCode eq '{{company_code}}'
      inputParameters:
      - name: company_code
        in: query
      operations:
      - name: get-journal-entries
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: check-recon
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Queries Dynatrace for the response time and failure rate of a specified application.

naftiko: '0.5'
info:
  label: Dynatrace Application Metrics Lookup
  description: Queries Dynatrace for the response time and failure rate of a specified application.
  tags:
  - insurance
  - it-operations
  - dynatrace
  - monitoring
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: apm-ops
    port: 8080
    tools:
    - name: get-app-metrics
      description: Given a Dynatrace entity ID, return the median response time and failure rate.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: Dynatrace application entity ID.
      call: dynatrace.get-metrics
      with:
        entityId: '{{entity_id}}'
      outputParameters:
      - name: response_time_ms
        type: number
        mapping: $.result[0].data[0].values.median
      - name: failure_rate
        type: number
        mapping: $.result[1].data[0].values.avg
  consumes:
  - namespace: dynatrace
    type: http
    baseUri: https://aig.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: apm-ops
      path: /{{id}}
      operations:
      - name: get-metrics
        method: GET

Looks up a ServiceNow incident by number and returns current state, priority, and assigned group.

naftiko: '0.5'
info:
  label: ServiceNow Incident Status Check
  description: Looks up a ServiceNow incident by number and returns current state, priority, and assigned group.
  tags:
  - insurance
  - it-operations
  - servicenow
  - incident-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: it-ops
    port: 8080
    tools:
    - name: get-incident-status
      description: Given a ServiceNow incident number, return the state, priority, and assignment group.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number.
      call: snow.get-incident
      with:
        number: '{{incident_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.result.state
      - name: priority
        type: string
        mapping: $.result.priority
      - name: assigned_to
        type: string
        mapping: $.result.assignment_group.display_value
  consumes:
  - namespace: snow
    type: http
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: it-ops
      path: /{{id}}
      operations:
      - name: get-incident
        method: GET

Tracks compliance training by pulling enrollment data from Workday Learning, checking ServiceNow escalation thresholds, and notifying managers via Teams.

naftiko: '0.5'
info:
  label: Compliance Training Completion Tracker
  description: Tracks compliance training by pulling enrollment data from Workday Learning, checking ServiceNow escalation thresholds, and notifying managers via Teams.
  tags:
  - insurance
  - compliance
  - training
  - workday
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance-training
    port: 8080
    tools:
    - name: track-training-completion
      description: Given a program ID and deadline, query Workday for incomplete enrollments, check escalation status in ServiceNow, and notify managers in Teams.
      inputParameters:
      - name: program_id
        in: body
        type: string
        description: Training program ID.
      - name: deadline
        in: body
        type: string
        description: Deadline date.
      steps:
      - name: get-enrollments
        type: call
        call: workday.get-training-status
        with:
          program_id: '{{program_id}}'
      - name: check-escalation
        type: call
        call: snow.check-escalation
        with:
          program_id: '{{program_id}}'
          deadline: '{{deadline}}'
      - name: notify-managers
        type: call
        call: msteams.send-notification
        with:
          subject: 'Training overdue: {{program_id}}'
          body: 'Deadline: {{deadline}}. Incomplete: {{get-enrollments.incomplete_count}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Learning/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: training
      path: /learning-enrollments?program={{program_id}}
      inputParameters:
      - name: program_id
        in: query
      operations:
      - name: get-training-status
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: escalation
      path: /table/u_training_compliance
      operations:
      - name: check-escalation
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves a policyholder record from Salesforce by policy number, returning contact details, coverage tier, and account status.

naftiko: '0.5'
info:
  label: Salesforce Policy Holder Lookup
  description: Retrieves a policyholder record from Salesforce by policy number, returning contact details, coverage tier, and account status.
  tags:
  - insurance
  - insurance
  - salesforce
  - customer-service
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: policy-ops
    port: 8080
    tools:
    - name: get-policyholder
      description: Given a policy number, return the policyholder contact name, email, phone, coverage tier, and account status from Salesforce.
      inputParameters:
      - name: policy_number
        in: body
        type: string
        description: Policy number.
      call: sf.get-account
      with:
        PolicyNumber__c: '{{policy_number}}'
      outputParameters:
      - name: contact_name
        type: string
        mapping: $.Name
      - name: email
        type: string
        mapping: $.PersonEmail
      - name: status
        type: string
        mapping: $.Status__c
  consumes:
  - namespace: sf
    type: http
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: policy-ops
      path: /{{id}}
      operations:
      - name: get-account
        method: GET

Triggers a Terraform Cloud workspace run to provision new insurance platform infrastructure and notifies the DevOps team in Teams.

naftiko: '0.5'
info:
  label: Terraform Cloud Insurance Platform Provisioning
  description: Triggers a Terraform Cloud workspace run to provision new insurance platform infrastructure and notifies the DevOps team in Teams.
  tags:
  - devops
  - terraform
  - cloud
  - infrastructure
  - insurance
capability:
  exposes:
  - type: mcp
    namespace: infra-ops
    port: 8080
    tools:
    - name: provision-platform-environment
      description: Given a Terraform Cloud workspace ID and environment label, trigger a plan-and-apply run to provision insurance platform infrastructure. Notify the DevOps Teams channel with run status. Use when standing up new environments for insurance system development or testing.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: Terraform Cloud workspace ID.
      - name: environment_label
        in: body
        type: string
        description: Human-readable label, e.g. 'claims-api-staging'.
      - name: devops_channel_id
        in: body
        type: string
        description: DevOps Teams channel ID.
      steps:
      - name: trigger-run
        type: call
        call: terraform.create-run
        with:
          workspace_id: '{{workspace_id}}'
          message: Provisioning {{environment_label}}
          auto_apply: 'true'
      - name: notify-devops
        type: call
        call: msteams-devops.post-channel-message
        with:
          channel_id: '{{devops_channel_id}}'
          text: 'Terraform run triggered for {{environment_label}} (workspace {{workspace_id}}). Run ID: {{trigger-run.data.id}}'
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: create-run
        method: POST
  - type: http
    namespace: msteams-devops
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Queries Datadog for the current health status of a specified service, returning uptime percentage and error rate.

naftiko: '0.5'
info:
  label: Datadog Service Health Check
  description: Queries Datadog for the current health status of a specified service, returning uptime percentage and error rate.
  tags:
  - insurance
  - it-operations
  - datadog
  - monitoring
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: get-service-health
      description: Given a Datadog service name, return the current uptime percentage, error rate, and active monitor count.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: Datadog service name.
      call: datadog.get-slo
      with:
        service: '{{service_name}}'
      outputParameters:
      - name: uptime_pct
        type: number
        mapping: $.data[0].overall.sli_value
      - name: error_rate
        type: number
        mapping: $.data[0].overall.error_budget_remaining
  consumes:
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: observability
      path: /{{id}}
      operations:
      - name: get-slo
        method: GET

When a regulatory breach or compliance incident is identified, creates a ServiceNow compliance incident, opens a Jira investigation task, and notifies the Chief Compliance Officer in Teams.

naftiko: '0.5'
info:
  label: Regulatory Compliance Incident Reporting
  description: When a regulatory breach or compliance incident is identified, creates a ServiceNow compliance incident, opens a Jira investigation task, and notifies the Chief Compliance Officer in Teams.
  tags:
  - compliance
  - regulatory
  - servicenow
  - jira
  - insurance
capability:
  exposes:
  - type: mcp
    namespace: compliance-ops
    port: 8080
    tools:
    - name: report-compliance-incident
      description: Given a compliance incident type, jurisdiction, and description, create a ServiceNow compliance record, open a Jira investigation task, and alert the compliance officer in Teams. Use when a regulatory breach or potential violation is identified.
      inputParameters:
      - name: incident_type
        in: body
        type: string
        description: Type of compliance incident, e.g. 'data-breach', 'regulatory-violation', 'sanctions-breach'.
      - name: jurisdiction
        in: body
        type: string
        description: Regulatory jurisdiction, e.g. 'US-NY', 'EU-GDPR', 'UK-FCA'.
      - name: description
        in: body
        type: string
        description: Full description of the compliance incident.
      - name: cco_upn
        in: body
        type: string
        description: Chief Compliance Officer Teams UPN.
      steps:
      - name: create-compliance-record
        type: call
        call: servicenow-compliance.create-incident
        with:
          short_description: 'Compliance incident: {{incident_type}} — {{jurisdiction}}'
          description: '{{description}}'
          category: compliance_breach
          priority: '1'
      - name: open-investigation
        type: call
        call: jira-compliance.create-issue
        with:
          project_key: COMP
          issuetype: Task
          summary: 'Compliance investigation: {{incident_type}} — {{jurisdiction}}'
          description: '{{description}} | ServiceNow: {{create-compliance-record.number}}'
          priority: Highest
      - name: alert-cco
        type: call
        call: msteams-compliance.send-message
        with:
          recipient_upn: '{{cco_upn}}'
          text: 'COMPLIANCE ALERT: {{incident_type}} in {{jurisdiction}} | INC: {{create-compliance-record.number}} | Jira: {{open-investigation.key}} | {{description}}'
  consumes:
  - type: http
    namespace: servicenow-compliance
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: jira-compliance
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams-compliance
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Tracks subrogation recovery by pulling data from Salesforce, updating SAP subledger, and notifying the recovery lead via Teams.

naftiko: '0.5'
info:
  label: Subrogation Recovery Tracking Workflow
  description: Tracks subrogation recovery by pulling data from Salesforce, updating SAP subledger, and notifying the recovery lead via Teams.
  tags:
  - insurance
  - subrogation
  - finance
  - salesforce
  - sap
capability:
  exposes:
  - type: mcp
    namespace: subrogation-ops
    port: 8080
    tools:
    - name: track-subrogation
      description: Given a claim number, pull recovery status from Salesforce, update SAP, and notify the lead.
      inputParameters:
      - name: claim_number
        in: body
        type: string
        description: Claim number.
      - name: recovery_lead_upn
        in: body
        type: string
        description: Recovery lead UPN.
      steps:
      - name: get-recovery
        type: call
        call: sf.get-subrogation
        with:
          claim_number: '{{claim_number}}'
      - name: update-ledger
        type: call
        call: sap-fi.post-recovery
        with:
          claim_number: '{{claim_number}}'
          amount: '{{get-recovery.recovered_amount}}'
      - name: notify-lead
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{recovery_lead_upn}}'
          text: 'Subrogation: {{claim_number}} — Recovered: ${{get-recovery.recovered_amount}}. SAP: {{update-ledger.document_number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: subrogation
      path: /sobjects/Subrogation__c/ClaimNumber__c/{{claim_number}}
      operations:
      - name: get-subrogation
        method: GET
  - type: http
    namespace: sap-fi
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: recoveries
      path: /A_JournalEntry
      operations:
      - name: post-recovery
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Enriches Salesforce account health scores by pulling data from Snowflake, checking billing in SAP, and updating the Salesforce record.

naftiko: '0.5'
info:
  label: Salesforce Account Health Enrichment
  description: Enriches Salesforce account health scores by pulling data from Snowflake, checking billing in SAP, and updating the Salesforce record.
  tags:
  - insurance
  - crm
  - salesforce
  - snowflake
  - sap
capability:
  exposes:
  - type: mcp
    namespace: account-ops
    port: 8080
    tools:
    - name: enrich-account-health
      description: Given a Salesforce account ID, pull performance data from Snowflake, check billing in SAP, and update the health score in Salesforce.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Salesforce account ID.
      - name: account_manager_upn
        in: body
        type: string
        description: UPN of account manager.
      steps:
      - name: get-data
        type: call
        call: snowflake.query-account-data
        with:
          account_id: '{{account_id}}'
      - name: get-billing
        type: call
        call: sap-fi.get-ar-aging
        with:
          account_id: '{{account_id}}'
      - name: update-sf
        type: call
        call: sf.update-health-score
        with:
          account_id: '{{account_id}}'
          score: '{{get-data.health_score}}'
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{account_manager_upn}}'
          text: 'Account health updated: {{account_id}}. Score: {{get-data.health_score}} | AR: {{get-billing.days_outstanding}} days'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-account-data
        method: POST
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: ar
      path: /A_JournalEntry?$filter=AccountID eq '{{account_id}}'
      inputParameters:
      - name: account_id
        in: query
      operations:
      - name: get-ar-aging
        method: GET
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-health-score
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

When AWS Cost Anomaly Detection raises an alert, creates a Datadog event, opens a Jira FinOps ticket, and posts to the cloud-finops Teams channel.

naftiko: '0.5'
info:
  label: Cloud Cost Anomaly Response
  description: When AWS Cost Anomaly Detection raises an alert, creates a Datadog event, opens a Jira FinOps ticket, and posts to the cloud-finops Teams channel.
  tags:
  - finops
  - cloud
  - aws
  - datadog
  - jira
capability:
  exposes:
  - type: mcp
    namespace: cloud-finops
    port: 8080
    tools:
    - name: handle-cost-anomaly
      description: Given an AWS cost anomaly ID, service name, and estimated overage, create a Datadog warning event, open a Jira cloud FinOps task, and post to the finops Teams channel. Use when AWS Cost Anomaly Detection triggers above threshold.
      inputParameters:
      - name: anomaly_id
        in: body
        type: string
        description: AWS Cost Anomaly Detection anomaly ID.
      - name: service_name
        in: body
        type: string
        description: AWS service generating the anomaly.
      - name: estimated_overage_usd
        in: body
        type: number
        description: Estimated cost overage in USD.
      - name: finops_channel_id
        in: body
        type: string
        description: FinOps Teams channel ID.
      steps:
      - name: create-dd-event
        type: call
        call: datadog.create-event
        with:
          title: 'AWS Cost Anomaly: {{service_name}}'
          text: Anomaly {{anomaly_id}} — overage ${{estimated_overage_usd}}
          alert_type: warning
      - name: open-jira
        type: call
        call: jira-finops.create-issue
        with:
          project_key: FINOPS
          issuetype: Task
          summary: 'Cost anomaly: {{service_name}} +${{estimated_overage_usd}}'
          description: 'Anomaly {{anomaly_id}}. Datadog: {{create-dd-event.id}}'
      - name: alert-finops
        type: call
        call: msteams-finops.post-channel-message
        with:
          channel_id: '{{finops_channel_id}}'
          text: 'AWS Cost Anomaly on {{service_name}}: +${{estimated_overage_usd}} | Jira: {{open-jira.key}} | Datadog: {{create-dd-event.url}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: jira-finops
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams-finops
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Processes a new business submission by creating a Salesforce opportunity, generating an underwriting task in ServiceNow, and notifying the underwriter via Teams.

naftiko: '0.5'
info:
  label: New Business Submission Processing
  description: Processes a new business submission by creating a Salesforce opportunity, generating an underwriting task in ServiceNow, and notifying the underwriter via Teams.
  tags:
  - insurance
  - underwriting
  - salesforce
  - servicenow
  - new-business
capability:
  exposes:
  - type: mcp
    namespace: submission-ops
    port: 8080
    tools:
    - name: process-submission
      description: Given submission details, create a Salesforce opportunity, open an underwriting task in ServiceNow, and notify the underwriter.
      inputParameters:
      - name: broker_name
        in: body
        type: string
        description: Broker name.
      - name: coverage_type
        in: body
        type: string
        description: Coverage type.
      - name: estimated_premium
        in: body
        type: number
        description: Estimated premium.
      - name: underwriter_upn
        in: body
        type: string
        description: UPN of underwriter.
      steps:
      - name: create-opp
        type: call
        call: sf.create-opportunity
        with:
          Name: New — {{broker_name}} — {{coverage_type}}
          Amount: '{{estimated_premium}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'UW Review: {{broker_name}} — {{coverage_type}}'
          description: 'Premium: {{estimated_premium}} | SF: {{create-opp.id}}'
      - name: notify-uw
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{underwriter_upn}}'
          text: 'New submission: {{broker_name}} — {{coverage_type}}. SF: {{create-opp.id}} | SNOW: {{create-task.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity
      operations:
      - name: create-opportunity
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_underwriting_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Collects premium audit data by pulling policy details from Salesforce, payroll data from Workday, and creating an audit task in ServiceNow.

naftiko: '0.5'
info:
  label: Premium Audit Data Collection Workflow
  description: Collects premium audit data by pulling policy details from Salesforce, payroll data from Workday, and creating an audit task in ServiceNow.
  tags:
  - insurance
  - audit
  - salesforce
  - workday
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: audit-ops
    port: 8080
    tools:
    - name: collect-audit-data
      description: Given a policy number and audit period, retrieve details from Salesforce, pull payroll from Workday, and create an audit task.
      inputParameters:
      - name: policy_number
        in: body
        type: string
        description: Policy number.
      - name: audit_period
        in: body
        type: string
        description: Audit period.
      steps:
      - name: get-policy
        type: call
        call: sf.get-policy
        with:
          policy_number: '{{policy_number}}'
      - name: get-payroll
        type: call
        call: workday.get-payroll
        with:
          company: '{{get-policy.CompanyName}}'
          period: '{{audit_period}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'Audit: {{policy_number}} — {{audit_period}}'
          description: 'Company: {{get-policy.CompanyName}} | Payroll: {{get-payroll.total}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: policies
      path: /sobjects/InsurancePolicy__c/PolicyNumber__c/{{policy_number}}
      inputParameters:
      - name: policy_number
        in: path
      operations:
      - name: get-policy
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Payroll/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: payroll
      path: /payroll-summaries
      operations:
      - name: get-payroll
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_premium_audit
      operations:
      - name: create-task
        method: POST

Queries Snowflake account query history for a specified warehouse, returning recent query count and average execution time.

naftiko: '0.5'
info:
  label: Snowflake Query History Check
  description: Queries Snowflake account query history for a specified warehouse, returning recent query count and average execution time.
  tags:
  - data-engineering
  - snowflake
  - performance
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: data-perf
    port: 8080
    tools:
    - name: get-query-history
      description: Given a Snowflake warehouse name, return the recent query count and average execution time in seconds.
      inputParameters:
      - name: warehouse_name
        in: body
        type: string
        description: Snowflake warehouse name.
      call: snowflake.query-history
      with:
        warehouse: '{{warehouse_name}}'
      outputParameters:
      - name: query_count
        type: integer
        mapping: $.data[0].QUERY_COUNT
      - name: avg_exec_time
        type: number
        mapping: $.data[0].AVG_EXEC_TIME
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-history
        method: POST

When a Snowflake pipeline fails, creates a Jira incident, pages the on-call engineer via PagerDuty, and notifies the pipeline owner in Teams.

naftiko: '0.5'
info:
  label: Snowflake Data Pipeline Failure Response
  description: When a Snowflake pipeline fails, creates a Jira incident, pages the on-call engineer via PagerDuty, and notifies the pipeline owner in Teams.
  tags:
  - insurance
  - data-engineering
  - snowflake
  - jira
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: data-reliability
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a Snowflake task name and error, create a Jira incident, trigger a PagerDuty alert, and notify the owner in Teams.
      inputParameters:
      - name: task_name
        in: body
        type: string
        description: Snowflake task name.
      - name: error_message
        in: body
        type: string
        description: Error message.
      - name: pipeline_owner
        in: body
        type: string
        description: Pipeline owner email.
      steps:
      - name: create-incident
        type: call
        call: jira.create-issue
        with:
          project: DATA
          summary: 'Pipeline failure: {{task_name}}'
          description: 'Error: {{error_message}}'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: data-engineering
          title: 'Pipeline failure: {{task_name}}'
      - name: notify-owner
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{pipeline_owner}}'
          text: 'Pipeline failure: {{task_name}}. Jira: {{create-incident.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Queries Snowflake to return the row count and last update timestamp for a specified data table.

naftiko: '0.5'
info:
  label: Snowflake Table Row Count Check
  description: Queries Snowflake to return the row count and last update timestamp for a specified data table.
  tags:
  - insurance
  - data-engineering
  - snowflake
  - analytics
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: get-table-stats
      description: Given a Snowflake table name, return the row count and last DML timestamp.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: Fully qualified Snowflake table name.
      call: snowflake.query-stats
      with:
        table: '{{table_name}}'
      outputParameters:
      - name: row_count
        type: integer
        mapping: $.data[0].ROW_COUNT
      - name: last_altered
        type: string
        mapping: $.data[0].LAST_ALTERED
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: data-ops
      path: /{{id}}
      operations:
      - name: query-stats
        method: GET

Generates a performance calibration report by pulling ratings from Workday, aggregating in Snowflake, and distributing to HR leadership via Teams.

naftiko: '0.5'
info:
  label: Workday Performance Calibration Report
  description: Generates a performance calibration report by pulling ratings from Workday, aggregating in Snowflake, and distributing to HR leadership via Teams.
  tags:
  - insurance
  - hr
  - performance-management
  - workday
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: perf-ops
    port: 8080
    tools:
    - name: generate-calibration-report
      description: Given a review cycle and business unit, pull ratings from Workday, aggregate in Snowflake, and post to HR leadership channel.
      inputParameters:
      - name: review_cycle
        in: body
        type: string
        description: Review cycle ID.
      - name: business_unit
        in: body
        type: string
        description: Business unit.
      - name: hr_channel_id
        in: body
        type: string
        description: HR Teams channel ID.
      steps:
      - name: get-ratings
        type: call
        call: workday.get-performance-data
        with:
          cycle: '{{review_cycle}}'
          bu: '{{business_unit}}'
      - name: aggregate
        type: call
        call: snowflake.aggregate-ratings
        with:
          cycle: '{{review_cycle}}'
          bu: '{{business_unit}}'
      - name: post-report
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{hr_channel_id}}'
          text: 'Calibration: {{business_unit}} — {{review_cycle}}. Exceeds: {{aggregate.exceeds_pct}}% | Meets: {{aggregate.meets_pct}}%'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Performance_Management/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: reviews
      path: /performance-reviews
      operations:
      - name: get-performance-data
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: aggregate-ratings
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Processes bordereaux by loading data into Snowflake, reconciling against Salesforce, and sending variance reports.

naftiko: '0.5'
info:
  label: Insurance Bordereaux Processing Workflow
  description: Processes bordereaux by loading data into Snowflake, reconciling against Salesforce, and sending variance reports.
  tags:
  - insurance
  - delegated-authority
  - snowflake
  - salesforce
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: da-ops
    port: 8080
    tools:
    - name: process-bordereaux
      description: Given a bordereaux file reference and period, load into Snowflake, reconcile with Salesforce, and send a report.
      inputParameters:
      - name: file_reference
        in: body
        type: string
        description: File reference ID.
      - name: period
        in: body
        type: string
        description: Reporting period.
      - name: da_manager_email
        in: body
        type: string
        description: DA manager email.
      steps:
      - name: load-data
        type: call
        call: snowflake.load-bordereaux
        with:
          file_ref: '{{file_reference}}'
          period: '{{period}}'
      - name: reconcile
        type: call
        call: sf.query-policies
        with:
          period: '{{period}}'
      - name: send-report
        type: call
        call: msgraph.send-mail
        with:
          to: '{{da_manager_email}}'
          subject: 'Bordereaux: {{period}} — {{file_reference}}'
          body: 'Loaded: {{load-data.row_count}} | Matches: {{reconcile.match_count}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: load-bordereaux
        method: POST
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: policies
      path: /query/?q=SELECT+Id+FROM+InsurancePolicy__c+WHERE+Period__c='{{period}}'
      operations:
      - name: query-policies
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@aig.com/sendMail
      operations:
      - name: send-mail
        method: POST

When a CAT event is declared, queries Salesforce for impacted policies, provisions ServiceNow claim queues, and notifies the CAT response team via Teams.

naftiko: '0.5'
info:
  label: Catastrophe Event Claims Surge Coordinator
  description: When a CAT event is declared, queries Salesforce for impacted policies, provisions ServiceNow claim queues, and notifies the CAT response team via Teams.
  tags:
  - insurance
  - catastrophe
  - claims
  - salesforce
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: cat-ops
    port: 8080
    tools:
    - name: handle-cat-event
      description: Given a CAT event code and affected ZIP codes, query Salesforce for impacted policies, create a surge queue in ServiceNow, and broadcast to the CAT team.
      inputParameters:
      - name: cat_event_code
        in: body
        type: string
        description: CAT event code.
      - name: affected_zips
        in: body
        type: string
        description: Affected ZIP codes.
      - name: cat_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: query-policies
        type: call
        call: sf.query-by-geo
        with:
          zip_codes: '{{affected_zips}}'
      - name: create-queue
        type: call
        call: snow.create-queue
        with:
          short_description: 'CAT surge: {{cat_event_code}}'
          description: 'Policies: {{query-policies.totalSize}} | ZIPs: {{affected_zips}}'
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{cat_channel_id}}'
          text: 'CAT {{cat_event_code}}: {{query-policies.totalSize}} policies. Queue: {{create-queue.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: policies
      path: /query/?q=SELECT+Id+FROM+InsurancePolicy__c+WHERE+Zip__c+IN+({{zip_codes}})
      inputParameters:
      - name: zip_codes
        in: query
      operations:
      - name: query-by-geo
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: queues
      path: /table/u_claims_queue
      operations:
      - name: create-queue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Pulls the insurance sales pipeline from Salesforce, refreshes the Power BI executive pipeline dashboard, and emails a weekly summary to sales leadership.

naftiko: '0.5'
info:
  label: Sales Pipeline Executive Digest
  description: Pulls the insurance sales pipeline from Salesforce, refreshes the Power BI executive pipeline dashboard, and emails a weekly summary to sales leadership.
  tags:
  - sales
  - crm
  - salesforce
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: sales-exec-reporting
    port: 8080
    tools:
    - name: publish-pipeline-digest
      description: Given a Salesforce opportunity filter and Power BI dataset ID, query open insurance opportunities, trigger a Power BI refresh, and email the pipeline digest to sales leadership. Use weekly for sales forecast reviews.
      inputParameters:
      - name: product_line
        in: body
        type: string
        description: Insurance product line filter, e.g. 'Property Casualty' or 'Life'.
      - name: pbi_dataset_id
        in: body
        type: string
        description: Power BI dataset ID for the pipeline dashboard.
      - name: leadership_email
        in: body
        type: string
        description: Sales leadership email distribution list.
      steps:
      - name: get-pipeline
        type: call
        call: salesforce-pipeline.query-opportunities
        with:
          product_line: '{{product_line}}'
      - name: refresh-pbi
        type: call
        call: powerbi-pipeline.trigger-refresh
        with:
          dataset_id: '{{pbi_dataset_id}}'
      - name: send-digest
        type: call
        call: msgraph-sales.send-email
        with:
          to: '{{leadership_email}}'
          subject: '{{product_line}} Pipeline Digest — {{get-pipeline.record_count}} opportunities | ${{get-pipeline.total_premium}}'
          body: 'Open pipeline for {{product_line}}: {{get-pipeline.record_count}} opportunities totaling ${{get-pipeline.total_premium}} gross written premium. Power BI refreshed.'
  consumes:
  - type: http
    namespace: salesforce-pipeline
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /query
      inputParameters:
      - name: product_line
        in: query
      operations:
      - name: query-opportunities
        method: GET
  - type: http
    namespace: powerbi-pipeline
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph-sales
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /users/{{sender}}/sendMail
      operations:
      - name: send-email
        method: POST

Queries Azure Cost Management for the current month spend of a specified resource group.

naftiko: '0.5'
info:
  label: Azure Resource Group Cost Check
  description: Queries Azure Cost Management for the current month spend of a specified resource group.
  tags:
  - insurance
  - cloud
  - azure
  - finops
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: cloud-finops
    port: 8080
    tools:
    - name: get-rg-cost
      description: Given an Azure resource group name, return the current month total cost and forecast.
      inputParameters:
      - name: resource_group
        in: body
        type: string
        description: Azure resource group name.
      call: azure-cost.get-cost
      with:
        resourceGroup: '{{resource_group}}'
      outputParameters:
      - name: total_cost
        type: number
        mapping: $.properties.rows[0][0]
      - name: forecast
        type: number
        mapping: $.properties.rows[0][1]
  consumes:
  - namespace: azure-cost
    type: http
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: cloud-finops
      path: /{{id}}
      operations:
      - name: get-cost
        method: GET

Generates a talent brand performance report by pulling LinkedIn analytics, comparing with Workday hiring data, and posting to Teams.

naftiko: '0.5'
info:
  label: LinkedIn Talent Brand Performance Report
  description: Generates a talent brand performance report by pulling LinkedIn analytics, comparing with Workday hiring data, and posting to Teams.
  tags:
  - insurance
  - hr
  - talent-acquisition
  - linkedin
  - workday
capability:
  exposes:
  - type: mcp
    namespace: ta-ops
    port: 8080
    tools:
    - name: generate-talent-report
      description: Given a reporting week, pull LinkedIn employer brand metrics, compare against Workday requisitions, and post a digest to Teams.
      inputParameters:
      - name: week
        in: body
        type: string
        description: Reporting week.
      - name: region
        in: body
        type: string
        description: Region.
      - name: ta_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: get-metrics
        type: call
        call: linkedin.get-brand-metrics
        with:
          week: '{{week}}'
          region: '{{region}}'
      - name: get-reqs
        type: call
        call: workday.get-open-reqs
        with:
          region: '{{region}}'
      - name: post-digest
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{ta_channel_id}}'
          text: 'Talent Brand: {{week}} ({{region}}). Impressions: {{get-metrics.impressions}} | Open reqs: {{get-reqs.count}}'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: analytics
      path: /organizationalEntityShareStatistics
      operations:
      - name: get-brand-metrics
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Recruiting/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: requisitions
      path: /job-requisitions
      operations:
      - name: get-open-reqs
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Compiles an executive KPI digest by pulling metrics from Snowflake, refreshing Power BI, and emailing the C-suite.

naftiko: '0.5'
info:
  label: Executive KPI Dashboard Digest
  description: Compiles an executive KPI digest by pulling metrics from Snowflake, refreshing Power BI, and emailing the C-suite.
  tags:
  - insurance
  - reporting
  - analytics
  - snowflake
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: exec-reporting
    port: 8080
    tools:
    - name: generate-kpi-digest
      description: Given a reporting period, pull KPIs from Snowflake, refresh the Power BI executive dashboard, and email the digest.
      inputParameters:
      - name: period
        in: body
        type: string
        description: Reporting period.
      - name: exec_dl
        in: body
        type: string
        description: Executive DL email.
      steps:
      - name: get-kpis
        type: call
        call: snowflake.query-kpis
        with:
          period: '{{period}}'
      - name: refresh-pbi
        type: call
        call: powerbi.trigger-refresh
        with:
          datasetId: executive-dashboard
      - name: send-digest
        type: call
        call: msgraph.send-mail
        with:
          to: '{{exec_dl}}'
          subject: Executive KPI Digest — {{period}}
          body: Key metrics refreshed. Dashboard updated.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-kpis
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{datasetId}}/refreshes
      inputParameters:
      - name: datasetId
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@aig.com/sendMail
      operations:
      - name: send-mail
        method: POST

Monitors regulatory filing deadlines by querying Snowflake, checking preparation status in ServiceNow, and alerting the compliance team in Teams.

naftiko: '0.5'
info:
  label: Regulatory Filing Deadline Monitor
  description: Monitors regulatory filing deadlines by querying Snowflake, checking preparation status in ServiceNow, and alerting the compliance team in Teams.
  tags:
  - insurance
  - compliance
  - regulatory
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: regulatory-ops
    port: 8080
    tools:
    - name: track-filing-deadlines
      description: Given a jurisdiction and filing type, check the filing calendar in Snowflake, verify status in ServiceNow, and alert the compliance channel in Teams.
      inputParameters:
      - name: jurisdiction
        in: body
        type: string
        description: Jurisdiction.
      - name: filing_type
        in: body
        type: string
        description: Filing type.
      - name: compliance_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: get-deadlines
        type: call
        call: snowflake.query-filings
        with:
          jurisdiction: '{{jurisdiction}}'
      - name: check-status
        type: call
        call: snow.get-filing-status
        with:
          jurisdiction: '{{jurisdiction}}'
      - name: alert-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{compliance_channel_id}}'
          text: 'Filing deadline: {{filing_type}} for {{jurisdiction}} — Due: {{get-deadlines.next_deadline}} | Status: {{check-status.status}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-filings
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: filings
      path: /table/u_regulatory_filing?sysparm_query=jurisdiction={{jurisdiction}}
      inputParameters:
      - name: jurisdiction
        in: query
      operations:
      - name: get-filing-status
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Checks Microsoft 365 license utilization for the organization, returning assigned and consumed license counts.

naftiko: '0.5'
info:
  label: Microsoft 365 License Utilization Check
  description: Checks Microsoft 365 license utilization for the organization, returning assigned and consumed license counts.
  tags:
  - it-operations
  - microsoft-365
  - license-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: license-ops
    port: 8080
    tools:
    - name: get-license-usage
      description: Return the total assigned and consumed Microsoft 365 license counts for the organization.
      inputParameters:
      - name: sku_part_number
        in: body
        type: string
        description: Microsoft 365 SKU part number.
      call: msgraph.get-subscribed-skus
      with:
        sku: '{{sku_part_number}}'
      outputParameters:
      - name: assigned
        type: integer
        mapping: $.consumedUnits
      - name: total
        type: integer
        mapping: $.prepaidUnits.enabled
  consumes:
  - namespace: msgraph
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: subscribed-skus
      path: /subscribedSkus
      operations:
      - name: get-subscribed-skus
        method: GET

When a critical vulnerability is discovered, creates a Jira remediation ticket, updates the CMDB in ServiceNow, and alerts the security team via Teams.

naftiko: '0.5'
info:
  label: IT Security Vulnerability Remediation Workflow
  description: When a critical vulnerability is discovered, creates a Jira remediation ticket, updates the CMDB in ServiceNow, and alerts the security team via Teams.
  tags:
  - insurance
  - security
  - vulnerability-management
  - jira
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: secops
    port: 8080
    tools:
    - name: remediate-vulnerability
      description: Given a CVE ID, severity, and affected system, create a Jira ticket, update the ServiceNow CMDB, and notify SecOps in Teams.
      inputParameters:
      - name: cve_id
        in: body
        type: string
        description: CVE identifier.
      - name: severity
        in: body
        type: string
        description: Severity level.
      - name: affected_system
        in: body
        type: string
        description: Affected system name.
      - name: secops_upn
        in: body
        type: string
        description: UPN of SecOps lead.
      steps:
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: SECOPS
          summary: Remediate {{cve_id}} — {{affected_system}}
          description: 'Severity: {{severity}} | System: {{affected_system}}'
      - name: update-cmdb
        type: call
        call: snow.update-ci
        with:
          ci_name: '{{affected_system}}'
          vulnerability: '{{cve_id}} — {{severity}}'
      - name: notify-secops
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{secops_upn}}'
          text: 'Vulnerability: {{cve_id}} ({{severity}}) on {{affected_system}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cmdb
      path: /table/cmdb_ci?sysparm_query=name={{ci_name}}
      inputParameters:
      - name: ci_name
        in: query
      operations:
      - name: update-ci
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the current state of a Terraform Cloud workspace, returning last run status and resource count.

naftiko: '0.5'
info:
  label: Terraform Workspace State Check
  description: Retrieves the current state of a Terraform Cloud workspace, returning last run status and resource count.
  tags:
  - insurance
  - devops
  - terraform
  - infrastructure
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: infra-ops
    port: 8080
    tools:
    - name: get-workspace-state
      description: Given a Terraform Cloud workspace name, return the last run status and managed resource count.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: Terraform Cloud workspace name.
      call: tfc.get-workspace
      with:
        workspace: '{{workspace_name}}'
      outputParameters:
      - name: last_run_status
        type: string
        mapping: $.data.attributes.latest-run.status
      - name: resource_count
        type: integer
        mapping: $.data.attributes.resource-count
  consumes:
  - namespace: tfc
    type: http
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: infra-ops
      path: /{{id}}
      operations:
      - name: get-workspace
        method: GET

Retrieves the latest build run for an Azure DevOps pipeline, returning status and result.

naftiko: '0.5'
info:
  label: Azure DevOps Build Status Lookup
  description: Retrieves the latest build run for an Azure DevOps pipeline, returning status and result.
  tags:
  - insurance
  - devops
  - azure-devops
  - cicd
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: cicd-ops
    port: 8080
    tools:
    - name: get-build-status
      description: Given an Azure DevOps project and pipeline ID, return the latest build status and result.
      inputParameters:
      - name: project
        in: body
        type: string
        description: Azure DevOps project name.
      - name: pipeline_id
        in: body
        type: string
        description: Pipeline ID.
      call: azdo.get-run
      with:
        project: '{{project}}'
        pipelineId: '{{pipeline_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.value[0].state
      - name: result
        type: string
        mapping: $.value[0].result
  consumes:
  - namespace: azdo
    type: http
    baseUri: https://dev.azure.com/aig
    authentication:
      type: bearer
      token: $secrets.azdo_token
    resources:
    - name: cicd-ops
      path: /{{id}}
      operations:
      - name: get-run
        method: GET

Retrieves the current status of an SAP Ariba sourcing event, returning phase, participant count, and close date.

naftiko: '0.5'
info:
  label: SAP Ariba Sourcing Event Status
  description: Retrieves the current status of an SAP Ariba sourcing event, returning phase, participant count, and close date.
  tags:
  - procurement
  - sap-ariba
  - sourcing
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: sourcing-ops
    port: 8080
    tools:
    - name: get-sourcing-status
      description: Given an Ariba sourcing event ID, return the event phase, participant count, and scheduled close date.
      inputParameters:
      - name: event_id
        in: body
        type: string
        description: SAP Ariba sourcing event ID.
      call: ariba.get-event
      with:
        eventId: '{{event_id}}'
      outputParameters:
      - name: phase
        type: string
        mapping: $.Phase
      - name: participants
        type: integer
        mapping: $.ParticipantCount
      - name: close_date
        type: string
        mapping: $.CloseDate
  consumes:
  - namespace: ariba
    type: http
    baseUri: https://openapi.ariba.com/api/sourcing/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: events
      path: /events/{{eventId}}
      operations:
      - name: get-event
        method: GET

When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions their Okta account, and sends a Microsoft Teams welcome message.

naftiko: '0.5'
info:
  label: New Hire Onboarding Orchestration
  description: When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions their Okta account, and sends a Microsoft Teams welcome message.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - okta
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-employee-onboarding
      description: Given a Workday employee ID and start date, create a ServiceNow onboarding task, provision Okta access, and send a Teams welcome message. Use when HR confirms a new hire in Workday.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID for the new hire.
      - name: start_date
        in: body
        type: string
        description: Employee start date in YYYY-MM-DD format.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: create-onboarding-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Onboarding: {{get-employee.first_name}} {{get-employee.last_name}}'
          category: hr_onboarding
          assigned_group: IT_Onboarding
      - name: provision-okta
        type: call
        call: okta.create-user
        with:
          firstName: '{{get-employee.first_name}}'
          lastName: '{{get-employee.last_name}}'
          email: '{{get-employee.work_email}}'
          login: '{{get-employee.work_email}}'
      - name: send-welcome
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.work_email}}'
          text: 'Welcome to AIG, {{get-employee.first_name}}! Your onboarding ticket is {{create-onboarding-ticket.number}}. Start date: {{start_date}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: okta
    baseUri: https://aig.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_token
      placement: header
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Detects Terraform state drift, creates a Jira remediation ticket, and alerts the platform team in Teams.

naftiko: '0.5'
info:
  label: Terraform Drift Detection and Remediation
  description: Detects Terraform state drift, creates a Jira remediation ticket, and alerts the platform team in Teams.
  tags:
  - insurance
  - devops
  - terraform
  - jira
  - infrastructure
capability:
  exposes:
  - type: mcp
    namespace: platform-drift
    port: 8080
    tools:
    - name: handle-terraform-drift
      description: Given a Terraform workspace, check for drift, create a Jira ticket if detected, and notify platform engineering in Teams.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: Terraform workspace name.
      - name: platform_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: check-drift
        type: call
        call: tfc.run-plan
        with:
          workspace: '{{workspace_name}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: PLATFORM
          summary: 'Drift detected: {{workspace_name}}'
          description: 'Changes: {{check-drift.resource_changes}}'
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{platform_channel_id}}'
          text: 'Terraform drift: {{workspace_name}} — {{check-drift.resource_changes}} changes. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: tfc
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /workspaces/{{workspace}}/runs
      inputParameters:
      - name: workspace
        in: path
      operations:
      - name: run-plan
        method: POST
  - type: http
    namespace: jira
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Retrieves an employee profile from Workday by employee ID, returning name, department, title, and manager.

naftiko: '0.5'
info:
  label: Workday Employee Profile Lookup
  description: Retrieves an employee profile from Workday by employee ID, returning name, department, title, and manager.
  tags:
  - insurance
  - hr
  - workday
  - employee-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: hr-ops
    port: 8080
    tools:
    - name: get-employee-profile
      description: Given a Workday employee ID, return the employee full name, department, job title, and manager name.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-worker
      with:
        Worker_ID: '{{employee_id}}'
      outputParameters:
      - name: full_name
        type: string
        mapping: $.Worker.Worker_Data.Personal_Data.Name_Data.Legal_Name
      - name: department
        type: string
        mapping: $.Worker.Worker_Data.Organization_Data.Organization_Name
      - name: title
        type: string
        mapping: $.Worker.Worker_Data.Job_Data.Position_Data.Business_Title
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Human_Resources/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: hr-ops
      path: /{{id}}
      operations:
      - name: get-worker
        method: GET

Converts a Salesforce lead to a quote by enriching the lead, creating a quote request in ServiceNow, and notifying the producer via Teams.

naftiko: '0.5'
info:
  label: Salesforce Lead-to-Quote Conversion
  description: Converts a Salesforce lead to a quote by enriching the lead, creating a quote request in ServiceNow, and notifying the producer via Teams.
  tags:
  - insurance
  - sales
  - salesforce
  - servicenow
  - crm
capability:
  exposes:
  - type: mcp
    namespace: sales-ops
    port: 8080
    tools:
    - name: convert-lead-to-quote
      description: Given a Salesforce lead ID, enrich the lead, create a ServiceNow quote request, and notify the producer.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: Salesforce lead ID.
      - name: producer_upn
        in: body
        type: string
        description: Producer UPN.
      steps:
      - name: get-lead
        type: call
        call: sf.get-lead
        with:
          lead_id: '{{lead_id}}'
      - name: create-quote
        type: call
        call: snow.create-quote
        with:
          short_description: 'Quote: {{get-lead.Company}}'
          description: 'Industry: {{get-lead.Industry}} | Revenue: {{get-lead.AnnualRevenue}}'
      - name: notify-producer
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{producer_upn}}'
          text: 'Lead converted: {{get-lead.Company}}. Quote: {{create-quote.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{{lead_id}}
      operations:
      - name: get-lead
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: quotes
      path: /table/u_quote_request
      operations:
      - name: create-quote
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Retrieves the current balance for a specified SAP general ledger account and company code.

naftiko: '0.5'
info:
  label: SAP General Ledger Balance Check
  description: Retrieves the current balance for a specified SAP general ledger account and company code.
  tags:
  - insurance
  - finance
  - sap
  - accounting
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: gl-ops
    port: 8080
    tools:
    - name: get-gl-balance
      description: Given an SAP company code and GL account, return the current balance and currency.
      inputParameters:
      - name: company_code
        in: body
        type: string
        description: SAP company code.
      - name: gl_account
        in: body
        type: string
        description: GL account number.
      call: sap-fi.get-balance
      with:
        CompanyCode: '{{company_code}}'
        GLAccount: '{{gl_account}}'
      outputParameters:
      - name: balance
        type: number
        mapping: $.d.EndingBalanceAmtInCoCodeCrcy
      - name: currency
        type: string
        mapping: $.d.CompanyCodeCurrency
  consumes:
  - namespace: sap-fi
    type: http
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: gl-ops
      path: /{{id}}
      operations:
      - name: get-balance
        method: GET

Generates a quarterly loss ratio report by querying Snowflake, refreshing Power BI, and distributing via Teams.

naftiko: '0.5'
info:
  label: Quarterly Loss Ratio Report Workflow
  description: Generates a quarterly loss ratio report by querying Snowflake, refreshing Power BI, and distributing via Teams.
  tags:
  - insurance
  - actuarial
  - analytics
  - snowflake
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: actuarial-ops
    port: 8080
    tools:
    - name: generate-loss-ratio
      description: Given a quarter and LOB, query Snowflake, trigger Power BI refresh, and send to actuarial channel.
      inputParameters:
      - name: quarter
        in: body
        type: string
        description: Quarter.
      - name: lob
        in: body
        type: string
        description: Line of business.
      - name: channel_id
        in: body
        type: string
        description: Teams channel.
      steps:
      - name: query-data
        type: call
        call: snowflake.run-query
        with:
          query: SELECT SUM(claim_amount) as losses FROM claims_fact WHERE quarter='{{quarter}}' AND lob='{{lob}}'
      - name: refresh-pbi
        type: call
        call: powerbi.trigger-refresh
        with:
          datasetId: loss-ratio-{{lob}}
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{channel_id}}'
          text: '{{quarter}} Loss Ratio for {{lob}} ready. Losses: {{query-data.losses}}. Dashboard refreshed.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{datasetId}}/refreshes
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      operations:
      - name: post-channel
        method: POST

Reconciles broker commissions by pulling payment data from SAP, comparing against Salesforce policy data, and emailing discrepancy reports.

naftiko: '0.5'
info:
  label: Broker Commission Reconciliation Workflow
  description: Reconciles broker commissions by pulling payment data from SAP, comparing against Salesforce policy data, and emailing discrepancy reports.
  tags:
  - insurance
  - finance
  - commissions
  - sap
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: commission-ops
    port: 8080
    tools:
    - name: reconcile-commissions
      description: Given a broker ID and period, pull SAP commission payments, compare with Salesforce, and send a reconciliation report.
      inputParameters:
      - name: broker_id
        in: body
        type: string
        description: Broker ID.
      - name: period
        in: body
        type: string
        description: Commission period.
      - name: finance_email
        in: body
        type: string
        description: Finance contact email.
      steps:
      - name: get-payments
        type: call
        call: sap-fi.get-commissions
        with:
          broker_id: '{{broker_id}}'
          period: '{{period}}'
      - name: get-earned
        type: call
        call: sf.get-earned
        with:
          broker_id: '{{broker_id}}'
          period: '{{period}}'
      - name: send-report
        type: call
        call: msgraph.send-mail
        with:
          to: '{{finance_email}}'
          subject: 'Commission Reconciliation: {{broker_id}} — {{period}}'
          body: 'Paid: {{get-payments.total}} | Earned: {{get-earned.total}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: commissions
      path: /A_JournalEntry?$filter=BrokerID eq '{{broker_id}}'
      inputParameters:
      - name: broker_id
        in: query
      operations:
      - name: get-commissions
        method: GET
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: policies
      path: /query/?q=SELECT+SUM(Commission__c)+FROM+Policy__c+WHERE+Broker_ID__c='{{broker_id}}'
      inputParameters:
      - name: broker_id
        in: query
      operations:
      - name: get-earned
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@aig.com/sendMail
      operations:
      - name: send-mail
        method: POST

When a GitHub Actions workflow fails on a protected branch, creates a Jira bug, logs a Datadog deployment marker, and alerts the engineering Teams channel.

naftiko: '0.5'
info:
  label: GitHub CI/CD Pipeline Failure Handler
  description: When a GitHub Actions workflow fails on a protected branch, creates a Jira bug, logs a Datadog deployment marker, and alerts the engineering Teams channel.
  tags:
  - devops
  - cicd
  - github
  - jira
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: devops-ci
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions failure event with repo, branch, commit, and workflow details, open a Jira bug, create a Datadog error event, and alert the engineering Teams channel. Use when a protected-branch CI pipeline fails on an AIG platform repo.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository full name.
      - name: branch
        in: body
        type: string
        description: Branch where the failure occurred.
      - name: commit_sha
        in: body
        type: string
        description: Failing commit SHA.
      - name: workflow_name
        in: body
        type: string
        description: Name of the failed workflow.
      - name: run_url
        in: body
        type: string
        description: URL to the failed run.
      - name: eng_channel_id
        in: body
        type: string
        description: Engineering Teams channel ID.
      steps:
      - name: create-bug
        type: call
        call: jira-eng.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[CI Failure] {{repo}} / {{branch}} — {{workflow_name}}'
          description: 'Commit: {{commit_sha}}

            Run: {{run_url}}'
      - name: log-dd-event
        type: call
        call: datadog-ci.create-event
        with:
          title: 'CI Failure: {{repo}} — {{branch}}'
          text: Commit {{commit_sha}} | Workflow {{workflow_name}}
          alert_type: error
      - name: alert-eng
        type: call
        call: msteams-eng.post-channel-message
        with:
          channel_id: '{{eng_channel_id}}'
          text: 'CI Failure: {{repo}} | Branch: {{branch}} | Jira: {{create-bug.key}} | Run: {{run_url}}'
  consumes:
  - type: http
    namespace: jira-eng
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: datadog-ci
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams-eng
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When a policy payment is overdue, retrieves policyholder details from Salesforce, sends a retention email, and logs the outreach in ServiceNow.

naftiko: '0.5'
info:
  label: Policy Lapse Prevention Outreach Workflow
  description: When a policy payment is overdue, retrieves policyholder details from Salesforce, sends a retention email, and logs the outreach in ServiceNow.
  tags:
  - insurance
  - retention
  - salesforce
  - servicenow
  - customer-service
capability:
  exposes:
  - type: mcp
    namespace: retention-ops
    port: 8080
    tools:
    - name: prevent-policy-lapse
      description: Given a policy number and days overdue, look up the policyholder, send a retention email, and log the outreach.
      inputParameters:
      - name: policy_number
        in: body
        type: string
        description: Policy number.
      - name: days_overdue
        in: body
        type: integer
        description: Days overdue.
      steps:
      - name: get-policyholder
        type: call
        call: sf.get-account
        with:
          policy_number: '{{policy_number}}'
      - name: send-email
        type: call
        call: msgraph.send-mail
        with:
          to: '{{get-policyholder.PersonEmail}}'
          subject: Your policy {{policy_number}} — Action Needed
          body: Payment is {{days_overdue}} days overdue.
      - name: log-outreach
        type: call
        call: snow.create-activity
        with:
          short_description: 'Lapse prevention: {{policy_number}}'
          description: 'Days overdue: {{days_overdue}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/PolicyNumber__c/{{policy_number}}
      inputParameters:
      - name: policy_number
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@aig.com/sendMail
      operations:
      - name: send-mail
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: activities
      path: /table/u_retention_activity
      operations:
      - name: create-activity
        method: POST

Validates that a large claim falls within reinsurance treaty limits by checking Snowflake for terms, SAP for exposure, and logging in ServiceNow.

naftiko: '0.5'
info:
  label: Reinsurance Treaty Compliance Validator
  description: Validates that a large claim falls within reinsurance treaty limits by checking Snowflake for terms, SAP for exposure, and logging in ServiceNow.
  tags:
  - insurance
  - reinsurance
  - compliance
  - snowflake
  - sap
capability:
  exposes:
  - type: mcp
    namespace: reinsurance-ops
    port: 8080
    tools:
    - name: check-treaty-compliance
      description: Given a claim number and amount, look up treaty terms in Snowflake, validate exposure in SAP, and log the compliance check.
      inputParameters:
      - name: claim_number
        in: body
        type: string
        description: Claim number.
      - name: claim_amount
        in: body
        type: number
        description: Claim amount.
      - name: treaty_id
        in: body
        type: string
        description: Treaty ID.
      steps:
      - name: get-treaty
        type: call
        call: snowflake.query-treaty
        with:
          treaty_id: '{{treaty_id}}'
      - name: check-exposure
        type: call
        call: sap-fi.get-exposure
        with:
          treaty_id: '{{treaty_id}}'
      - name: log-check
        type: call
        call: snow.create-record
        with:
          short_description: 'Treaty compliance: {{claim_number}}'
          description: 'Amount: {{claim_amount}} | Treaty: {{treaty_id}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-treaty
        method: POST
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: exposure
      path: /A_JournalEntry?$filter=TreatyID eq '{{treaty_id}}'
      inputParameters:
      - name: treaty_id
        in: query
      operations:
      - name: get-exposure
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: compliance
      path: /table/u_reinsurance_compliance
      operations:
      - name: create-record
        method: POST

Books a conference room via Microsoft Graph, creates the calendar event, and notifies attendees in Teams.

naftiko: '0.5'
info:
  label: Conference Room Booking Notification
  description: Books a conference room via Microsoft Graph, creates the calendar event, and notifies attendees in Teams.
  tags:
  - insurance
  - facilities
  - microsoft-graph
  - microsoft-teams
  - scheduling
capability:
  exposes:
  - type: mcp
    namespace: facilities-ops
    port: 8080
    tools:
    - name: book-conference-room
      description: Given a room email, start/end times, and organizer, check availability, create the booking, and notify in Teams.
      inputParameters:
      - name: room_email
        in: body
        type: string
        description: Room resource email.
      - name: start_time
        in: body
        type: string
        description: Start time (ISO 8601).
      - name: end_time
        in: body
        type: string
        description: End time (ISO 8601).
      - name: organizer_upn
        in: body
        type: string
        description: Organizer UPN.
      steps:
      - name: check-availability
        type: call
        call: msgraph.get-schedule
        with:
          room: '{{room_email}}'
          start: '{{start_time}}'
      - name: create-booking
        type: call
        call: msgraph.create-event
        with:
          room: '{{room_email}}'
          start: '{{start_time}}'
          end: '{{end_time}}'
      - name: notify-organizer
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{organizer_upn}}'
          text: 'Room booked: {{room_email}} from {{start_time}} to {{end_time}}.'
  consumes:
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: schedules
      path: /users/{{room}}/calendar/getSchedule
      inputParameters:
      - name: room
        in: path
      operations:
      - name: get-schedule
        method: POST
    - name: events
      path: /users/{{organizer_upn}}/events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves compensation band details from Workday for a specified job profile, returning min, mid, and max salary.

naftiko: '0.5'
info:
  label: Workday Compensation Band Lookup
  description: Retrieves compensation band details from Workday for a specified job profile, returning min, mid, and max salary.
  tags:
  - hr
  - workday
  - compensation
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: comp-ops
    port: 8080
    tools:
    - name: get-comp-band
      description: Given a job profile ID, return the salary band minimum, midpoint, and maximum.
      inputParameters:
      - name: job_profile_id
        in: body
        type: string
        description: Workday job profile ID.
      call: workday.get-comp-band
      with:
        profile: '{{job_profile_id}}'
      outputParameters:
      - name: min_salary
        type: number
        mapping: $.Compensation_Band.Min
      - name: mid_salary
        type: number
        mapping: $.Compensation_Band.Mid
      - name: max_salary
        type: number
        mapping: $.Compensation_Band.Max
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Compensation/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: comp-bands
      path: /compensation-bands/{{profile}}
      operations:
      - name: get-comp-band
        method: GET

Creates a ServiceNow change request for planned maintenance on insurance platform systems and notifies the CAB Teams channel for approval.

naftiko: '0.5'
info:
  label: IT Change Management Request
  description: Creates a ServiceNow change request for planned maintenance on insurance platform systems and notifies the CAB Teams channel for approval.
  tags:
  - itsm
  - change-management
  - servicenow
  - approval
capability:
  exposes:
  - type: mcp
    namespace: change-mgmt
    port: 8080
    tools:
    - name: submit-change-request
      description: Given maintenance details and a planned window, create a ServiceNow change request and notify the CAB Teams channel. Use when scheduling planned maintenance that affects AIG insurance or corporate systems.
      inputParameters:
      - name: short_description
        in: body
        type: string
        description: Brief description of the planned change.
      - name: description
        in: body
        type: string
        description: Full change details including systems affected and rollback plan.
      - name: planned_start
        in: body
        type: string
        description: Planned start time in ISO 8601 format.
      - name: planned_end
        in: body
        type: string
        description: Planned end time in ISO 8601 format.
      - name: cab_channel_id
        in: body
        type: string
        description: CAB Teams channel ID.
      steps:
      - name: create-change
        type: call
        call: servicenow-change.create-change-request
        with:
          short_description: '{{short_description}}'
          description: '{{description}}'
          start_date: '{{planned_start}}'
          end_date: '{{planned_end}}'
      - name: notify-cab
        type: call
        call: msteams-cab.post-channel-message
        with:
          channel_id: '{{cab_channel_id}}'
          text: 'Change Request {{create-change.number}}: {{short_description}} | Window: {{planned_start}} to {{planned_end}} | Awaiting CAB approval'
  consumes:
  - type: http
    namespace: servicenow-change
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: msteams-cab
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Looks up an Okta user by email and returns the account status, last login timestamp, and MFA enrollment state.

naftiko: '0.5'
info:
  label: Okta User Account Status Lookup
  description: Looks up an Okta user by email and returns the account status, last login timestamp, and MFA enrollment state.
  tags:
  - insurance
  - security
  - okta
  - identity
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: identity-ops
    port: 8080
    tools:
    - name: get-user-status
      description: Given a user email, return the Okta account status, last login, and MFA enrollment status.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: User email address.
      call: okta.get-user
      with:
        login: '{{user_email}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: last_login
        type: string
        mapping: $.lastLogin
  consumes:
  - namespace: okta
    type: http
    baseUri: https://aig.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: identity-ops
      path: /{{id}}
      operations:
      - name: get-user
        method: GET

When a complaint is received, creates a Salesforce case, opens a ServiceNow investigation task, and notifies the compliance officer via Teams.

naftiko: '0.5'
info:
  label: Customer Complaint Escalation Handler
  description: When a complaint is received, creates a Salesforce case, opens a ServiceNow investigation task, and notifies the compliance officer via Teams.
  tags:
  - insurance
  - customer-service
  - salesforce
  - servicenow
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: complaints-ops
    port: 8080
    tools:
    - name: escalate-complaint
      description: Given complaint details, create a Salesforce case, open a ServiceNow task, and alert compliance via Teams.
      inputParameters:
      - name: customer_name
        in: body
        type: string
        description: Complainant name.
      - name: account_number
        in: body
        type: string
        description: Account or policy number.
      - name: complaint_category
        in: body
        type: string
        description: Complaint category.
      - name: compliance_upn
        in: body
        type: string
        description: UPN of compliance officer.
      steps:
      - name: create-case
        type: call
        call: sf.create-case
        with:
          Subject: Complaint — {{account_number}} — {{complaint_category}}
          Description: 'Customer: {{customer_name}} | Category: {{complaint_category}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'Complaint: {{account_number}}'
          description: 'SF Case: {{create-case.case_number}} | {{complaint_category}}'
      - name: notify-compliance
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{compliance_upn}}'
          text: 'Complaint escalation: {{customer_name}} — {{complaint_category}}. SF: {{create-case.case_number}} | SNOW: {{create-task.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sn_si_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Routes underwriting referrals by checking authority limits in Snowflake, creating a referral task in ServiceNow, and notifying the authorized underwriter via Teams.

naftiko: '0.5'
info:
  label: Underwriting Referral Routing Workflow
  description: Routes underwriting referrals by checking authority limits in Snowflake, creating a referral task in ServiceNow, and notifying the authorized underwriter via Teams.
  tags:
  - insurance
  - underwriting
  - snowflake
  - servicenow
  - workflow
capability:
  exposes:
  - type: mcp
    namespace: uw-ops
    port: 8080
    tools:
    - name: route-uw-referral
      description: Given a submission ID and coverage amount, check authority limits in Snowflake, create a ServiceNow referral, and notify the underwriter in Teams.
      inputParameters:
      - name: submission_id
        in: body
        type: string
        description: Submission ID.
      - name: coverage_amount
        in: body
        type: number
        description: Coverage amount.
      - name: line_of_business
        in: body
        type: string
        description: LOB.
      steps:
      - name: check-authority
        type: call
        call: snowflake.query-authority
        with:
          lob: '{{line_of_business}}'
          amount: '{{coverage_amount}}'
      - name: create-referral
        type: call
        call: snow.create-referral
        with:
          short_description: 'UW Referral: {{submission_id}} — ${{coverage_amount}}'
          description: 'LOB: {{line_of_business}}'
      - name: notify-uw
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{check-authority.authorized_upn}}'
          text: 'UW Referral: {{submission_id}} — ${{coverage_amount}} ({{line_of_business}}). SNOW: {{create-referral.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-authority
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: referrals
      path: /table/u_uw_referral
      operations:
      - name: create-referral
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

When an employee termination is processed in Workday, disables their Okta account, revokes ServiceNow access, and notifies the HR business partner via Teams.

naftiko: '0.5'
info:
  label: Employee Termination Access Revocation
  description: When an employee termination is processed in Workday, disables their Okta account, revokes ServiceNow access, and notifies the HR business partner via Teams.
  tags:
  - insurance
  - hr
  - security
  - workday
  - okta
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-security
    port: 8080
    tools:
    - name: revoke-terminated-access
      description: Given a Workday employee ID and termination date, disable the Okta account, close open ServiceNow tickets, and notify the HRBP via Teams.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: termination_date
        in: body
        type: string
        description: Termination date.
      - name: hrbp_upn
        in: body
        type: string
        description: UPN of the HRBP.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          employee_id: '{{employee_id}}'
      - name: disable-okta
        type: call
        call: okta.deactivate-user
        with:
          login: '{{get-employee.email}}'
      - name: notify-hrbp
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{hrbp_upn}}'
          text: Access revoked for {{get-employee.full_name}} ({{employee_id}}) effective {{termination_date}}.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Human_Resources/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: workers
      path: /workers/{{employee_id}}
      inputParameters:
      - name: employee_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://aig.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: users
      path: /users/{{login}}/lifecycle/deactivate
      inputParameters:
      - name: login
        in: path
      operations:
      - name: deactivate-user
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Enriches an underwriting prospect account in Salesforce with ZoomInfo firmographic and risk-signal data before the underwriting team conducts a policy review.

naftiko: '0.5'
info:
  label: Underwriting Risk Data Enrichment
  description: Enriches an underwriting prospect account in Salesforce with ZoomInfo firmographic and risk-signal data before the underwriting team conducts a policy review.
  tags:
  - underwriting
  - crm
  - salesforce
  - data-enrichment
  - insurance
capability:
  exposes:
  - type: mcp
    namespace: underwriting-ops
    port: 8080
    tools:
    - name: enrich-underwriting-prospect
      description: Given a Salesforce account ID and ZoomInfo company ID, fetch current firmographic data including employee count, revenue, and industry, then update the Salesforce account record. Use before underwriting team conducts policy risk review.
      inputParameters:
      - name: salesforce_account_id
        in: body
        type: string
        description: Salesforce account ID for the underwriting prospect.
      - name: zoominfo_company_id
        in: body
        type: string
        description: ZoomInfo company ID for firmographic lookup.
      - name: underwriter_upn
        in: body
        type: string
        description: Underwriter Teams UPN for enrichment notification.
      steps:
      - name: get-firmographics
        type: call
        call: zoominfo-uw.get-company
        with:
          company_id: '{{zoominfo_company_id}}'
      - name: update-sf-account
        type: call
        call: salesforce-uw.update-account
        with:
          account_id: '{{salesforce_account_id}}'
          employees: '{{get-firmographics.employee_count}}'
          annual_revenue: '{{get-firmographics.revenue}}'
          industry: '{{get-firmographics.industry}}'
          sic_code: '{{get-firmographics.sic_code}}'
      - name: notify-underwriter
        type: call
        call: msteams-uw.send-message
        with:
          recipient_upn: '{{underwriter_upn}}'
          text: 'Account enriched: {{get-firmographics.company_name}} | Employees: {{get-firmographics.employee_count}} | Revenue: ${{get-firmographics.revenue}} | Industry: {{get-firmographics.industry}}'
  consumes:
  - type: http
    namespace: zoominfo-uw
    baseUri: https://api.zoominfo.com/search
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /company/{{company_id}}
      inputParameters:
      - name: company_id
        in: path
      operations:
      - name: get-company
        method: GET
  - type: http
    namespace: salesforce-uw
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-account
        method: PATCH
  - type: http
    namespace: msteams-uw
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Looks up a user identity in SailPoint and returns current entitlements and certification status.

naftiko: '0.5'
info:
  label: SailPoint Identity Governance Lookup
  description: Looks up a user identity in SailPoint and returns current entitlements and certification status.
  tags:
  - insurance
  - security
  - sailpoint
  - identity-governance
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: iam-ops
    port: 8080
    tools:
    - name: get-identity-access
      description: Given a SailPoint identity alias, return the display name, entitlement count, and last certification date.
      inputParameters:
      - name: identity_alias
        in: body
        type: string
        description: SailPoint identity alias or email.
      call: sailpoint.get-identity
      with:
        alias: '{{identity_alias}}'
      outputParameters:
      - name: display_name
        type: string
        mapping: $.displayName
      - name: entitlement_count
        type: integer
        mapping: $.entitlementCount
  consumes:
  - namespace: sailpoint
    type: http
    baseUri: https://aig.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: iam-ops
      path: /{{id}}
      operations:
      - name: get-identity
        method: GET

Runs a Splunk search for security events matching a query and returns the result count.

naftiko: '0.5'
info:
  label: Splunk Security Event Query
  description: Runs a Splunk search for security events matching a query and returns the result count.
  tags:
  - insurance
  - security
  - splunk
  - siem
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: security-ops
    port: 8080
    tools:
    - name: search-security-events
      description: Given a Splunk search query, execute the search and return the result count and top events.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: Splunk search query string.
      call: splunk.run-search
      with:
        search: '{{search_query}}'
      outputParameters:
      - name: result_count
        type: integer
        mapping: $.resultCount
  consumes:
  - namespace: splunk
    type: http
    baseUri: https://aig-splunk.splunkcloud.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: security-ops
      path: /{{id}}
      operations:
      - name: run-search
        method: GET

Balances adjuster workloads by querying Salesforce for open claims, checking capacity in Snowflake, and notifying the claims manager in Teams.

naftiko: '0.5'
info:
  label: Claims Adjuster Workload Balancing
  description: Balances adjuster workloads by querying Salesforce for open claims, checking capacity in Snowflake, and notifying the claims manager in Teams.
  tags:
  - insurance
  - claims
  - workforce-management
  - salesforce
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: workload-ops
    port: 8080
    tools:
    - name: balance-workload
      description: Given a claims region, query Salesforce for open claims per adjuster, check capacity thresholds in Snowflake, and notify the manager.
      inputParameters:
      - name: region
        in: body
        type: string
        description: Claims region.
      - name: manager_upn
        in: body
        type: string
        description: Claims manager UPN.
      steps:
      - name: get-workload
        type: call
        call: sf.query-workload
        with:
          region: '{{region}}'
      - name: check-capacity
        type: call
        call: snowflake.check-thresholds
        with:
          region: '{{region}}'
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{manager_upn}}'
          text: 'Workload: {{region}} — {{get-workload.total_open}} open claims, {{get-workload.adjuster_count}} adjusters. Status: {{check-capacity.status}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: workload
      path: /query/?q=SELECT+COUNT(Id),OwnerId+FROM+Case+WHERE+Region__c='{{region}}'
      operations:
      - name: query-workload
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: check-thresholds
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Checks the refresh status of a Power BI dataset and returns the last refresh time and status.

naftiko: '0.5'
info:
  label: Power BI Dataset Refresh Status Check
  description: Checks the refresh status of a Power BI dataset and returns the last refresh time and status.
  tags:
  - insurance
  - analytics
  - power-bi
  - reporting
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: bi-ops
    port: 8080
    tools:
    - name: get-dataset-refresh
      description: Given a Power BI dataset ID, return the last refresh timestamp and status.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset GUID.
      call: pbi.get-refresh
      with:
        datasetId: '{{dataset_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.value[0].status
      - name: end_time
        type: string
        mapping: $.value[0].endTime
  consumes:
  - namespace: pbi
    type: http
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: bi-ops
      path: /{{id}}
      operations:
      - name: get-refresh
        method: GET

Queries Workday for open positions by department, returning count and average days open.

naftiko: '0.5'
info:
  label: Workday Open Position Count Check
  description: Queries Workday for open positions by department, returning count and average days open.
  tags:
  - insurance
  - hr
  - workday
  - talent-acquisition
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: ta-ops
    port: 8080
    tools:
    - name: get-open-positions
      description: Given a department name, return the open position count and average days since posting.
      inputParameters:
      - name: department
        in: body
        type: string
        description: Department name.
      call: workday.get-requisitions
      with:
        department: '{{department}}'
      outputParameters:
      - name: open_count
        type: integer
        mapping: $.total
      - name: avg_days_open
        type: number
        mapping: $.averageDaysOpen
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Human_Resources/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: ta-ops
      path: /{{id}}
      operations:
      - name: get-requisitions
        method: GET

When GitHub Advanced Security detects a critical CVE in an AIG platform repo, creates a Jira security ticket, logs a Datadog event, and alerts the cybersecurity team in Teams.

naftiko: '0.5'
info:
  label: GitHub Security Vulnerability Triage
  description: When GitHub Advanced Security detects a critical CVE in an AIG platform repo, creates a Jira security ticket, logs a Datadog event, and alerts the cybersecurity team in Teams.
  tags:
  - security
  - github
  - devops
  - jira
  - vulnerability
capability:
  exposes:
  - type: mcp
    namespace: sec-triage
    port: 8080
    tools:
    - name: triage-security-alert
      description: Given a GitHub security alert with CVE, severity, and affected package, create a Jira security ticket, log a Datadog error event, and alert the cybersecurity Teams channel. Use when GitHub Advanced Security finds a critical CVE in an AIG insurance platform repo.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository full name.
      - name: cve_id
        in: body
        type: string
        description: CVE identifier.
      - name: severity
        in: body
        type: string
        description: 'Severity: critical, high, medium, or low.'
      - name: package_name
        in: body
        type: string
        description: Affected package name.
      - name: sec_channel_id
        in: body
        type: string
        description: Cybersecurity Teams channel ID.
      steps:
      - name: create-sec-ticket
        type: call
        call: jira-sec.create-issue
        with:
          project_key: SEC
          issuetype: Bug
          summary: '[{{severity}}] {{cve_id}} in {{repo}} — {{package_name}}'
          description: 'CVE: {{cve_id}} | Package: {{package_name}} | Severity: {{severity}}'
          priority: Highest
      - name: log-event
        type: call
        call: datadog-sec.create-event
        with:
          title: 'Security: {{cve_id}} in {{repo}}'
          text: 'Package {{package_name}} | Severity: {{severity}} | Jira: {{create-sec-ticket.key}}'
          alert_type: error
      - name: alert-sec-team
        type: call
        call: msteams-sec.post-channel-message
        with:
          channel_id: '{{sec_channel_id}}'
          text: 'SECURITY: {{severity}} CVE {{cve_id}} in {{repo}} / {{package_name}} | Jira: {{create-sec-ticket.key}} | Datadog: {{log-event.url}}'
  consumes:
  - type: http
    namespace: jira-sec
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: datadog-sec
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams-sec
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When a policy is within 60 days of expiration, enriches the Salesforce account with ZoomInfo data, creates a renewal opportunity, and alerts the account manager in Teams.

naftiko: '0.5'
info:
  label: Policy Renewal Outreach Workflow
  description: When a policy is within 60 days of expiration, enriches the Salesforce account with ZoomInfo data, creates a renewal opportunity, and alerts the account manager in Teams.
  tags:
  - sales
  - crm
  - salesforce
  - insurance
  - renewal
capability:
  exposes:
  - type: mcp
    namespace: policy-renewal
    port: 8080
    tools:
    - name: trigger-renewal-outreach
      description: Given a Salesforce account ID and policy expiration date, enrich the account from ZoomInfo, create a renewal opportunity in Salesforce, and notify the account manager in Teams. Use when policy records show expiration within 60 days.
      inputParameters:
      - name: salesforce_account_id
        in: body
        type: string
        description: Salesforce account ID for the policyholder.
      - name: policy_expiry_date
        in: body
        type: string
        description: Policy expiration date in YYYY-MM-DD format.
      - name: account_manager_upn
        in: body
        type: string
        description: Account manager Teams UPN.
      - name: zoominfo_company_id
        in: body
        type: string
        description: ZoomInfo company ID for enrichment.
      steps:
      - name: enrich-account
        type: call
        call: zoominfo.get-company
        with:
          company_id: '{{zoominfo_company_id}}'
      - name: update-sf-account
        type: call
        call: salesforce-acct.update-account
        with:
          account_id: '{{salesforce_account_id}}'
          employees: '{{enrich-account.employee_count}}'
          annual_revenue: '{{enrich-account.revenue}}'
      - name: create-renewal-opp
        type: call
        call: salesforce-opps.create-opportunity
        with:
          account_id: '{{salesforce_account_id}}'
          name: Policy Renewal — {{enrich-account.company_name}} — {{policy_expiry_date}}
          stage_name: Renewal Outreach
          close_date: '{{policy_expiry_date}}'
      - name: alert-account-manager
        type: call
        call: msteams-renewal.send-message
        with:
          recipient_upn: '{{account_manager_upn}}'
          text: 'Policy renewal due {{policy_expiry_date}} for {{enrich-account.company_name}}. Opportunity created: {{create-renewal-opp.id}}. Employees: {{enrich-account.employee_count}}'
  consumes:
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com/search
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /company/{{company_id}}
      inputParameters:
      - name: company_id
        in: path
      operations:
      - name: get-company
        method: GET
  - type: http
    namespace: salesforce-acct
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-account
        method: PATCH
  - type: http
    namespace: salesforce-opps
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity
      operations:
      - name: create-opportunity
        method: POST
  - type: http
    namespace: msteams-renewal
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Processes a policy endorsement by updating Salesforce, adjusting premium in SAP, and emailing confirmation to the broker.

naftiko: '0.5'
info:
  label: Policy Endorsement Processing Workflow
  description: Processes a policy endorsement by updating Salesforce, adjusting premium in SAP, and emailing confirmation to the broker.
  tags:
  - insurance
  - policy-management
  - salesforce
  - sap
  - customer-service
capability:
  exposes:
  - type: mcp
    namespace: endorsement-ops
    port: 8080
    tools:
    - name: process-endorsement
      description: Given a policy number and endorsement type, update Salesforce, post SAP premium adjustment, and send confirmation.
      inputParameters:
      - name: policy_number
        in: body
        type: string
        description: Policy number.
      - name: endorsement_type
        in: body
        type: string
        description: Endorsement type.
      - name: effective_date
        in: body
        type: string
        description: Effective date.
      - name: broker_email
        in: body
        type: string
        description: Broker email.
      steps:
      - name: update-policy
        type: call
        call: sf.update-policy
        with:
          policy_number: '{{policy_number}}'
          endorsement_type: '{{endorsement_type}}'
      - name: adjust-premium
        type: call
        call: sap-fi.post-adjustment
        with:
          policy_number: '{{policy_number}}'
          effective_date: '{{effective_date}}'
      - name: send-confirmation
        type: call
        call: msgraph.send-mail
        with:
          to: '{{broker_email}}'
          subject: 'Endorsement: {{policy_number}} — {{endorsement_type}}'
          body: 'Effective {{effective_date}}. Adjustment: {{adjust-premium.amount}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: policies
      path: /sobjects/InsurancePolicy__c/PolicyNumber__c/{{policy_number}}
      inputParameters:
      - name: policy_number
        in: path
      operations:
      - name: update-policy
        method: PATCH
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: adjustments
      path: /A_JournalEntry
      operations:
      - name: post-adjustment
        method: POST
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@aig.com/sendMail
      operations:
      - name: send-mail
        method: POST

Looks up a claim investigation record in ServiceNow by claim number and returns status, assigned adjuster, and priority.

naftiko: '0.5'
info:
  label: ServiceNow Claim Record Lookup
  description: Looks up a claim investigation record in ServiceNow by claim number and returns status, assigned adjuster, and priority.
  tags:
  - insurance
  - insurance
  - claims
  - servicenow
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: claims-ops
    port: 8080
    tools:
    - name: get-claim-record
      description: Given a claim number, return the ServiceNow investigation record status, assigned adjuster, and priority level.
      inputParameters:
      - name: claim_number
        in: body
        type: string
        description: Insurance claim number.
      call: snow.get-claim
      with:
        number: '{{claim_number}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.result.state
      - name: adjuster
        type: string
        mapping: $.result.assigned_to.display_value
      - name: priority
        type: string
        mapping: $.result.priority
  consumes:
  - namespace: snow
    type: http
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: claims-ops
      path: /{{id}}
      operations:
      - name: get-claim
        method: GET

Retrieves an SAP Concur expense report by ID, returning the total amount, approval status, and owner.

naftiko: '0.5'
info:
  label: SAP Concur Expense Report Status Lookup
  description: Retrieves an SAP Concur expense report by ID, returning the total amount, approval status, and owner.
  tags:
  - insurance
  - finance
  - sap-concur
  - expense-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: expense-ops
    port: 8080
    tools:
    - name: get-expense-report
      description: Given a Concur report ID, return the total, currency, approval status, and submitter name.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: SAP Concur expense report ID.
      call: concur.get-report
      with:
        reportId: '{{report_id}}'
      outputParameters:
      - name: total
        type: number
        mapping: $.Total
      - name: status
        type: string
        mapping: $.ApprovalStatusName
      - name: owner
        type: string
        mapping: $.OwnerName
  consumes:
  - namespace: concur
    type: http
    baseUri: https://api.aig.com/v1
    authentication:
      type: bearer
      token: $secrets.api_token
    resources:
    - name: expense-ops
      path: /{{id}}
      operations:
      - name: get-report
        method: GET

Retrieves a complex claims document from ServiceNow, sends it to Anthropic Claude for intelligent summarization, and posts the AI summary to the claims adjuster in Teams.

naftiko: '0.5'
info:
  label: AI-Assisted Claims Document Summarization
  description: Retrieves a complex claims document from ServiceNow, sends it to Anthropic Claude for intelligent summarization, and posts the AI summary to the claims adjuster in Teams.
  tags:
  - ai
  - claims
  - servicenow
  - anthropic
  - insurance
capability:
  exposes:
  - type: mcp
    namespace: ai-claims
    port: 8080
    tools:
    - name: summarize-claims-document
      description: Given a ServiceNow claim record ID, retrieve the claim description and attached documents, send to Anthropic Claude for an intelligent claim summary including coverage assessment and recommended next steps. Post the summary to the adjuster in Teams. Use when adjusters need rapid comprehension of complex or lengthy claims.
      inputParameters:
      - name: claim_record_id
        in: body
        type: string
        description: ServiceNow claim record sys_id.
      - name: adjuster_upn
        in: body
        type: string
        description: Claims adjuster Teams UPN.
      steps:
      - name: get-claim
        type: call
        call: servicenow-ai.get-record
        with:
          sys_id: '{{claim_record_id}}'
      - name: generate-summary
        type: call
        call: anthropic.create-message
        with:
          model: claude-opus-4-5
          prompt: 'Summarize this insurance claim for an AIG claims adjuster. Include: 1) key facts of the loss, 2) likely coverage implications, 3) recommended immediate next steps. Claim: {{get-claim.description}}'
      - name: notify-adjuster
        type: call
        call: msteams-adj.send-message
        with:
          recipient_upn: '{{adjuster_upn}}'
          text: 'AI Claim Summary for {{claim_record_id}}: {{generate-summary.content[0].text}}'
  consumes:
  - type: http
    namespace: servicenow-ai
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: claim-records
      path: /table/u_claims_investigation/{{sys_id}}
      inputParameters:
      - name: sys_id
        in: path
      operations:
      - name: get-record
        method: GET
  - type: http
    namespace: anthropic
    baseUri: https://api.anthropic.com/v1
    authentication:
      type: apikey
      key: x-api-key
      value: $secrets.anthropic_api_key
      placement: header
    resources:
    - name: messages
      path: /messages
      operations:
      - name: create-message
        method: POST
  - type: http
    namespace: msteams-adj
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

When a Workday role change is approved, updates Okta group memberships, adjusts the Salesforce user profile, and creates an IT ServiceNow follow-up task.

naftiko: '0.5'
info:
  label: Employee Role Change Access Provisioning
  description: When a Workday role change is approved, updates Okta group memberships, adjusts the Salesforce user profile, and creates an IT ServiceNow follow-up task.
  tags:
  - hr
  - identity
  - workday
  - okta
  - provisioning
capability:
  exposes:
  - type: mcp
    namespace: role-provisioning
    port: 8080
    tools:
    - name: process-role-change
      description: Given a Workday employee ID, new role, and Okta group changes, update Okta group membership, update the Salesforce user profile with the new title, and create a ServiceNow task for IT access follow-up. Use when an AIG employee's role or department changes.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID of the employee.
      - name: new_role
        in: body
        type: string
        description: New job title or role.
      - name: okta_add_group_id
        in: body
        type: string
        description: Okta group ID to add the employee to for the new role.
      - name: salesforce_user_id
        in: body
        type: string
        description: Salesforce user ID to update.
      steps:
      - name: get-worker
        type: call
        call: workday-rc.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: add-to-group
        type: call
        call: okta-rc.add-user-to-group
        with:
          group_id: '{{okta_add_group_id}}'
      - name: update-sf-user
        type: call
        call: salesforce-rc.update-user
        with:
          user_id: '{{salesforce_user_id}}'
          title: '{{new_role}}'
      - name: create-it-task
        type: call
        call: servicenow-rc.create-task
        with:
          short_description: 'Role change: {{get-worker.full_name}} → {{new_role}}'
          category: access_management
          assigned_group: IT_Access
  consumes:
  - type: http
    namespace: workday-rc
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta-rc
    baseUri: https://aig.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_token
      placement: header
    resources:
    - name: group-users
      path: /groups/{{group_id}}/users
      inputParameters:
      - name: group_id
        in: path
      operations:
      - name: add-user-to-group
        method: PUT
  - type: http
    namespace: salesforce-rc
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: users
      path: /sobjects/User/{{user_id}}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: update-user
        method: PATCH
  - type: http
    namespace: servicenow-rc
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Reviews reserve adequacy by pulling reserves from SAP, comparing development in Snowflake, and alerting actuaries in Teams.

naftiko: '0.5'
info:
  label: Claims Reserve Adequacy Review Workflow
  description: Reviews reserve adequacy by pulling reserves from SAP, comparing development in Snowflake, and alerting actuaries in Teams.
  tags:
  - insurance
  - actuarial
  - claims
  - sap
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: reserve-review
    port: 8080
    tools:
    - name: review-reserve-adequacy
      description: Given an LOB and date, pull booked reserves from SAP, compare with Snowflake factors, and alert the actuarial team.
      inputParameters:
      - name: line_of_business
        in: body
        type: string
        description: LOB.
      - name: valuation_date
        in: body
        type: string
        description: Valuation date.
      - name: actuary_channel_id
        in: body
        type: string
        description: Actuarial Teams channel.
      steps:
      - name: get-reserves
        type: call
        call: sap-fi.get-reserves
        with:
          lob: '{{line_of_business}}'
          date: '{{valuation_date}}'
      - name: get-development
        type: call
        call: snowflake.query-development
        with:
          lob: '{{line_of_business}}'
      - name: alert-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{actuary_channel_id}}'
          text: 'Reserve review: {{line_of_business}} — Booked: ${{get-reserves.total}} | Indicated: ${{get-development.indicated}}'
  consumes:
  - type: http
    namespace: sap-fi
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: reserves
      path: /A_JournalEntry?$filter=LOB eq '{{lob}}'
      operations:
      - name: get-reserves
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-development
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      operations:
      - name: post-channel
        method: POST

At sprint close, retrieves Jira velocity metrics, refreshes the Power BI agile dashboard, and posts a sprint summary to the engineering Teams channel.

naftiko: '0.5'
info:
  label: Jira Sprint Velocity Digest
  description: At sprint close, retrieves Jira velocity metrics, refreshes the Power BI agile dashboard, and posts a sprint summary to the engineering Teams channel.
  tags:
  - devops
  - jira
  - agile
  - reporting
  - engineering
capability:
  exposes:
  - type: mcp
    namespace: sprint-reporting
    port: 8080
    tools:
    - name: publish-sprint-velocity
      description: Given a Jira board and sprint ID, retrieve completed story points, refresh the Power BI agile dashboard, and post the sprint summary to the engineering Teams channel. Use at each sprint close to communicate velocity.
      inputParameters:
      - name: board_id
        in: body
        type: string
        description: Jira software board ID.
      - name: sprint_id
        in: body
        type: string
        description: Completed sprint ID.
      - name: pbi_dataset_id
        in: body
        type: string
        description: Power BI dataset ID for the agile dashboard.
      - name: eng_channel_id
        in: body
        type: string
        description: Engineering Teams channel ID.
      steps:
      - name: get-sprint-report
        type: call
        call: jira-agile.get-sprint-report
        with:
          board_id: '{{board_id}}'
          sprint_id: '{{sprint_id}}'
      - name: refresh-pbi-sprint
        type: call
        call: powerbi-sprint.trigger-refresh
        with:
          dataset_id: '{{pbi_dataset_id}}'
      - name: post-sprint-summary
        type: call
        call: msteams-sprint.post-channel-message
        with:
          channel_id: '{{eng_channel_id}}'
          text: 'Sprint {{sprint_id}} closed. Velocity: {{get-sprint-report.completed_points}} pts | Completion: {{get-sprint-report.completion_rate}}% | Dashboard refreshed.'
  consumes:
  - type: http
    namespace: jira-agile
    baseUri: https://aig.atlassian.net/rest/agile/1.0
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: sprint-issues
      path: /board/{{board_id}}/sprint/{{sprint_id}}/issue
      inputParameters:
      - name: board_id
        in: path
      - name: sprint_id
        in: path
      operations:
      - name: get-sprint-report
        method: GET
  - type: http
    namespace: powerbi-sprint
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msteams-sprint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Auto-adjudicates travel claims by verifying coverage in Salesforce, processing payment in SAP, and updating the claim status.

naftiko: '0.5'
info:
  label: Travel Insurance Auto-Adjudication Workflow
  description: Auto-adjudicates travel claims by verifying coverage in Salesforce, processing payment in SAP, and updating the claim status.
  tags:
  - insurance
  - claims
  - travel
  - salesforce
  - sap
capability:
  exposes:
  - type: mcp
    namespace: travel-claims
    port: 8080
    tools:
    - name: auto-adjudicate-travel
      description: Given a travel claim number, type, and amount, verify coverage, process payment, and update status.
      inputParameters:
      - name: claim_number
        in: body
        type: string
        description: Claim number.
      - name: claim_type
        in: body
        type: string
        description: Claim type.
      - name: claim_amount
        in: body
        type: number
        description: Claim amount.
      steps:
      - name: verify-coverage
        type: call
        call: sf.get-travel-policy
        with:
          claim_number: '{{claim_number}}'
      - name: process-payment
        type: call
        call: sap-fi.post-payment
        with:
          claim_number: '{{claim_number}}'
          amount: '{{claim_amount}}'
      - name: update-case
        type: call
        call: sf.update-claim
        with:
          claim_number: '{{claim_number}}'
          status: Paid
          payment_ref: '{{process-payment.document_number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: travel-claims
      path: /sobjects/Travel_Claim__c/ClaimNumber__c/{{claim_number}}
      operations:
      - name: get-travel-policy
        method: GET
  - type: http
    namespace: sap-fi
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: payments
      path: /A_JournalEntry
      operations:
      - name: post-payment
        method: POST

Performs a three-way match on a vendor invoice by verifying the PO in SAP, confirming goods receipt, and routing for approval with Teams notification.

naftiko: '0.5'
info:
  label: SAP Invoice Three-Way Match Workflow
  description: Performs a three-way match on a vendor invoice by verifying the PO in SAP, confirming goods receipt, and routing for approval with Teams notification.
  tags:
  - insurance
  - finance
  - accounts-payable
  - sap
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: ap-ops
    port: 8080
    tools:
    - name: three-way-match
      description: Given an invoice and PO number, verify the PO in SAP, confirm goods receipt, create an approval in ServiceNow, and notify AP via Teams.
      inputParameters:
      - name: invoice_number
        in: body
        type: string
        description: Vendor invoice number.
      - name: po_number
        in: body
        type: string
        description: SAP purchase order number.
      - name: ap_manager_upn
        in: body
        type: string
        description: UPN of AP manager.
      steps:
      - name: verify-po
        type: call
        call: sap.get-po
        with:
          po_number: '{{po_number}}'
      - name: check-gr
        type: call
        call: sap.get-goods-receipt
        with:
          po_number: '{{po_number}}'
      - name: create-approval
        type: call
        call: snow.create-approval
        with:
          short_description: 'Invoice approval: {{invoice_number}} — PO {{po_number}}'
          description: 'PO Amount: {{verify-po.total_amount}} | GR: {{check-gr.status}}'
      - name: notify-ap
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{ap_manager_upn}}'
          text: 'Three-way match: Invoice {{invoice_number}} — PO {{po_number}}. GR: {{check-gr.status}}. Approval: {{create-approval.number}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET
    - name: goods-receipts
      path: /A_PurchaseOrder('{{po_number}}')/to_GoodsReceipt
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-goods-receipt
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: approvals
      path: /table/sysapproval_approver
      operations:
      - name: create-approval
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

When Dependabot alerts are raised, creates Jira tickets for remediation, logs in Snowflake, and alerts the AppSec team via Teams.

naftiko: '0.5'
info:
  label: GitHub Dependabot Alert Handler
  description: When Dependabot alerts are raised, creates Jira tickets for remediation, logs in Snowflake, and alerts the AppSec team via Teams.
  tags:
  - insurance
  - security
  - github
  - jira
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: appsec-ops
    port: 8080
    tools:
    - name: handle-dependabot-alert
      description: Given a repo and alert severity, create a Jira ticket, log the vulnerability in Snowflake, and notify AppSec in Teams.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: GitHub repository.
      - name: cve_id
        in: body
        type: string
        description: CVE identifier.
      - name: severity
        in: body
        type: string
        description: Alert severity.
      - name: appsec_upn
        in: body
        type: string
        description: UPN of AppSec lead.
      steps:
      - name: create-jira
        type: call
        call: jira.create-issue
        with:
          project: APPSEC
          summary: 'Dependabot: {{cve_id}} in {{repo_name}}'
          description: 'Severity: {{severity}} | Repo: {{repo_name}}'
      - name: log-vuln
        type: call
        call: snowflake.insert-vuln
        with:
          repo: '{{repo_name}}'
          cve: '{{cve_id}}'
          severity: '{{severity}}'
      - name: notify-appsec
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{appsec_upn}}'
          text: 'Dependabot: {{cve_id}} ({{severity}}) in {{repo_name}}. Jira: {{create-jira.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-vuln
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Validates incoming SAP Ariba invoices against open purchase orders and routes discrepancies to the accounts payable team for resolution.

naftiko: '0.5'
info:
  label: SAP Ariba Invoice Validation
  description: Validates incoming SAP Ariba invoices against open purchase orders and routes discrepancies to the accounts payable team for resolution.
  tags:
  - finance
  - procurement
  - sap-ariba
  - accounts-payable
capability:
  exposes:
  - type: mcp
    namespace: ap-validation
    port: 8080
    tools:
    - name: validate-supplier-invoice
      description: Given an SAP Ariba invoice ID and corresponding PO number, fetch both records, compare totals for three-way match, and create a ServiceNow task if a discrepancy is found. Use for incoming supplier invoice processing.
      inputParameters:
      - name: invoice_id
        in: body
        type: string
        description: SAP Ariba invoice ID.
      - name: po_number
        in: body
        type: string
        description: SAP purchase order number for three-way match.
      steps:
      - name: get-invoice
        type: call
        call: ariba.get-invoice
        with:
          invoice_id: '{{invoice_id}}'
      - name: get-po
        type: call
        call: sap-po.get-purchase-order
        with:
          po_number: '{{po_number}}'
      - name: create-approval-task
        type: call
        call: servicenow-ap.create-task
        with:
          short_description: 'Invoice match review: {{invoice_id}} vs PO {{po_number}}'
          description: 'Invoice: ${{get-invoice.total_amount}} | PO: ${{get-po.total_amount}} | Vendor: {{get-invoice.vendor_name}}'
          assigned_group: AP_Finance
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/invoice/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: invoices
      path: /invoices/{{invoice_id}}
      inputParameters:
      - name: invoice_id
        in: path
      operations:
      - name: get-invoice
        method: GET
  - type: http
    namespace: sap-po
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-purchase-order
        method: GET
  - type: http
    namespace: servicenow-ap
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Fetches a GitHub repository by name and returns the default branch, open issue count, and last push timestamp.

naftiko: '0.5'
info:
  label: GitHub Repository Status Check
  description: Fetches a GitHub repository by name and returns the default branch, open issue count, and last push timestamp.
  tags:
  - insurance
  - engineering
  - github
  - devops
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: dev-ops
    port: 8080
    tools:
    - name: get-repo-status
      description: Given a GitHub repository full name, return the default branch and last push timestamp.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: GitHub repository full name.
      call: github.get-repo
      with:
        repo: '{{repo_name}}'
      outputParameters:
      - name: default_branch
        type: string
        mapping: $.default_branch
      - name: last_push
        type: string
        mapping: $.pushed_at
  consumes:
  - namespace: github
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: dev-ops
      path: /{{id}}
      operations:
      - name: get-repo
        method: GET

Schedules property inspections by pulling policy details from Salesforce, creating a task in ServiceNow, and notifying the inspector via Teams.

naftiko: '0.5'
info:
  label: Commercial Property Inspection Scheduler
  description: Schedules property inspections by pulling policy details from Salesforce, creating a task in ServiceNow, and notifying the inspector via Teams.
  tags:
  - insurance
  - property
  - underwriting
  - salesforce
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: inspection-ops
    port: 8080
    tools:
    - name: schedule-inspection
      description: Given a policy number and inspection type, retrieve property details, create a ServiceNow inspection task, and notify the inspector.
      inputParameters:
      - name: policy_number
        in: body
        type: string
        description: Policy number.
      - name: inspection_type
        in: body
        type: string
        description: Inspection type.
      - name: inspector_upn
        in: body
        type: string
        description: Inspector UPN.
      steps:
      - name: get-property
        type: call
        call: sf.get-property
        with:
          policy_number: '{{policy_number}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'Inspection: {{policy_number}} — {{inspection_type}}'
          description: 'Address: {{get-property.address}}'
      - name: notify-inspector
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{inspector_upn}}'
          text: 'Inspection: {{inspection_type}} at {{get-property.address}} — Policy {{policy_number}}. SNOW: {{create-task.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: properties
      path: /sobjects/Property_Risk__c/PolicyNumber__c/{{policy_number}}
      operations:
      - name: get-property
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_inspection_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Scans SAP Ariba for supplier contracts expiring within 90 days, creates Jira procurement tasks, and emails contract owners.

naftiko: '0.5'
info:
  label: SAP Ariba Supplier Contract Renewal Alerts
  description: Scans SAP Ariba for supplier contracts expiring within 90 days, creates Jira procurement tasks, and emails contract owners.
  tags:
  - procurement
  - contract-management
  - sap-ariba
  - jira
capability:
  exposes:
  - type: mcp
    namespace: contract-renewal
    port: 8080
    tools:
    - name: alert-expiring-contracts
      description: Given a look-ahead window, fetch supplier contracts expiring from SAP Ariba and create a Jira renewal task for each. Use monthly to proactively manage AIG's vendor and reinsurer contract renewals.
      inputParameters:
      - name: days_ahead
        in: body
        type: integer
        description: Number of days ahead to scan for expiring contracts.
      - name: jira_project_key
        in: body
        type: string
        description: Jira project key for procurement renewal tasks.
      steps:
      - name: get-expiring
        type: call
        call: ariba-renewal.get-expiring-contracts
        with:
          days_ahead: '{{days_ahead}}'
      - name: create-renewal-task
        type: call
        call: jira-contracts.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Task
          summary: Supplier contract renewals due within {{days_ahead}} days
          description: 'Expiring contracts: {{get-expiring.contract_ids}}'
  consumes:
  - type: http
    namespace: ariba-renewal
    baseUri: https://openapi.ariba.com/api/contract/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: contracts
      path: /contracts
      inputParameters:
      - name: days_ahead
        in: query
      operations:
      - name: get-expiring-contracts
        method: GET
  - type: http
    namespace: jira-contracts
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Generates policyholder documents by pulling policy data from Salesforce, creating a DocuSign envelope, and logging in ServiceNow.

naftiko: '0.5'
info:
  label: Policyholder Document Generation Workflow
  description: Generates policyholder documents by pulling policy data from Salesforce, creating a DocuSign envelope, and logging in ServiceNow.
  tags:
  - insurance
  - document-management
  - salesforce
  - docusign
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: doc-gen
    port: 8080
    tools:
    - name: generate-policy-documents
      description: Given a policy number and document type, retrieve policy details, create a DocuSign envelope, and log in ServiceNow.
      inputParameters:
      - name: policy_number
        in: body
        type: string
        description: Policy number.
      - name: document_type
        in: body
        type: string
        description: Document type.
      - name: recipient_email
        in: body
        type: string
        description: Recipient email.
      steps:
      - name: get-policy
        type: call
        call: sf.get-policy-details
        with:
          policy_number: '{{policy_number}}'
      - name: create-envelope
        type: call
        call: docusign.create-envelope
        with:
          recipient_email: '{{recipient_email}}'
          subject: '{{document_type}} — {{policy_number}}'
      - name: log-task
        type: call
        call: snow.create-task
        with:
          short_description: 'Doc: {{document_type}} — {{policy_number}}'
          description: 'DocuSign: {{create-envelope.envelopeId}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: policies
      path: /sobjects/InsurancePolicy__c/PolicyNumber__c/{{policy_number}}
      operations:
      - name: get-policy-details
        method: GET
  - type: http
    namespace: docusign
    baseUri: https://na4.docusign.net/restapi/v2.1
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: envelopes
      path: /accounts/{{accountId}}/envelopes
      operations:
      - name: create-envelope
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_document_task
      operations:
      - name: create-task
        method: POST

Retrieves current headcount and payroll cost by department and cost center from Workday for finance and HR reporting.

naftiko: '0.5'
info:
  label: Workday Headcount and Payroll Snapshot
  description: Retrieves current headcount and payroll cost by department and cost center from Workday for finance and HR reporting.
  tags:
  - hr
  - finance
  - payroll
  - workday
  - headcount
capability:
  exposes:
  - type: mcp
    namespace: hr-finance
    port: 8080
    tools:
    - name: get-headcount-snapshot
      description: Returns headcount and payroll cost data grouped by department and cost center from Workday as of the specified date. Use for monthly finance reviews and workforce planning.
      inputParameters:
      - name: as_of_date
        in: body
        type: string
        description: Snapshot date in YYYY-MM-DD format.
      call: workday-hcm.get-headcount
      with:
        effective_date: '{{as_of_date}}'
      outputParameters:
      - name: total_headcount
        type: string
        mapping: $.Report_Entry[0].Total_Headcount
      - name: total_payroll_cost
        type: string
        mapping: $.Report_Entry[0].Total_Payroll_Cost
  consumes:
  - type: http
    namespace: workday-hcm
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: headcount
      path: /reports/headcount_by_department
      inputParameters:
      - name: effective_date
        in: query
      operations:
      - name: get-headcount
        method: GET

When Datadog fires a critical alert on an insurance platform system, opens a P1 ServiceNow incident, pages the on-call engineer via PagerDuty, and posts to the IT war-room Teams channel.

naftiko: '0.5'
info:
  label: IT P1 Incident Triage and Escalation
  description: When Datadog fires a critical alert on an insurance platform system, opens a P1 ServiceNow incident, pages the on-call engineer via PagerDuty, and posts to the IT war-room Teams channel.
  tags:
  - itsm
  - incident-response
  - datadog
  - pagerduty
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: it-p1-ops
    port: 8080
    tools:
    - name: handle-critical-alert
      description: Given a Datadog critical alert for an AIG insurance platform system, create a P1 ServiceNow incident, trigger PagerDuty to page the on-call engineer, and post to the IT war-room Teams channel. Use when monitoring detects a critical system failure.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog monitor alert ID.
      - name: system_name
        in: body
        type: string
        description: Affected system name.
      - name: alert_message
        in: body
        type: string
        description: Human-readable alert description.
      - name: warroom_channel_id
        in: body
        type: string
        description: IT war-room Teams channel ID.
      steps:
      - name: create-incident
        type: call
        call: servicenow-p1.create-incident
        with:
          short_description: 'P1: {{system_name}} — {{alert_message}}'
          priority: '1'
          category: critical_system
      - name: page-oncall
        type: call
        call: pagerduty.trigger-incident
        with:
          title: P1 — {{system_name}}
          severity: critical
          details: 'INC: {{create-incident.number}} | Alert: {{alert_id}}'
      - name: post-warroom
        type: call
        call: msteams-p1.post-channel-message
        with:
          channel_id: '{{warroom_channel_id}}'
          text: 'P1 INCIDENT: {{system_name}} | INC: {{create-incident.number}} | PagerDuty: {{page-oncall.incident_key}} | {{alert_message}}'
  consumes:
  - type: http
    namespace: servicenow-p1
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://events.pagerduty.com/v2
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: enqueue
      path: /enqueue
      operations:
      - name: trigger-incident
        method: POST
  - type: http
    namespace: msteams-p1
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When a fraud indicator is detected, enriches the claim from Salesforce, flags in ServiceNow, and alerts the SIU team via Teams.

naftiko: '0.5'
info:
  label: Claims Fraud Detection Alert Workflow
  description: When a fraud indicator is detected, enriches the claim from Salesforce, flags in ServiceNow, and alerts the SIU team via Teams.
  tags:
  - insurance
  - claims
  - fraud-detection
  - salesforce
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: fraud-ops
    port: 8080
    tools:
    - name: handle-fraud-indicator
      description: Given a claim number and fraud indicator, look up in Salesforce, create a fraud investigation in ServiceNow, and notify SIU in Teams.
      inputParameters:
      - name: claim_number
        in: body
        type: string
        description: Claim number.
      - name: fraud_indicator
        in: body
        type: string
        description: Fraud indicator type.
      - name: siu_upn
        in: body
        type: string
        description: UPN of SIU lead.
      steps:
      - name: get-claim
        type: call
        call: sf.get-claim
        with:
          claim_number: '{{claim_number}}'
      - name: create-investigation
        type: call
        call: snow.create-record
        with:
          short_description: 'Fraud: {{claim_number}} — {{fraud_indicator}}'
          category: fraud_investigation
      - name: notify-siu
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{siu_upn}}'
          text: 'Fraud alert: Claim {{claim_number}} — {{fraud_indicator}}. SNOW: {{create-investigation.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: claims
      path: /sobjects/Case/CaseNumber/{{claim_number}}
      inputParameters:
      - name: claim_number
        in: path
      operations:
      - name: get-claim
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: fraud
      path: /table/u_fraud_investigation
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Verifies that a change request falls within the approved window by checking ServiceNow, validating service health in Datadog, and notifying the CAB via Teams.

naftiko: '0.5'
info:
  label: ServiceNow Change Window Compliance Validator
  description: Verifies that a change request falls within the approved window by checking ServiceNow, validating service health in Datadog, and notifying the CAB via Teams.
  tags:
  - insurance
  - it-operations
  - change-management
  - servicenow
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: change-ops
    port: 8080
    tools:
    - name: check-change-compliance
      description: Given a change request number and proposed date, verify window compliance in ServiceNow, check Datadog service health, and notify the CAB in Teams.
      inputParameters:
      - name: change_number
        in: body
        type: string
        description: Change request number.
      - name: proposed_date
        in: body
        type: string
        description: Proposed date.
      - name: cab_channel_id
        in: body
        type: string
        description: Teams channel ID for CAB.
      steps:
      - name: check-window
        type: call
        call: snow.get-change-window
        with:
          change_number: '{{change_number}}'
      - name: check-health
        type: call
        call: datadog.get-status
        with:
          date: '{{proposed_date}}'
      - name: notify-cab
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{cab_channel_id}}'
          text: 'Change compliance: {{change_number}} for {{proposed_date}}. Window: {{check-window.status}} | Health: {{check-health.overall}}'
  consumes:
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request?sysparm_query=number={{change_number}}
      inputParameters:
      - name: change_number
        in: query
      operations:
      - name: get-change-window
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/groups
      operations:
      - name: get-status
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

When a new insurance claim is submitted, creates a Salesforce case, opens a ServiceNow claim investigation record, and notifies the assigned adjuster in Teams.

naftiko: '0.5'
info:
  label: Insurance Claim Intake and Triage
  description: When a new insurance claim is submitted, creates a Salesforce case, opens a ServiceNow claim investigation record, and notifies the assigned adjuster in Teams.
  tags:
  - insurance
  - claims
  - salesforce
  - servicenow
  - customer-service
capability:
  exposes:
  - type: mcp
    namespace: claims-ops
    port: 8080
    tools:
    - name: intake-insurance-claim
      description: Given claim details including policy number, claimant name, loss type, and loss date, create a Salesforce case for customer tracking, open a ServiceNow claim investigation record, and notify the assigned adjuster in Teams. Use when a new claim is received.
      inputParameters:
      - name: policy_number
        in: body
        type: string
        description: AIG policy number for the claim.
      - name: claimant_name
        in: body
        type: string
        description: Full name of the claimant.
      - name: loss_type
        in: body
        type: string
        description: Type of loss, e.g. 'property-damage', 'liability', 'auto'.
      - name: loss_date
        in: body
        type: string
        description: Date of loss in YYYY-MM-DD format.
      - name: adjuster_upn
        in: body
        type: string
        description: UPN of the assigned claims adjuster.
      steps:
      - name: create-sf-case
        type: call
        call: salesforce-claims.create-case
        with:
          subject: Claim — Policy {{policy_number}} — {{loss_type}}
          description: 'Claimant: {{claimant_name}} | Loss date: {{loss_date}}'
          origin: Phone
      - name: create-snow-record
        type: call
        call: servicenow-claims.create-record
        with:
          short_description: 'Claim investigation: {{policy_number}} — {{loss_type}}'
          description: 'Claimant: {{claimant_name}} | Loss date: {{loss_date}} | Salesforce case: {{create-sf-case.case_number}}'
          category: claims_investigation
      - name: notify-adjuster
        type: call
        call: msteams-claims.send-message
        with:
          recipient_upn: '{{adjuster_upn}}'
          text: 'New claim assigned: Policy {{policy_number}} — {{loss_type}} on {{loss_date}}. Claimant: {{claimant_name}}. Salesforce: {{create-sf-case.case_number}} | ServiceNow: {{create-snow-record.number}}'
  consumes:
  - type: http
    namespace: salesforce-claims
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST
  - type: http
    namespace: servicenow-claims
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: claim-records
      path: /table/u_claims_investigation
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams-claims
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Coordinates RFP responses by pulling requirements from Ariba, gathering costs from SAP, and distributing tasks via ServiceNow and Teams.

naftiko: '0.5'
info:
  label: SAP Ariba RFP Response Coordinator
  description: Coordinates RFP responses by pulling requirements from Ariba, gathering costs from SAP, and distributing tasks via ServiceNow and Teams.
  tags:
  - procurement
  - sap-ariba
  - sap
  - servicenow
  - collaboration
capability:
  exposes:
  - type: mcp
    namespace: rfp-ops
    port: 8080
    tools:
    - name: coordinate-rfp
      description: Given an Ariba RFP event ID, pull requirements, get SAP costs, create a ServiceNow task, and notify procurement.
      inputParameters:
      - name: rfp_event_id
        in: body
        type: string
        description: Ariba event ID.
      - name: deadline
        in: body
        type: string
        description: Response deadline.
      - name: procurement_channel_id
        in: body
        type: string
        description: Teams channel.
      steps:
      - name: get-rfp
        type: call
        call: ariba.get-event
        with:
          event_id: '{{rfp_event_id}}'
      - name: get-costs
        type: call
        call: sap.get-cost-estimate
        with:
          category: '{{get-rfp.category}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'RFP: {{rfp_event_id}} — Due {{deadline}}'
          description: 'Category: {{get-rfp.category}}'
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{procurement_channel_id}}'
          text: 'RFP: {{rfp_event_id}} — {{get-rfp.category}}. Deadline: {{deadline}}. Task: {{create-task.number}}'
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/sourcing/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: events
      path: /events/{{event_id}}
      operations:
      - name: get-event
        method: GET
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_PRODUCT_COST_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: costs
      path: /A_ProductCostEstimate
      operations:
      - name: get-cost-estimate
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_rfp_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      operations:
      - name: post-channel
        method: POST

When a Datadog SLO breach is detected, creates a ServiceNow incident, pages on-call via PagerDuty, and posts to the reliability channel.

naftiko: '0.5'
info:
  label: Datadog SLO Breach Incident Handler
  description: When a Datadog SLO breach is detected, creates a ServiceNow incident, pages on-call via PagerDuty, and posts to the reliability channel.
  tags:
  - insurance
  - sre
  - datadog
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: sre-ops
    port: 8080
    tools:
    - name: handle-slo-breach
      description: Given an SLO name and current SLI value, create a ServiceNow incident, trigger a PagerDuty alert, and notify the SRE channel in Teams.
      inputParameters:
      - name: slo_name
        in: body
        type: string
        description: SLO name.
      - name: sli_value
        in: body
        type: number
        description: Current SLI value.
      - name: service_name
        in: body
        type: string
        description: Affected service.
      - name: sre_channel_id
        in: body
        type: string
        description: SRE Teams channel.
      steps:
      - name: create-incident
        type: call
        call: snow.create-incident
        with:
          short_description: 'SLO breach: {{slo_name}} — {{service_name}}'
          description: 'SLI: {{sli_value}}%'
          priority: '2'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: sre-team
          title: 'SLO breach: {{slo_name}} ({{sli_value}}%)'
      - name: notify-channel
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{sre_channel_id}}'
          text: 'SLO Breach: {{slo_name}} — {{service_name}} at {{sli_value}}%. SNOW: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Generates a quarterly financial report by querying Snowflake for KPIs, refreshing Power BI dashboards, and distributing via email to the executive team.

naftiko: '0.5'
info:
  label: Quarterly Financial Report Generator
  description: Generates a quarterly financial report by querying Snowflake for KPIs, refreshing Power BI dashboards, and distributing via email to the executive team.
  tags:
  - insurance
  - finance
  - analytics
  - snowflake
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: finance-reporting
    port: 8080
    tools:
    - name: generate-financial-report
      description: Given a reporting quarter, query Snowflake for financial KPIs, trigger a Power BI refresh, and email the report link to executives.
      inputParameters:
      - name: quarter
        in: body
        type: string
        description: Reporting quarter.
      - name: exec_dl
        in: body
        type: string
        description: Executive distribution list email.
      steps:
      - name: query-kpis
        type: call
        call: snowflake.run-query
        with:
          query: SELECT * FROM financial_kpis WHERE quarter='{{quarter}}'
      - name: refresh-pbi
        type: call
        call: powerbi.trigger-refresh
        with:
          datasetId: financial-dashboard
      - name: send-report
        type: call
        call: msgraph.send-mail
        with:
          to: '{{exec_dl}}'
          subject: Financial Report — {{quarter}}
          body: 'Revenue: {{query-kpis.revenue}} | Expenses: {{query-kpis.expenses}}. Dashboard refreshed.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{datasetId}}/refreshes
      inputParameters:
      - name: datasetId
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@aig.com/sendMail
      operations:
      - name: send-mail
        method: POST

Sends benefits open enrollment reminders by querying Workday for incomplete enrollments, sending emails via Microsoft Graph, and logging in ServiceNow.

naftiko: '0.5'
info:
  label: Workday Benefits Enrollment Reminder Workflow
  description: Sends benefits open enrollment reminders by querying Workday for incomplete enrollments, sending emails via Microsoft Graph, and logging in ServiceNow.
  tags:
  - insurance
  - hr
  - benefits
  - workday
  - microsoft-graph
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: benefits-ops
    port: 8080
    tools:
    - name: send-enrollment-reminders
      description: Given an enrollment period and deadline, query Workday for incomplete enrollments, send reminder emails, and log the outreach in ServiceNow.
      inputParameters:
      - name: enrollment_period
        in: body
        type: string
        description: Enrollment period.
      - name: deadline_date
        in: body
        type: string
        description: Deadline in YYYY-MM-DD.
      steps:
      - name: get-incomplete
        type: call
        call: workday.get-incomplete-enrollment
        with:
          period: '{{enrollment_period}}'
      - name: send-reminders
        type: call
        call: msgraph.send-bulk-mail
        with:
          subject: Benefits Enrollment Deadline {{deadline_date}}
          body: Please complete enrollment by {{deadline_date}}.
      - name: log-outreach
        type: call
        call: snow.create-task
        with:
          short_description: 'Benefits reminders: {{enrollment_period}}'
          description: 'Incomplete: {{get-incomplete.count}} | Deadline: {{deadline_date}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Benefits/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: enrollment
      path: /benefit-elections?status=incomplete
      operations:
      - name: get-incomplete-enrollment
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/benefits@aig.com/sendMail
      operations:
      - name: send-bulk-mail
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_benefits_task
      operations:
      - name: create-task
        method: POST

When an employee termination is processed in Workday, deactivates their Okta account, closes open ServiceNow access requests, and deactivates their Salesforce user.

naftiko: '0.5'
info:
  label: Okta Employee Access Deprovisioning
  description: When an employee termination is processed in Workday, deactivates their Okta account, closes open ServiceNow access requests, and deactivates their Salesforce user.
  tags:
  - hr
  - offboarding
  - okta
  - workday
  - identity
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: deprovision-terminated-employee
      description: Given a terminated employee's Workday ID, Okta user ID, and Salesforce user ID, deactivate Okta, close open ServiceNow requests, and deactivate Salesforce. Use immediately upon processing a termination to prevent unauthorized access to AIG systems.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID of the terminated employee.
      - name: okta_user_id
        in: body
        type: string
        description: Okta user ID to deactivate.
      - name: salesforce_user_id
        in: body
        type: string
        description: Salesforce user ID to deactivate.
      steps:
      - name: deactivate-okta
        type: call
        call: okta-offboard.deactivate-user
        with:
          user_id: '{{okta_user_id}}'
      - name: close-snow-requests
        type: call
        call: servicenow-offboard.close-requests
        with:
          employee_id: '{{workday_employee_id}}'
      - name: deactivate-sf-user
        type: call
        call: salesforce-offboard.update-user
        with:
          user_id: '{{salesforce_user_id}}'
          is_active: 'false'
  consumes:
  - type: http
    namespace: okta-offboard
    baseUri: https://aig.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_token
      placement: header
    resources:
    - name: user-lifecycle
      path: /users/{{user_id}}/lifecycle/deactivate
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: deactivate-user
        method: POST
  - type: http
    namespace: servicenow-offboard
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: close-requests
        method: PATCH
  - type: http
    namespace: salesforce-offboard
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: users
      path: /sobjects/User/{{user_id}}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: update-user
        method: PATCH

Retrieves the current on-call engineer for a PagerDuty schedule.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Schedule Lookup
  description: Retrieves the current on-call engineer for a PagerDuty schedule.
  tags:
  - insurance
  - it-operations
  - pagerduty
  - incident-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: incident-ops
    port: 8080
    tools:
    - name: get-on-call
      description: Given a PagerDuty schedule ID, return the currently on-call user name and email.
      inputParameters:
      - name: schedule_id
        in: body
        type: string
        description: PagerDuty schedule ID.
      call: pagerduty.get-oncall
      with:
        schedule_id: '{{schedule_id}}'
      outputParameters:
      - name: user_name
        type: string
        mapping: $.oncalls[0].user.name
      - name: user_email
        type: string
        mapping: $.oncalls[0].user.email
  consumes:
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incident-ops
      path: /{{id}}
      operations:
      - name: get-oncall
        method: GET

Coordinates return-to-work by pulling medical status from Salesforce, updating Workday leave records, and notifying the employer via Teams.

naftiko: '0.5'
info:
  label: Workers Comp Return-to-Work Workflow
  description: Coordinates return-to-work by pulling medical status from Salesforce, updating Workday leave records, and notifying the employer via Teams.
  tags:
  - insurance
  - workers-compensation
  - claims
  - workday
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: wc-ops
    port: 8080
    tools:
    - name: coordinate-rtw
      description: Given a WC claim number and employee ID, pull medical clearance from Salesforce, update Workday leave, and notify the employer.
      inputParameters:
      - name: claim_number
        in: body
        type: string
        description: WC claim number.
      - name: employee_id
        in: body
        type: string
        description: Employee ID.
      - name: employer_upn
        in: body
        type: string
        description: Employer HR contact UPN.
      steps:
      - name: get-medical
        type: call
        call: sf.get-claim-medical
        with:
          claim_number: '{{claim_number}}'
      - name: update-leave
        type: call
        call: workday.update-leave
        with:
          employee_id: '{{employee_id}}'
          status: Return Approved
      - name: notify-employer
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{employer_upn}}'
          text: 'RTW approved: Claim {{claim_number}} — Employee {{employee_id}}. Clearance: {{get-medical.clearance_date}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: claims
      path: /sobjects/WC_Claim__c/ClaimNumber__c/{{claim_number}}
      operations:
      - name: get-claim-medical
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/aig/Absence_Management/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: leaves
      path: /leave-of-absence/{{employee_id}}
      operations:
      - name: update-leave
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Retrieves vendor master data from SAP by vendor number, returning company name, payment terms, and tax ID.

naftiko: '0.5'
info:
  label: SAP Vendor Master Data Lookup
  description: Retrieves vendor master data from SAP by vendor number, returning company name, payment terms, and tax ID.
  tags:
  - insurance
  - finance
  - sap
  - procurement
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: vendor-ops
    port: 8080
    tools:
    - name: get-vendor
      description: Given an SAP vendor number, return the vendor name, payment terms, and tax ID.
      inputParameters:
      - name: vendor_number
        in: body
        type: string
        description: SAP vendor account number.
      call: sap.get-vendor
      with:
        Supplier: '{{vendor_number}}'
      outputParameters:
      - name: vendor_name
        type: string
        mapping: $.d.SupplierName
      - name: payment_terms
        type: string
        mapping: $.d.PaymentTerms
  consumes:
  - namespace: sap
    type: http
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: vendor-ops
      path: /{{id}}
      operations:
      - name: get-vendor
        method: GET

Searches Confluence for a knowledge article by keyword and returns the page title, space, and URL.

naftiko: '0.5'
info:
  label: Confluence Knowledge Article Search
  description: Searches Confluence for a knowledge article by keyword and returns the page title, space, and URL.
  tags:
  - insurance
  - knowledge-management
  - confluence
  - documentation
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: km-ops
    port: 8080
    tools:
    - name: search-article
      description: Given a keyword, search Confluence for matching articles and return the top result title, space, and URL.
      inputParameters:
      - name: keyword
        in: body
        type: string
        description: Search keyword.
      call: confluence.search-content
      with:
        cql: type=page AND title~{{keyword}}
      outputParameters:
      - name: title
        type: string
        mapping: $.results[0].title
      - name: space
        type: string
        mapping: $.results[0].space.name
  consumes:
  - namespace: confluence
    type: http
    baseUri: https://aig.atlassian.net/wiki/rest/api
    authentication:
      type: bearer
      token: $secrets.confluence_api_token
    resources:
    - name: km-ops
      path: /{{id}}
      operations:
      - name: search-content
        method: GET

Monitors Snowflake data pipeline tasks for the claims analytics warehouse, logs failures to Datadog, and creates Jira tickets for the data engineering team.

naftiko: '0.5'
info:
  label: Snowflake Claims Analytics Pipeline Monitoring
  description: Monitors Snowflake data pipeline tasks for the claims analytics warehouse, logs failures to Datadog, and creates Jira tickets for the data engineering team.
  tags:
  - data
  - snowflake
  - datadog
  - analytics
  - claims
capability:
  exposes:
  - type: mcp
    namespace: claims-analytics-ops
    port: 8080
    tools:
    - name: check-claims-pipeline-health
      description: Query Snowflake task history for pipeline failures in the claims analytics database, log failures to Datadog, and open Jira tickets for data engineering. Use daily to ensure the claims and actuarial data pipelines are running correctly.
      inputParameters:
      - name: lookback_hours
        in: body
        type: integer
        description: Hours of pipeline history to scan.
      - name: jira_project_key
        in: body
        type: string
        description: Jira project key for data engineering tickets.
      steps:
      - name: get-failed-tasks
        type: call
        call: snowflake.get-task-failures
        with:
          lookback_hours: '{{lookback_hours}}'
      - name: log-to-datadog
        type: call
        call: datadog-dw.create-event
        with:
          title: Snowflake claims pipeline failures
          text: 'Failed tasks: {{get-failed-tasks.task_names}}'
          alert_type: error
      - name: create-jira
        type: call
        call: jira-data.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Bug
          summary: Claims pipeline failures — {{get-failed-tasks.task_count}} tasks
          description: 'Tasks: {{get-failed-tasks.task_names}} | Datadog: {{log-to-datadog.url}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: task-history
      path: /databases/CLAIMS_ANALYTICS/schemas/PUBLIC/tasks/history
      inputParameters:
      - name: lookback_hours
        in: query
      operations:
      - name: get-task-failures
        method: GET
  - type: http
    namespace: datadog-dw
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: jira-data
    baseUri: https://aig.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Processes a data subject access request by searching Salesforce and Snowflake for personal data, compiling results, and logging in ServiceNow.

naftiko: '0.5'
info:
  label: Data Privacy Subject Access Request Handler
  description: Processes a data subject access request by searching Salesforce and Snowflake for personal data, compiling results, and logging in ServiceNow.
  tags:
  - insurance
  - compliance
  - data-privacy
  - salesforce
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: privacy-ops
    port: 8080
    tools:
    - name: process-dsar
      description: Given a data subject email, search for personal data across Salesforce and Snowflake, log the DSAR in ServiceNow, and notify the privacy officer via Teams.
      inputParameters:
      - name: subject_email
        in: body
        type: string
        description: Data subject email.
      - name: request_type
        in: body
        type: string
        description: 'DSAR type: access, deletion.'
      - name: privacy_officer_upn
        in: body
        type: string
        description: UPN of privacy officer.
      steps:
      - name: search-sf
        type: call
        call: sf.search-person
        with:
          email: '{{subject_email}}'
      - name: search-snowflake
        type: call
        call: snowflake.search-pii
        with:
          email: '{{subject_email}}'
      - name: log-dsar
        type: call
        call: snow.create-dsar
        with:
          short_description: 'DSAR: {{request_type}} — {{subject_email}}'
          description: 'SF: {{search-sf.record_count}} | Snowflake: {{search-snowflake.record_count}}'
      - name: notify-officer
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{privacy_officer_upn}}'
          text: 'DSAR: {{request_type}} for {{subject_email}}. SF: {{search-sf.record_count}}, SF: {{search-snowflake.record_count}}. SNOW: {{log-dsar.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: search
      path: /parameterizedSearch/?q={{email}}
      inputParameters:
      - name: email
        in: query
      operations:
      - name: search-person
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: search-pii
        method: POST
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: dsar
      path: /table/u_dsar_request
      operations:
      - name: create-dsar
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Looks up an SAP S/4HANA purchase order by number and returns header status, vendor, and total value for the finance or procurement team.

naftiko: '0.5'
info:
  label: SAP Purchase Order Status Lookup
  description: Looks up an SAP S/4HANA purchase order by number and returns header status, vendor, and total value for the finance or procurement team.
  tags:
  - finance
  - procurement
  - erp
  - sap
capability:
  exposes:
  - type: mcp
    namespace: erp-finance
    port: 8080
    tools:
    - name: get-purchase-order
      description: Given a SAP purchase order number, return the PO status, vendor name, total amount, and currency. Use when procurement or AP teams need to verify PO status before approving a vendor invoice.
      inputParameters:
      - name: po_number
        in: body
        type: string
        description: SAP purchase order number, e.g. '4500012345'.
      call: sap-erp.get-po
      with:
        po_number: '{{po_number}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.d.OverallStatus
      - name: vendor
        type: string
        mapping: $.d.Supplier.CompanyName
      - name: total_amount
        type: string
        mapping: $.d.TotalAmount
      - name: currency
        type: string
        mapping: $.d.TransactionCurrency
  consumes:
  - type: http
    namespace: sap-erp
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET

Triggers a Power BI dataset refresh for the claims performance dashboard and notifies the claims leadership team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Power BI Claims Dashboard Refresh
  description: Triggers a Power BI dataset refresh for the claims performance dashboard and notifies the claims leadership team in Microsoft Teams.
  tags:
  - analytics
  - power-bi
  - claims
  - reporting
  - insurance
capability:
  exposes:
  - type: mcp
    namespace: claims-reporting
    port: 8080
    tools:
    - name: refresh-claims-dashboard
      description: Given a Power BI dataset ID and claims leadership Teams channel, trigger a dataset refresh and post a notification when complete. Use each morning before claims leadership review meetings.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset ID for the claims dashboard.
      - name: claims_channel_id
        in: body
        type: string
        description: Claims leadership Teams channel ID.
      steps:
      - name: trigger-refresh
        type: call
        call: powerbi.trigger-refresh
        with:
          dataset_id: '{{dataset_id}}'
      - name: notify-claims-team
        type: call
        call: msteams-claims-rpt.post-channel-message
        with:
          channel_id: '{{claims_channel_id}}'
          text: 'Claims dashboard refresh triggered (dataset {{dataset_id}}). Refresh ID: {{trigger-refresh.refreshId}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msteams-claims-rpt
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Responds to AKS scaling alerts by checking Datadog metrics, triggering node pool scaling via Azure, and notifying the platform team in Teams.

naftiko: '0.5'
info:
  label: Azure Kubernetes Cluster Scaling Handler
  description: Responds to AKS scaling alerts by checking Datadog metrics, triggering node pool scaling via Azure, and notifying the platform team in Teams.
  tags:
  - insurance
  - devops
  - kubernetes
  - azure
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: platform-ops
    port: 8080
    tools:
    - name: handle-aks-scaling
      description: Given an AKS cluster name and CPU utilization, check Datadog metrics, scale Azure node pool, and notify platform team in Teams.
      inputParameters:
      - name: cluster_name
        in: body
        type: string
        description: AKS cluster name.
      - name: cpu_utilization
        in: body
        type: number
        description: CPU utilization percentage.
      - name: platform_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: check-metrics
        type: call
        call: datadog.get-cluster-metrics
        with:
          cluster: '{{cluster_name}}'
      - name: scale-nodes
        type: call
        call: azure.scale-nodepool
        with:
          cluster: '{{cluster_name}}'
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{platform_channel_id}}'
          text: 'AKS scaling: {{cluster_name}} — CPU: {{cpu_utilization}}%. Trend: {{check-metrics.trend}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query?query=kubernetes.cpu.usage{{cluster}}
      inputParameters:
      - name: cluster
        in: query
      operations:
      - name: get-cluster-metrics
        method: GET
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: nodepools
      path: /subscriptions/{{subId}}/resourceGroups/aks-rg/providers/Microsoft.ContainerService/managedClusters/{{cluster}}/agentPools/default
      inputParameters:
      - name: cluster
        in: path
      operations:
      - name: scale-nodepool
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Manages IT asset retirement by updating the ServiceNow CMDB, revoking Okta access, and logging disposal in SAP fixed assets.

naftiko: '0.5'
info:
  label: IT Asset Lifecycle Retirement Workflow
  description: Manages IT asset retirement by updating the ServiceNow CMDB, revoking Okta access, and logging disposal in SAP fixed assets.
  tags:
  - insurance
  - it-operations
  - asset-management
  - servicenow
  - okta
  - sap
capability:
  exposes:
  - type: mcp
    namespace: asset-ops
    port: 8080
    tools:
    - name: retire-it-asset
      description: Given a CI name and asset tag, mark as retired in ServiceNow CMDB, revoke Okta access, create SAP disposal entry, and notify IT manager in Teams.
      inputParameters:
      - name: ci_name
        in: body
        type: string
        description: ServiceNow CI name.
      - name: asset_tag
        in: body
        type: string
        description: Asset tag number.
      - name: it_manager_upn
        in: body
        type: string
        description: UPN of IT asset manager.
      steps:
      - name: retire-cmdb
        type: call
        call: snow.update-ci-status
        with:
          ci_name: '{{ci_name}}'
          status: Retired
      - name: revoke-access
        type: call
        call: okta.remove-app-assignment
        with:
          app_label: '{{ci_name}}'
      - name: log-disposal
        type: call
        call: sap.create-disposal
        with:
          asset_number: '{{asset_tag}}'
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{it_manager_upn}}'
          text: 'Asset retired: {{ci_name}} ({{asset_tag}}). CMDB updated, access revoked.'
  consumes:
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cmdb
      path: /table/cmdb_ci?sysparm_query=name={{ci_name}}
      inputParameters:
      - name: ci_name
        in: query
      operations:
      - name: update-ci-status
        method: PATCH
  - type: http
    namespace: okta
    baseUri: https://aig.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: apps
      path: /apps?q={{app_label}}
      inputParameters:
      - name: app_label
        in: query
      operations:
      - name: remove-app-assignment
        method: DELETE
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_FIXEDASSET_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: disposals
      path: /A_FixedAsset
      operations:
      - name: create-disposal
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Scores cyber risk by checking security posture, pulling claims history from Snowflake, and updating Salesforce with the score.

naftiko: '0.5'
info:
  label: Cyber Insurance Risk Scoring Workflow
  description: Scores cyber risk by checking security posture, pulling claims history from Snowflake, and updating Salesforce with the score.
  tags:
  - insurance
  - cyber
  - underwriting
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: cyber-uw
    port: 8080
    tools:
    - name: score-cyber-risk
      description: Given an applicant domain, run a security posture check, pull cyber claims data from Snowflake, and update Salesforce.
      inputParameters:
      - name: applicant_domain
        in: body
        type: string
        description: Applicant domain.
      - name: policy_number
        in: body
        type: string
        description: Policy number.
      - name: underwriter_upn
        in: body
        type: string
        description: Underwriter UPN.
      steps:
      - name: scan-posture
        type: call
        call: security-scan.check-domain
        with:
          domain: '{{applicant_domain}}'
      - name: get-history
        type: call
        call: snowflake.query-cyber-claims
        with:
          domain: '{{applicant_domain}}'
      - name: update-record
        type: call
        call: sf.update-risk-score
        with:
          policy_number: '{{policy_number}}'
          score: '{{scan-posture.score}}'
      - name: notify-uw
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{underwriter_upn}}'
          text: 'Cyber risk: {{applicant_domain}} — Score: {{scan-posture.score}}/100 | Losses: {{get-history.loss_count}}'
  consumes:
  - type: http
    namespace: security-scan
    baseUri: https://api.securityscorecard.io
    authentication:
      type: bearer
      token: $secrets.securityscorecard_token
    resources:
    - name: domains
      path: /companies/{{domain}}/score
      operations:
      - name: check-domain
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://aig.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-cyber-claims
        method: POST
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: policies
      path: /sobjects/InsurancePolicy__c/PolicyNumber__c/{{policy_number}}
      operations:
      - name: update-risk-score
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Processes a claims payment by validating the claim in Salesforce, creating a payment in SAP, and notifying the adjuster via Teams.

naftiko: '0.5'
info:
  label: Claims Payment Processing Workflow
  description: Processes a claims payment by validating the claim in Salesforce, creating a payment in SAP, and notifying the adjuster via Teams.
  tags:
  - insurance
  - claims
  - finance
  - salesforce
  - sap
capability:
  exposes:
  - type: mcp
    namespace: payment-ops
    port: 8080
    tools:
    - name: process-claims-payment
      description: Given a claim number and payment amount, validate in Salesforce, create an SAP payment, and notify the adjuster.
      inputParameters:
      - name: claim_number
        in: body
        type: string
        description: Claim number.
      - name: payment_amount
        in: body
        type: number
        description: Payment amount.
      - name: adjuster_upn
        in: body
        type: string
        description: Adjuster UPN.
      steps:
      - name: validate
        type: call
        call: sf.get-claim-status
        with:
          claim_number: '{{claim_number}}'
      - name: create-payment
        type: call
        call: sap-fi.post-payment
        with:
          claim_number: '{{claim_number}}'
          amount: '{{payment_amount}}'
      - name: notify-adjuster
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{adjuster_upn}}'
          text: 'Payment: Claim {{claim_number}} — ${{payment_amount}}. SAP: {{create-payment.document_number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: claims
      path: /sobjects/Case/CaseNumber/{{claim_number}}
      inputParameters:
      - name: claim_number
        in: path
      operations:
      - name: get-claim-status
        method: GET
  - type: http
    namespace: sap
    baseUri: https://aig-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: payments
      path: /A_JournalEntry
      operations:
      - name: post-payment
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Performs a vendor risk assessment by pulling vendor details from SAP Ariba, checking compliance in ServiceNow GRC, and notifying procurement via Teams.

naftiko: '0.5'
info:
  label: Third-Party Vendor Risk Assessment Workflow
  description: Performs a vendor risk assessment by pulling vendor details from SAP Ariba, checking compliance in ServiceNow GRC, and notifying procurement via Teams.
  tags:
  - insurance
  - procurement
  - risk-management
  - sap-ariba
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: vendor-risk
    port: 8080
    tools:
    - name: assess-vendor-risk
      description: Given a vendor ID, retrieve the vendor profile from SAP Ariba, check GRC compliance in ServiceNow, and send the risk summary to procurement in Teams.
      inputParameters:
      - name: vendor_id
        in: body
        type: string
        description: SAP Ariba supplier ID.
      - name: procurement_lead_upn
        in: body
        type: string
        description: UPN of procurement lead.
      steps:
      - name: get-vendor
        type: call
        call: ariba.get-supplier
        with:
          vendorId: '{{vendor_id}}'
      - name: check-grc
        type: call
        call: snow.get-compliance
        with:
          vendor_name: '{{get-vendor.SupplierName}}'
      - name: notify-lead
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{procurement_lead_upn}}'
          text: 'Vendor Risk: {{get-vendor.SupplierName}} — GRC: {{check-grc.compliance_status}} | Score: {{check-grc.risk_score}}'
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/supplier-management/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: suppliers
      path: /suppliers/{{vendorId}}
      inputParameters:
      - name: vendorId
        in: path
      operations:
      - name: get-supplier
        method: GET
  - type: http
    namespace: snow
    baseUri: https://aig.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: grc
      path: /table/sn_grc_profile?sysparm_query=name={{vendor_name}}
      inputParameters:
      - name: vendor_name
        in: query
      operations:
      - name: get-compliance
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves Okta privileged group membership, refreshes a Power BI certification report, and emails the security team for access review.

naftiko: '0.5'
info:
  label: Okta Privileged Access Quarterly Certification
  description: Retrieves Okta privileged group membership, refreshes a Power BI certification report, and emails the security team for access review.
  tags:
  - identity
  - security
  - okta
  - compliance
  - access-review
capability:
  exposes:
  - type: mcp
    namespace: access-cert
    port: 8080
    tools:
    - name: run-privileged-access-certification
      description: Given an Okta privileged group ID, retrieve current membership, trigger a Power BI report refresh, and email the security team the certification report for review. Use quarterly for regulatory compliance access reviews.
      inputParameters:
      - name: okta_group_id
        in: body
        type: string
        description: Okta privileged group ID to certify.
      - name: pbi_dataset_id
        in: body
        type: string
        description: Power BI dataset ID for access certification reports.
      - name: security_team_email
        in: body
        type: string
        description: Security team email for the certification.
      steps:
      - name: get-group-users
        type: call
        call: okta-cert.get-group-members
        with:
          group_id: '{{okta_group_id}}'
      - name: refresh-pbi-cert
        type: call
        call: powerbi-cert.trigger-refresh
        with:
          dataset_id: '{{pbi_dataset_id}}'
      - name: send-cert-report
        type: call
        call: msgraph-cert.send-email
        with:
          to: '{{security_team_email}}'
          subject: Quarterly Access Certification — Okta Group {{okta_group_id}}
          body: Group {{okta_group_id}} has {{get-group-users.total_count}} members. Review in Power BI and certify or revoke access.
  consumes:
  - type: http
    namespace: okta-cert
    baseUri: https://aig.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_token
      placement: header
    resources:
    - name: group-members
      path: /groups/{{group_id}}/users
      inputParameters:
      - name: group_id
        in: path
      operations:
      - name: get-group-members
        method: GET
  - type: http
    namespace: powerbi-cert
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph-cert
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /users/{{sender}}/sendMail
      operations:
      - name: send-email
        method: POST

Retrieves the status of a DocuSign envelope by ID, returning signing status and sent date.

naftiko: '0.5'
info:
  label: DocuSign Envelope Tracking Lookup
  description: Retrieves the status of a DocuSign envelope by ID, returning signing status and sent date.
  tags:
  - insurance
  - legal
  - docusign
  - document-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: doc-ops
    port: 8080
    tools:
    - name: get-envelope-status
      description: Given a DocuSign envelope ID, return the status, sent date, and recipient count.
      inputParameters:
      - name: envelope_id
        in: body
        type: string
        description: DocuSign envelope ID.
      call: docusign.get-envelope
      with:
        envelopeId: '{{envelope_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: sent_date
        type: string
        mapping: $.sentDateTime
  consumes:
  - namespace: docusign
    type: http
    baseUri: https://na4.docusign.net/restapi/v2.1
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: doc-ops
      path: /{{id}}
      operations:
      - name: get-envelope
        method: GET

Retrieves a summary of open claims from Salesforce by line of business, returning total count and average age.

naftiko: '0.5'
info:
  label: Salesforce Claims Pipeline Summary
  description: Retrieves a summary of open claims from Salesforce by line of business, returning total count and average age.
  tags:
  - insurance
  - claims
  - salesforce
  - analytics
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: claims-analytics
    port: 8080
    tools:
    - name: get-claims-summary
      description: Given a line of business, return the total open claim count and average claim age in days.
      inputParameters:
      - name: line_of_business
        in: body
        type: string
        description: Insurance line of business.
      call: sf.query-claims-summary
      with:
        lob: '{{line_of_business}}'
      outputParameters:
      - name: total_open
        type: integer
        mapping: $.totalSize
      - name: avg_age_days
        type: number
        mapping: $.records[0].Avg_Age__c
  consumes:
  - namespace: sf
    type: http
    baseUri: https://aig.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: claims
      path: /query/?q=SELECT+COUNT(Id)+FROM+Case+WHERE+LOB__c='{{lob}}'
      operations:
      - name: query-claims-summary
        method: GET

At the start of a financial period close, generates a period-end close checklist in ServiceNow, assigns tasks to the finance team via Teams, and monitors SAP for posting period status.

naftiko: '0.5'
info:
  label: SAP Period-End Financial Close Checklist
  description: At the start of a financial period close, generates a period-end close checklist in ServiceNow, assigns tasks to the finance team via Teams, and monitors SAP for posting period status.
  tags:
  - finance
  - erp
  - sap
  - servicenow
  - microsoft-teams
  - period-close
capability:
  exposes:
  - type: mcp
    namespace: finance-close
    port: 8080
    tools:
    - name: trigger-period-close
      description: Given a SAP company code and fiscal period, check the SAP posting period status, generate a ServiceNow close checklist task, and notify the finance controller group in Teams. Invoke at the start of each month-end close cycle.
      inputParameters:
      - name: company_code
        type: string
        description: The SAP company code, e.g. '1000' for Allianz SE.
      - name: fiscal_year
        type: string
        description: The fiscal year, e.g. '2025'.
      - name: fiscal_period
        type: string
        description: The fiscal period number, e.g. '12' for December.
      steps:
      - name: get-posting-period
        type: call
        call: sap.get-posting-period
        with:
          CompanyCode: '{{company_code}}'
          FiscalYear: '{{fiscal_year}}'
          FiscalPeriod: '{{fiscal_period}}'
      - name: create-checklist
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Period-end close checklist: {{company_code}} FY{{fiscal_year}}-P{{fiscal_period}}'
          description: 'SAP posting period status: {{get-posting-period.PostingPeriodStatus}}

            Company code: {{company_code}}

            Period: {{fiscal_period}} / {{fiscal_year}}

            Close activities: 1) Reconcile sub-ledgers 2) Post accruals 3) Run foreign currency valuation 4) Execute balance sheet reclassification'
          assignment_group: Finance_Controllers
      - name: notify-finance
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.finance_channel_id
          text: 'Period-end close initiated: {{company_code}} FY{{fiscal_year}}-P{{fiscal_period}} | SAP status: {{get-posting-period.PostingPeriodStatus}} | ServiceNow checklist: {{create-checklist.number}}'
  consumes:
  - namespace: sap
    type: http
    baseUri: https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNALENTRYITEMBASIC_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_pass
    resources:
    - name: posting-periods
      path: /A_CompanyCode('{CompanyCode}')
      inputParameters:
      - name: CompanyCode
        in: path
      - name: FiscalYear
        in: query
      - name: FiscalPeriod
        in: query
      operations:
      - name: get-posting-period
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When an employee's role or department changes in Workday, updates their Microsoft 365 group memberships and raises a ServiceNow task for IT to review any privileged access changes.

naftiko: '0.5'
info:
  label: Workday Role Change Access Provisioning
  description: When an employee's role or department changes in Workday, updates their Microsoft 365 group memberships and raises a ServiceNow task for IT to review any privileged access changes.
  tags:
  - hr
  - identity
  - workday
  - microsoft-365
  - servicenow
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: iam-provisioning
    port: 8080
    tools:
    - name: sync-role-change-access
      description: Given a Workday employee ID, old role, and new role, fetch the employee's Microsoft 365 object ID, update their group memberships to reflect the new role, and create a ServiceNow access review task for IT security. Invoke when a Workday business process for position or department change completes.
      inputParameters:
      - name: employee_id
        type: string
        description: The Workday worker ID of the employee whose role has changed.
      - name: old_role
        type: string
        description: The employee's previous role or job title, e.g. 'Claims Analyst'.
      - name: new_role
        type: string
        description: The employee's new role or job title, e.g. 'Senior Claims Manager'.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: update-group-membership
        type: call
        call: msgraph.add-group-member
        with:
          group_display_name: '{{new_role}}-Access'
          user_id: '{{get-worker.azure_object_id}}'
      - name: create-review-task
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Access review: role change for {{get-worker.display_name}}'
          description: 'Employee: {{get-worker.display_name}}

            Previous role: {{old_role}}

            New role: {{new_role}}

            Action taken: M365 group updated to {{new_role}}-Access. Please review and revoke legacy privileged access.'
          assignment_group: IT_Security
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: msgraph
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: group-members
      path: /groups/{group_id}/members/$ref
      inputParameters:
      - name: group_id
        in: path
      operations:
      - name: add-group-member
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST

Queries Workday for current active headcount by department and cost center, then pushes the snapshot to a Snowflake table for downstream BI and workforce planning analytics.

naftiko: '0.5'
info:
  label: Workday Headcount Snapshot
  description: Queries Workday for current active headcount by department and cost center, then pushes the snapshot to a Snowflake table for downstream BI and workforce planning analytics.
  tags:
  - hr
  - analytics
  - workday
  - snowflake
  - reporting
  - headcount
capability:
  exposes:
  - type: mcp
    namespace: hr-reporting
    port: 8080
    tools:
    - name: snapshot-headcount
      description: Fetch current active employee headcount segmented by department from Workday, then insert the snapshot record into the Snowflake HR_ANALYTICS.HEADCOUNT_SNAPSHOTS table. Invoke on a daily or weekly schedule for workforce planning.
      inputParameters:
      - name: as_of_date
        type: string
        description: Snapshot date in ISO 8601 format (YYYY-MM-DD). Determines the reference date for the Workday query.
      steps:
      - name: get-headcount
        type: call
        call: workday.get-workers-report
        with:
          effectiveDate: '{{as_of_date}}'
          status: Active
      - name: write-snapshot
        type: call
        call: snowflake.execute-statement
        with:
          statement: INSERT INTO HR_ANALYTICS.HEADCOUNT_SNAPSHOTS SELECT '{{as_of_date}}' AS snapshot_date, department, COUNT(*) AS headcount FROM STAGING.WORKDAY_WORKERS GROUP BY department
          database: ALLIANZ_DW
          schema: HR_ANALYTICS
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers-report
      path: /workers
      inputParameters:
      - name: effectiveDate
        in: query
      - name: status
        in: query
      operations:
      - name: get-workers-report
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://allianz.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST

Executes a Snowflake stored procedure to refresh the insurance KPI materialized views, then triggers a Power BI dataset refresh so dashboards reflect the latest data.

naftiko: '0.5'
info:
  label: Snowflake BI Refresh and Power BI Dataset Push
  description: Executes a Snowflake stored procedure to refresh the insurance KPI materialized views, then triggers a Power BI dataset refresh so dashboards reflect the latest data.
  tags:
  - data
  - analytics
  - snowflake
  - power-bi
  - bi-refresh
  - insurance
capability:
  exposes:
  - type: mcp
    namespace: bi-ops
    port: 8080
    tools:
    - name: refresh-bi-datasets
      description: Given a Snowflake stored procedure name and a Power BI dataset ID, execute the Snowflake refresh procedure and then trigger a Power BI dataset refresh. Invoke after nightly ETL completion or before scheduled executive report delivery.
      inputParameters:
      - name: snowflake_procedure
        type: string
        description: The fully qualified Snowflake stored procedure to call, e.g. 'REPORTING.REFRESH_INSURANCE_KPIS()'.
      - name: powerbi_group_id
        type: string
        description: The Power BI workspace (group) ID containing the dataset to refresh.
      - name: powerbi_dataset_id
        type: string
        description: The Power BI dataset ID to trigger a refresh on.
      steps:
      - name: run-snowflake-refresh
        type: call
        call: snowflake.execute-statement
        with:
          statement: CALL {{snowflake_procedure}}
          database: ALLIANZ_DW
          schema: REPORTING
      - name: trigger-powerbi-refresh
        type: call
        call: powerbi.trigger-refresh
        with:
          group_id: '{{powerbi_group_id}}'
          dataset_id: '{{powerbi_dataset_id}}'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://allianz.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - namespace: powerbi
    type: http
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /groups/{group_id}/datasets/{dataset_id}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST

Fetches the latest LinkedIn Campaign Manager analytics for Allianz's employer brand campaigns and posts a weekly engagement digest to the HR marketing Teams channel.

naftiko: '0.5'
info:
  label: LinkedIn Employer Brand Campaign Digest
  description: Fetches the latest LinkedIn Campaign Manager analytics for Allianz's employer brand campaigns and posts a weekly engagement digest to the HR marketing Teams channel.
  tags:
  - marketing
  - hr
  - linkedin
  - microsoft-teams
  - reporting
  - employer-brand
capability:
  exposes:
  - type: mcp
    namespace: employer-brand
    port: 8080
    tools:
    - name: digest-linkedin-campaigns
      description: Given a LinkedIn ad account ID and date range, fetch campaign performance metrics (impressions, clicks, applications, CTR) for employer brand campaigns and post a formatted digest to the HR marketing Teams channel. Invoke weekly on Monday mornings.
      inputParameters:
      - name: ad_account_id
        type: string
        description: The LinkedIn Campaign Manager ad account URN, e.g. 'urn:li:sponsoredAccount:12345678'.
      - name: date_range_start
        type: string
        description: Start date for the reporting period in YYYY-MM-DD format.
      - name: date_range_end
        type: string
        description: End date for the reporting period in YYYY-MM-DD format.
      steps:
      - name: get-campaign-analytics
        type: call
        call: linkedin.get-ad-analytics
        with:
          q: analytics
          pivot: CAMPAIGN
          dateRange.start.year: '{{date_range_start}}'
          dateRange.end.year: '{{date_range_end}}'
          accounts: '{{ad_account_id}}'
          fields: impressions,clicks,costInLocalCurrency,externalWebsiteConversions
      - name: post-digest
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.hr_marketing_channel_id
          text: 'LinkedIn Employer Brand Weekly Digest ({{date_range_start}} – {{date_range_end}}): {{get-campaign-analytics.elements.length}} campaigns tracked. See full analytics in Campaign Manager.'
  consumes:
  - namespace: linkedin
    type: http
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: ad-analytics
      path: /adAnalyticsV2
      inputParameters:
      - name: q
        in: query
      - name: pivot
        in: query
      - name: accounts
        in: query
      - name: fields
        in: query
      operations:
      - name: get-ad-analytics
        method: GET
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When a Datadog monitor fires for an application error rate spike, automatically creates a Jira bug with full observability context including monitor query, alert value, and affected service tags.

naftiko: '0.5'
info:
  label: Jira Bug Triage from Datadog Alert
  description: When a Datadog monitor fires for an application error rate spike, automatically creates a Jira bug with full observability context including monitor query, alert value, and affected service tags.
  tags:
  - devops
  - observability
  - datadog
  - jira
  - bug-triage
capability:
  exposes:
  - type: mcp
    namespace: alert-triage
    port: 8080
    tools:
    - name: create-bug-from-alert
      description: Given a Datadog monitor ID and triggered alert value, fetch the monitor definition, create a Jira Bug in the appropriate project with full alert context, and return the Jira issue key. Invoke when Datadog fires a monitor for application error rate or latency SLO violations.
      inputParameters:
      - name: monitor_id
        type: string
        description: The Datadog monitor ID that fired the alert.
      - name: alert_value
        type: number
        description: The metric value that triggered the alert, e.g. 12.5 for 12.5% error rate.
      - name: service_name
        type: string
        description: The name of the affected service, e.g. 'claims-api'.
      steps:
      - name: get-monitor
        type: call
        call: datadog.get-monitor
        with:
          monitor_id: '{{monitor_id}}'
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[Alert] {{service_name}}: {{get-monitor.name}}'
          description: 'Monitor: {{get-monitor.name}}

            Triggered value: {{alert_value}}

            Monitor query: {{get-monitor.query}}

            Service: {{service_name}}

            Datadog monitor ID: {{monitor_id}}

            Threshold: {{get-monitor.options.thresholds.critical}}'
      outputParameters:
      - name: jira_key
        type: string
  consumes:
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitors
      path: /monitor/{monitor_id}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - namespace: jira
    type: http
    baseUri: https://allianz.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

When a pull request is opened against a protected branch in GitHub, triggers a Datadog static analysis check and blocks merge if critical vulnerabilities are detected, posting findings to the PR and a Teams channel.

naftiko: '0.5'
info:
  label: GitHub Pull Request Security Gate
  description: When a pull request is opened against a protected branch in GitHub, triggers a Datadog static analysis check and blocks merge if critical vulnerabilities are detected, posting findings to the PR and a Teams channel.
  tags:
  - devops
  - security
  - github
  - datadog
  - microsoft-teams
  - code-quality
capability:
  exposes:
  - type: mcp
    namespace: devops-security
    port: 8080
    tools:
    - name: run-pr-security-gate
      description: Given a GitHub repository, PR number, and commit SHA, fetch PR details, query Datadog for static analysis findings on the commit, post a summary comment to the PR, and notify the security channel in Teams if critical issues are found. Invoke on pull_request opened and synchronize events.
      inputParameters:
      - name: repo_owner
        type: string
        description: GitHub organization or owner, e.g. 'allianz'.
      - name: repo_name
        type: string
        description: GitHub repository name, e.g. 'claims-service'.
      - name: pr_number
        type: integer
        description: The pull request number.
      - name: commit_sha
        type: string
        description: The head commit SHA of the pull request.
      steps:
      - name: get-pr
        type: call
        call: github.get-pull-request
        with:
          owner: '{{repo_owner}}'
          repo: '{{repo_name}}'
          pull_number: '{{pr_number}}'
      - name: get-findings
        type: call
        call: datadog.get-ci-pipeline-events
        with:
          filter_query: ci_level:pipeline @git.commit.sha:{{commit_sha}} @git.repository_url:*{{repo_name}}
      - name: post-pr-comment
        type: call
        call: github.create-pr-comment
        with:
          owner: '{{repo_owner}}'
          repo: '{{repo_name}}'
          issue_number: '{{pr_number}}'
          body: 'Security gate results for {{commit_sha}}: {{get-findings.data.length}} pipeline events found. Branch: {{get-pr.head.ref}}'
  consumes:
  - namespace: github
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pull-requests
      path: /repos/{owner}/{repo}/pulls/{pull_number}
      inputParameters:
      - name: owner
        in: path
      - name: repo
        in: path
      - name: pull_number
        in: path
      operations:
      - name: get-pull-request
        method: GET
    - name: pr-comments
      path: /repos/{owner}/{repo}/issues/{issue_number}/comments
      inputParameters:
      - name: owner
        in: path
      - name: repo
        in: path
      - name: issue_number
        in: path
      operations:
      - name: create-pr-comment
        method: POST
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: ci-pipeline-events
      path: /events
      inputParameters:
      - name: filter_query
        in: query
      operations:
      - name: get-ci-pipeline-events
        method: GET

Queries Workday for the latest employee engagement survey results by business unit, computes satisfaction scores, and posts a pulse digest to the HR leadership Teams channel.

naftiko: '0.5'
info:
  label: Employee Satisfaction Survey Pulse
  description: Queries Workday for the latest employee engagement survey results by business unit, computes satisfaction scores, and posts a pulse digest to the HR leadership Teams channel.
  tags:
  - hr
  - workday
  - microsoft-teams
  - employee-engagement
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: hr-engagement
    port: 8080
    tools:
    - name: digest-engagement-pulse
      description: Given a Workday survey run ID, fetch engagement survey results segmented by business unit, compute average scores, and post a formatted pulse digest to the HR leadership Teams channel. Invoke after each survey window closes in Workday.
      inputParameters:
      - name: survey_run_id
        type: string
        description: The Workday engagement survey run ID to retrieve results for.
      steps:
      - name: get-survey-results
        type: call
        call: workday.get-survey-results
        with:
          surveyRunId: '{{survey_run_id}}'
      - name: post-pulse-digest
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.hr_leadership_channel_id
          text: 'Employee Engagement Pulse — Survey Run {{survey_run_id}}: Results retrieved from Workday. {{get-survey-results.totalResponses}} responses collected. Review full breakdown in Workday People Analytics.'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: survey-results
      path: /surveyRuns/{surveyRunId}/results
      inputParameters:
      - name: surveyRunId
        in: path
      operations:
      - name: get-survey-results
        method: GET
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Queries Salesforce for insurance policies approaching their renewal date, enriches each with the customer's claims history from ServiceNow, and creates renewal opportunity records back in Salesforce.

naftiko: '0.5'
info:
  label: Policy Renewal Opportunity Sync
  description: Queries Salesforce for insurance policies approaching their renewal date, enriches each with the customer's claims history from ServiceNow, and creates renewal opportunity records back in Salesforce.
  tags:
  - insurance
  - sales
  - crm
  - salesforce
  - servicenow
  - renewal
capability:
  exposes:
  - type: mcp
    namespace: policy-renewals
    port: 8080
    tools:
    - name: sync-renewal-opportunities
      description: Given a renewal look-ahead window in days, query Salesforce for expiring policies, enrich each with the customer's open claim count from ServiceNow, and upsert a renewal Opportunity in Salesforce. Invoke on a daily schedule or on demand.
      inputParameters:
      - name: days_ahead
        type: integer
        description: Number of days ahead to look for expiring policies, e.g. 30 or 60.
      steps:
      - name: get-expiring-policies
        type: call
        call: salesforce-query.run-soql
        with:
          query: SELECT Id, Name, AccountId, ExpirationDate__c FROM InsurancePolicy__c WHERE ExpirationDate__c = NEXT_N_DAYS:{{days_ahead}}
      - name: get-open-claims
        type: call
        call: servicenow.list-incidents
        with:
          sysparm_query: state=1^category=insurance_claim
          sysparm_fields: caller_id,number,priority
      - name: create-opportunities
        type: call
        call: salesforce-write.create-opportunity
        with:
          name: Renewal - {{get-expiring-policies.Name}}
          account_id: '{{get-expiring-policies.AccountId}}'
          close_date: '{{get-expiring-policies.ExpirationDate__c}}'
          stage_name: Renewal Prospecting
          open_claims: '{{get-open-claims.total_count}}'
  consumes:
  - namespace: salesforce-query
    type: http
    baseUri: https://allianz.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      inputParameters:
      - name: query
        in: query
      operations:
      - name: run-soql
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      inputParameters:
      - name: sysparm_query
        in: query
      - name: sysparm_fields
        in: query
      operations:
      - name: list-incidents
        method: GET
  - namespace: salesforce-write
    type: http
    baseUri: https://allianz.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity
      operations:
      - name: create-opportunity
        method: POST

Scans all repositories in the Allianz GitHub organization for secret scanning alerts and Dependabot vulnerabilities, then creates Jira tickets for critical findings and posts a summary to the security Teams channel.

naftiko: '0.5'
info:
  label: GitHub Repository Security Audit
  description: Scans all repositories in the Allianz GitHub organization for secret scanning alerts and Dependabot vulnerabilities, then creates Jira tickets for critical findings and posts a summary to the security Teams channel.
  tags:
  - devops
  - security
  - github
  - jira
  - microsoft-teams
  - vulnerability-management
capability:
  exposes:
  - type: mcp
    namespace: security-audit
    port: 8080
    tools:
    - name: audit-repo-security
      description: Given a GitHub organization name and repository name, fetch all open Dependabot critical vulnerability alerts and secret scanning alerts, create a Jira security ticket for each critical finding, and post a consolidated audit summary to the Teams security channel. Invoke weekly or after a new repository is created.
      inputParameters:
      - name: org
        type: string
        description: The GitHub organization name, e.g. 'allianz'.
      - name: repo
        type: string
        description: The GitHub repository name to audit.
      steps:
      - name: get-dependabot-alerts
        type: call
        call: github.list-dependabot-alerts
        with:
          owner: '{{org}}'
          repo: '{{repo}}'
          severity: critical
          state: open
      - name: get-secret-alerts
        type: call
        call: github.list-secret-scanning-alerts
        with:
          owner: '{{org}}'
          repo: '{{repo}}'
          state: open
      - name: create-security-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: SEC
          issuetype: Security Vulnerability
          summary: 'Security Audit: {{org}}/{{repo}} — critical findings'
          description: 'Critical Dependabot alerts: {{get-dependabot-alerts.length}}

            Secret scanning alerts: {{get-secret-alerts.length}}

            Repository: {{org}}/{{repo}}

            Review and remediate all findings immediately.'
      - name: notify-security-team
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.security_channel_id
          text: 'Security Audit Complete: {{org}}/{{repo}} | Critical vulns: {{get-dependabot-alerts.length}} | Secret alerts: {{get-secret-alerts.length}} | Jira: {{create-security-ticket.key}}'
  consumes:
  - namespace: github
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: dependabot-alerts
      path: /repos/{owner}/{repo}/dependabot/alerts
      inputParameters:
      - name: owner
        in: path
      - name: repo
        in: path
      - name: severity
        in: query
      - name: state
        in: query
      operations:
      - name: list-dependabot-alerts
        method: GET
    - name: secret-scanning-alerts
      path: /repos/{owner}/{repo}/secret-scanning/alerts
      inputParameters:
      - name: owner
        in: path
      - name: repo
        in: path
      - name: state
        in: query
      operations:
      - name: list-secret-scanning-alerts
        method: GET
  - namespace: jira
    type: http
    baseUri: https://allianz.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Given a policy document stored in SharePoint, retrieves the document content, sends it to an AI model for summarization, and returns a structured key-terms summary for agent or advisor use.

naftiko: '0.5'
info:
  label: Insurance Policy Document Summarizer
  description: Given a policy document stored in SharePoint, retrieves the document content, sends it to an AI model for summarization, and returns a structured key-terms summary for agent or advisor use.
  tags:
  - insurance
  - ai
  - sharepoint
  - document-management
  - summarization
capability:
  exposes:
  - type: mcp
    namespace: policy-intelligence
    port: 8080
    tools:
    - name: summarize-policy-document
      description: Given a SharePoint site ID and document item ID for an insurance policy document, retrieve the file content, send it to the Anthropic API for structured summarization, and return a key-terms summary including coverage limits, exclusions, and renewal date. Use when an advisor or agent needs a quick policy overview.
      inputParameters:
      - name: site_id
        type: string
        description: The SharePoint site ID where the policy document is stored.
      - name: item_id
        type: string
        description: The SharePoint drive item ID of the policy document.
      steps:
      - name: get-document
        type: call
        call: sharepoint.get-file-content
        with:
          site_id: '{{site_id}}'
          item_id: '{{item_id}}'
      - name: summarize
        type: call
        call: anthropic.create-message
        with:
          model: claude-opus-4-5
          max_tokens: 1024
          system: 'You are an insurance policy analyst. Extract and summarize: coverage limits, exclusions, premium amount, renewal date, and policyholder obligations. Return as structured JSON.'
          content: '{{get-document.content}}'
  consumes:
  - namespace: sharepoint
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /sites/{site_id}/drive/items/{item_id}/content
      inputParameters:
      - name: site_id
        in: path
      - name: item_id
        in: path
      operations:
      - name: get-file-content
        method: GET
  - namespace: anthropic
    type: http
    baseUri: https://api.anthropic.com/v1
    authentication:
      type: apikey
      key: x-api-key
      value: $secrets.anthropic_api_key
      placement: header
    resources:
    - name: messages
      path: /messages
      operations:
      - name: create-message
        method: POST

When a vendor invoice is received in SAP S/4HANA, validates it against the purchase order, routes it for approval via ServiceNow, and notifies the responsible finance contact via Teams.

naftiko: '0.5'
info:
  label: SAP Invoice Processing and Approval
  description: When a vendor invoice is received in SAP S/4HANA, validates it against the purchase order, routes it for approval via ServiceNow, and notifies the responsible finance contact via Teams.
  tags:
  - finance
  - erp
  - sap
  - servicenow
  - microsoft-teams
  - invoice-processing
capability:
  exposes:
  - type: mcp
    namespace: finance-ops
    port: 8080
    tools:
    - name: process-invoice
      description: Given a SAP invoice document number, fetch invoice and PO details, create a ServiceNow approval task for the finance controller, and notify the approver via Teams. Invoke when a new vendor invoice document is posted in SAP.
      inputParameters:
      - name: invoice_number
        type: string
        description: The SAP FI invoice document number, e.g. 5100012345.
      - name: company_code
        type: string
        description: The SAP company code, e.g. 1000 for Allianz SE.
      steps:
      - name: get-invoice
        type: call
        call: sap.get-invoice
        with:
          InvoiceDocument: '{{invoice_number}}'
          CompanyCode: '{{company_code}}'
      - name: create-approval-task
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Invoice approval required: {{invoice_number}}'
          description: 'Vendor: {{get-invoice.SupplierName}}

            Amount: {{get-invoice.InvoiceGrossAmount}} {{get-invoice.DocumentCurrency}}

            PO: {{get-invoice.PurchaseOrder}}'
          assignment_group: Finance_Controllers
      - name: notify-approver
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-invoice.AccountingClerk}}@allianz.com'
          text: 'Invoice {{invoice_number}} from {{get-invoice.SupplierName}} for {{get-invoice.InvoiceGrossAmount}} {{get-invoice.DocumentCurrency}} requires your approval. ServiceNow task: {{create-approval-task.number}}'
  consumes:
  - namespace: sap
    type: http
    baseUri: https://allianz-s4.sap.com/sap/opu/odata/sap/API_SUPPLIER_INVOICE_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_pass
    resources:
    - name: invoices
      path: /A_SupplierInvoice(InvoiceDocument='{InvoiceDocument}',FiscalYear='')
      inputParameters:
      - name: InvoiceDocument
        in: path
      - name: CompanyCode
        in: query
      operations:
      - name: get-invoice
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chats
      path: /chats
      operations:
      - name: send-message
        method: POST

Fetches the current health status of all monitored Allianz infrastructure hosts from Datadog and returns a structured snapshot for use in status reports or automated runbooks.

naftiko: '0.5'
info:
  label: Datadog Infrastructure Health Dashboard Snapshot
  description: Fetches the current health status of all monitored Allianz infrastructure hosts from Datadog and returns a structured snapshot for use in status reports or automated runbooks.
  tags:
  - observability
  - datadog
  - monitoring
  - infrastructure
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: infra-monitoring
    port: 8080
    tools:
    - name: get-infra-health-snapshot
      description: Fetch the current status of all monitored hosts from Datadog filtered by environment tag, returning host counts by status (up, down, muted). Use when generating infrastructure health reports or evaluating deployment readiness.
      inputParameters:
      - name: environment
        type: string
        description: The environment tag to filter hosts by, e.g. 'production', 'staging'.
      call: datadog.list-hosts
      with:
        filter: env:{{environment}}
      outputParameters:
      - name: total_hosts
        type: number
        mapping: $.total_matching
      - name: active_hosts
        type: number
        mapping: $.total_active
  consumes:
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: hosts
      path: /hosts
      inputParameters:
      - name: filter
        in: query
      operations:
      - name: list-hosts
        method: GET

When a Salesforce NPS survey response is submitted with a detractor score, creates a Salesforce task for the account owner to follow up and posts a notification to the customer success Teams channel.

naftiko: '0.5'
info:
  label: Salesforce NPS Survey Follow-Up
  description: When a Salesforce NPS survey response is submitted with a detractor score, creates a Salesforce task for the account owner to follow up and posts a notification to the customer success Teams channel.
  tags:
  - crm
  - sales
  - salesforce
  - microsoft-teams
  - nps
  - customer-success
capability:
  exposes:
  - type: mcp
    namespace: customer-success
    port: 8080
    tools:
    - name: handle-nps-detractor
      description: Given a Salesforce NPS survey response ID and score, retrieve the survey response and account details, create a follow-up task assigned to the account owner, and post a notification to the customer success Teams channel. Invoke when an NPS score below 7 is recorded in Salesforce.
      inputParameters:
      - name: survey_response_id
        type: string
        description: The Salesforce Survey Response record ID.
      - name: nps_score
        type: integer
        description: The NPS score submitted by the customer (0–6 for detractors).
      steps:
      - name: get-response
        type: call
        call: salesforce-read.get-survey-response
        with:
          record_id: '{{survey_response_id}}'
      - name: create-followup-task
        type: call
        call: salesforce-write.create-task
        with:
          subject: 'NPS Detractor Follow-Up: Score {{nps_score}}'
          whatId: '{{get-response.AccountId}}'
          ownerId: '{{get-response.AccountOwnerId}}'
          activity_date: TODAY+3
          description: 'Customer submitted NPS score {{nps_score}}. Feedback: {{get-response.Comments__c}}'
      - name: notify-cs-team
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.customer_success_channel_id
          text: 'NPS Detractor Alert: Account {{get-response.AccountName}} scored {{nps_score}}. Follow-up task created for {{get-response.AccountOwnerName}}. Feedback: {{get-response.Comments__c}}'
  consumes:
  - namespace: salesforce-read
    type: http
    baseUri: https://allianz.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: survey-responses
      path: /sobjects/SurveyResponse/{record_id}
      inputParameters:
      - name: record_id
        in: path
      operations:
      - name: get-survey-response
        method: GET
  - namespace: salesforce-write
    type: http
    baseUri: https://allianz.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: tasks
      path: /sobjects/Task
      operations:
      - name: create-task
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Given a Salesforce Account ID, fetches the customer's full profile, open claims from ServiceNow, and active policies, then updates the Salesforce account with a consolidated risk score and notes field.

naftiko: '0.5'
info:
  label: Salesforce Customer 360 Enrichment
  description: Given a Salesforce Account ID, fetches the customer's full profile, open claims from ServiceNow, and active policies, then updates the Salesforce account with a consolidated risk score and notes field.
  tags:
  - crm
  - sales
  - salesforce
  - servicenow
  - customer-360
  - insurance
capability:
  exposes:
  - type: mcp
    namespace: crm-enrichment
    port: 8080
    tools:
    - name: enrich-customer-account
      description: Given a Salesforce Account ID, retrieve the account record, fetch open ServiceNow claims for the customer, and update the Salesforce account with a risk score and claims summary. Use when preparing for customer renewal meetings or account reviews.
      inputParameters:
      - name: account_id
        type: string
        description: The Salesforce Account ID for the customer to enrich.
      steps:
      - name: get-account
        type: call
        call: salesforce-read.get-account
        with:
          account_id: '{{account_id}}'
      - name: get-claims
        type: call
        call: servicenow.list-claims
        with:
          sysparm_query: caller_id.email={{get-account.PersonEmail}}^state!=7
          sysparm_fields: number,short_description,priority,state
      - name: update-account
        type: call
        call: salesforce-write.update-account
        with:
          account_id: '{{account_id}}'
          open_claims_count: '{{get-claims.total_count}}'
          risk_notes: 'Open claims: {{get-claims.total_count}} as of last enrichment'
  consumes:
  - namespace: salesforce-read
    type: http
    baseUri: https://allianz.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      inputParameters:
      - name: sysparm_query
        in: query
      - name: sysparm_fields
        in: query
      operations:
      - name: list-claims
        method: GET
  - namespace: salesforce-write
    type: http
    baseUri: https://allianz.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-account
        method: PATCH

When a ServiceNow change request is submitted for production infrastructure, validates the change window, creates a linked Jira ticket for engineering sign-off, and notifies the CAB approvers via Teams.

naftiko: '0.5'
info:
  label: Change Management Approval Workflow
  description: When a ServiceNow change request is submitted for production infrastructure, validates the change window, creates a linked Jira ticket for engineering sign-off, and notifies the CAB approvers via Teams.
  tags:
  - itsm
  - change-management
  - servicenow
  - jira
  - microsoft-teams
  - approval
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: submit-change-for-approval
      description: Given a ServiceNow change request number, retrieve the change details, create a linked Jira issue for the engineering team to review, and notify the Change Advisory Board (CAB) channel in Teams with the change summary and scheduled window. Invoke when a normal or emergency change is submitted for CAB review.
      inputParameters:
      - name: change_number
        type: string
        description: The ServiceNow change request number, e.g. CHG0012345.
      steps:
      - name: get-change
        type: call
        call: servicenow.get-change-request
        with:
          number: '{{change_number}}'
      - name: create-jira-review
        type: call
        call: jira.create-issue
        with:
          project_key: OPS
          issuetype: Change Review
          summary: 'CAB Review: {{get-change.short_description}}'
          description: 'ServiceNow: {{change_number}}

            Risk: {{get-change.risk}}

            Impact: {{get-change.impact}}

            Scheduled start: {{get-change.start_date}}

            Scheduled end: {{get-change.end_date}}

            Implementation plan: {{get-change.implementation_plan}}'
      - name: notify-cab
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.cab_channel_id
          text: 'CAB REVIEW REQUIRED: {{change_number}} | {{get-change.short_description}} | Risk: {{get-change.risk}} | Window: {{get-change.start_date}} → {{get-change.end_date}} | Jira: {{create-jira-review.key}}'
  consumes:
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: change-requests
      path: /table/change_request
      inputParameters:
      - name: number
        in: query
      operations:
      - name: get-change-request
        method: GET
  - namespace: jira
    type: http
    baseUri: https://allianz.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Runs data quality validation queries against key insurance data tables in Snowflake and raises a ServiceNow incident when row counts, null rates, or referential integrity checks fall outside acceptable thresholds.

naftiko: '0.5'
info:
  label: Snowflake Data Quality Monitor
  description: Runs data quality validation queries against key insurance data tables in Snowflake and raises a ServiceNow incident when row counts, null rates, or referential integrity checks fall outside acceptable thresholds.
  tags:
  - data
  - analytics
  - snowflake
  - servicenow
  - data-quality
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: run-data-quality-check
      description: Given a Snowflake table name and schema, execute a suite of data quality validation queries (row count, null rate, referential integrity) and open a ServiceNow incident if any check fails. Invoke on a daily schedule after ETL pipeline completion.
      inputParameters:
      - name: table_name
        type: string
        description: The fully qualified Snowflake table name to validate, e.g. CLAIMS.FACT_CLAIMS.
      - name: min_row_count
        type: integer
        description: Minimum expected row count; an incident is raised if the actual count falls below this value.
      steps:
      - name: check-row-count
        type: call
        call: snowflake.execute-statement
        with:
          statement: SELECT COUNT(*) AS row_count FROM {{table_name}}
          database: ALLIANZ_DW
          schema: PUBLIC
      - name: open-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Data quality failure: {{table_name}} row count below threshold'
          description: 'Table: {{table_name}}

            Actual row count: {{check-row-count.results[0].data[0]}}

            Minimum expected: {{min_row_count}}

            Check time: now'
          category: data_engineering
          urgency: '2'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://allianz.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Compares the current payroll run totals from Workday against the prior period baseline in Snowflake, and raises a ServiceNow incident if any variance exceeds the configured threshold.

naftiko: '0.5'
info:
  label: Workday Payroll Variance Detector
  description: Compares the current payroll run totals from Workday against the prior period baseline in Snowflake, and raises a ServiceNow incident if any variance exceeds the configured threshold.
  tags:
  - hr
  - finance
  - payroll
  - workday
  - snowflake
  - servicenow
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: payroll-ops
    port: 8080
    tools:
    - name: detect-payroll-variance
      description: Given a Workday payroll run ID and variance threshold percentage, fetch the current payroll totals, compare against the prior period stored in Snowflake, and open a ServiceNow incident if variance exceeds the threshold. Invoke after each payroll calculation run completes.
      inputParameters:
      - name: payroll_run_id
        type: string
        description: The Workday payroll run ID to validate.
      - name: variance_threshold_pct
        type: number
        description: Maximum acceptable variance percentage between current and prior period, e.g. 5.0 for 5%.
      steps:
      - name: get-payroll-run
        type: call
        call: workday.get-payroll-run
        with:
          runId: '{{payroll_run_id}}'
      - name: get-prior-period
        type: call
        call: snowflake.execute-statement
        with:
          statement: SELECT total_gross_pay FROM PAYROLL.RUN_HISTORY ORDER BY run_date DESC LIMIT 1
          database: ALLIANZ_DW
          schema: PAYROLL
      - name: open-variance-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Payroll variance detected: run {{payroll_run_id}}'
          description: 'Current run gross pay: {{get-payroll-run.totalGrossPay}}

            Prior period: {{get-prior-period.results[0].data[0]}}

            Threshold: {{variance_threshold_pct}}%

            Immediate review required before payroll submission.'
          category: payroll
          urgency: '1'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: payroll-runs
      path: /payrollRuns/{runId}
      inputParameters:
      - name: runId
        in: path
      operations:
      - name: get-payroll-run
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://allianz.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Retrieves a purchase order from SAP S/4HANA by PO number and returns the header details, line items, and current approval status for use in downstream approvals or reporting.

naftiko: '0.5'
info:
  label: SAP Purchase Order Lookup
  description: Retrieves a purchase order from SAP S/4HANA by PO number and returns the header details, line items, and current approval status for use in downstream approvals or reporting.
  tags:
  - finance
  - erp
  - sap
  - procurement
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: get-purchase-order
      description: Given a SAP purchase order number, fetch the PO header and line item details from SAP S/4HANA including supplier, total amount, currency, and approval status. Use when an agent or user needs to review or validate a PO before approval or payment.
      inputParameters:
      - name: purchase_order
        type: string
        description: The SAP purchase order number, e.g. 4500012345.
      call: sap.get-po
      with:
        PurchaseOrder: '{{purchase_order}}'
      outputParameters:
      - name: supplier_name
        type: string
        mapping: $.SupplierName
      - name: total_net_amount
        type: number
        mapping: $.NetPaymentAmount
      - name: currency
        type: string
        mapping: $.DocumentCurrency
      - name: status
        type: string
        mapping: $.ProcessingStatus
  consumes:
  - namespace: sap
    type: http
    baseUri: https://allianz-s4.sap.com/sap/opu/odata/sap/API_PURCHASEORDER_PROCESS_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_pass
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{PurchaseOrder}')
      inputParameters:
      - name: PurchaseOrder
        in: path
      operations:
      - name: get-po
        method: GET

Queries Salesforce for the current quarter's open opportunities by stage and owner, computes a weighted pipeline forecast, and posts the digest to the sales leadership Teams channel.

naftiko: '0.5'
info:
  label: Salesforce Pipeline Forecast Digest
  description: Queries Salesforce for the current quarter's open opportunities by stage and owner, computes a weighted pipeline forecast, and posts the digest to the sales leadership Teams channel.
  tags:
  - sales
  - crm
  - salesforce
  - microsoft-teams
  - forecasting
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: sales-forecasting
    port: 8080
    tools:
    - name: digest-pipeline-forecast
      description: Query Salesforce for all open opportunities closing in the current quarter, compute the weighted forecast by stage probability, and post a pipeline summary to the sales leadership Teams channel. Invoke weekly or before sales review meetings.
      inputParameters:
      - name: fiscal_quarter
        type: string
        description: The fiscal quarter filter for Salesforce SOQL, e.g. 'THIS_QUARTER'.
      steps:
      - name: get-opportunities
        type: call
        call: salesforce.run-soql
        with:
          q: SELECT Name, StageName, Amount, Probability, Owner.Name, CloseDate FROM Opportunity WHERE IsClosed = false AND CloseDate = {{fiscal_quarter}} ORDER BY Amount DESC
      - name: post-forecast
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.sales_leadership_channel_id
          text: 'Pipeline Forecast Digest ({{fiscal_quarter}}): {{get-opportunities.totalSize}} open opportunities. Top opportunities retrieved from Salesforce. Review full forecast in Salesforce Reports.'
  consumes:
  - namespace: salesforce
    type: http
    baseUri: https://allianz.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      inputParameters:
      - name: q
        in: query
      operations:
      - name: run-soql
        method: GET
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When an employee separation is recorded in Workday, revokes Microsoft 365 access, closes all open ServiceNow tickets assigned to the employee, and notifies the IT security team via Teams.

naftiko: '0.5'
info:
  label: Employee Offboarding Workflow
  description: When an employee separation is recorded in Workday, revokes Microsoft 365 access, closes all open ServiceNow tickets assigned to the employee, and notifies the IT security team via Teams.
  tags:
  - hr
  - offboarding
  - workday
  - servicenow
  - microsoft-teams
  - identity
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: trigger-offboarding
      description: Given a Workday employee ID and termination date, revoke Microsoft 365 access, close open ServiceNow tickets, and alert the IT security team in Teams. Invoke when an employee separation is confirmed in Workday.
      inputParameters:
      - name: employee_id
        type: string
        description: The Workday worker ID of the departing employee.
      - name: termination_date
        type: string
        description: Effective termination date in ISO 8601 format (YYYY-MM-DD).
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: revoke-access
        type: call
        call: msgraph.disable-user
        with:
          user_id: '{{get-worker.azure_object_id}}'
          account_enabled: 'false'
      - name: close-tickets
        type: call
        call: servicenow.close-user-tickets
        with:
          caller_id: '{{get-worker.work_email}}'
          close_notes: 'Auto-closed: employee separation effective {{termination_date}}'
      - name: notify-security
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.security_channel_id
          text: 'Offboarding complete for {{get-worker.display_name}} ({{get-worker.work_email}}). M365 access revoked. Open tickets closed. Effective: {{termination_date}}'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: msgraph
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{user_id}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: disable-user
        method: PATCH
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: close-user-tickets
        method: PATCH
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account, and sends a Teams welcome message.

naftiko: '0.5'
info:
  label: New Hire Onboarding Orchestrator
  description: When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account, and sends a Teams welcome message.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-onboarding
      description: Given a Workday employee ID and start date, orchestrate the full new-hire onboarding sequence across ServiceNow, Microsoft Graph, and Microsoft Teams. Invoke when a new hire record becomes active in Workday.
      inputParameters:
      - name: employee_id
        type: string
        description: 'The Workday worker ID for the new hire. Format: WD-XXXXXXX.'
      - name: start_date
        type: string
        description: The employee's first day of work in ISO 8601 format (YYYY-MM-DD).
      - name: department
        type: string
        description: The department or business unit the new hire is joining, e.g. 'Claims Operations'.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: create-ticket
        type: call
        call: servicenow.create-incident
        with:
          category: hr_onboarding
          short_description: 'New hire onboarding: {{get-worker.display_name}}'
          assignment_group: IT_Onboarding
          due_date: '{{start_date}}'
      - name: provision-account
        type: call
        call: msgraph.create-user
        with:
          display_name: '{{get-worker.display_name}}'
          mail_nickname: '{{get-worker.user_login}}'
          department: '{{department}}'
      - name: send-welcome
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-worker.work_email}}'
          text: Welcome to Allianz, {{get-worker.first_name}}! Your IT onboarding ticket is {{create-ticket.number}}. Your Microsoft 365 account is ready.
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: msgraph
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chats
      path: /chats
      operations:
      - name: send-message
        method: POST

When Datadog detects an AWS cost anomaly, fetches the anomaly details, creates a ServiceNow change request to investigate, and notifies the cloud FinOps team via Teams.

naftiko: '0.5'
info:
  label: Cloud Cost Anomaly Responder
  description: When Datadog detects an AWS cost anomaly, fetches the anomaly details, creates a ServiceNow change request to investigate, and notifies the cloud FinOps team via Teams.
  tags:
  - cloud
  - finops
  - datadog
  - servicenow
  - microsoft-teams
  - aws
  - cost-management
capability:
  exposes:
  - type: mcp
    namespace: cloud-ops
    port: 8080
    tools:
    - name: handle-cost-anomaly
      description: Given a Datadog cost anomaly alert ID and the affected AWS account ID, fetch anomaly details, open a ServiceNow change request for FinOps investigation, and notify the cloud cost management channel in Teams. Invoke when a Datadog cost anomaly monitor triggers.
      inputParameters:
      - name: monitor_id
        type: string
        description: The Datadog monitor ID that triggered the cost anomaly alert.
      - name: aws_account_id
        type: string
        description: The AWS account ID where the anomaly was detected.
      - name: estimated_overage_usd
        type: number
        description: Estimated cost overage in USD detected by the anomaly alert.
      steps:
      - name: get-monitor
        type: call
        call: datadog.get-monitor
        with:
          monitor_id: '{{monitor_id}}'
      - name: open-change-request
        type: call
        call: servicenow.create-change-request
        with:
          short_description: 'AWS Cost Anomaly: {{get-monitor.name}} — est. overage ${{estimated_overage_usd}}'
          description: 'AWS Account: {{aws_account_id}}

            Monitor: {{get-monitor.name}}

            Estimated overage: ${{estimated_overage_usd}}

            Query: {{get-monitor.query}}'
          type: normal
          category: Cloud Cost Management
      - name: notify-finops
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.finops_channel_id
          text: 'COST ANOMALY: AWS account {{aws_account_id}} | Monitor: {{get-monitor.name}} | Est. overage: ${{estimated_overage_usd}} | ServiceNow: {{open-change-request.number}}'
  consumes:
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitors
      path: /monitor/{monitor_id}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Fetches completed sprint data from Jira, calculates team velocity metrics, and publishes a sprint summary to the engineering leadership Teams channel.

naftiko: '0.5'
info:
  label: Jira Sprint Velocity Report
  description: Fetches completed sprint data from Jira, calculates team velocity metrics, and publishes a sprint summary to the engineering leadership Teams channel.
  tags:
  - devops
  - jira
  - microsoft-teams
  - reporting
  - agile
capability:
  exposes:
  - type: mcp
    namespace: devops-reporting
    port: 8080
    tools:
    - name: publish-sprint-velocity
      description: Given a Jira board ID and sprint ID, retrieve the sprint report including completed story points and issue counts, then post a formatted velocity summary to the engineering leadership Teams channel. Invoke at sprint close or on demand.
      inputParameters:
      - name: board_id
        type: integer
        description: The Jira Scrum board ID, e.g. 42.
      - name: sprint_id
        type: integer
        description: The Jira sprint ID to report on.
      steps:
      - name: get-sprint
        type: call
        call: jira.get-sprint
        with:
          sprintId: '{{sprint_id}}'
      - name: get-sprint-issues
        type: call
        call: jira.get-sprint-issues
        with:
          sprintId: '{{sprint_id}}'
          jql: sprint = {{sprint_id}} AND status = Done
      - name: post-report
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.eng_leadership_channel_id
          text: 'Sprint Report: {{get-sprint.name}} | Completed: {{get-sprint-issues.total}} issues | State: {{get-sprint.state}} | Goal: {{get-sprint.goal}}'
  consumes:
  - namespace: jira
    type: http
    baseUri: https://allianz.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: sprints
      path: /sprint/{sprintId}
      inputParameters:
      - name: sprintId
        in: path
      operations:
      - name: get-sprint
        method: GET
    - name: sprint-issues
      path: /search
      inputParameters:
      - name: jql
        in: query
      operations:
      - name: get-sprint-issues
        method: GET
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When a GitHub release is published, fetches the merged pull requests since the last release, generates structured release notes using an AI model, and posts them to the engineering Teams channel.

naftiko: '0.5'
info:
  label: GitHub Deployment Release Notes Generator
  description: When a GitHub release is published, fetches the merged pull requests since the last release, generates structured release notes using an AI model, and posts them to the engineering Teams channel.
  tags:
  - devops
  - github
  - ai
  - microsoft-teams
  - release-management
capability:
  exposes:
  - type: mcp
    namespace: release-ops
    port: 8080
    tools:
    - name: generate-release-notes
      description: Given a GitHub repository, release tag, and prior tag, fetch all merged pull requests between the two tags, generate structured release notes via OpenAI, and post the release notes to the engineering Teams channel. Invoke when a new GitHub release is published.
      inputParameters:
      - name: repo_owner
        type: string
        description: The GitHub organization or owner name, e.g. 'allianz'.
      - name: repo_name
        type: string
        description: The GitHub repository name.
      - name: release_tag
        type: string
        description: The new release tag, e.g. 'v2.5.0'.
      - name: prior_tag
        type: string
        description: The previous release tag to compare against, e.g. 'v2.4.0'.
      steps:
      - name: get-commits
        type: call
        call: github.compare-commits
        with:
          owner: '{{repo_owner}}'
          repo: '{{repo_name}}'
          base: '{{prior_tag}}'
          head: '{{release_tag}}'
      - name: generate-notes
        type: call
        call: openai.create-completion
        with:
          model: gpt-4o
          prompt: 'Generate structured release notes for {{repo_name}} {{release_tag}} based on these commits between {{prior_tag}} and {{release_tag}}: {{get-commits.commits}}. Format as: ## What''s New, ## Bug Fixes, ## Breaking Changes.'
      - name: post-release-notes
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.engineering_channel_id
          text: 'Release {{release_tag}} published for {{repo_owner}}/{{repo_name}}:

            {{generate-notes.choices[0].message.content}}'
  consumes:
  - namespace: github
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: compare
      path: /repos/{owner}/{repo}/compare/{base}...{head}
      inputParameters:
      - name: owner
        in: path
      - name: repo
        in: path
      - name: base
        in: path
      - name: head
        in: path
      operations:
      - name: compare-commits
        method: GET
  - namespace: openai
    type: http
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: completions
      path: /chat/completions
      operations:
      - name: create-completion
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Fetches all unassigned ServiceNow incidents older than a configurable threshold, uses an AI model to suggest priority and assignment group, and updates each incident record with the recommended routing.

naftiko: '0.5'
info:
  label: ServiceNow Backlog Triage and Prioritization
  description: Fetches all unassigned ServiceNow incidents older than a configurable threshold, uses an AI model to suggest priority and assignment group, and updates each incident record with the recommended routing.
  tags:
  - itsm
  - servicenow
  - ai
  - triage
  - incident-management
capability:
  exposes:
  - type: mcp
    namespace: itsm-triage
    port: 8080
    tools:
    - name: triage-incident-backlog
      description: Given a maximum age in hours, fetch all unassigned open ServiceNow incidents older than that threshold, call the OpenAI API to suggest priority and assignment group based on the incident description, and update each incident with the AI-recommended routing. Invoke daily or when backlog size exceeds SLA limits.
      inputParameters:
      - name: max_age_hours
        type: integer
        description: Maximum age in hours; incidents older than this threshold are included in the triage batch, e.g. 4.
      - name: max_batch_size
        type: integer
        description: Maximum number of incidents to process in one triage run, e.g. 20.
      steps:
      - name: get-unassigned-incidents
        type: call
        call: servicenow-read.list-incidents
        with:
          sysparm_query: assigned_toISEMPTY^state=1^sys_created_onRELATIVELE@hour@ago@{{max_age_hours}}
          sysparm_limit: '{{max_batch_size}}'
          sysparm_fields: number,short_description,description,category
      - name: suggest-routing
        type: call
        call: openai.create-completion
        with:
          model: gpt-4o
          prompt: 'For each IT incident below, suggest a priority (1=Critical,2=High,3=Moderate,4=Low) and assignment group from: [Network_Ops, Security_Ops, App_Support, Desktop_Support, Claims_IT, Finance_IT]. Return JSON array with fields: number, priority, assignment_group.


            Incidents: {{get-unassigned-incidents.result}}'
      - name: update-incidents
        type: call
        call: servicenow-write.bulk-update-incidents
        with:
          updates: '{{suggest-routing.choices[0].message.content}}'
  consumes:
  - namespace: servicenow-read
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      inputParameters:
      - name: sysparm_query
        in: query
      - name: sysparm_limit
        in: query
      - name: sysparm_fields
        in: query
      operations:
      - name: list-incidents
        method: GET
  - namespace: openai
    type: http
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: completions
      path: /chat/completions
      operations:
      - name: create-completion
        method: POST
  - namespace: servicenow-write
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents-bulk
      path: /table/incident
      operations:
      - name: bulk-update-incidents
        method: PATCH

Queries Snowflake for the latest Solvency Capital Requirement (SCR) and Minimum Capital Requirement (MCR) metrics, compares them against regulatory thresholds, and raises a ServiceNow incident if any ratio falls below the required minimum.

naftiko: '0.5'
info:
  label: Solvency II Capital Adequacy Check
  description: Queries Snowflake for the latest Solvency Capital Requirement (SCR) and Minimum Capital Requirement (MCR) metrics, compares them against regulatory thresholds, and raises a ServiceNow incident if any ratio falls below the required minimum.
  tags:
  - compliance
  - insurance
  - finance
  - snowflake
  - servicenow
  - solvency-ii
  - capital-management
capability:
  exposes:
  - type: mcp
    namespace: capital-compliance
    port: 8080
    tools:
    - name: check-capital-adequacy
      description: Given a reporting entity and calculation date, query Snowflake for the current SCR ratio and MCR ratio, compare against Solvency II minimums (SCR >= 100%, MCR >= 100%), and open a ServiceNow P1 incident if either ratio is breached. Invoke daily as part of the capital monitoring schedule.
      inputParameters:
      - name: entity_code
        type: string
        description: The legal entity code for the Allianz entity to check, e.g. 'AZSE' for Allianz SE.
      - name: calculation_date
        type: string
        description: The date of the capital calculation in ISO 8601 format (YYYY-MM-DD).
      steps:
      - name: get-capital-metrics
        type: call
        call: snowflake.execute-statement
        with:
          statement: SELECT entity_code, scr_ratio, mcr_ratio, own_funds, scr_value, mcr_value FROM SOLVENCY.CAPITAL_ADEQUACY WHERE entity_code = '{{entity_code}}' AND calculation_date = '{{calculation_date}}'
          database: ALLIANZ_DW
          schema: SOLVENCY
      - name: raise-breach-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Solvency II capital breach: {{entity_code}} SCR/MCR below minimum'
          description: 'Entity: {{entity_code}}

            Calculation date: {{calculation_date}}

            SCR ratio: {{get-capital-metrics.results[0].data[1]}}

            MCR ratio: {{get-capital-metrics.results[0].data[2]}}

            Immediately escalate to Group CFO and Chief Actuary.'
          category: regulatory_capital
          urgency: '1'
          impact: '1'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://allianz.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

When a critical ServiceNow incident is raised, creates a Jira ticket for engineering investigation, posts an alert to the Teams ops channel, and tracks the incident in Datadog.

naftiko: '0.5'
info:
  label: IT Incident Response Escalation
  description: When a critical ServiceNow incident is raised, creates a Jira ticket for engineering investigation, posts an alert to the Teams ops channel, and tracks the incident in Datadog.
  tags:
  - itsm
  - incident-response
  - servicenow
  - jira
  - microsoft-teams
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: it-ops
    port: 8080
    tools:
    - name: handle-critical-incident
      description: Given a ServiceNow incident number, retrieve its details, create a linked Jira engineering ticket, post a priority alert to the Teams ops channel, and register a Datadog event for timeline correlation. Invoke for P1 and P2 incidents.
      inputParameters:
      - name: incident_number
        type: string
        description: The ServiceNow incident number, e.g. INC0012345.
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident
        with:
          number: '{{incident_number}}'
      - name: create-jira-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: OPS
          issuetype: Bug
          summary: '[P1] {{get-incident.short_description}}'
          description: 'ServiceNow: {{incident_number}}

            Impact: {{get-incident.impact}}

            Description: {{get-incident.description}}'
      - name: post-teams-alert
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.ops_channel_id
          text: 'CRITICAL INCIDENT: {{incident_number}} | {{get-incident.short_description}} | Jira: {{create-jira-ticket.key}} | Assigned: {{get-incident.assigned_to}}'
      - name: register-datadog-event
        type: call
        call: datadog.create-event
        with:
          title: 'Incident {{incident_number}}: {{get-incident.short_description}}'
          text: 'ServiceNow P1 incident raised. Jira: {{create-jira-ticket.key}}'
          alert_type: error
          tags: incident:{{incident_number}},env:production
  consumes:
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      inputParameters:
      - name: number
        in: query
      operations:
      - name: get-incident
        method: GET
  - namespace: jira
    type: http
    baseUri: https://allianz.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST

Queries Power BI for the latest asset management portfolio KPIs, compiles a performance digest, and posts a summary report to the finance leadership Teams channel on a scheduled basis.

naftiko: '0.5'
info:
  label: Asset Management Portfolio Performance Digest
  description: Queries Power BI for the latest asset management portfolio KPIs, compiles a performance digest, and posts a summary report to the finance leadership Teams channel on a scheduled basis.
  tags:
  - finance
  - asset-management
  - power-bi
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: finance-reporting
    port: 8080
    tools:
    - name: digest-portfolio-performance
      description: Fetch the latest portfolio performance dataset from Power BI, format a KPI summary, and post the digest to the finance leadership Teams channel. Invoke on a weekly schedule or on demand before investment committee meetings.
      inputParameters:
      - name: dataset_id
        type: string
        description: The Power BI dataset ID containing portfolio KPI data.
      - name: group_id
        type: string
        description: The Power BI workspace (group) ID, e.g. the Asset Management workspace.
      steps:
      - name: get-dataset-rows
        type: call
        call: powerbi.execute-query
        with:
          group_id: '{{group_id}}'
          dataset_id: '{{dataset_id}}'
          query: EVALUATE SUMMARIZECOLUMNS(Portfolio[Fund], 'Metrics'[TotalAUM], 'Metrics'[WeeklyReturn], 'Metrics'[YTDReturn])
      - name: post-digest
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.finance_leadership_channel_id
          text: 'Weekly Portfolio Digest: {{get-dataset-rows.results[0].tables[0].rows.length}} funds reported. Data retrieved from Power BI dataset {{dataset_id}}.'
  consumes:
  - namespace: powerbi
    type: http
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets-query
      path: /groups/{group_id}/datasets/{dataset_id}/executeQueries
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: execute-query
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Queries Snowflake for the latest compliance metrics, generates a structured regulatory report using an AI model, and stores the output in SharePoint for the compliance team.

naftiko: '0.5'
info:
  label: Regulatory Compliance Report Generation
  description: Queries Snowflake for the latest compliance metrics, generates a structured regulatory report using an AI model, and stores the output in SharePoint for the compliance team.
  tags:
  - compliance
  - insurance
  - snowflake
  - anthropic
  - sharepoint
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: compliance-reporting
    port: 8080
    tools:
    - name: generate-compliance-report
      description: Given a reporting period and regulatory framework (e.g. Solvency II, IFRS 17), query Snowflake for compliance metrics, generate a narrative report via Anthropic, and upload the report to the SharePoint Compliance library. Invoke monthly before regulatory submission deadlines.
      inputParameters:
      - name: period
        type: string
        description: Reporting period in YYYY-QN format, e.g. 2025-Q4.
      - name: framework
        type: string
        description: Regulatory framework identifier, e.g. 'Solvency II' or 'IFRS 17'.
      steps:
      - name: get-metrics
        type: call
        call: snowflake.execute-statement
        with:
          statement: SELECT metric_name, metric_value, threshold, status FROM COMPLIANCE.REGULATORY_METRICS WHERE period = '{{period}}' AND framework = '{{framework}}'
          database: ALLIANZ_DW
          schema: COMPLIANCE
      - name: generate-report
        type: call
        call: anthropic.create-message
        with:
          model: claude-opus-4-5
          max_tokens: 4096
          system: You are a regulatory compliance analyst for a global insurer. Generate a formal compliance report narrative based on the provided metrics data. Structure the report with an executive summary, metric analysis, and remediation recommendations.
          content: 'Generate a {{framework}} compliance report for period {{period}} based on these metrics: {{get-metrics.results}}'
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          site_id: $secrets.compliance_site_id
          folder_path: Regulatory Reports/{{framework}}/{{period}}
          file_name: compliance-report-{{period}}.txt
          content: '{{generate-report.content[0].text}}'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://allianz.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - namespace: anthropic
    type: http
    baseUri: https://api.anthropic.com/v1
    authentication:
      type: apikey
      key: x-api-key
      value: $secrets.anthropic_api_key
      placement: header
    resources:
    - name: messages
      path: /messages
      operations:
      - name: create-message
        method: POST
  - namespace: sharepoint
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /sites/{site_id}/drive/root:/{folder_path}/{file_name}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT

When a Datadog SLO drops below its error budget threshold, fetches the SLO details, opens a ServiceNow incident, and posts a resolution alert to the relevant Teams engineering channel.

naftiko: '0.5'
info:
  label: Datadog SLO Breach Alert
  description: When a Datadog SLO drops below its error budget threshold, fetches the SLO details, opens a ServiceNow incident, and posts a resolution alert to the relevant Teams engineering channel.
  tags:
  - observability
  - datadog
  - servicenow
  - microsoft-teams
  - slo
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: observability-ops
    port: 8080
    tools:
    - name: handle-slo-breach
      description: Given a Datadog SLO ID and current error budget remaining, fetch the SLO status, open a ServiceNow incident with full context, and notify the engineering channel in Teams. Invoke when a Datadog monitor triggers an SLO budget burn alert.
      inputParameters:
      - name: slo_id
        type: string
        description: The Datadog SLO ID that breached its error budget threshold.
      - name: error_budget_remaining
        type: number
        description: Remaining error budget percentage at time of breach, e.g. 2.5.
      steps:
      - name: get-slo
        type: call
        call: datadog.get-slo
        with:
          slo_id: '{{slo_id}}'
      - name: open-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'SLO Breach: {{get-slo.data.name}}'
          urgency: '1'
          impact: '1'
          description: 'SLO: {{get-slo.data.name}}

            ID: {{slo_id}}

            Error budget remaining: {{error_budget_remaining}}%

            Target: {{get-slo.data.thresholds[0].target}}%'
      - name: alert-team
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.engineering_channel_id
          text: 'SLO BREACH: {{get-slo.data.name}} — {{error_budget_remaining}}% error budget remaining. ServiceNow incident: {{open-incident.number}}'
  consumes:
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: slos
      path: /slo/{slo_id}
      inputParameters:
      - name: slo_id
        in: path
      operations:
      - name: get-slo
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://allianz.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_pass
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When a new job requisition is approved in Workday, creates a Jira recruiting ticket, posts the open position to the talent acquisition Teams channel, and updates the requisition with the Jira ticket reference.

naftiko: '0.5'
info:
  label: Workday Open Position Recruiter Assignment
  description: When a new job requisition is approved in Workday, creates a Jira recruiting ticket, posts the open position to the talent acquisition Teams channel, and updates the requisition with the Jira ticket reference.
  tags:
  - hr
  - recruiting
  - workday
  - jira
  - microsoft-teams
  - talent-acquisition
capability:
  exposes:
  - type: mcp
    namespace: recruiting-ops
    port: 8080
    tools:
    - name: assign-recruiter-for-requisition
      description: Given a Workday job requisition ID, fetch the requisition details, create a Jira ticket in the talent acquisition project with job details and hiring manager, and notify the talent acquisition Teams channel. Invoke when a job requisition is approved in Workday.
      inputParameters:
      - name: requisition_id
        type: string
        description: The Workday job requisition ID, e.g. 'JR-00123'.
      steps:
      - name: get-requisition
        type: call
        call: workday.get-job-requisition
        with:
          requisitionId: '{{requisition_id}}'
      - name: create-recruiting-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: TA
          issuetype: Recruiting Task
          summary: 'Open req: {{get-requisition.jobTitle}} — {{get-requisition.department}}'
          description: 'Requisition ID: {{requisition_id}}

            Job title: {{get-requisition.jobTitle}}

            Department: {{get-requisition.department}}

            Hiring manager: {{get-requisition.hiringManagerName}}

            Location: {{get-requisition.location}}

            Target start date: {{get-requisition.targetStartDate}}'
      - name: notify-ta-team
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: $secrets.talent_acquisition_channel_id
          text: 'New Approved Requisition: {{get-requisition.jobTitle}} | Department: {{get-requisition.department}} | Hiring Manager: {{get-requisition.hiringManagerName}} | Jira: {{create-recruiting-ticket.key}}'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: job-requisitions
      path: /jobRequisitions/{requisitionId}
      inputParameters:
      - name: requisitionId
        in: path
      operations:
      - name: get-job-requisition
        method: GET
  - namespace: jira
    type: http
    baseUri: https://allianz.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves a Jira issue by its key and returns the summary, status, assignee, priority, and description for use in downstream orchestrations or agent context gathering.

naftiko: '0.5'
info:
  label: Jira Issue Lookup by Key
  description: Retrieves a Jira issue by its key and returns the summary, status, assignee, priority, and description for use in downstream orchestrations or agent context gathering.
  tags:
  - devops
  - jira
  - lookup
  - itsm
capability:
  exposes:
  - type: mcp
    namespace: jira-lookup
    port: 8080
    tools:
    - name: get-jira-issue
      description: Given a Jira issue key, fetch the full issue record from Jira including summary, status, assignee, priority, and description. Use when an agent needs issue context before creating a related record or sending a notification.
      inputParameters:
      - name: issue_key
        type: string
        description: The Jira issue key, e.g. 'OPS-1234' or 'SEC-567'.
      call: jira.get-issue
      with:
        issueIdOrKey: '{{issue_key}}'
      outputParameters:
      - name: summary
        type: string
        mapping: $.fields.summary
      - name: status
        type: string
        mapping: $.fields.status.name
      - name: assignee
        type: string
        mapping: $.fields.assignee.displayName
      - name: priority
        type: string
        mapping: $.fields.priority.name
  consumes:
  - namespace: jira
    type: http
    baseUri: https://allianz.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue/{issueIdOrKey}
      inputParameters:
      - name: issueIdOrKey
        in: path
      operations:
      - name: get-issue
        method: GET

Retrieves the current discount rate and fee structure for a merchant enrolled in the Amex network.

naftiko: '0.5'
info:
  label: Merchant Fee Rate Lookup
  description: Retrieves the current discount rate and fee structure for a merchant enrolled in the Amex network.
  tags:
  - merchants
  - payments
  - fees
capability:
  exposes:
  - type: mcp
    namespace: amex-merchant-data
    port: 8080
    tools:
    - name: get-fee-rate
      description: Given a merchant ID, return the discount rate, transaction fee, and effective date. Use when reviewing merchant fee arrangements.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: The merchant identifier.
      call: amex-merchant-data.get-fee-rate
      with:
        merchant_id: '{{merchant_id}}'
      outputParameters:
      - name: discount_rate
        type: number
        mapping: $.discount_rate
      - name: transaction_fee
        type: number
        mapping: $.transaction_fee
      - name: effective_date
        type: string
        mapping: $.effective_date
  consumes:
  - namespace: amex-merchant-data
    type: http
    baseUri: https://api.americanexpress.com/v1/merchants
    authentication:
      type: bearer
      token: $secrets.amex_merchant_token
    resources:
    - name: fees
      path: /merchants/{merchant_id}/fees
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: get-fee-rate
        method: GET

Escalates high-priority Zendesk support tickets by fetching ticket details, creating a Jira issue for the product team, and alerting the support lead via Slack.

naftiko: '0.5'
info:
  label: Zendesk Ticket Escalation Workflow
  description: Escalates high-priority Zendesk support tickets by fetching ticket details, creating a Jira issue for the product team, and alerting the support lead via Slack.
  tags:
  - zendesk
  - customer-support
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: ticket-escalation
    port: 8080
    tools:
    - name: escalate-ticket
      description: Escalate a Zendesk ticket to the product team via Jira and notify the support lead. Use when a support ticket requires product team intervention.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: Zendesk ticket ID.
      steps:
      - name: get-ticket
        type: call
        call: zendesk.get-ticket
        with:
          ticket_id: '{{ticket_id}}'
      - name: create-jira
        type: call
        call: jira.create-issue
        with:
          project_key: SUP
          issuetype: Bug
          summary: 'Escalation: {{get-ticket.subject}}'
          description: 'Zendesk #{{ticket_id}}: {{get-ticket.description}}. Priority: {{get-ticket.priority}}.'
      - name: alert-lead
        type: call
        call: slack.post-message
        with:
          channel: support-escalations
          text: 'Ticket escalated: #{{ticket_id}} — {{get-ticket.subject}} | Priority: {{get-ticket.priority}} | Jira: {{create-jira.key}}'
  consumes:
  - namespace: zendesk
    type: http
    baseUri: https://americanexpress.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: tickets
      path: /tickets/{ticket_id}
      inputParameters:
      - name: ticket_id
        in: path
      operations:
      - name: get-ticket
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Triggers a Tableau workbook refresh for monthly financial reporting dashboards and posts the refresh status to the Finance Slack channel.

naftiko: '0.5'
info:
  label: Tableau Financial Dashboard Refresh
  description: Triggers a Tableau workbook refresh for monthly financial reporting dashboards and posts the refresh status to the Finance Slack channel.
  tags:
  - data
  - analytics
  - tableau
  - slack
  - finance
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: finance-reporting
    port: 8080
    tools:
    - name: refresh-financial-dashboard
      description: Given a Tableau workbook ID, trigger a datasource refresh and post the job status to the finance Slack channel once complete. Use at month-end or quarter-end to refresh executive financial dashboards.
      inputParameters:
      - name: workbook_id
        in: body
        type: string
        description: The Tableau workbook ID to refresh.
      - name: site_id
        in: body
        type: string
        description: The Tableau site ID where the workbook is hosted.
      steps:
      - name: trigger-refresh
        type: call
        call: tableau.refresh-workbook
        with:
          site_id: '{{site_id}}'
          workbook_id: '{{workbook_id}}'
      - name: post-status
        type: call
        call: slack-finance.post-message
        with:
          channel: finance-reporting
          text: 'Tableau dashboard refresh triggered | Workbook: {{workbook_id}} | Job ID: {{trigger-refresh.job_id}} | Status: {{trigger-refresh.status}}'
  consumes:
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.tableau.com/api/2.8
    authentication:
      type: apikey
      key: X-Tableau-Auth
      value: $secrets.tableau_auth_token
      placement: header
    resources:
    - name: workbook-refresh
      path: /sites/{site_id}/workbooks/{workbook_id}/refresh
      inputParameters:
      - name: site_id
        in: path
      - name: workbook_id
        in: path
      operations:
      - name: refresh-workbook
        method: POST
  - namespace: slack-finance
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Processes a chargeback by retrieving the original transaction, filing the chargeback with the merchant acquirer, updating the cardholder ledger, and sending status notification.

naftiko: '0.5'
info:
  label: Cardholder Chargeback Processing
  description: Processes a chargeback by retrieving the original transaction, filing the chargeback with the merchant acquirer, updating the cardholder ledger, and sending status notification.
  tags:
  - chargebacks
  - payments
  - cardholder
  - settlements
capability:
  exposes:
  - type: mcp
    namespace: chargeback-ops
    port: 8080
    tools:
    - name: process-chargeback
      description: File a chargeback, issue provisional credit, and notify the cardholder. Use when a cardholder disputes a transaction and a chargeback is warranted.
      inputParameters:
      - name: transaction_id
        in: body
        type: string
        description: Original transaction ID.
      - name: reason_code
        in: body
        type: string
        description: Chargeback reason code.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email address.
      steps:
      - name: get-txn
        type: call
        call: amex-transactions.get-transaction
        with:
          txn_id: '{{transaction_id}}'
      - name: file-cb
        type: call
        call: amex-chargebacks.file-chargeback
        with:
          transaction_id: '{{transaction_id}}'
          reason_code: '{{reason_code}}'
          amount: '{{get-txn.amount}}'
      - name: credit-ledger
        type: call
        call: amex-ledger.create-entry
        with:
          account_id: '{{get-txn.account_id}}'
          amount: '{{get-txn.amount}}'
          type: provisional_credit
          reference: '{{file-cb.chargeback_id}}'
      - name: notify
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: Chargeback filed — provisional credit issued
          body: 'A provisional credit of ${{get-txn.amount}} has been applied. Chargeback ID: {{file-cb.chargeback_id}}'
  consumes:
  - namespace: amex-transactions
    type: http
    baseUri: https://api.americanexpress.com/v1/transactions
    authentication:
      type: bearer
      token: $secrets.amex_transactions_token
    resources:
    - name: transaction
      path: /transactions/{txn_id}
      inputParameters:
      - name: txn_id
        in: path
      operations:
      - name: get-transaction
        method: GET
  - namespace: amex-chargebacks
    type: http
    baseUri: https://api.americanexpress.com/v1/chargebacks
    authentication:
      type: bearer
      token: $secrets.amex_chargebacks_token
    resources:
    - name: chargeback
      path: /chargebacks
      operations:
      - name: file-chargeback
        method: POST
  - namespace: amex-ledger
    type: http
    baseUri: https://api.americanexpress.com/v1/ledger
    authentication:
      type: bearer
      token: $secrets.amex_ledger_token
    resources:
    - name: entries
      path: /entries
      operations:
      - name: create-entry
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a Snowflake data quality check fails for a critical financial dataset, logs the failure details and creates a Jira data engineering issue for remediation.

naftiko: '0.5'
info:
  label: Snowflake Data Quality Monitoring Alert
  description: When a Snowflake data quality check fails for a critical financial dataset, logs the failure details and creates a Jira data engineering issue for remediation.
  tags:
  - data
  - analytics
  - snowflake
  - jira
  - data-quality
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: handle-data-quality-failure
      description: Given a Snowflake table name, failed check name, and failure details, create a Jira issue for the data engineering team and post a Slack notification to the data ops channel. Use when automated data quality checks fail on financial or compliance datasets.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: The fully-qualified Snowflake table name (database.schema.table) where the quality check failed.
      - name: check_name
        in: body
        type: string
        description: The name of the data quality check that failed (e.g., null_count_check, row_count_threshold).
      - name: failure_details
        in: body
        type: string
        description: A description of why the check failed and what values were observed.
      steps:
      - name: create-dq-issue
        type: call
        call: jira-data.create-issue
        with:
          project_key: DATA
          issuetype: Bug
          summary: 'Data quality failure: {{check_name}} on {{table_name}}'
          description: 'Table: {{table_name}}

            Check: {{check_name}}

            Details: {{failure_details}}'
          priority: High
      - name: post-data-alert
        type: call
        call: slack-data.post-message
        with:
          channel: data-ops
          text: 'Data Quality Failure | Table: {{table_name}} | Check: {{check_name}} | Jira: {{create-dq-issue.key}}'
  consumes:
  - namespace: jira-data
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-data
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Responds to DDoS attacks by activating Cloudflare under-attack mode, creating a security incident in ServiceNow, alerting via PagerDuty, and posting status to Slack.

naftiko: '0.5'
info:
  label: Cloudflare DDoS Mitigation Response
  description: Responds to DDoS attacks by activating Cloudflare under-attack mode, creating a security incident in ServiceNow, alerting via PagerDuty, and posting status to Slack.
  tags:
  - cloudflare
  - security
  - servicenow
  - pagerduty
  - slack
capability:
  exposes:
  - type: mcp
    namespace: ddos-response
    port: 8080
    tools:
    - name: mitigate-ddos
      description: Activate DDoS mitigation and alert security teams. Use when a DDoS attack is detected.
      inputParameters:
      - name: zone_id
        in: body
        type: string
        description: Cloudflare zone ID.
      steps:
      - name: activate-uam
        type: call
        call: cloudflare.set-security-level
        with:
          zone_id: '{{zone_id}}'
          value: under_attack
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: DDoS attack — {{zone_id}}
          category: security
          priority: '1'
      - name: page-security
        type: call
        call: pagerduty.create-incident
        with:
          title: 'DDoS attack: zone {{zone_id}}'
          service_id: $secrets.pd_security_service_id
          urgency: high
      - name: post-status
        type: call
        call: slack.post-message
        with:
          channel: security-ops
          text: 'DDoS mitigation active: {{zone_id}} | SNOW: {{create-incident.number}} | PD: {{page-security.incident_number}}'
  consumes:
  - namespace: cloudflare
    type: http
    baseUri: https://api.cloudflare.com/client/v4
    authentication:
      type: bearer
      token: $secrets.cloudflare_token
    resources:
    - name: zones
      path: /zones/{zone_id}/settings/security_level
      inputParameters:
      - name: zone_id
        in: path
      operations:
      - name: set-security-level
        method: PATCH
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Responds to Dynatrace application slowdown alerts by fetching problem details, creating a PagerDuty incident, and opening a Jira issue for the responsible team.

naftiko: '0.5'
info:
  label: Dynatrace Application Slowdown Response
  description: Responds to Dynatrace application slowdown alerts by fetching problem details, creating a PagerDuty incident, and opening a Jira issue for the responsible team.
  tags:
  - dynatrace
  - monitoring
  - pagerduty
  - jira
capability:
  exposes:
  - type: mcp
    namespace: dt-response
    port: 8080
    tools:
    - name: handle-slowdown
      description: Respond to a Dynatrace slowdown by paging on-call and creating a tracking issue. Use when Dynatrace detects application performance degradation.
      inputParameters:
      - name: problem_id
        in: body
        type: string
        description: Dynatrace problem ID.
      steps:
      - name: get-problem
        type: call
        call: dynatrace.get-problem
        with:
          problem_id: '{{problem_id}}'
      - name: page-team
        type: call
        call: pagerduty.create-incident
        with:
          title: 'App slowdown: {{get-problem.title}}'
          service_id: $secrets.pd_app_service_id
          urgency: high
          body: 'Impact: {{get-problem.impactLevel}}. Root cause: {{get-problem.rootCauseEntity}}.'
      - name: create-issue
        type: call
        call: jira.create-issue
        with:
          project_key: OPS
          issuetype: Bug
          summary: 'Dynatrace: {{get-problem.title}}'
          description: 'Problem ID: {{problem_id}}. Impact: {{get-problem.impactLevel}}. PagerDuty: {{page-team.incident_number}}.'
  consumes:
  - namespace: dynatrace
    type: http
    baseUri: https://americanexpress.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: problems
      path: /problems/{problem_id}
      inputParameters:
      - name: problem_id
        in: path
      operations:
      - name: get-problem
        method: GET
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST

When a role change is recorded in Workday, updates the employee's Okta group memberships and notifies the employee via Microsoft Teams of their new access.

naftiko: '0.5'
info:
  label: Okta Access Provisioning for New Role
  description: When a role change is recorded in Workday, updates the employee's Okta group memberships and notifies the employee via Microsoft Teams of their new access.
  tags:
  - identity
  - security
  - okta
  - workday
  - microsoft-teams
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: identity-provisioning
    port: 8080
    tools:
    - name: provision-role-access
      description: Given a Workday employee ID and new role, retrieve the employee's Okta user ID, update their group memberships to reflect the new role, and notify them via Teams. Use when an employee changes roles and needs updated system access.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID of the employee whose role is changing.
      - name: new_role
        in: body
        type: string
        description: The new role or job title as defined in Workday.
      - name: okta_group_id
        in: body
        type: string
        description: The Okta group ID corresponding to the new role's access profile.
      steps:
      - name: get-employee
        type: call
        call: workday-iam.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: get-okta-user
        type: call
        call: okta.get-user-by-login
        with:
          login: '{{get-employee.work_email}}'
      - name: add-to-group
        type: call
        call: okta-groups.add-user-to-group
        with:
          group_id: '{{okta_group_id}}'
          user_id: '{{get-okta-user.id}}'
      - name: notify-employee
        type: call
        call: msteams-iam.send-message
        with:
          recipient_upn: '{{get-employee.work_email}}'
          text: 'Your access has been updated for your new role: {{new_role}}. If you have questions, contact the IT help desk.'
  consumes:
  - namespace: workday-iam
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: worker
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: okta
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user
      path: /users/{login}
      inputParameters:
      - name: login
        in: path
      operations:
      - name: get-user-by-login
        method: GET
  - namespace: okta-groups
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: group-membership
      path: /groups/{group_id}/users/{user_id}
      inputParameters:
      - name: group_id
        in: path
      - name: user_id
        in: path
      operations:
      - name: add-user-to-group
        method: PUT
  - namespace: msteams-iam
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/{recipient_upn}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the latest settlement status and payout details for a merchant from the settlements service.

naftiko: '0.5'
info:
  label: Merchant Settlement Status Lookup
  description: Retrieves the latest settlement status and payout details for a merchant from the settlements service.
  tags:
  - merchants
  - payments
  - settlements
capability:
  exposes:
  - type: mcp
    namespace: amex-settlements
    port: 8080
    tools:
    - name: get-settlement-status
      description: Given a merchant ID, return the latest settlement amount, status, and payout date. Use when a merchant inquires about payment settlement.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: The merchant identifier.
      call: amex-settlements.get-settlement-status
      with:
        merchant_id: '{{merchant_id}}'
      outputParameters:
      - name: settlement_amount
        type: number
        mapping: $.amount
      - name: status
        type: string
        mapping: $.status
      - name: payout_date
        type: string
        mapping: $.payout_date
  consumes:
  - namespace: amex-settlements
    type: http
    baseUri: https://api.americanexpress.com/v1/settlements
    authentication:
      type: bearer
      token: $secrets.amex_settlements_token
    resources:
    - name: settlement
      path: /merchants/{merchant_id}/settlements/latest
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: get-settlement-status
        method: GET

When a new lead is created in Salesforce for a card product, enriches the lead with firmographic data from ZoomInfo and updates the Salesforce record with company and contact details.

naftiko: '0.5'
info:
  label: Salesforce Lead to Card Applicant Enrichment
  description: When a new lead is created in Salesforce for a card product, enriches the lead with firmographic data from ZoomInfo and updates the Salesforce record with company and contact details.
  tags:
  - sales
  - crm
  - salesforce
  - zoominfo
  - lead-enrichment
capability:
  exposes:
  - type: mcp
    namespace: lead-enrichment
    port: 8080
    tools:
    - name: enrich-card-lead
      description: Given a Salesforce lead ID, retrieve lead details, search ZoomInfo for matching company and contact data, and update the Salesforce lead record with enriched firmographic information. Use when new B2B card product leads are created.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: The Salesforce lead ID to enrich.
      steps:
      - name: get-lead
        type: call
        call: salesforce-leads.get-lead
        with:
          lead_id: '{{lead_id}}'
      - name: search-zoominfo
        type: call
        call: zoominfo.search-contact
        with:
          first_name: '{{get-lead.first_name}}'
          last_name: '{{get-lead.last_name}}'
          company_name: '{{get-lead.company}}'
      - name: update-lead
        type: call
        call: salesforce-leads-update.update-lead
        with:
          lead_id: '{{lead_id}}'
          company_revenue: '{{search-zoominfo.company_revenue}}'
          employee_count: '{{search-zoominfo.employee_count}}'
          industry: '{{search-zoominfo.industry}}'
          linkedin_url: '{{search-zoominfo.linkedin_url}}'
  consumes:
  - namespace: salesforce-leads
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: lead
      path: /sobjects/Lead/{lead_id}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: get-lead
        method: GET
  - namespace: zoominfo
    type: http
    baseUri: https://api.zoominfo.com/search
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: contact
      path: /contact
      operations:
      - name: search-contact
        method: POST
  - namespace: salesforce-leads-update
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: lead
      path: /sobjects/Lead/{lead_id}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: update-lead
        method: PATCH

Generates a sprint retrospective digest by pulling completed stories from Jira, calculating velocity metrics, and posting the summary to Confluence and Slack.

naftiko: '0.5'
info:
  label: Jira Sprint Retrospective Digest
  description: Generates a sprint retrospective digest by pulling completed stories from Jira, calculating velocity metrics, and posting the summary to Confluence and Slack.
  tags:
  - jira
  - engineering
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: sprint-retro
    port: 8080
    tools:
    - name: generate-retro-digest
      description: Generate a sprint retrospective by summarizing completed work and posting to Confluence and Slack. Use at the end of each sprint.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: Jira project key.
      - name: sprint_id
        in: body
        type: string
        description: Sprint ID.
      - name: confluence_space
        in: body
        type: string
        description: Confluence space key.
      - name: team_channel
        in: body
        type: string
        description: Team Slack channel.
      steps:
      - name: get-completed
        type: call
        call: jira.search-issues
        with:
          jql: project={{project_key}} AND sprint={{sprint_id}} AND status=Done
      - name: create-retro
        type: call
        call: confluence.create-page
        with:
          spaceKey: '{{confluence_space}}'
          title: Sprint {{sprint_id}} Retrospective
          body: 'Completed: {{get-completed.total}} stories. Story points: {{get-completed.total_points}}.'
      - name: post-digest
        type: call
        call: slack.post-message
        with:
          channel: '{{team_channel}}'
          text: 'Sprint {{sprint_id}} complete: {{get-completed.total}} stories ({{get-completed.total_points}} pts). Retro: {{create-retro.url}}'
  consumes:
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search-issues
        method: GET
  - namespace: confluence
    type: http
    baseUri: https://americanexpress.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves a cardholder's current Membership Rewards point balance and tier status from the rewards platform and returns a structured summary.

naftiko: '0.5'
info:
  label: Cardholder Rewards Balance Lookup
  description: Retrieves a cardholder's current Membership Rewards point balance and tier status from the rewards platform and returns a structured summary.
  tags:
  - rewards
  - payments
  - cardholder
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: rewards
    port: 8080
    tools:
    - name: get-rewards-balance
      description: Given a cardholder account ID, return the current Membership Rewards point balance, tier, and expiry date. Use when an agent or representative needs to check a cardholder's rewards standing.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID for which to retrieve rewards balance.
      call: amex-rewards.get-balance
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: points_balance
        type: number
        mapping: $.points_balance
      - name: tier
        type: string
        mapping: $.tier
      - name: expiry_date
        type: string
        mapping: $.expiry_date
  consumes:
  - namespace: amex-rewards
    type: http
    baseUri: https://api.americanexpress.com/v1/rewards
    authentication:
      type: bearer
      token: $secrets.amex_rewards_token
    resources:
    - name: balance
      path: /accounts/{account_id}/balance
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-balance
        method: GET

Provisions a cardholder's card into a digital wallet by verifying identity, generating a token, registering with the wallet provider, and confirming via push notification.

naftiko: '0.5'
info:
  label: Cardholder Digital Wallet Provisioning
  description: Provisions a cardholder's card into a digital wallet by verifying identity, generating a token, registering with the wallet provider, and confirming via push notification.
  tags:
  - cardholder
  - digital-wallets
  - payments
  - security
capability:
  exposes:
  - type: mcp
    namespace: wallet-provision
    port: 8080
    tools:
    - name: provision-wallet
      description: Provision a card into a digital wallet with identity verification and token generation. Use when a cardholder adds their card to Apple Pay or Google Pay.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: card_id
        in: body
        type: string
        description: Card ID to provision.
      - name: wallet_type
        in: body
        type: string
        description: Wallet type (apple-pay, google-pay).
      - name: device_id
        in: body
        type: string
        description: Device identifier.
      - name: verification_method
        in: body
        type: string
        description: Verification method (sms, email).
      steps:
      - name: verify
        type: call
        call: amex-identity.verify-identity
        with:
          account_id: '{{account_id}}'
          verification_method: '{{verification_method}}'
      - name: tokenize
        type: call
        call: amex-tokens.generate-token
        with:
          card_id: '{{card_id}}'
          wallet_type: '{{wallet_type}}'
      - name: register
        type: call
        call: amex-wallets.register-wallet
        with:
          token_id: '{{tokenize.token_id}}'
          wallet_type: '{{wallet_type}}'
          device_id: '{{device_id}}'
      - name: confirm
        type: call
        call: amex-push.send-push
        with:
          account_id: '{{account_id}}'
          title: Card added to {{wallet_type}}
          body: Your card ending in {{tokenize.last_four}} is now available in {{wallet_type}}.
  consumes:
  - namespace: amex-identity
    type: http
    baseUri: https://api.americanexpress.com/v1/identity
    authentication:
      type: bearer
      token: $secrets.amex_identity_token
    resources:
    - name: verify
      path: /verify
      operations:
      - name: verify-identity
        method: POST
  - namespace: amex-tokens
    type: http
    baseUri: https://api.americanexpress.com/v1/tokens
    authentication:
      type: bearer
      token: $secrets.amex_tokens_token
    resources:
    - name: tokens
      path: /tokens
      operations:
      - name: generate-token
        method: POST
  - namespace: amex-wallets
    type: http
    baseUri: https://api.americanexpress.com/v1/wallets
    authentication:
      type: bearer
      token: $secrets.amex_wallets_token
    resources:
    - name: registrations
      path: /registrations
      operations:
      - name: register-wallet
        method: POST
  - namespace: amex-push
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: push
      path: /push/send
      operations:
      - name: send-push
        method: POST

Checks whether a cardholder is eligible for a specific Amex Offer based on account profile and spending history.

naftiko: '0.5'
info:
  label: Cardholder Offer Eligibility Check
  description: Checks whether a cardholder is eligible for a specific Amex Offer based on account profile and spending history.
  tags:
  - offers
  - cardholder
  - marketing
capability:
  exposes:
  - type: mcp
    namespace: amex-offers
    port: 8080
    tools:
    - name: check-eligibility
      description: Given an offer ID and account ID, return eligibility status, reason, and offer name. Use when verifying if a cardholder qualifies for a specific Amex Offer.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      - name: offer_id
        in: body
        type: string
        description: The Amex Offer identifier.
      call: amex-offers.check-eligibility
      with:
        account_id: '{{account_id}}'
        offer_id: '{{offer_id}}'
      outputParameters:
      - name: eligible
        type: boolean
        mapping: $.eligible
      - name: reason
        type: string
        mapping: $.reason
      - name: offer_name
        type: string
        mapping: $.offer_name
  consumes:
  - namespace: amex-offers
    type: http
    baseUri: https://api.americanexpress.com/v1/offers
    authentication:
      type: bearer
      token: $secrets.amex_offers_token
    resources:
    - name: eligibility
      path: /offers/{offer_id}/eligibility/{account_id}
      inputParameters:
      - name: account_id
        in: path
      - name: offer_id
        in: path
      operations:
      - name: check-eligibility
        method: GET

Retrieves the current status, credit limit, and outstanding balance for a cardholder account from the American Express accounts platform.

naftiko: '0.5'
info:
  label: Cardholder Account Status Lookup
  description: Retrieves the current status, credit limit, and outstanding balance for a cardholder account from the American Express accounts platform.
  tags:
  - payments
  - cardholder
  - lookup
  - account-management
capability:
  exposes:
  - type: mcp
    namespace: account-lookup
    port: 8080
    tools:
    - name: get-account-status
      description: Given a cardholder account ID, return the account status, credit limit, current balance, and payment due date. Use when a customer service representative or agent needs to check account standing before processing a request.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID to look up.
      call: amex-accounts.get-account
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.account_status
      - name: credit_limit
        type: number
        mapping: $.credit_limit
      - name: current_balance
        type: number
        mapping: $.current_balance
      - name: payment_due_date
        type: string
        mapping: $.payment_due_date
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: account
      path: /{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET

Deprovisions a terminated employee by deactivating their Okta account, revoking all app assignments, creating a ServiceNow closure ticket, and notifying security via Slack.

naftiko: '0.5'
info:
  label: Okta User Deprovisioning Workflow
  description: Deprovisions a terminated employee by deactivating their Okta account, revoking all app assignments, creating a ServiceNow closure ticket, and notifying security via Slack.
  tags:
  - identity
  - okta
  - servicenow
  - security
  - offboarding
capability:
  exposes:
  - type: mcp
    namespace: okta-deprovision
    port: 8080
    tools:
    - name: deprovision-user
      description: Deactivate an Okta user, revoke app assignments, create a closure ticket, and notify security. Use when an employee is terminated.
      inputParameters:
      - name: user_id
        in: body
        type: string
        description: Okta user ID of the terminated employee.
      steps:
      - name: deactivate
        type: call
        call: okta.deactivate-user
        with:
          user_id: '{{user_id}}'
      - name: revoke-apps
        type: call
        call: okta.list-apps
        with:
          user_id: '{{user_id}}'
      - name: create-ticket
        type: call
        call: servicenow.create-request
        with:
          short_description: User deprovisioned — {{user_id}}
          description: 'Okta account deactivated. App assignments revoked: {{revoke-apps.app_count}}.'
      - name: notify-security
        type: call
        call: slack.post-message
        with:
          channel: security-ops
          text: 'User deprovisioned: {{user_id}}. {{revoke-apps.app_count}} app assignments revoked. SNOW: {{create-ticket.number}}'
  consumes:
  - namespace: okta
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: users
      path: /users/{user_id}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: deactivate-user
        method: POST
      - name: list-apps
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Detects corporate card expense policy violations, creates a compliance case in Jira, notifies the employee's manager via email, and flags the expense in the expense management system.

naftiko: '0.5'
info:
  label: Corporate Expense Policy Violation Handler
  description: Detects corporate card expense policy violations, creates a compliance case in Jira, notifies the employee's manager via email, and flags the expense in the expense management system.
  tags:
  - corporate
  - compliance
  - jira
  - expense-management
capability:
  exposes:
  - type: mcp
    namespace: expense-compliance
    port: 8080
    tools:
    - name: handle-policy-violation
      description: Flag a policy-violating expense, create a compliance case, and notify the manager. Use when an expense policy violation is detected.
      inputParameters:
      - name: expense_id
        in: body
        type: string
        description: Expense record ID.
      - name: violation_reason
        in: body
        type: string
        description: Reason for the policy violation.
      steps:
      - name: get-expense
        type: call
        call: amex-expenses.get-expense
        with:
          expense_id: '{{expense_id}}'
      - name: flag-violation
        type: call
        call: amex-expenses.flag-expense
        with:
          expense_id: '{{expense_id}}'
          flag: policy-violation
          reason: '{{violation_reason}}'
      - name: create-case
        type: call
        call: jira.create-issue
        with:
          project_key: COMP
          issuetype: Task
          summary: Expense policy violation — {{get-expense.employee_name}}
          description: 'Expense: ${{get-expense.amount}} at {{get-expense.merchant}}. Violation: {{violation_reason}}.'
      - name: notify-manager
        type: call
        call: email.send-email
        with:
          to: '{{get-expense.manager_email}}'
          subject: Expense policy violation flagged
          body: 'An expense by {{get-expense.employee_name}} for ${{get-expense.amount}} has been flagged. Jira: {{create-case.key}}'
  consumes:
  - namespace: amex-expenses
    type: http
    baseUri: https://api.americanexpress.com/v1/expenses
    authentication:
      type: bearer
      token: $secrets.amex_expenses_token
    resources:
    - name: expense
      path: /expenses/{expense_id}
      inputParameters:
      - name: expense_id
        in: path
      operations:
      - name: get-expense
        method: GET
      - name: flag-expense
        method: PUT
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Generates a postmortem for a PagerDuty incident by fetching incident timeline, creating a Confluence postmortem page, and notifying stakeholders via Slack.

naftiko: '0.5'
info:
  label: PagerDuty Incident Postmortem Generator
  description: Generates a postmortem for a PagerDuty incident by fetching incident timeline, creating a Confluence postmortem page, and notifying stakeholders via Slack.
  tags:
  - pagerduty
  - incident-management
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: postmortem-gen
    port: 8080
    tools:
    - name: generate-postmortem
      description: Generate a postmortem document from a PagerDuty incident and share it. Use after an incident is resolved.
      inputParameters:
      - name: incident_id
        in: body
        type: string
        description: PagerDuty incident ID.
      steps:
      - name: get-incident
        type: call
        call: pagerduty.get-incident
        with:
          incident_id: '{{incident_id}}'
      - name: get-timeline
        type: call
        call: pagerduty.get-timeline
        with:
          incident_id: '{{incident_id}}'
      - name: create-postmortem
        type: call
        call: confluence.create-page
        with:
          spaceKey: ENG
          title: 'Postmortem: {{get-incident.title}}'
          body: 'Severity: {{get-incident.urgency}}. Duration: {{get-incident.duration}}. Timeline entries: {{get-timeline.total}}.'
      - name: notify
        type: call
        call: slack.post-message
        with:
          channel: engineering
          text: 'Postmortem ready: {{get-incident.title}} | Severity: {{get-incident.urgency}} | Doc: {{create-postmortem.url}}'
  consumes:
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents/{incident_id}
      inputParameters:
      - name: incident_id
        in: path
      operations:
      - name: get-incident
        method: GET
    - name: logs
      path: /incidents/{incident_id}/log_entries
      inputParameters:
      - name: incident_id
        in: path
      operations:
      - name: get-timeline
        method: GET
  - namespace: confluence
    type: http
    baseUri: https://americanexpress.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Screens high-value transactions for anti-money laundering by running sanctions checks, creating a compliance review case, and filing a suspicious activity report if needed.

naftiko: '0.5'
info:
  label: AML Transaction Screening Workflow
  description: Screens high-value transactions for anti-money laundering by running sanctions checks, creating a compliance review case, and filing a suspicious activity report if needed.
  tags:
  - compliance
  - aml
  - security
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: aml-screening
    port: 8080
    tools:
    - name: screen-transaction
      description: Screen a transaction for AML, create a compliance case, and file a SAR if warranted. Use when a high-value transaction triggers AML rules.
      inputParameters:
      - name: transaction_id
        in: body
        type: string
        description: Transaction ID to screen.
      - name: amount
        in: body
        type: string
        description: Transaction amount.
      - name: parties
        in: body
        type: string
        description: Comma-separated party names.
      steps:
      - name: screen
        type: call
        call: amex-sanctions.screen-transaction
        with:
          transaction_id: '{{transaction_id}}'
          amount: '{{amount}}'
          parties: '{{parties}}'
      - name: create-review
        type: call
        call: servicenow.create-case
        with:
          short_description: AML screening — txn {{transaction_id}}
          category: aml
          priority: '{{screen.risk_level}}'
          description: 'Screening result: {{screen.result}}. Hit count: {{screen.hit_count}}.'
      - name: file-report
        type: call
        call: amex-sar.file-sar
        with:
          transaction_id: '{{transaction_id}}'
          case_id: '{{create-review.sys_id}}'
          screening_result: '{{screen.result}}'
  consumes:
  - namespace: amex-sanctions
    type: http
    baseUri: https://api.americanexpress.com/v1/sanctions
    authentication:
      type: bearer
      token: $secrets.amex_sanctions_token
    resources:
    - name: screening
      path: /screen
      operations:
      - name: screen-transaction
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_compliance_case
      operations:
      - name: create-case
        method: POST
  - namespace: amex-sar
    type: http
    baseUri: https://api.americanexpress.com/v1/sar
    authentication:
      type: bearer
      token: $secrets.amex_sar_token
    resources:
    - name: reports
      path: /reports
      operations:
      - name: file-sar
        method: POST

Orchestrates employee termination by updating Workday, deactivating Okta, revoking corporate card, and creating a ServiceNow offboarding ticket.

naftiko: '0.5'
info:
  label: Workday Employee Termination Orchestration
  description: Orchestrates employee termination by updating Workday, deactivating Okta, revoking corporate card, and creating a ServiceNow offboarding ticket.
  tags:
  - hr
  - workday
  - okta
  - offboarding
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: termination-ops
    port: 8080
    tools:
    - name: orchestrate-termination
      description: Process an employee termination across all systems. Use when HR initiates an employee separation.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: Workday worker ID.
      - name: okta_user_id
        in: body
        type: string
        description: Okta user ID.
      - name: card_id
        in: body
        type: string
        description: Corporate card ID.
      - name: termination_date
        in: body
        type: string
        description: Last day of employment.
      - name: reason
        in: body
        type: string
        description: Termination reason.
      steps:
      - name: terminate-wd
        type: call
        call: workday.terminate-worker
        with:
          worker_id: '{{worker_id}}'
          termination_date: '{{termination_date}}'
          reason: '{{reason}}'
      - name: deactivate-okta
        type: call
        call: okta.deactivate-user
        with:
          user_id: '{{okta_user_id}}'
      - name: cancel-card
        type: call
        call: amex-corporate.cancel-card
        with:
          card_id: '{{card_id}}'
      - name: create-ticket
        type: call
        call: servicenow.create-request
        with:
          short_description: Offboarding — {{worker_id}}
          description: 'Workday terminated. Okta deactivated. Corporate card cancelled. Termination date: {{termination_date}}.'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd3-impl-services1.workday.com/ccx/service/amex
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{worker_id}/terminate
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: terminate-worker
        method: POST
  - namespace: okta
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: users
      path: /users/{user_id}/lifecycle/deactivate
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: deactivate-user
        method: POST
  - namespace: amex-corporate
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corporate_token
    resources:
    - name: cards
      path: /cards/{card_id}/cancel
      inputParameters:
      - name: card_id
        in: path
      operations:
      - name: cancel-card
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST

Rotates TLS certificates for payment gateway endpoints by generating a new certificate, deploying it via Terraform, validating connectivity, and notifying the infrastructure team via Slack.

naftiko: '0.5'
info:
  label: Payment Gateway Certificate Rotation
  description: Rotates TLS certificates for payment gateway endpoints by generating a new certificate, deploying it via Terraform, validating connectivity, and notifying the infrastructure team via Slack.
  tags:
  - security
  - infrastructure
  - terraform
  - slack
capability:
  exposes:
  - type: mcp
    namespace: cert-rotation
    port: 8080
    tools:
    - name: rotate-gateway-cert
      description: Generate a new TLS certificate, deploy via Terraform, validate, and notify the team. Use during scheduled certificate rotation windows.
      inputParameters: []
      steps:
      - name: generate-cert
        type: call
        call: amex-pki.generate-cert
        with:
          domain: gateway.americanexpress.com
          validity_days: '365'
      - name: deploy-cert
        type: call
        call: terraform-cloud.trigger-apply
        with:
          workspace_id: $secrets.tf_gateway_workspace
          message: Cert rotation — {{generate-cert.serial_number}}
      - name: validate
        type: call
        call: amex-gateway.check-health
        with: {}
      - name: notify
        type: call
        call: slack.post-message
        with:
          channel: infra-ops
          text: 'TLS cert rotated for gateway.americanexpress.com. Serial: {{generate-cert.serial_number}}. Health: {{validate.status}}'
  consumes:
  - namespace: amex-pki
    type: http
    baseUri: https://api.americanexpress.com/v1/pki
    authentication:
      type: bearer
      token: $secrets.amex_pki_token
    resources:
    - name: certificates
      path: /certificates
      operations:
      - name: generate-cert
        method: POST
  - namespace: terraform-cloud
    type: http
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: trigger-apply
        method: POST
  - namespace: amex-gateway
    type: http
    baseUri: https://api.americanexpress.com/v1/gateway
    authentication:
      type: bearer
      token: $secrets.amex_gateway_token
    resources:
    - name: health
      path: /health
      operations:
      - name: check-health
        method: GET
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Routes a vendor invoice through approval by validating the PO in SAP, creating an approval task in ServiceNow, and notifying the approver via Slack.

naftiko: '0.5'
info:
  label: Vendor Invoice Approval Workflow
  description: Routes a vendor invoice through approval by validating the PO in SAP, creating an approval task in ServiceNow, and notifying the approver via Slack.
  tags:
  - finance
  - procurement
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: invoice-approval
    port: 8080
    tools:
    - name: route-invoice-approval
      description: Validate a purchase order, create an approval task, and notify the approver. Use when a vendor invoice requires approval routing.
      inputParameters:
      - name: po_number
        in: body
        type: string
        description: Purchase order number.
      - name: vendor_name
        in: body
        type: string
        description: Vendor name.
      - name: invoice_amount
        in: body
        type: string
        description: Invoice amount.
      steps:
      - name: validate-po
        type: call
        call: sap.get-po
        with:
          po_number: '{{po_number}}'
      - name: create-approval
        type: call
        call: servicenow.create-approval
        with:
          source_table: ap_invoice
          approver: '{{validate-po.budget_owner}}'
          state: requested
      - name: notify-approver
        type: call
        call: slack.post-message
        with:
          channel: '{{validate-po.budget_owner_slack}}'
          text: 'Invoice approval needed: PO {{po_number}} | Vendor: {{vendor_name}} | Amount: ${{invoice_amount}} | Approval: {{create-approval.sys_id}}'
  consumes:
  - namespace: sap
    type: http
    baseUri: https://api.americanexpress.com/v1/sap
    authentication:
      type: bearer
      token: $secrets.sap_token
    resources:
    - name: purchase-orders
      path: /purchase-orders/{po_number}
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: approvals
      path: /table/sysapproval_approver
      operations:
      - name: create-approval
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Checks the PCI-DSS compliance status of a merchant from the compliance registry.

naftiko: '0.5'
info:
  label: PCI Compliance Status Lookup
  description: Checks the PCI-DSS compliance status of a merchant from the compliance registry.
  tags:
  - compliance
  - merchants
  - security
capability:
  exposes:
  - type: mcp
    namespace: amex-compliance
    port: 8080
    tools:
    - name: get-pci-status
      description: Given a merchant ID, return the PCI-DSS compliance status, last assessment date, and compliance level. Use when verifying merchant security compliance.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: The merchant identifier.
      call: amex-compliance.get-pci-status
      with:
        merchant_id: '{{merchant_id}}'
      outputParameters:
      - name: compliant
        type: boolean
        mapping: $.compliant
      - name: last_assessment
        type: string
        mapping: $.last_assessment
      - name: level
        type: string
        mapping: $.level
  consumes:
  - namespace: amex-compliance
    type: http
    baseUri: https://api.americanexpress.com/v1/compliance
    authentication:
      type: bearer
      token: $secrets.amex_compliance_token
    resources:
    - name: pci-status
      path: /merchants/{merchant_id}/pci-status
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: get-pci-status
        method: GET

Provisions Tableau dashboard access for a user by verifying their role in Okta, adding them to the Tableau site, and confirming via email.

naftiko: '0.5'
info:
  label: Tableau Dashboard Access Provisioning
  description: Provisions Tableau dashboard access for a user by verifying their role in Okta, adding them to the Tableau site, and confirming via email.
  tags:
  - tableau
  - okta
  - access-management
  - email
capability:
  exposes:
  - type: mcp
    namespace: tableau-access
    port: 8080
    tools:
    - name: provision-tableau-access
      description: Verify a user's role and provision Tableau access. Use when a user requests dashboard access.
      inputParameters:
      - name: user_id
        in: body
        type: string
        description: Okta user ID.
      - name: tableau_role
        in: body
        type: string
        description: Tableau site role (Viewer, Explorer, Creator).
      steps:
      - name: verify-role
        type: call
        call: okta.get-user
        with:
          user_id: '{{user_id}}'
      - name: add-to-tableau
        type: call
        call: tableau.add-user
        with:
          site_id: $secrets.tableau_site_id
          email: '{{verify-role.profile.email}}'
          role: '{{tableau_role}}'
      - name: confirm
        type: call
        call: email.send-email
        with:
          to: '{{verify-role.profile.email}}'
          subject: Tableau access granted
          body: You now have {{tableau_role}} access to the Tableau site. Login at https://americanexpress.online.tableau.com
  consumes:
  - namespace: okta
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: users
      path: /users/{user_id}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: get-user
        method: GET
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.online.tableau.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: users
      path: /sites/{site_id}/users
      inputParameters:
      - name: site_id
        in: path
      operations:
      - name: add-user
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Retrieves weekly campaign performance metrics from Adobe Analytics and posts a formatted digest to the marketing Slack channel and Microsoft Teams marketing hub.

naftiko: '0.5'
info:
  label: Marketing Campaign Performance Digest
  description: Retrieves weekly campaign performance metrics from Adobe Analytics and posts a formatted digest to the marketing Slack channel and Microsoft Teams marketing hub.
  tags:
  - marketing
  - adobe-analytics
  - slack
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: marketing-reporting
    port: 8080
    tools:
    - name: digest-campaign-performance
      description: Given an Adobe Analytics report suite ID and date range, retrieve campaign performance metrics (impressions, clicks, conversions) and post a summary digest to the marketing Slack channel and Teams. Use for weekly or monthly campaign performance reviews.
      inputParameters:
      - name: report_suite_id
        in: body
        type: string
        description: The Adobe Analytics report suite ID to query.
      - name: from_date
        in: body
        type: string
        description: Start date for the performance period in YYYY-MM-DD format.
      - name: to_date
        in: body
        type: string
        description: End date for the performance period in YYYY-MM-DD format.
      steps:
      - name: get-metrics
        type: call
        call: adobe-analytics.get-report
        with:
          report_suite_id: '{{report_suite_id}}'
          date_from: '{{from_date}}'
          date_to: '{{to_date}}'
          metrics: pageviews,visits,orders,revenue
      - name: post-slack-digest
        type: call
        call: slack-marketing.post-message
        with:
          channel: marketing-performance
          text: 'Campaign Performance {{from_date}} to {{to_date}} | Visits: {{get-metrics.visits}} | Conversions: {{get-metrics.orders}} | Revenue: ${{get-metrics.revenue}}'
      - name: post-teams-digest
        type: call
        call: msteams-marketing.post-channel-message
        with:
          channel_id: $secrets.teams_marketing_channel_id
          content: 'Weekly Campaign Summary ({{from_date}} — {{to_date}})

            Visits: {{get-metrics.visits}}

            Orders: {{get-metrics.orders}}

            Revenue: ${{get-metrics.revenue}}'
  consumes:
  - namespace: adobe-analytics
    type: http
    baseUri: https://analytics.adobe.io/api
    authentication:
      type: bearer
      token: $secrets.adobe_analytics_token
    resources:
    - name: report
      path: /{global_company_id}/reports
      inputParameters:
      - name: global_company_id
        in: path
      operations:
      - name: get-report
        method: POST
  - namespace: slack-marketing
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
  - namespace: msteams-marketing
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-message
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves the current status of a merchant onboarding application from the merchant services platform and returns structured status details.

naftiko: '0.5'
info:
  label: Merchant Onboarding Application Status Check
  description: Retrieves the current status of a merchant onboarding application from the merchant services platform and returns structured status details.
  tags:
  - merchant-services
  - onboarding
  - payments
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: merchant-onboarding
    port: 8080
    tools:
    - name: get-merchant-application-status
      description: Given a merchant application ID, return the current onboarding status, review stage, and any pending requirements. Use when a merchant services agent needs to check where an application stands.
      inputParameters:
      - name: application_id
        in: body
        type: string
        description: The merchant onboarding application ID issued at submission.
      call: amex-merchant.get-application
      with:
        application_id: '{{application_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: review_stage
        type: string
        mapping: $.review_stage
      - name: pending_items
        type: array
        mapping: $.pending_items
  consumes:
  - namespace: amex-merchant
    type: http
    baseUri: https://api.americanexpress.com/v1/merchant-services
    authentication:
      type: bearer
      token: $secrets.amex_merchant_token
    resources:
    - name: application
      path: /applications/{application_id}
      inputParameters:
      - name: application_id
        in: path
      operations:
      - name: get-application
        method: GET

Generates a merchant renewal pipeline digest by querying Salesforce opportunities, summarizing in Snowflake, and distributing via Slack.

naftiko: '0.5'
info:
  label: Salesforce Renewal Pipeline Digest
  description: Generates a merchant renewal pipeline digest by querying Salesforce opportunities, summarizing in Snowflake, and distributing via Slack.
  tags:
  - salesforce
  - renewals
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: renewal-digest
    port: 8080
    tools:
    - name: generate-renewal-digest
      description: Summarize the renewal pipeline and share with the team. Use for weekly pipeline reviews.
      inputParameters: []
      steps:
      - name: get-renewals
        type: call
        call: salesforce.run-soql
        with:
          q: SELECT Name, Amount, CloseDate FROM Opportunity WHERE StageName='Renewal' AND CloseDate=THIS_QUARTER
      - name: summarize
        type: call
        call: snowflake.run-query
        with:
          query: SELECT COUNT(*) as total, SUM(amount) as pipeline_value FROM SALES_DB.PUBLIC.RENEWAL_PIPELINE WHERE quarter=CURRENT_QUARTER()
      - name: post-digest
        type: call
        call: slack.post-message
        with:
          channel: merchant-renewals
          text: 'Renewal pipeline: {{summarize.total}} renewals | ${{summarize.pipeline_value}} | Details in Salesforce'
  consumes:
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      operations:
      - name: run-soql
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Triggers the annual performance review cycle in Workday for a specified business unit and sends a Microsoft Teams notification to all managers in that unit.

naftiko: '0.5'
info:
  label: Employee Performance Review Cycle Initiation
  description: Triggers the annual performance review cycle in Workday for a specified business unit and sends a Microsoft Teams notification to all managers in that unit.
  tags:
  - hr
  - performance-management
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: performance-hr
    port: 8080
    tools:
    - name: initiate-performance-review
      description: Given a Workday business unit ID and review period, trigger the performance review process in Workday and send a Teams notification to all managers in the unit with instructions. Use at the start of annual or mid-year review cycles.
      inputParameters:
      - name: business_unit_id
        in: body
        type: string
        description: The Workday business unit ID for which to initiate the review cycle.
      - name: review_period
        in: body
        type: string
        description: The review period label (e.g., 2026-Annual, 2026-MidYear).
      - name: due_date
        in: body
        type: string
        description: The deadline for review completion in YYYY-MM-DD format.
      steps:
      - name: start-review-process
        type: call
        call: workday-perf.initiate-review
        with:
          business_unit_id: '{{business_unit_id}}'
          review_period: '{{review_period}}'
          due_date: '{{due_date}}'
      - name: notify-managers
        type: call
        call: msteams-hr.post-channel-message
        with:
          channel_id: $secrets.teams_managers_channel_id
          content: 'The {{review_period}} performance review cycle has been initiated. Please complete reviews for your direct reports by {{due_date}}. Process ID: {{start-review-process.process_id}}'
  consumes:
  - namespace: workday-perf
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: review
      path: /performanceReviews
      operations:
      - name: initiate-review
        method: POST
  - namespace: msteams-hr
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-message
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Responds to CloudWatch alarms for Lambda error spikes by fetching error logs, creating a PagerDuty incident, and posting diagnostics to Slack.

naftiko: '0.5'
info:
  label: CloudWatch Lambda Error Spike Response
  description: Responds to CloudWatch alarms for Lambda error spikes by fetching error logs, creating a PagerDuty incident, and posting diagnostics to Slack.
  tags:
  - aws
  - cloudwatch
  - lambda
  - pagerduty
  - slack
capability:
  exposes:
  - type: mcp
    namespace: lambda-errors
    port: 8080
    tools:
    - name: respond-lambda-errors
      description: Fetch Lambda error logs, page on-call, and post diagnostics. Use when CloudWatch detects an error spike in a Lambda function.
      inputParameters:
      - name: function_name
        in: body
        type: string
        description: AWS Lambda function name.
      steps:
      - name: get-errors
        type: call
        call: cloudwatch.get-log-events
        with:
          logGroupName: /aws/lambda/{{function_name}}
          filterPattern: ERROR
          limit: '25'
      - name: page-team
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Lambda error spike: {{function_name}}'
          service_id: $secrets.pd_lambda_service_id
          urgency: high
      - name: post-diagnostics
        type: call
        call: slack.post-message
        with:
          channel: serverless-ops
          text: 'Lambda error spike: {{function_name}} | Errors: {{get-errors.event_count}} | PD: {{page-team.incident_number}} | Latest: {{get-errors.events[0].message}}'
  consumes:
  - namespace: cloudwatch
    type: http
    baseUri: https://logs.us-east-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_token
    resources:
    - name: logs
      path: /
      operations:
      - name: get-log-events
        method: POST
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When CrowdStrike detects a suspicious login event for a privileged account, suspends the Okta user session, opens a ServiceNow security incident, and alerts the SOC Slack channel.

naftiko: '0.5'
info:
  label: Suspicious Login Threat Response
  description: When CrowdStrike detects a suspicious login event for a privileged account, suspends the Okta user session, opens a ServiceNow security incident, and alerts the SOC Slack channel.
  tags:
  - security
  - crowdstrike
  - okta
  - servicenow
  - slack
  - identity
  - threat-response
capability:
  exposes:
  - type: mcp
    namespace: soc-response
    port: 8080
    tools:
    - name: respond-to-suspicious-login
      description: Given a CrowdStrike detection ID and the affected user's email, retrieve detection details, suspend the user's Okta sessions, open a ServiceNow security incident, and alert the SOC Slack channel. Use for privileged account compromise response.
      inputParameters:
      - name: detection_id
        in: body
        type: string
        description: The CrowdStrike Falcon detection ID for the suspicious login event.
      - name: user_email
        in: body
        type: string
        description: The email address of the account flagged in the detection.
      steps:
      - name: get-detection
        type: call
        call: crowdstrike.get-detection
        with:
          detection_id: '{{detection_id}}'
      - name: get-okta-user
        type: call
        call: okta-soc.get-user-by-login
        with:
          login: '{{user_email}}'
      - name: clear-sessions
        type: call
        call: okta-sessions.clear-user-sessions
        with:
          user_id: '{{get-okta-user.id}}'
      - name: create-sec-incident
        type: call
        call: servicenow-soc.create-incident
        with:
          category: security
          subcategory: suspicious_login
          short_description: Suspicious login detected for {{user_email}}
          description: 'CrowdStrike Detection: {{detection_id}}

            User: {{user_email}}

            Okta sessions cleared: true

            Detection details: {{get-detection.description}}'
          urgency: '1'
          impact: '2'
      - name: alert-soc
        type: call
        call: slack-soc.post-message
        with:
          channel: soc-alerts
          text: 'Suspicious Login Response | User: {{user_email}} | Detection: {{detection_id}} | Okta sessions cleared | SNOW: {{create-sec-incident.number}}'
  consumes:
  - namespace: crowdstrike
    type: http
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_access_token
    resources:
    - name: detection
      path: /detects/entities/detect/v2
      operations:
      - name: get-detection
        method: GET
  - namespace: okta-soc
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user
      path: /users/{login}
      inputParameters:
      - name: login
        in: path
      operations:
      - name: get-user-by-login
        method: GET
  - namespace: okta-sessions
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user-sessions
      path: /users/{user_id}/sessions
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: clear-user-sessions
        method: DELETE
  - namespace: servicenow-soc
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack-soc
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Looks up a merchant category code and returns its description and risk classification from the merchant data service.

naftiko: '0.5'
info:
  label: Merchant Category Code Lookup
  description: Looks up a merchant category code and returns its description and risk classification from the merchant data service.
  tags:
  - merchants
  - payments
  - data
capability:
  exposes:
  - type: mcp
    namespace: amex-merchant-data
    port: 8080
    tools:
    - name: get-mcc
      description: Given a merchant category code, return its description, risk level, and category. Use when classifying merchant transactions.
      inputParameters:
      - name: mcc_code
        in: body
        type: string
        description: The merchant category code to look up.
      call: amex-merchant-data.get-mcc
      with:
        mcc_code: '{{mcc_code}}'
      outputParameters:
      - name: description
        type: string
        mapping: $.description
      - name: risk_level
        type: string
        mapping: $.risk_level
      - name: category
        type: string
        mapping: $.category
  consumes:
  - namespace: amex-merchant-data
    type: http
    baseUri: https://api.americanexpress.com/v1/merchants
    authentication:
      type: bearer
      token: $secrets.amex_merchant_token
    resources:
    - name: mcc
      path: /mcc/{mcc_code}
      inputParameters:
      - name: mcc_code
        in: path
      operations:
      - name: get-mcc
        method: GET

Checks whether a cardholder has active travel notifications on file and returns destination and date ranges.

naftiko: '0.5'
info:
  label: Cardholder Travel Notification Status
  description: Checks whether a cardholder has active travel notifications on file and returns destination and date ranges.
  tags:
  - cardholder
  - travel
  - notifications
capability:
  exposes:
  - type: mcp
    namespace: amex-travel
    port: 8080
    tools:
    - name: get-travel-notifications
      description: Given a cardholder account ID, return active travel notifications including destinations and dates. Use when verifying travel alerts before flagging foreign transactions.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-travel.get-travel-notifications
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: notifications
        type: array
        mapping: $.notifications
      - name: active_count
        type: number
        mapping: $.active_count
  consumes:
  - namespace: amex-travel
    type: http
    baseUri: https://api.americanexpress.com/v1/travel
    authentication:
      type: bearer
      token: $secrets.amex_travel_token
    resources:
    - name: notifications
      path: /accounts/{account_id}/travel-notifications
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-travel-notifications
        method: GET

Pulls a headcount snapshot from Workday by department and pushes the data to Snowflake for aggregation in workforce analytics dashboards.

naftiko: '0.5'
info:
  label: Headcount Reporting Snapshot
  description: Pulls a headcount snapshot from Workday by department and pushes the data to Snowflake for aggregation in workforce analytics dashboards.
  tags:
  - hr
  - workforce-analytics
  - workday
  - snowflake
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: hr-reporting
    port: 8080
    tools:
    - name: publish-headcount-snapshot
      description: Given a department ID and reporting period, retrieve headcount data from Workday and insert a snapshot record into the Snowflake workforce analytics table. Use for monthly headcount reporting and workforce planning.
      inputParameters:
      - name: department_id
        in: body
        type: string
        description: The Workday department ID to pull headcount data for.
      - name: reporting_period
        in: body
        type: string
        description: The reporting period in YYYY-MM format (e.g., 2026-03).
      steps:
      - name: get-headcount
        type: call
        call: workday-hr.get-headcount
        with:
          department_id: '{{department_id}}'
          as_of_date: '{{reporting_period}}'
      - name: insert-snapshot
        type: call
        call: snowflake-hr.insert-headcount
        with:
          department_id: '{{department_id}}'
          period: '{{reporting_period}}'
          headcount: '{{get-headcount.total_headcount}}'
          fte_count: '{{get-headcount.fte_count}}'
          contractor_count: '{{get-headcount.contractor_count}}'
  consumes:
  - namespace: workday-hr
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: headcount
      path: /organizations/{department_id}/headcount
      inputParameters:
      - name: department_id
        in: path
      operations:
      - name: get-headcount
        method: GET
  - namespace: snowflake-hr
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: headcount
      path: /statements
      operations:
      - name: insert-headcount
        method: POST

Launches a targeted Amex Offers campaign by querying eligible cardholders in Snowflake, creating the offer in the offers platform, and triggering email notifications via Adobe Campaign.

naftiko: '0.5'
info:
  label: Amex Offer Activation Campaign
  description: Launches a targeted Amex Offers campaign by querying eligible cardholders in Snowflake, creating the offer in the offers platform, and triggering email notifications via Adobe Campaign.
  tags:
  - offers
  - marketing
  - snowflake
  - adobe-campaign
capability:
  exposes:
  - type: mcp
    namespace: offer-campaigns
    port: 8080
    tools:
    - name: launch-offer-campaign
      description: Find eligible cardholders, create an offer, and trigger the email campaign. Use when launching a new Amex Offers promotion.
      inputParameters:
      - name: offer_name
        in: body
        type: string
        description: Name of the Amex Offer.
      - name: merchant_id
        in: body
        type: string
        description: Participating merchant ID.
      - name: discount_percent
        in: body
        type: string
        description: Discount percentage.
      - name: target_segment
        in: body
        type: string
        description: Target cardholder segment.
      - name: campaign_template_id
        in: body
        type: string
        description: Adobe Campaign template ID.
      steps:
      - name: find-eligible
        type: call
        call: snowflake.run-query
        with:
          query: SELECT account_id FROM MARKETING_DB.PUBLIC.CARDHOLDER_SEGMENTS WHERE segment='{{target_segment}}' AND eligible=TRUE
      - name: create-offer
        type: call
        call: amex-offers.create-offer
        with:
          name: '{{offer_name}}'
          merchant_id: '{{merchant_id}}'
          discount: '{{discount_percent}}'
          segment: '{{target_segment}}'
      - name: trigger-emails
        type: call
        call: adobe-campaign.trigger-campaign
        with:
          campaign_id: '{{campaign_template_id}}'
          offer_id: '{{create-offer.offer_id}}'
          audience_count: '{{find-eligible.row_count}}'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: amex-offers
    type: http
    baseUri: https://api.americanexpress.com/v1/offers
    authentication:
      type: bearer
      token: $secrets.amex_offers_token
    resources:
    - name: offers
      path: /offers
      operations:
      - name: create-offer
        method: POST
  - namespace: adobe-campaign
    type: http
    baseUri: https://mc.adobe.io/americanexpress/campaign
    authentication:
      type: bearer
      token: $secrets.adobe_campaign_token
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: trigger-campaign
        method: POST

Generates a campaign ROI report by pulling performance data from Google Analytics, enriching with spend data from Snowflake, and distributing via email.

naftiko: '0.5'
info:
  label: Google Analytics Campaign ROI Report
  description: Generates a campaign ROI report by pulling performance data from Google Analytics, enriching with spend data from Snowflake, and distributing via email.
  tags:
  - google-analytics
  - marketing
  - snowflake
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: campaign-roi
    port: 8080
    tools:
    - name: generate-roi-report
      description: Pull campaign performance, enrich with spend data, and distribute. Use for periodic campaign reporting.
      inputParameters:
      - name: ga_property_id
        in: body
        type: string
        description: Google Analytics property ID.
      - name: date_range
        in: body
        type: string
        description: Date range for the report.
      steps:
      - name: get-performance
        type: call
        call: google-analytics.run-report
        with:
          property_id: '{{ga_property_id}}'
          dateRange: '{{date_range}}'
      - name: get-spend
        type: call
        call: snowflake.run-query
        with:
          query: SELECT SUM(spend) as total_spend FROM MARKETING_DB.PUBLIC.CAMPAIGN_SPEND WHERE date_range='{{date_range}}'
      - name: distribute
        type: call
        call: email.send-email
        with:
          to: marketing-leadership@americanexpress.com
          subject: Campaign ROI Report — {{date_range}}
          body: 'Sessions: {{get-performance.totals.sessions}}. Conversions: {{get-performance.totals.conversions}}. Revenue: ${{get-performance.totals.revenue}}. Spend: ${{get-spend.total_spend}}.'
  consumes:
  - namespace: google-analytics
    type: http
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /properties/{property_id}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Pulls approved corporate card transactions from SAP Concur and posts summarized expense entries to SAP S/4HANA for financial reconciliation.

naftiko: '0.5'
info:
  label: Corporate Card Expense Report Sync
  description: Pulls approved corporate card transactions from SAP Concur and posts summarized expense entries to SAP S/4HANA for financial reconciliation.
  tags:
  - finance
  - expense-management
  - sap-concur
  - sap-s4hana
  - reconciliation
capability:
  exposes:
  - type: mcp
    namespace: expense-finance
    port: 8080
    tools:
    - name: sync-expense-report
      description: Given a Concur expense report ID, fetch the approved report and post each line item as a journal entry in SAP S/4HANA. Use when corporate card expenses need to be reconciled in the general ledger.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: The SAP Concur expense report ID to sync.
      - name: company_code
        in: body
        type: string
        description: The SAP S/4HANA company code for posting journal entries (e.g., 1000).
      steps:
      - name: get-report
        type: call
        call: concur.get-expense-report
        with:
          report_id: '{{report_id}}'
      - name: post-journal
        type: call
        call: s4hana.post-journal-entry
        with:
          company_code: '{{company_code}}'
          amount: '{{get-report.total_amount}}'
          currency: '{{get-report.currency_code}}'
          cost_center: '{{get-report.cost_center}}'
          reference: '{{report_id}}'
  consumes:
  - namespace: concur
    type: http
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_access_token
    resources:
    - name: expense-report
      path: /expense/reports/{report_id}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-expense-report
        method: GET
  - namespace: s4hana
    type: http
    baseUri: https://americanexpress-s4.sap.com/sap/opu/odata/sap/API_JOURNALENTRYITEMBASIC_SRV
    authentication:
      type: basic
      username: $secrets.s4hana_user
      password: $secrets.s4hana_password
    resources:
    - name: journal-entry
      path: /JournalEntryItemBasic
      operations:
      - name: post-journal-entry
        method: POST

Retrieves a compliance document from SharePoint, submits it to Anthropic Claude for key obligation extraction, and posts the summary to the Legal & Compliance Teams channel.

naftiko: '0.5'
info:
  label: Regulatory Compliance Document Summarization
  description: Retrieves a compliance document from SharePoint, submits it to Anthropic Claude for key obligation extraction, and posts the summary to the Legal & Compliance Teams channel.
  tags:
  - compliance
  - legal
  - sharepoint
  - anthropic
  - ai
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: compliance-ai
    port: 8080
    tools:
    - name: summarize-compliance-doc
      description: Given a SharePoint document site ID and file path, retrieve the document, send it to Anthropic Claude to extract key regulatory obligations and risk items, and post the summary to a Teams channel. Use when legal or compliance teams need rapid document triage.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The SharePoint site ID where the compliance document is stored.
      - name: file_path
        in: body
        type: string
        description: The relative file path of the document within the SharePoint site.
      - name: teams_channel_id
        in: body
        type: string
        description: The Microsoft Teams channel ID to post the summary to.
      steps:
      - name: get-document
        type: call
        call: sharepoint.get-file-content
        with:
          site_id: '{{site_id}}'
          file_path: '{{file_path}}'
      - name: extract-obligations
        type: call
        call: anthropic.create-message
        with:
          model: claude-opus-4-5
          prompt: 'You are a regulatory compliance analyst. Extract and list: (1) key obligations, (2) compliance deadlines, (3) risk areas from this document. Be concise. Document: {{get-document.content}}'
      - name: post-to-teams
        type: call
        call: msteams-compliance.post-channel-message
        with:
          channel_id: '{{teams_channel_id}}'
          content: 'Compliance Summary for {{file_path}}:


            {{extract-obligations.content}}'
  consumes:
  - namespace: sharepoint
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: file-content
      path: /sites/{site_id}/drive/root:/{file_path}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: file_path
        in: path
      operations:
      - name: get-file-content
        method: GET
  - namespace: anthropic
    type: http
    baseUri: https://api.anthropic.com/v1
    authentication:
      type: apikey
      key: x-api-key
      value: $secrets.anthropic_api_key
      placement: header
    resources:
    - name: message
      path: /messages
      operations:
      - name: create-message
        method: POST
  - namespace: msteams-compliance
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-message
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Provisions corporate cards in bulk by reading employee data from Workday, creating card accounts, and sending activation instructions via email.

naftiko: '0.5'
info:
  label: Corporate Card Bulk Provisioning
  description: Provisions corporate cards in bulk by reading employee data from Workday, creating card accounts, and sending activation instructions via email.
  tags:
  - corporate
  - cards
  - workday
  - onboarding
capability:
  exposes:
  - type: mcp
    namespace: bulk-provision
    port: 8080
    tools:
    - name: bulk-provision-cards
      description: Provision corporate cards for a department by pulling employees from Workday and creating card accounts. Use during new department onboarding.
      inputParameters:
      - name: department
        in: body
        type: string
        description: Department name.
      - name: card_program
        in: body
        type: string
        description: Corporate card program ID.
      - name: spending_limit
        in: body
        type: string
        description: Default spending limit.
      - name: distribution_list
        in: body
        type: string
        description: Distribution list email.
      steps:
      - name: get-employees
        type: call
        call: workday.get-workers
        with:
          department: '{{department}}'
          status: active
      - name: provision-cards
        type: call
        call: amex-corporate.bulk-provision
        with:
          employees: '{{get-employees.workers}}'
          card_program: '{{card_program}}'
          spending_limit: '{{spending_limit}}'
      - name: send-instructions
        type: call
        call: email.send-email
        with:
          to: '{{distribution_list}}'
          subject: Corporate Amex cards provisioned
          body: '{{provision-cards.provisioned_count}} cards provisioned for {{department}}. Employees will receive activation instructions individually.'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd3-impl-services1.workday.com/ccx/service/amex
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers
      operations:
      - name: get-workers
        method: GET
  - namespace: amex-corporate
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corporate_token
    resources:
    - name: cards
      path: /cards/bulk-provision
      operations:
      - name: bulk-provision
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Monitors Bloomberg market data feeds for significant movements, creates an alert in ServiceNow, and notifies the trading desk via Slack with context from Snowflake analytics.

naftiko: '0.5'
info:
  label: Bloomberg Market Data Alert Workflow
  description: Monitors Bloomberg market data feeds for significant movements, creates an alert in ServiceNow, and notifies the trading desk via Slack with context from Snowflake analytics.
  tags:
  - bloomberg
  - market-data
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: market-alerts
    port: 8080
    tools:
    - name: process-market-alert
      description: Process a market data movement by calculating exposure, creating an incident, and alerting the desk. Use when Bloomberg detects significant price movements.
      inputParameters:
      - name: dataset
        in: body
        type: string
        description: Bloomberg dataset identifier.
      - name: securities
        in: body
        type: string
        description: Comma-separated security identifiers.
      steps:
      - name: get-data
        type: call
        call: bloomberg.get-market-data
        with:
          dataset: '{{dataset}}'
          securities: '{{securities}}'
      - name: get-exposure
        type: call
        call: snowflake.run-query
        with:
          query: SELECT SUM(notional) as exposure FROM TREASURY_DB.PUBLIC.POSITIONS WHERE security IN ('{{securities}}')
      - name: create-alert
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Market movement alert: {{securities}}'
          category: market-risk
          description: 'Movement: {{get-data.change_pct}}%. Exposure: ${{get-exposure.exposure}}.'
      - name: notify-desk
        type: call
        call: slack.post-message
        with:
          channel: trading-desk
          text: 'Market alert: {{securities}} moved {{get-data.change_pct}}%. Our exposure: ${{get-exposure.exposure}}. SNOW: {{create-alert.number}}'
  consumes:
  - namespace: bloomberg
    type: http
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: data
      path: /data/{dataset}
      inputParameters:
      - name: dataset
        in: path
      operations:
      - name: get-market-data
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a Salesforce opportunity for a new corporate card program is marked Closed-Won, creates the program account in the corporate card platform and sends confirmation to the sales rep via email.

naftiko: '0.5'
info:
  label: Salesforce Opportunity to Card Program Sync
  description: When a Salesforce opportunity for a new corporate card program is marked Closed-Won, creates the program account in the corporate card platform and sends confirmation to the sales rep via email.
  tags:
  - sales
  - crm
  - salesforce
  - payments
  - corporate-cards
capability:
  exposes:
  - type: mcp
    namespace: sales-card-sync
    port: 8080
    tools:
    - name: activate-card-program
      description: Given a Salesforce opportunity ID for a closed-won corporate card program deal, retrieve opportunity details, create the card program account, and notify the responsible sales representative. Use when a B2B card program deal is won and needs activation.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID for the closed-won card program.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce-crm.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: create-program
        type: call
        call: amex-programs.create-program
        with:
          company_name: '{{get-opportunity.account_name}}'
          credit_limit: '{{get-opportunity.amount}}'
          billing_contact_email: '{{get-opportunity.billing_email}}'
          program_type: corporate_card
      - name: notify-rep
        type: call
        call: salesforce-email.send-email
        with:
          to: '{{get-opportunity.owner_email}}'
          subject: Card program activated for {{get-opportunity.account_name}}
          body: 'The corporate card program for {{get-opportunity.account_name}} has been activated. Program ID: {{create-program.program_id}}.'
  consumes:
  - namespace: salesforce-crm
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: opportunity
      path: /sobjects/Opportunity/{opportunity_id}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - namespace: amex-programs
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corp_token
    resources:
    - name: program
      path: /programs
      operations:
      - name: create-program
        method: POST
  - namespace: salesforce-email
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: email
      path: /actions/standard/emailSimple
      operations:
      - name: send-email
        method: POST

Recovers from a Snowflake data pipeline failure by checking pipeline status, retrying the failed task, creating a ServiceNow incident, and notifying the data engineering team via Slack.

naftiko: '0.5'
info:
  label: Snowflake Data Pipeline Failure Recovery
  description: Recovers from a Snowflake data pipeline failure by checking pipeline status, retrying the failed task, creating a ServiceNow incident, and notifying the data engineering team via Slack.
  tags:
  - snowflake
  - data-engineering
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: pipeline-recovery
    port: 8080
    tools:
    - name: recover-pipeline
      description: Check a failed Snowflake pipeline, retry execution, create an incident, and notify the team. Use when a data pipeline task fails.
      inputParameters:
      - name: task_name
        in: body
        type: string
        description: Snowflake task name.
      steps:
      - name: check-status
        type: call
        call: snowflake.run-query
        with:
          query: SELECT * FROM TABLE(INFORMATION_SCHEMA.TASK_HISTORY()) WHERE NAME='{{task_name}}' AND STATE='FAILED' ORDER BY SCHEDULED_TIME DESC LIMIT 1
      - name: retry-task
        type: call
        call: snowflake.run-query
        with:
          query: EXECUTE TASK {{task_name}}
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Snowflake pipeline failure: {{task_name}}'
          category: data-engineering
          priority: '2'
          description: 'Task {{task_name}} failed. Error: {{check-status.error_message}}. Retry initiated.'
      - name: notify-team
        type: call
        call: slack.post-message
        with:
          channel: data-engineering
          text: 'Pipeline failure: {{task_name}}. Error: {{check-status.error_message}}. Retry initiated. SNOW: {{create-incident.number}}'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Performs merchant risk assessment by aggregating transaction data from Snowflake, running a risk model, updating the merchant profile in Salesforce, and filing findings in ServiceNow.

naftiko: '0.5'
info:
  label: Merchant Risk Assessment Workflow
  description: Performs merchant risk assessment by aggregating transaction data from Snowflake, running a risk model, updating the merchant profile in Salesforce, and filing findings in ServiceNow.
  tags:
  - merchants
  - risk
  - snowflake
  - salesforce
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: merchant-risk
    port: 8080
    tools:
    - name: assess-merchant-risk
      description: Assess merchant risk by analyzing transaction patterns and scoring. Use during periodic merchant risk reviews.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: Merchant ID.
      - name: sf_account_id
        in: body
        type: string
        description: Salesforce account ID.
      steps:
      - name: get-txn-data
        type: call
        call: snowflake.run-query
        with:
          query: SELECT AVG(amount) as avg_txn, COUNT(*) as txn_count, SUM(chargeback_amount) as cb_total FROM MERCHANT_DB.PUBLIC.TRANSACTIONS WHERE merchant_id='{{merchant_id}}' AND date >= DATEADD(month, -6, CURRENT_DATE())
      - name: score
        type: call
        call: amex-risk.score-merchant
        with:
          merchant_id: '{{merchant_id}}'
          avg_transaction: '{{get-txn-data.avg_txn}}'
          chargeback_total: '{{get-txn-data.cb_total}}'
      - name: update-sf
        type: call
        call: salesforce.update-account
        with:
          account_id: '{{sf_account_id}}'
          Risk_Score__c: '{{score.risk_score}}'
          Last_Assessment__c: '{{score.assessment_date}}'
      - name: file-findings
        type: call
        call: servicenow.create-case
        with:
          short_description: Merchant risk assessment — {{merchant_id}}
          description: 'Risk score: {{score.risk_score}}. Avg txn: ${{get-txn-data.avg_txn}}. Chargeback total: ${{get-txn-data.cb_total}}.'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: amex-risk
    type: http
    baseUri: https://api.americanexpress.com/v1/risk
    authentication:
      type: bearer
      token: $secrets.amex_risk_token
    resources:
    - name: merchant-risk
      path: /merchants/score
      operations:
      - name: score-merchant
        method: POST
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-account
        method: PATCH
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_risk_case
      operations:
      - name: create-case
        method: POST

Generates personalized spending insights for a cardholder by analyzing spend categories in Snowflake, creating a visual in Tableau, and delivering via email.

naftiko: '0.5'
info:
  label: Cardholder Spend Category Insights Digest
  description: Generates personalized spending insights for a cardholder by analyzing spend categories in Snowflake, creating a visual in Tableau, and delivering via email.
  tags:
  - cardholder
  - analytics
  - snowflake
  - tableau
  - personalization
capability:
  exposes:
  - type: mcp
    namespace: spend-insights
    port: 8080
    tools:
    - name: generate-spend-insights
      description: Analyze spending patterns and deliver a personalized insights digest. Use for monthly cardholder engagement.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: month
        in: body
        type: string
        description: Month for insights (e.g. 2026-03).
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email.
      steps:
      - name: analyze-spend
        type: call
        call: snowflake.run-query
        with:
          query: SELECT category, SUM(amount) as total FROM CARDHOLDER_DB.PUBLIC.TRANSACTIONS WHERE account_id='{{account_id}}' AND month='{{month}}' GROUP BY category ORDER BY total DESC LIMIT 5
      - name: generate-visual
        type: call
        call: tableau.get-view-image
        with:
          site_id: $secrets.tableau_site_id
          view_id: $secrets.spend_insights_view_id
      - name: deliver
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: Your {{month}} Spending Insights
          body: Your top category was {{analyze-spend.results[0].category}} at ${{analyze-spend.results[0].total}}.
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.online.tableau.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: views
      path: /sites/{site_id}/views/{view_id}/image
      inputParameters:
      - name: site_id
        in: path
      - name: view_id
        in: path
      operations:
      - name: get-view-image
        method: GET
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Fetches real-time currency exchange rates from the Amex FX service for a given currency pair.

naftiko: '0.5'
info:
  label: Currency Exchange Rate Lookup
  description: Fetches real-time currency exchange rates from the Amex FX service for a given currency pair.
  tags:
  - payments
  - forex
  - data
capability:
  exposes:
  - type: mcp
    namespace: amex-fx
    port: 8080
    tools:
    - name: get-exchange-rate
      description: Given base and target currencies, return the current exchange rate, spread, and timestamp. Use when processing international transactions or quoting FX rates.
      inputParameters:
      - name: base_currency
        in: body
        type: string
        description: The base currency code (e.g. USD).
      - name: target_currency
        in: body
        type: string
        description: The target currency code (e.g. EUR).
      call: amex-fx.get-exchange-rate
      with:
        base_currency: '{{base_currency}}'
        target_currency: '{{target_currency}}'
      outputParameters:
      - name: rate
        type: number
        mapping: $.rate
      - name: spread
        type: number
        mapping: $.spread
      - name: timestamp
        type: string
        mapping: $.timestamp
  consumes:
  - namespace: amex-fx
    type: http
    baseUri: https://api.americanexpress.com/v1/fx
    authentication:
      type: bearer
      token: $secrets.amex_fx_token
    resources:
    - name: rates
      path: /rates/{base_currency}/{target_currency}
      inputParameters:
      - name: base_currency
        in: path
      - name: target_currency
        in: path
      operations:
      - name: get-exchange-rate
        method: GET

Verifies a cardholder's lounge access entitlement based on card product and returns nearby eligible lounges for a given airport.

naftiko: '0.5'
info:
  label: Global Lounge Access Lookup
  description: Verifies a cardholder's lounge access entitlement based on card product and returns nearby eligible lounges for a given airport.
  tags:
  - travel
  - cardholder
  - lounges
capability:
  exposes:
  - type: mcp
    namespace: amex-lounges
    port: 8080
    tools:
    - name: get-lounge-access
      description: Given a card product and airport code, return lounge eligibility and available lounges. Use when a cardholder asks about airport lounge access.
      inputParameters:
      - name: airport_code
        in: body
        type: string
        description: The IATA airport code.
      - name: card_product
        in: body
        type: string
        description: The card product identifier.
      call: amex-lounges.get-lounge-access
      with:
        airport_code: '{{airport_code}}'
        card_product: '{{card_product}}'
      outputParameters:
      - name: eligible
        type: boolean
        mapping: $.eligible
      - name: lounges
        type: array
        mapping: $.lounges
      - name: pass_type
        type: string
        mapping: $.pass_type
  consumes:
  - namespace: amex-lounges
    type: http
    baseUri: https://api.americanexpress.com/v1/lounges
    authentication:
      type: bearer
      token: $secrets.amex_lounges_token
    resources:
    - name: access
      path: /cards/{card_product}/airports/{airport_code}/lounges
      inputParameters:
      - name: airport_code
        in: path
      - name: card_product
        in: path
      operations:
      - name: get-lounge-access
        method: GET

Retrieves the spending limits and current utilization for a corporate card account.

naftiko: '0.5'
info:
  label: Corporate Card Spending Limit Lookup
  description: Retrieves the spending limits and current utilization for a corporate card account.
  tags:
  - corporate
  - payments
  - accounts
capability:
  exposes:
  - type: mcp
    namespace: amex-corporate
    port: 8080
    tools:
    - name: get-spending-limit
      description: Given a corporate card ID, return the monthly spending limit, current utilization, and remaining balance. Use when checking corporate card spending capacity.
      inputParameters:
      - name: card_id
        in: body
        type: string
        description: The corporate card ID.
      call: amex-corporate.get-spending-limit
      with:
        card_id: '{{card_id}}'
      outputParameters:
      - name: monthly_limit
        type: number
        mapping: $.monthly_limit
      - name: utilized
        type: number
        mapping: $.utilized
      - name: remaining
        type: number
        mapping: $.remaining
  consumes:
  - namespace: amex-corporate
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corporate_token
    resources:
    - name: spending-limits
      path: /cards/{card_id}/spending-limits
      inputParameters:
      - name: card_id
        in: path
      operations:
      - name: get-spending-limit
        method: GET

Generates a conversion funnel report from Adobe Analytics, stores results in Snowflake, and distributes findings via Slack and email to the product team.

naftiko: '0.5'
info:
  label: Adobe Analytics Conversion Funnel Report
  description: Generates a conversion funnel report from Adobe Analytics, stores results in Snowflake, and distributes findings via Slack and email to the product team.
  tags:
  - adobe-analytics
  - analytics
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: funnel-report
    port: 8080
    tools:
    - name: generate-funnel-report
      description: Generate a conversion funnel report and distribute to stakeholders. Use for periodic product analytics reviews.
      inputParameters:
      - name: report_suite_id
        in: body
        type: string
        description: Adobe Analytics report suite ID.
      steps:
      - name: run-funnel
        type: call
        call: adobe-analytics.run-report
        with:
          rsid: '{{report_suite_id}}'
          dimension: evar1
          metrics: visits,applications,approvals
      - name: store-results
        type: call
        call: snowflake.run-query
        with:
          query: INSERT INTO ANALYTICS_DB.PUBLIC.FUNNEL_REPORTS VALUES ('{{report_suite_id}}', {{run-funnel.visits}}, {{run-funnel.applications}}, {{run-funnel.approvals}}, CURRENT_TIMESTAMP())
      - name: post-summary
        type: call
        call: slack.post-message
        with:
          channel: product-analytics
          text: 'Funnel: Visits={{run-funnel.visits}} > Applications={{run-funnel.applications}} > Approvals={{run-funnel.approvals}}'
  consumes:
  - namespace: adobe-analytics
    type: http
    baseUri: https://analytics.adobe.io/api/americanexpress/reports
    authentication:
      type: bearer
      token: $secrets.adobe_analytics_token
    resources:
    - name: reports
      path: /ranked
      operations:
      - name: run-report
        method: POST
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves the list of supplementary cards associated with a primary cardholder account.

naftiko: '0.5'
info:
  label: Supplementary Card List Lookup
  description: Retrieves the list of supplementary cards associated with a primary cardholder account.
  tags:
  - cardholder
  - accounts
  - cards
capability:
  exposes:
  - type: mcp
    namespace: amex-accounts
    port: 8080
    tools:
    - name: get-supplementary-cards
      description: Given a primary cardholder account ID, return all supplementary cards with their status and holder names. Use when managing additional cards on an account.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The primary cardholder account ID.
      call: amex-accounts.get-supplementary-cards
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: cards
        type: array
        mapping: $.cards
      - name: total_count
        type: number
        mapping: $.total_count
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: supplementary-cards
      path: /accounts/{account_id}/supplementary-cards
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-supplementary-cards
        method: GET

Identifies underutilized Azure resources by querying cost data, creates a Jira ticket for the cloud team, and posts a summary to Slack.

naftiko: '0.5'
info:
  label: Azure Resource Cost Optimization Alert
  description: Identifies underutilized Azure resources by querying cost data, creates a Jira ticket for the cloud team, and posts a summary to Slack.
  tags:
  - cloud
  - azure
  - finops
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: azure-finops
    port: 8080
    tools:
    - name: alert-cost-optimization
      description: Query Azure costs, create a remediation ticket, and alert the FinOps team. Use when Azure cost thresholds are breached.
      inputParameters:
      - name: subscription_id
        in: body
        type: string
        description: Azure subscription ID.
      steps:
      - name: query-costs
        type: call
        call: azure.query-costs
        with:
          subscription_id: '{{subscription_id}}'
          timeframe: MonthToDate
          type: Usage
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: CLOUD
          issuetype: Task
          summary: Azure cost optimization — ${{query-costs.total_cost}}
          description: 'Subscription: {{subscription_id}}. Total MTD: ${{query-costs.total_cost}}. Top resource: {{query-costs.top_resource}}.'
      - name: post-summary
        type: call
        call: slack.post-message
        with:
          channel: cloud-finops
          text: 'Azure cost alert: ${{query-costs.total_cost}} MTD for subscription {{subscription_id}}. Top resource: {{query-costs.top_resource}}. Jira: {{create-ticket.key}}'
  consumes:
  - namespace: azure
    type: http
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_token
    resources:
    - name: cost
      path: /subscriptions/{subscription_id}/providers/Microsoft.CostManagement/query
      inputParameters:
      - name: subscription_id
        in: path
      operations:
      - name: query-costs
        method: POST
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Evaluates a cardholder's spend history to determine annual fee waiver eligibility, creates a decision record, and sends the outcome notification.

naftiko: '0.5'
info:
  label: Cardholder Annual Fee Waiver Evaluation
  description: Evaluates a cardholder's spend history to determine annual fee waiver eligibility, creates a decision record, and sends the outcome notification.
  tags:
  - cardholder
  - billing
  - retention
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: fee-waiver
    port: 8080
    tools:
    - name: evaluate-fee-waiver
      description: Evaluate fee waiver eligibility based on spend history, record the decision, and notify the cardholder. Use when a cardholder requests an annual fee waiver.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email.
      steps:
      - name: get-spend
        type: call
        call: amex-accounts.get-spend-summary
        with:
          account_id: '{{account_id}}'
      - name: create-decision
        type: call
        call: salesforce.create-case
        with:
          Subject: Fee waiver evaluation — {{account_id}}
          Description: 'Annual spend: ${{get-spend.annual_spend}}. Tenure: {{get-spend.tenure_years}} years.'
          Type: Fee Waiver
      - name: send-outcome
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: Annual Fee Review Complete
          body: 'Based on your ${{get-spend.annual_spend}} annual spend and {{get-spend.tenure_years}} year membership, your fee waiver decision has been recorded. Reference: {{create-decision.id}}'
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: spend-summary
      path: /accounts/{account_id}/spend-summary
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-spend-summary
        method: GET
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a Datadog monitor detects payment network latency breaching SLA thresholds, creates a PagerDuty critical incident, updates a ServiceNow major incident, and posts a status update to the executive Slack channel.

naftiko: '0.5'
info:
  label: Payment Network Incident Escalation
  description: When a Datadog monitor detects payment network latency breaching SLA thresholds, creates a PagerDuty critical incident, updates a ServiceNow major incident, and posts a status update to the executive Slack channel.
  tags:
  - payments
  - sla
  - datadog
  - pagerduty
  - servicenow
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: network-incident
    port: 8080
    tools:
    - name: escalate-network-incident
      description: Given a Datadog monitor ID and affected payment network segment, retrieve monitor state, create a critical PagerDuty incident, open a ServiceNow major incident, and post an executive Slack alert. Use when payment network SLAs are breached.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: The Datadog monitor ID for the payment network SLA check.
      - name: network_segment
        in: body
        type: string
        description: The affected payment network segment (e.g., card-auth, settlement).
      - name: latency_p99_ms
        in: body
        type: number
        description: The measured P99 latency in milliseconds that breached SLA.
      steps:
      - name: get-monitor-state
        type: call
        call: datadog-network.get-monitor
        with:
          monitor_id: '{{monitor_id}}'
      - name: create-pd-critical
        type: call
        call: pagerduty-network.create-incident
        with:
          title: 'CRITICAL: Payment network SLA breach — {{network_segment}}'
          service_id: $secrets.pagerduty_network_service_id
          urgency: high
          body: 'Segment: {{network_segment}} | P99: {{latency_p99_ms}}ms | Monitor: {{monitor_id}}'
      - name: open-major-incident
        type: call
        call: servicenow-network.create-incident
        with:
          category: network
          subcategory: payment_processing
          short_description: 'Payment network SLA breach: {{network_segment}} P99={{latency_p99_ms}}ms'
          urgency: '1'
          impact: '1'
          severity: '1'
      - name: post-executive-alert
        type: call
        call: slack-executive.post-message
        with:
          channel: exec-alerts
          text: 'CRITICAL | Payment Network | Segment: {{network_segment}} | P99 Latency: {{latency_p99_ms}}ms | PagerDuty: {{create-pd-critical.incident_number}} | SNOW: {{open-major-incident.number}}'
  consumes:
  - namespace: datadog-network
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitor
      path: /monitor/{monitor_id}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - namespace: pagerduty-network
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_api_key
      placement: header
    resources:
    - name: incident
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: servicenow-network
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack-executive
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Evaluates a cardholder's credit limit increase request by pulling account history, running a risk score, creating a Jira review task, and notifying the cardholder via SMS.

naftiko: '0.5'
info:
  label: Cardholder Credit Limit Increase Review
  description: Evaluates a cardholder's credit limit increase request by pulling account history, running a risk score, creating a Jira review task, and notifying the cardholder via SMS.
  tags:
  - cardholder
  - credit
  - risk
  - jira
capability:
  exposes:
  - type: mcp
    namespace: cli-review
    port: 8080
    tools:
    - name: review-cli-request
      description: Evaluate a credit limit increase request by checking account history, scoring risk, and creating a review task. Use when a cardholder requests a credit limit increase.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: requested_amount
        in: body
        type: string
        description: Requested credit limit increase amount.
      steps:
      - name: get-account
        type: call
        call: amex-accounts.get-account
        with:
          account_id: '{{account_id}}'
      - name: risk-score
        type: call
        call: amex-risk.get-risk-score
        with:
          account_id: '{{account_id}}'
          requested_increase: '{{requested_amount}}'
      - name: create-review
        type: call
        call: jira.create-issue
        with:
          project_key: CLR
          issuetype: Task
          summary: CLI review — {{account_id}} risk={{risk-score.score}}
          description: 'Requested: ${{requested_amount}}. Current limit: ${{get-account.credit_limit}}. Risk score: {{risk-score.score}}.'
      - name: notify-cardholder
        type: call
        call: amex-sms.send-sms
        with:
          phone: '{{get-account.phone}}'
          message: 'Your credit limit increase request is under review. Reference: {{create-review.key}}'
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: account
      path: /accounts/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - namespace: amex-risk
    type: http
    baseUri: https://api.americanexpress.com/v1/risk
    authentication:
      type: bearer
      token: $secrets.amex_risk_token
    resources:
    - name: scoring
      path: /score
      operations:
      - name: get-risk-score
        method: POST
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: amex-sms
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: sms
      path: /sms/send
      operations:
      - name: send-sms
        method: POST

Synchronizes cardholder benefits enrollment by fetching card product details, enrolling the cardholder in benefits, and confirming via push notification.

naftiko: '0.5'
info:
  label: Cardholder Benefits Enrollment Sync
  description: Synchronizes cardholder benefits enrollment by fetching card product details, enrolling the cardholder in benefits, and confirming via push notification.
  tags:
  - cardholder
  - benefits
  - enrollment
  - notifications
capability:
  exposes:
  - type: mcp
    namespace: benefits-sync
    port: 8080
    tools:
    - name: sync-benefits
      description: Enroll a cardholder in their card product benefits and confirm activation. Use when a new card is activated or a product upgrade occurs.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: product_id
        in: body
        type: string
        description: Card product ID.
      steps:
      - name: get-product
        type: call
        call: amex-products.get-product
        with:
          product_id: '{{product_id}}'
      - name: enroll-benefits
        type: call
        call: amex-benefits.enroll
        with:
          account_id: '{{account_id}}'
          benefits: '{{get-product.included_benefits}}'
      - name: confirm
        type: call
        call: amex-push.send-push
        with:
          account_id: '{{account_id}}'
          title: Benefits activated
          body: Your {{get-product.name}} benefits are now active. {{enroll-benefits.benefit_count}} benefits enrolled.
  consumes:
  - namespace: amex-products
    type: http
    baseUri: https://api.americanexpress.com/v1/products
    authentication:
      type: bearer
      token: $secrets.amex_products_token
    resources:
    - name: products
      path: /products/{product_id}
      inputParameters:
      - name: product_id
        in: path
      operations:
      - name: get-product
        method: GET
  - namespace: amex-benefits
    type: http
    baseUri: https://api.americanexpress.com/v1/benefits
    authentication:
      type: bearer
      token: $secrets.amex_benefits_token
    resources:
    - name: enrollment
      path: /enrollment
      operations:
      - name: enroll
        method: POST
  - namespace: amex-push
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: push
      path: /push/send
      operations:
      - name: send-push
        method: POST

Processes a cardholder account closure by verifying zero balance, closing the account, archiving data to S3, and sending a confirmation letter via DocuSign.

naftiko: '0.5'
info:
  label: Cardholder Account Closure Workflow
  description: Processes a cardholder account closure by verifying zero balance, closing the account, archiving data to S3, and sending a confirmation letter via DocuSign.
  tags:
  - cardholder
  - accounts
  - s3
  - docusign
capability:
  exposes:
  - type: mcp
    namespace: account-closure
    port: 8080
    tools:
    - name: close-account
      description: Close a cardholder account, archive data, and send confirmation. Use when a cardholder requests account closure.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: closure_reason
        in: body
        type: string
        description: Reason for closure.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email.
      steps:
      - name: verify-balance
        type: call
        call: amex-accounts.get-account
        with:
          account_id: '{{account_id}}'
      - name: close
        type: call
        call: amex-accounts.close-account
        with:
          account_id: '{{account_id}}'
          reason: '{{closure_reason}}'
      - name: archive
        type: call
        call: s3.upload-archive
        with:
          account_id: '{{account_id}}'
          data: '{{close.archive_payload}}'
      - name: send-letter
        type: call
        call: docusign.send-envelope
        with:
          ds_account_id: $secrets.docusign_account_id
          recipient_email: '{{cardholder_email}}'
          template_id: $secrets.closure_template_id
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: account
      path: /accounts/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
      - name: close-account
        method: POST
  - namespace: s3
    type: http
    baseUri: https://s3.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_token
    resources:
    - name: objects
      path: /amex-archive/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: upload-archive
        method: PUT
  - namespace: docusign
    type: http
    baseUri: https://na4.docusign.net/restapi/v2.1
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: envelopes
      path: /accounts/{ds_account_id}/envelopes
      inputParameters:
      - name: ds_account_id
        in: path
      operations:
      - name: send-envelope
        method: POST

When a ServiceNow change request reaches the Approval state, retrieves the change details and notifies all relevant stakeholders via Microsoft Teams.

naftiko: '0.5'
info:
  label: ServiceNow Change Management Notification
  description: When a ServiceNow change request reaches the Approval state, retrieves the change details and notifies all relevant stakeholders via Microsoft Teams.
  tags:
  - itsm
  - servicenow
  - microsoft-teams
  - change-management
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: notify-change-approvers
      description: Given a ServiceNow change request number, retrieve change details and send a Teams notification to all listed approvers with context and an approval link. Use when change requests require stakeholder awareness and sign-off.
      inputParameters:
      - name: change_number
        in: body
        type: string
        description: The ServiceNow change request number (e.g., CHG0012345).
      - name: approver_upns
        in: body
        type: string
        description: Comma-separated list of approver UPNs (email addresses) to notify.
      steps:
      - name: get-change
        type: call
        call: servicenow-chg.get-change
        with:
          number: '{{change_number}}'
      - name: notify-team
        type: call
        call: msteams-change.post-channel-message
        with:
          channel_id: $secrets.teams_change_mgmt_channel_id
          content: 'Change Request Pending Approval

            CHG: {{change_number}}

            Summary: {{get-change.short_description}}

            Scheduled: {{get-change.start_date}}

            Risk: {{get-change.risk}}

            Approvers: {{approver_upns}}'
  consumes:
  - namespace: servicenow-chg
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change
      path: /table/change_request
      inputParameters:
      - name: number
        in: query
      operations:
      - name: get-change
        method: GET
  - namespace: msteams-change
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-message
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When a fraud alert triggers, retrieves transaction details, creates a case in the fraud investigation system, suspends the card, and notifies the cardholder via push notification.

naftiko: '0.5'
info:
  label: Fraud Alert Investigation Workflow
  description: When a fraud alert triggers, retrieves transaction details, creates a case in the fraud investigation system, suspends the card, and notifies the cardholder via push notification.
  tags:
  - fraud
  - security
  - cardholder
  - investigations
capability:
  exposes:
  - type: mcp
    namespace: fraud-ops
    port: 8080
    tools:
    - name: investigate-fraud-alert
      description: Investigate a fraud alert by fetching details, creating a case, suspending the card, and notifying the cardholder. Use when a fraud detection alert fires.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The fraud alert identifier.
      steps:
      - name: get-alert
        type: call
        call: amex-fraud.get-alert
        with:
          alert_id: '{{alert_id}}'
      - name: create-case
        type: call
        call: amex-fraud.create-case
        with:
          alert_id: '{{alert_id}}'
          amount: '{{get-alert.amount}}'
          merchant: '{{get-alert.merchant_name}}'
          card_id: '{{get-alert.card_id}}'
      - name: suspend-card
        type: call
        call: amex-cards.suspend-card
        with:
          card_id: '{{get-alert.card_id}}'
      - name: notify-cardholder
        type: call
        call: amex-push.send-push
        with:
          account_id: '{{get-alert.account_id}}'
          title: Suspicious activity detected
          body: 'A ${{get-alert.amount}} charge at {{get-alert.merchant_name}} was flagged. Your card has been temporarily suspended. Case: {{create-case.case_id}}'
  consumes:
  - namespace: amex-fraud
    type: http
    baseUri: https://api.americanexpress.com/v1/fraud
    authentication:
      type: bearer
      token: $secrets.amex_fraud_token
    resources:
    - name: alerts
      path: /alerts/{alert_id}
      inputParameters:
      - name: alert_id
        in: path
      operations:
      - name: get-alert
        method: GET
    - name: cases
      path: /cases
      operations:
      - name: create-case
        method: POST
  - namespace: amex-cards
    type: http
    baseUri: https://api.americanexpress.com/v1/cards
    authentication:
      type: bearer
      token: $secrets.amex_cards_token
    resources:
    - name: card
      path: /cards/{card_id}/suspend
      inputParameters:
      - name: card_id
        in: path
      operations:
      - name: suspend-card
        method: POST
  - namespace: amex-push
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: push
      path: /push/send
      operations:
      - name: send-push
        method: POST

Retrieves the latest statement balance and minimum payment due for a cardholder account.

naftiko: '0.5'
info:
  label: Cardholder Statement Balance Lookup
  description: Retrieves the latest statement balance and minimum payment due for a cardholder account.
  tags:
  - payments
  - cardholder
  - billing
capability:
  exposes:
  - type: mcp
    namespace: amex-billing
    port: 8080
    tools:
    - name: get-statement-balance
      description: Given a cardholder account ID, return the current statement balance, minimum payment due, and due date. Use when a representative needs billing information.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-billing.get-statement-balance
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: statement_balance
        type: number
        mapping: $.statement_balance
      - name: minimum_payment
        type: number
        mapping: $.minimum_payment
      - name: due_date
        type: string
        mapping: $.due_date
  consumes:
  - namespace: amex-billing
    type: http
    baseUri: https://api.americanexpress.com/v1/billing
    authentication:
      type: bearer
      token: $secrets.amex_billing_token
    resources:
    - name: statement
      path: /accounts/{account_id}/statement
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-statement-balance
        method: GET

When Palo Alto Networks detects a blocked threat on the corporate network, retrieves the threat log entry and creates a ServiceNow security incident for the SOC team to review.

naftiko: '0.5'
info:
  label: Palo Alto Networks Threat Block and Incident Log
  description: When Palo Alto Networks detects a blocked threat on the corporate network, retrieves the threat log entry and creates a ServiceNow security incident for the SOC team to review.
  tags:
  - security
  - palo-alto-networks
  - servicenow
  - threat-response
  - network-security
capability:
  exposes:
  - type: mcp
    namespace: network-security
    port: 8080
    tools:
    - name: log-network-threat
      description: Given a Palo Alto Networks threat log entry ID, retrieve the threat details and create a ServiceNow security incident for SOC review. Use when automated threat blocking events require case tracking and analyst review.
      inputParameters:
      - name: threat_log_id
        in: body
        type: string
        description: The Palo Alto Networks threat log entry ID.
      - name: firewall_hostname
        in: body
        type: string
        description: The hostname of the Palo Alto firewall that generated the log.
      steps:
      - name: get-threat-log
        type: call
        call: paloalto.get-threat-log
        with:
          log_id: '{{threat_log_id}}'
      - name: create-soc-incident
        type: call
        call: servicenow-netsec.create-incident
        with:
          category: security
          subcategory: network_threat
          short_description: 'Network threat blocked by {{firewall_hostname}}: {{get-threat-log.threat_name}}'
          description: 'Firewall: {{firewall_hostname}}

            Threat: {{get-threat-log.threat_name}}

            Severity: {{get-threat-log.severity}}

            Source IP: {{get-threat-log.source_ip}}

            Destination: {{get-threat-log.destination_ip}}

            Action: {{get-threat-log.action}}'
          urgency: '2'
  consumes:
  - namespace: paloalto
    type: http
    baseUri: https://panorama.americanexpress.com/restapi/v10.1
    authentication:
      type: apikey
      key: X-PAN-KEY
      value: $secrets.paloalto_api_key
      placement: header
    resources:
    - name: threat-log
      path: /Objects/Threats/{log_id}
      inputParameters:
      - name: log_id
        in: path
      operations:
      - name: get-threat-log
        method: GET
  - namespace: servicenow-netsec
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Generates a quarterly revenue report for a merchant by querying Snowflake analytics, creating a Tableau extract refresh, and distributing the report via email.

naftiko: '0.5'
info:
  label: Quarterly Merchant Revenue Report
  description: Generates a quarterly revenue report for a merchant by querying Snowflake analytics, creating a Tableau extract refresh, and distributing the report via email.
  tags:
  - merchants
  - analytics
  - snowflake
  - tableau
capability:
  exposes:
  - type: mcp
    namespace: merchant-reports
    port: 8080
    tools:
    - name: generate-revenue-report
      description: Generate a quarterly revenue report for a merchant using Snowflake data and Tableau visualization. Use at quarter end for merchant reporting.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: Merchant ID for the report.
      - name: quarter
        in: body
        type: string
        description: Quarter identifier (e.g. Q1-2026).
      - name: merchant_email
        in: body
        type: string
        description: Merchant contact email.
      - name: datasource_id
        in: body
        type: string
        description: Tableau datasource ID.
      steps:
      - name: run-revenue-query
        type: call
        call: snowflake.run-query
        with:
          query: SELECT SUM(amount) as total_revenue, COUNT(*) as txn_count FROM MERCHANT_DB.PUBLIC.TRANSACTIONS WHERE merchant_id='{{merchant_id}}' AND quarter='{{quarter}}'
      - name: refresh-tableau
        type: call
        call: tableau.refresh-extract
        with:
          site_id: $secrets.tableau_site_id
          datasource_id: '{{datasource_id}}'
      - name: send-report
        type: call
        call: email.send-email
        with:
          to: '{{merchant_email}}'
          subject: Q{{quarter}} Revenue Report
          body: 'Total revenue: ${{run-revenue-query.total_revenue}}. Transaction count: {{run-revenue-query.txn_count}}. Your Tableau dashboard has been refreshed.'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.online.tableau.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: extracts
      path: /sites/{site_id}/datasources/{datasource_id}/refresh
      inputParameters:
      - name: site_id
        in: path
      - name: datasource_id
        in: path
      operations:
      - name: refresh-extract
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a purchase order is submitted in SAP Ariba, retrieves PO details and creates a ServiceNow approval task for the appropriate budget owner.

naftiko: '0.5'
info:
  label: Purchase Order Approval Workflow
  description: When a purchase order is submitted in SAP Ariba, retrieves PO details and creates a ServiceNow approval task for the appropriate budget owner.
  tags:
  - procurement
  - finance
  - sap-ariba
  - servicenow
  - approval
capability:
  exposes:
  - type: mcp
    namespace: procurement-approval
    port: 8080
    tools:
    - name: route-po-for-approval
      description: Given an SAP Ariba purchase order ID, retrieve PO details including amount and vendor, and create a ServiceNow approval task for the budget owner. Use when purchase orders above threshold require additional approval routing.
      inputParameters:
      - name: po_id
        in: body
        type: string
        description: The SAP Ariba purchase order ID to route for approval.
      - name: approver_email
        in: body
        type: string
        description: The email address of the designated budget approver.
      steps:
      - name: get-po
        type: call
        call: ariba.get-purchase-order
        with:
          po_id: '{{po_id}}'
      - name: create-approval
        type: call
        call: servicenow-procurement.create-task
        with:
          category: procurement_approval
          short_description: 'PO approval required: {{po_id}} — ${{get-po.total_amount}} {{get-po.currency}}'
          description: 'PO: {{po_id}}

            Vendor: {{get-po.vendor_name}}

            Amount: ${{get-po.total_amount}} {{get-po.currency}}

            Line items: {{get-po.line_item_count}}

            Requested by: {{get-po.requester_name}}'
          assigned_to: '{{approver_email}}'
  consumes:
  - namespace: ariba
    type: http
    baseUri: https://openapi.ariba.com/api/purchase-orders/v1
    authentication:
      type: bearer
      token: $secrets.ariba_access_token
    resources:
    - name: purchase-order
      path: /purchaseOrders/{po_id}
      inputParameters:
      - name: po_id
        in: path
      operations:
      - name: get-purchase-order
        method: GET
  - namespace: servicenow-procurement
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: task
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Retrieves the weekly SLO compliance summary from Datadog across all payment processing services and posts a structured digest to the engineering Slack channel.

naftiko: '0.5'
info:
  label: Datadog SLO Breach Weekly Digest
  description: Retrieves the weekly SLO compliance summary from Datadog across all payment processing services and posts a structured digest to the engineering Slack channel.
  tags:
  - observability
  - datadog
  - slo
  - slack
  - payments
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: slo-reporting
    port: 8080
    tools:
    - name: digest-slo-compliance
      description: Given a list of Datadog SLO IDs and a reporting week, retrieve SLO compliance data for all payment services and post a digest to Slack. Use every Monday to review the prior week's SLO performance.
      inputParameters:
      - name: slo_ids
        in: body
        type: string
        description: Comma-separated list of Datadog SLO IDs to include in the digest.
      - name: week_start
        in: body
        type: string
        description: Start date of the reporting week in YYYY-MM-DD format.
      steps:
      - name: get-slo-history
        type: call
        call: datadog-slo.get-slo-history
        with:
          slo_ids: '{{slo_ids}}'
          from_ts: '{{week_start}}'
      - name: post-digest
        type: call
        call: slack-slo.post-message
        with:
          channel: engineering-slo
          text: 'SLO Compliance Digest | Week of {{week_start}} | Overall: {{get-slo-history.overall_compliance}}% | Breaches: {{get-slo-history.breach_count}} | Details in Datadog.'
  consumes:
  - namespace: datadog-slo
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: slo-history
      path: /slo/history
      operations:
      - name: get-slo-history
        method: GET
  - namespace: slack-slo
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Checks the current AutoPay enrollment status and payment method for a cardholder account.

naftiko: '0.5'
info:
  label: Cardholder AutoPay Status Lookup
  description: Checks the current AutoPay enrollment status and payment method for a cardholder account.
  tags:
  - payments
  - cardholder
  - autopay
capability:
  exposes:
  - type: mcp
    namespace: amex-payments
    port: 8080
    tools:
    - name: get-autopay-status
      description: Given a cardholder account ID, return the AutoPay enrollment status, payment method, and amount type. Use when verifying automatic payment settings.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-payments.get-autopay-status
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: enrolled
        type: boolean
        mapping: $.enrolled
      - name: payment_method
        type: string
        mapping: $.payment_method
      - name: amount_type
        type: string
        mapping: $.amount_type
  consumes:
  - namespace: amex-payments
    type: http
    baseUri: https://api.americanexpress.com/v1/payments
    authentication:
      type: bearer
      token: $secrets.amex_payments_token
    resources:
    - name: autopay
      path: /accounts/{account_id}/autopay
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-autopay-status
        method: GET

Retrieves the current credit limit and available credit for a cardholder account from the accounts platform.

naftiko: '0.5'
info:
  label: Cardholder Credit Limit Lookup
  description: Retrieves the current credit limit and available credit for a cardholder account from the accounts platform.
  tags:
  - payments
  - cardholder
  - accounts
capability:
  exposes:
  - type: mcp
    namespace: amex-accounts
    port: 8080
    tools:
    - name: get-credit-limit
      description: Given a cardholder account ID, return the current credit limit, available credit, and currency. Use when an agent needs to check a cardholder's credit availability.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-accounts.get-credit-limit
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: credit_limit
        type: number
        mapping: $.credit_limit
      - name: available_credit
        type: number
        mapping: $.available_credit
      - name: currency
        type: string
        mapping: $.currency
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: credit-limit
      path: /accounts/{account_id}/credit-limit
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-credit-limit
        method: GET

Synchronizes new contacts from HubSpot to Salesforce by fetching contact details, creating the Salesforce record, and logging the sync in Snowflake.

naftiko: '0.5'
info:
  label: HubSpot to Salesforce Contact Sync
  description: Synchronizes new contacts from HubSpot to Salesforce by fetching contact details, creating the Salesforce record, and logging the sync in Snowflake.
  tags:
  - hubspot
  - salesforce
  - data-sync
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: contact-sync
    port: 8080
    tools:
    - name: sync-contact
      description: Sync a HubSpot contact to Salesforce and log the operation. Use when a new contact is created in HubSpot.
      inputParameters:
      - name: contact_id
        in: body
        type: string
        description: HubSpot contact ID.
      steps:
      - name: get-hs-contact
        type: call
        call: hubspot.get-contact
        with:
          contact_id: '{{contact_id}}'
      - name: create-sf-contact
        type: call
        call: salesforce.create-contact
        with:
          FirstName: '{{get-hs-contact.properties.firstname}}'
          LastName: '{{get-hs-contact.properties.lastname}}'
          Email: '{{get-hs-contact.properties.email}}'
          Company: '{{get-hs-contact.properties.company}}'
      - name: log-sync
        type: call
        call: snowflake.run-query
        with:
          query: INSERT INTO SYNC_DB.PUBLIC.CONTACT_SYNC_LOG VALUES ('{{contact_id}}', '{{create-sf-contact.id}}', CURRENT_TIMESTAMP())
  consumes:
  - namespace: hubspot
    type: http
    baseUri: https://api.hubapi.com
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /crm/v3/objects/contacts/{contact_id}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: get-contact
        method: GET
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /sobjects/Contact
      operations:
      - name: create-contact
        method: POST
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST

Prepares quarterly compliance audit materials by extracting control evidence from ServiceNow, generating a summary from Snowflake, and distributing the report via SharePoint and email.

naftiko: '0.5'
info:
  label: Quarterly Compliance Audit Preparation
  description: Prepares quarterly compliance audit materials by extracting control evidence from ServiceNow, generating a summary from Snowflake, and distributing the report via SharePoint and email.
  tags:
  - compliance
  - audit
  - servicenow
  - snowflake
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: audit-prep
    port: 8080
    tools:
    - name: prepare-audit
      description: Gather compliance evidence, generate a summary, upload to SharePoint, and distribute. Use at quarter end for audit preparation.
      inputParameters:
      - name: quarter
        in: body
        type: string
        description: Quarter identifier (e.g. Q1-2026).
      steps:
      - name: get-controls
        type: call
        call: servicenow.list-controls
        with:
          state: active
          quarter: '{{quarter}}'
      - name: generate-summary
        type: call
        call: snowflake.run-query
        with:
          query: SELECT control_id, status, evidence_count FROM COMPLIANCE_DB.PUBLIC.AUDIT_EVIDENCE WHERE quarter='{{quarter}}'
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          drive_id: $secrets.compliance_drive_id
          name: Q{{quarter}}_audit_report.pdf
          content: '{{generate-summary.results}}'
      - name: distribute
        type: call
        call: email.send-email
        with:
          to: compliance-team@americanexpress.com
          subject: Q{{quarter}} Compliance Audit Materials Ready
          body: 'Audit materials uploaded to SharePoint. Controls reviewed: {{get-controls.count}}. Evidence items: {{generate-summary.row_count}}.'
  consumes:
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: controls
      path: /table/sn_compliance_control
      operations:
      - name: list-controls
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: sharepoint
    type: http
    baseUri: https://americanexpress.sharepoint.com/_api/v2.0
    authentication:
      type: bearer
      token: $secrets.sharepoint_token
    resources:
    - name: files
      path: /drives/{drive_id}/items
      inputParameters:
      - name: drive_id
        in: path
      operations:
      - name: upload-file
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Retrieves the paperless statement enrollment status for a cardholder account.

naftiko: '0.5'
info:
  label: Cardholder Paperless Preference Lookup
  description: Retrieves the paperless statement enrollment status for a cardholder account.
  tags:
  - cardholder
  - accounts
  - preferences
capability:
  exposes:
  - type: mcp
    namespace: amex-preferences
    port: 8080
    tools:
    - name: get-paperless-status
      description: Given a cardholder account ID, return the paperless enrollment status and notification email. Use when verifying statement delivery preferences.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-preferences.get-paperless-status
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: enrolled
        type: boolean
        mapping: $.enrolled
      - name: email
        type: string
        mapping: $.notification_email
      - name: enrollment_date
        type: string
        mapping: $.enrollment_date
  consumes:
  - namespace: amex-preferences
    type: http
    baseUri: https://api.americanexpress.com/v1/preferences
    authentication:
      type: bearer
      token: $secrets.amex_preferences_token
    resources:
    - name: paperless
      path: /accounts/{account_id}/paperless
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-paperless-status
        method: GET

When a cardholder dispute is filed, retrieves dispute details from the disputes platform, creates a Jira case for the disputes team, and posts a Slack notification to the resolution channel.

naftiko: '0.5'
info:
  label: Merchant Dispute Resolution Workflow
  description: When a cardholder dispute is filed, retrieves dispute details from the disputes platform, creates a Jira case for the disputes team, and posts a Slack notification to the resolution channel.
  tags:
  - disputes
  - payments
  - jira
  - slack
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: disputes-ops
    port: 8080
    tools:
    - name: open-dispute-case
      description: Given a dispute ID, fetch dispute details and open a Jira issue for the disputes resolution team. Post a Slack alert to the disputes channel with key context. Use when a new cardholder dispute requires case management.
      inputParameters:
      - name: dispute_id
        in: body
        type: string
        description: The unique dispute identifier from the disputes platform.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for dispute cases (e.g., DISP).
      steps:
      - name: get-dispute
        type: call
        call: amex-disputes.get-dispute
        with:
          dispute_id: '{{dispute_id}}'
      - name: create-jira-issue
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Task
          summary: Dispute {{dispute_id}} — {{get-dispute.merchant_name}} ${{get-dispute.amount}}
          description: 'Cardholder: {{get-dispute.cardholder_name}}

            Merchant: {{get-dispute.merchant_name}}

            Amount: {{get-dispute.amount}} {{get-dispute.currency}}

            Date: {{get-dispute.transaction_date}}'
      - name: post-slack-alert
        type: call
        call: slack.post-message
        with:
          channel: disputes-team
          text: 'New dispute opened: {{dispute_id}} | Merchant: {{get-dispute.merchant_name}} | Amount: ${{get-dispute.amount}} | Jira: {{create-jira-issue.key}}'
  consumes:
  - namespace: amex-disputes
    type: http
    baseUri: https://api.americanexpress.com/v1/disputes
    authentication:
      type: bearer
      token: $secrets.amex_disputes_token
    resources:
    - name: dispute
      path: /disputes/{dispute_id}
      inputParameters:
      - name: dispute_id
        in: path
      operations:
      - name: get-dispute
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Launches a customer retention campaign by identifying at-risk cardholders in Snowflake, creating a Mailchimp campaign, and logging results in Salesforce.

naftiko: '0.5'
info:
  label: Mailchimp Customer Retention Campaign
  description: Launches a customer retention campaign by identifying at-risk cardholders in Snowflake, creating a Mailchimp campaign, and logging results in Salesforce.
  tags:
  - marketing
  - mailchimp
  - snowflake
  - salesforce
  - retention
capability:
  exposes:
  - type: mcp
    namespace: retention-campaign
    port: 8080
    tools:
    - name: launch-retention-campaign
      description: Identify at-risk cardholders and launch a retention email campaign. Use for periodic retention outreach.
      inputParameters: []
      steps:
      - name: find-at-risk
        type: call
        call: snowflake.run-query
        with:
          query: SELECT account_id, email FROM RETENTION_DB.PUBLIC.AT_RISK_CARDHOLDERS WHERE churn_score > 0.7
      - name: create-campaign
        type: call
        call: mailchimp.create-campaign
        with:
          type: regular
          subject_line: We miss you — exclusive offer inside
          from_name: American Express
      - name: send
        type: call
        call: mailchimp.send-campaign
        with:
          campaign_id: '{{create-campaign.id}}'
      - name: log-campaign
        type: call
        call: salesforce.create-campaign
        with:
          Name: Retention — {{create-campaign.id}}
          Type: Email
          Status: Sent
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: mailchimp
    type: http
    baseUri: https://us1.api.mailchimp.com/3.0
    authentication:
      type: basic
      username: apikey
      password: $secrets.mailchimp_api_key
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: create-campaign
        method: POST
      - name: send-campaign
        method: POST
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: campaigns
      path: /sobjects/Campaign
      operations:
      - name: create-campaign
        method: POST

Retrieves the primary mailing address on file for a cardholder account.

naftiko: '0.5'
info:
  label: Cardholder Address on File Lookup
  description: Retrieves the primary mailing address on file for a cardholder account.
  tags:
  - cardholder
  - accounts
  - data
capability:
  exposes:
  - type: mcp
    namespace: amex-accounts
    port: 8080
    tools:
    - name: get-address
      description: Given a cardholder account ID, return the primary mailing address on file. Use when verifying cardholder address information.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-accounts.get-address
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: street
        type: string
        mapping: $.street
      - name: city
        type: string
        mapping: $.city
      - name: state
        type: string
        mapping: $.state
      - name: zip
        type: string
        mapping: $.zip
      - name: country
        type: string
        mapping: $.country
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: address
      path: /accounts/{account_id}/address
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-address
        method: GET

Synchronizes employer brand campaign data from LinkedIn to Snowflake analytics, refreshes the Tableau dashboard, and sends a performance summary to the recruitment marketing team via Slack.

naftiko: '0.5'
info:
  label: LinkedIn Employer Brand Campaign Sync
  description: Synchronizes employer brand campaign data from LinkedIn to Snowflake analytics, refreshes the Tableau dashboard, and sends a performance summary to the recruitment marketing team via Slack.
  tags:
  - linkedin
  - marketing
  - snowflake
  - tableau
  - slack
capability:
  exposes:
  - type: mcp
    namespace: linkedin-sync
    port: 8080
    tools:
    - name: sync-linkedin-campaign
      description: Sync LinkedIn campaign data to analytics and notify the team. Use after a campaign period ends.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: LinkedIn campaign ID.
      steps:
      - name: get-campaign
        type: call
        call: linkedin.get-campaign
        with:
          campaign_id: '{{campaign_id}}'
      - name: sync-data
        type: call
        call: snowflake.run-query
        with:
          query: INSERT INTO MARKETING_DB.PUBLIC.LINKEDIN_CAMPAIGNS VALUES ('{{campaign_id}}', '{{get-campaign.name}}', {{get-campaign.impressions}}, {{get-campaign.clicks}}, {{get-campaign.spend}})
      - name: refresh-dash
        type: call
        call: tableau.refresh-extract
        with:
          site_id: $secrets.tableau_site_id
          datasource_id: $secrets.linkedin_datasource_id
      - name: notify-team
        type: call
        call: slack.post-message
        with:
          channel: recruitment-marketing
          text: 'LinkedIn campaign synced: {{get-campaign.name}} | Impressions: {{get-campaign.impressions}} | Clicks: {{get-campaign.clicks}} | Spend: ${{get-campaign.spend}}'
  consumes:
  - namespace: linkedin
    type: http
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: campaigns
      path: /adCampaignsV2/{campaign_id}
      inputParameters:
      - name: campaign_id
        in: path
      operations:
      - name: get-campaign
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.online.tableau.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: extracts
      path: /sites/{site_id}/datasources/{datasource_id}/refresh
      inputParameters:
      - name: site_id
        in: path
      - name: datasource_id
        in: path
      operations:
      - name: refresh-extract
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When an employee termination is recorded in Workday, cancels the employee's corporate card account and opens a ServiceNow offboarding task.

naftiko: '0.5'
info:
  label: Employee Offboarding Card Cancellation
  description: When an employee termination is recorded in Workday, cancels the employee's corporate card account and opens a ServiceNow offboarding task.
  tags:
  - hr
  - offboarding
  - workday
  - payments
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: cancel-employee-card
      description: Given a Workday employee ID and termination date, retrieve the employee's corporate card account ID, cancel the card, and open a ServiceNow offboarding task. Invoke on confirmed employee termination.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID of the departing employee.
      - name: termination_date
        in: body
        type: string
        description: The effective termination date in YYYY-MM-DD format.
      - name: card_account_id
        in: body
        type: string
        description: The corporate card account ID to cancel.
      steps:
      - name: get-employee
        type: call
        call: workday-offboard.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: cancel-card
        type: call
        call: amex-corp-offboard.cancel-account
        with:
          account_id: '{{card_account_id}}'
          reason: employee_termination
          effective_date: '{{termination_date}}'
      - name: open-offboarding-task
        type: call
        call: servicenow-offboard.create-task
        with:
          category: hr_offboarding
          short_description: Corporate card cancelled for {{get-employee.full_name}} ({{workday_employee_id}})
          description: 'Card account {{card_account_id}} cancelled effective {{termination_date}}. Cancel ref: {{cancel-card.confirmation_id}}'
  consumes:
  - namespace: workday-offboard
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: worker
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: amex-corp-offboard
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corp_token
    resources:
    - name: account
      path: /accounts/{account_id}/cancel
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: cancel-account
        method: POST
  - namespace: servicenow-offboard
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: task
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Retrieves the current list of open job requisitions from Workday for a specified organization and returns structured data for workforce planning analysis.

naftiko: '0.5'
info:
  label: Workday Open Requisition Report
  description: Retrieves the current list of open job requisitions from Workday for a specified organization and returns structured data for workforce planning analysis.
  tags:
  - hr
  - recruiting
  - workday
  - workforce-planning
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: recruiting
    port: 8080
    tools:
    - name: get-open-requisitions
      description: Given a Workday organization ID, return all open job requisitions including job title, department, level, and days open. Use when HR business partners or talent acquisition teams need visibility into open headcount.
      inputParameters:
      - name: organization_id
        in: body
        type: string
        description: The Workday organization ID to retrieve open requisitions for.
      call: workday-recruiting.get-requisitions
      with:
        organization_id: '{{organization_id}}'
      outputParameters:
      - name: requisitions
        type: array
        mapping: $.data
      - name: total_open
        type: number
        mapping: $.total
  consumes:
  - namespace: workday-recruiting
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: requisitions
      path: /jobRequisitions
      inputParameters:
      - name: organization_id
        in: query
      operations:
      - name: get-requisitions
        method: GET

Automatically remediates common ServiceNow incidents by identifying the issue type, executing a remediation runbook, updating the incident, and notifying the on-call engineer via PagerDuty.

naftiko: '0.5'
info:
  label: ServiceNow Incident Auto-Remediation
  description: Automatically remediates common ServiceNow incidents by identifying the issue type, executing a remediation runbook, updating the incident, and notifying the on-call engineer via PagerDuty.
  tags:
  - servicenow
  - automation
  - pagerduty
  - incident-management
capability:
  exposes:
  - type: mcp
    namespace: auto-remediation
    port: 8080
    tools:
    - name: auto-remediate-incident
      description: Auto-remediate a ServiceNow incident by executing a runbook and notifying on-call. Use when an incident matches an auto-remediation pattern.
      inputParameters:
      - name: incident_id
        in: body
        type: string
        description: ServiceNow incident ID.
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident
        with:
          incident_id: '{{incident_id}}'
      - name: run-remediation
        type: call
        call: amex-runbooks.execute-runbook
        with:
          runbook_id: '{{get-incident.category}}-auto-fix'
          incident_id: '{{incident_id}}'
          ci: '{{get-incident.cmdb_ci}}'
      - name: update-incident
        type: call
        call: servicenow.update-incident
        with:
          incident_id: '{{incident_id}}'
          state: resolved
          work_notes: 'Auto-remediated via runbook. Result: {{run-remediation.status}}'
      - name: notify-oncall
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Auto-remediation completed: {{incident_id}}'
          body: 'Incident {{incident_id}} was auto-remediated. Status: {{run-remediation.status}}'
  consumes:
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident/{incident_id}
      inputParameters:
      - name: incident_id
        in: path
      operations:
      - name: get-incident
        method: GET
      - name: update-incident
        method: PATCH
  - namespace: amex-runbooks
    type: http
    baseUri: https://api.americanexpress.com/v1/automation
    authentication:
      type: bearer
      token: $secrets.amex_automation_token
    resources:
    - name: runbooks
      path: /runbooks/{runbook_id}/execute
      inputParameters:
      - name: runbook_id
        in: path
      operations:
      - name: execute-runbook
        method: POST
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST

Returns the most recent transactions for a cardholder account from the transaction history API.

naftiko: '0.5'
info:
  label: Cardholder Recent Transactions Lookup
  description: Returns the most recent transactions for a cardholder account from the transaction history API.
  tags:
  - payments
  - cardholder
  - transactions
capability:
  exposes:
  - type: mcp
    namespace: amex-transactions
    port: 8080
    tools:
    - name: get-recent-transactions
      description: Given a cardholder account ID, return the most recent transactions including merchant, amount, and date. Use when reviewing recent account activity.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-transactions.get-recent-transactions
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: transactions
        type: array
        mapping: $.transactions
      - name: count
        type: number
        mapping: $.count
  consumes:
  - namespace: amex-transactions
    type: http
    baseUri: https://api.americanexpress.com/v1/transactions
    authentication:
      type: bearer
      token: $secrets.amex_transactions_token
    resources:
    - name: transactions
      path: /accounts/{account_id}/transactions
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-recent-transactions
        method: GET

Generates and delivers international fee disclosures for cardholders traveling abroad by fetching fee schedules, generating the disclosure document, and emailing it to the cardholder.

naftiko: '0.5'
info:
  label: Cardholder International Fee Disclosure
  description: Generates and delivers international fee disclosures for cardholders traveling abroad by fetching fee schedules, generating the disclosure document, and emailing it to the cardholder.
  tags:
  - cardholder
  - compliance
  - travel
  - notifications
capability:
  exposes:
  - type: mcp
    namespace: fee-disclosure
    port: 8080
    tools:
    - name: send-fee-disclosure
      description: Generate and deliver an international fee disclosure. Use when a cardholder sets a travel notification for an international destination.
      inputParameters:
      - name: product_id
        in: body
        type: string
        description: Card product ID.
      - name: destination
        in: body
        type: string
        description: Destination country.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email.
      steps:
      - name: get-fees
        type: call
        call: amex-fees.get-fee-schedule
        with:
          product_id: '{{product_id}}'
          destination_country: '{{destination}}'
      - name: generate-doc
        type: call
        call: amex-docs.generate-disclosure
        with:
          template: international-fee-disclosure
          fee_schedule: '{{get-fees.schedule}}'
          destination: '{{destination}}'
      - name: deliver
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: International Fee Disclosure for {{destination}}
          body: 'Attached is your fee disclosure for travel to {{destination}}. Foreign transaction fee: {{get-fees.fx_fee_pct}}%.'
  consumes:
  - namespace: amex-fees
    type: http
    baseUri: https://api.americanexpress.com/v1/fees
    authentication:
      type: bearer
      token: $secrets.amex_fees_token
    resources:
    - name: schedules
      path: /products/{product_id}/international-fees
      inputParameters:
      - name: product_id
        in: path
      operations:
      - name: get-fee-schedule
        method: GET
  - namespace: amex-docs
    type: http
    baseUri: https://api.americanexpress.com/v1/documents
    authentication:
      type: bearer
      token: $secrets.amex_docs_token
    resources:
    - name: disclosures
      path: /generate
      operations:
      - name: generate-disclosure
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

On a CI/CD pipeline failure in GitHub Actions, creates a Datadog event marker, opens a Jira bug, and posts an alert to the engineering Slack channel.

naftiko: '0.5'
info:
  label: Application Pipeline Failure Response
  description: On a CI/CD pipeline failure in GitHub Actions, creates a Datadog event marker, opens a Jira bug, and posts an alert to the engineering Slack channel.
  tags:
  - devops
  - github-actions
  - datadog
  - jira
  - slack
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: devops-ops
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions workflow failure, create a Datadog event, open a Jira bug, and alert Slack. Invoke when a protected-branch pipeline fails in any American Express engineering repository.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The GitHub repository name where the failure occurred.
      - name: workflow_name
        in: body
        type: string
        description: The name of the failed GitHub Actions workflow.
      - name: run_id
        in: body
        type: string
        description: The GitHub Actions run ID for the failed workflow.
      - name: commit_sha
        in: body
        type: string
        description: The commit SHA that triggered the failed run.
      - name: branch
        in: body
        type: string
        description: The branch on which the failure occurred.
      steps:
      - name: create-datadog-event
        type: call
        call: datadog.create-event
        with:
          title: 'Pipeline failure: {{repo_name}} / {{workflow_name}}'
          text: Run {{run_id}} failed on branch {{branch}} at commit {{commit_sha}}
          alert_type: error
          tags: repo:{{repo_name}},env:ci
      - name: open-jira-bug
        type: call
        call: jira-eng.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[CI Failure] {{repo_name}} — {{workflow_name}} on {{branch}}'
          description: 'Workflow: {{workflow_name}}

            Run ID: {{run_id}}

            Branch: {{branch}}

            Commit: {{commit_sha}}

            Datadog event: {{create-datadog-event.id}}'
      - name: post-alert
        type: call
        call: slack-eng.post-message
        with:
          channel: engineering-alerts
          text: 'Pipeline Failure | Repo: {{repo_name}} | Workflow: {{workflow_name}} | Branch: {{branch}} | Jira: {{open-jira-bug.key}}'
  consumes:
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: event
      path: /events
      operations:
      - name: create-event
        method: POST
  - namespace: jira-eng
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-eng
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Verifies whether a specific merchant is enrolled in the American Express acceptance network.

naftiko: '0.5'
info:
  label: Merchant Acceptance Verification
  description: Verifies whether a specific merchant is enrolled in the American Express acceptance network.
  tags:
  - merchants
  - payments
  - network
capability:
  exposes:
  - type: mcp
    namespace: amex-network
    port: 8080
    tools:
    - name: verify-acceptance
      description: Given a merchant ID, verify their enrollment in the Amex acceptance network and return network status and enrollment date. Use when confirming merchant acceptance.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: The merchant identifier.
      call: amex-network.verify-acceptance
      with:
        merchant_id: '{{merchant_id}}'
      outputParameters:
      - name: accepted
        type: boolean
        mapping: $.accepted
      - name: network_status
        type: string
        mapping: $.network_status
      - name: enrollment_date
        type: string
        mapping: $.enrollment_date
  consumes:
  - namespace: amex-network
    type: http
    baseUri: https://api.americanexpress.com/v1/network
    authentication:
      type: bearer
      token: $secrets.amex_network_token
    resources:
    - name: acceptance
      path: /merchants/{merchant_id}/acceptance
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: verify-acceptance
        method: GET

Enriches Salesforce leads with ZoomInfo company data, calculates a lead score, updates the lead record, and notifies the assigned sales rep via Slack.

naftiko: '0.5'
info:
  label: Salesforce Lead Scoring Enrichment
  description: Enriches Salesforce leads with ZoomInfo company data, calculates a lead score, updates the lead record, and notifies the assigned sales rep via Slack.
  tags:
  - salesforce
  - zoominfo
  - sales
  - slack
capability:
  exposes:
  - type: mcp
    namespace: lead-enrichment
    port: 8080
    tools:
    - name: enrich-lead
      description: Enrich a Salesforce lead with ZoomInfo data and notify the sales rep. Use when a new high-potential lead enters the pipeline.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: Salesforce lead ID.
      - name: company_name
        in: body
        type: string
        description: Company name to enrich.
      - name: sales_rep_channel
        in: body
        type: string
        description: Sales rep Slack channel.
      steps:
      - name: enrich
        type: call
        call: zoominfo.search-company
        with:
          company_name: '{{company_name}}'
      - name: update-lead
        type: call
        call: salesforce.update-lead
        with:
          lead_id: '{{lead_id}}'
          Company_Size__c: '{{enrich.employee_count}}'
          Revenue__c: '{{enrich.revenue}}'
          Lead_Score__c: '{{enrich.score}}'
      - name: notify-rep
        type: call
        call: slack.post-message
        with:
          channel: '{{sales_rep_channel}}'
          text: 'Lead enriched: {{company_name}} | Revenue: ${{enrich.revenue}} | Score: {{enrich.score}} | Employees: {{enrich.employee_count}}'
  consumes:
  - namespace: zoominfo
    type: http
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /search/company
      operations:
      - name: search-company
        method: POST
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{lead_id}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: update-lead
        method: PATCH
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Sets up a payment plan for a cardholder by evaluating eligibility, creating the plan, updating the billing system, and confirming via email.

naftiko: '0.5'
info:
  label: Cardholder Payment Plan Setup
  description: Sets up a payment plan for a cardholder by evaluating eligibility, creating the plan, updating the billing system, and confirming via email.
  tags:
  - cardholder
  - billing
  - payments
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: payment-plans
    port: 8080
    tools:
    - name: setup-payment-plan
      description: Create a payment plan for a cardholder and confirm enrollment. Use when a cardholder requests to pay a balance in installments.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: amount
        in: body
        type: string
        description: Plan amount.
      - name: term_months
        in: body
        type: string
        description: Number of months for the plan.
      steps:
      - name: get-account
        type: call
        call: amex-accounts.get-account
        with:
          account_id: '{{account_id}}'
      - name: create-plan
        type: call
        call: amex-plans.create-plan
        with:
          account_id: '{{account_id}}'
          amount: '{{amount}}'
          term_months: '{{term_months}}'
          interest_rate: '{{get-account.plan_rate}}'
      - name: confirm
        type: call
        call: email.send-email
        with:
          to: '{{get-account.email}}'
          subject: Payment plan confirmed
          body: 'Your payment plan of ${{amount}} over {{term_months}} months has been set up. Monthly payment: ${{create-plan.monthly_payment}}. Plan ID: {{create-plan.plan_id}}'
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: account
      path: /accounts/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - namespace: amex-plans
    type: http
    baseUri: https://api.americanexpress.com/v1/payment-plans
    authentication:
      type: bearer
      token: $secrets.amex_plans_token
    resources:
    - name: plans
      path: /plans
      operations:
      - name: create-plan
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Manages vendor contract renewals by fetching contract details from DocuSign, creating a review task in Jira, and notifying procurement via Slack and email.

naftiko: '0.5'
info:
  label: Vendor Contract Renewal Workflow
  description: Manages vendor contract renewals by fetching contract details from DocuSign, creating a review task in Jira, and notifying procurement via Slack and email.
  tags:
  - procurement
  - docusign
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: contract-renewal
    port: 8080
    tools:
    - name: process-renewal
      description: Fetch contract details, create a review task, and notify stakeholders. Use when a vendor contract approaches its renewal date.
      inputParameters:
      - name: envelope_id
        in: body
        type: string
        description: DocuSign envelope ID.
      - name: vendor_name
        in: body
        type: string
        description: Vendor name.
      - name: contract_value
        in: body
        type: string
        description: Contract value.
      - name: vendor_email
        in: body
        type: string
        description: Vendor contact email.
      steps:
      - name: get-contract
        type: call
        call: docusign.get-envelope
        with:
          ds_account_id: $secrets.docusign_account_id
          envelope_id: '{{envelope_id}}'
      - name: create-review
        type: call
        call: jira.create-issue
        with:
          project_key: PROC
          issuetype: Task
          summary: 'Contract renewal: {{get-contract.emailSubject}}'
          description: 'Vendor: {{vendor_name}}. Expiry: {{get-contract.expireAfter}}. Value: ${{contract_value}}.'
      - name: notify-procurement
        type: call
        call: slack.post-message
        with:
          channel: procurement
          text: 'Contract renewal due: {{vendor_name}} | Expiry: {{get-contract.expireAfter}} | Value: ${{contract_value}} | Jira: {{create-review.key}}'
      - name: notify-vendor
        type: call
        call: email.send-email
        with:
          to: '{{vendor_email}}'
          subject: Contract renewal notice
          body: Your contract with American Express is approaching renewal. Our procurement team will be in touch.
  consumes:
  - namespace: docusign
    type: http
    baseUri: https://na4.docusign.net/restapi/v2.1
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: envelopes
      path: /accounts/{ds_account_id}/envelopes/{envelope_id}
      inputParameters:
      - name: ds_account_id
        in: path
      - name: envelope_id
        in: path
      operations:
      - name: get-envelope
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a Terraform Cloud plan is created for a production workspace, retrieves plan details, posts a summary to the engineering Slack channel, and creates a ServiceNow change request for approval.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Provisioning Approval
  description: When a Terraform Cloud plan is created for a production workspace, retrieves plan details, posts a summary to the engineering Slack channel, and creates a ServiceNow change request for approval.
  tags:
  - cloud
  - infrastructure
  - terraform
  - servicenow
  - slack
  - devops
capability:
  exposes:
  - type: mcp
    namespace: infra-provisioning
    port: 8080
    tools:
    - name: request-infra-change-approval
      description: Given a Terraform Cloud workspace ID and run ID, fetch the plan summary, open a ServiceNow change request for the infrastructure change, and post a Slack notification to the engineering channel with plan details. Use when production Terraform plans need change management approval.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: The Terraform Cloud workspace ID where the plan was created.
      - name: run_id
        in: body
        type: string
        description: The Terraform Cloud run ID for the plan.
      steps:
      - name: get-plan
        type: call
        call: terraform.get-run
        with:
          run_id: '{{run_id}}'
      - name: create-change
        type: call
        call: servicenow-infra.create-change
        with:
          category: infrastructure
          short_description: 'Terraform plan requires approval: workspace {{workspace_id}}'
          description: 'Run ID: {{run_id}}

            Workspace: {{workspace_id}}

            Add: {{get-plan.resource_additions}}

            Change: {{get-plan.resource_changes}}

            Destroy: {{get-plan.resource_destructions}}'
          risk: moderate
      - name: post-notification
        type: call
        call: slack-infra.post-message
        with:
          channel: infra-changes
          text: 'Terraform Plan Pending Approval | Workspace: {{workspace_id}} | Run: {{run_id}} | +{{get-plan.resource_additions}} ~{{get-plan.resource_changes}} -{{get-plan.resource_destructions}} | SNOW: {{create-change.number}}'
  consumes:
  - namespace: terraform
    type: http
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: run
      path: /runs/{run_id}
      inputParameters:
      - name: run_id
        in: path
      operations:
      - name: get-run
        method: GET
  - namespace: servicenow-infra
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change
      path: /table/change_request
      operations:
      - name: create-change
        method: POST
  - namespace: slack-infra
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves the current status of an open dispute for a cardholder from the disputes platform.

naftiko: '0.5'
info:
  label: Cardholder Dispute Status Lookup
  description: Retrieves the current status of an open dispute for a cardholder from the disputes platform.
  tags:
  - disputes
  - cardholder
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: amex-disputes
    port: 8080
    tools:
    - name: get-dispute-status
      description: Given a dispute ID, return the current status, resolution ETA, and last update timestamp. Use when a cardholder inquires about an ongoing dispute.
      inputParameters:
      - name: dispute_id
        in: body
        type: string
        description: The dispute identifier.
      call: amex-disputes.get-dispute-status
      with:
        dispute_id: '{{dispute_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: resolution_eta
        type: string
        mapping: $.resolution_eta
      - name: last_update
        type: string
        mapping: $.last_update
  consumes:
  - namespace: amex-disputes
    type: http
    baseUri: https://api.americanexpress.com/v1/disputes
    authentication:
      type: bearer
      token: $secrets.amex_disputes_token
    resources:
    - name: status
      path: /disputes/{dispute_id}/status
      inputParameters:
      - name: dispute_id
        in: path
      operations:
      - name: get-dispute-status
        method: GET

Orchestrates new merchant onboarding by creating the merchant record, provisioning payment gateway credentials, assigning a relationship manager in Salesforce, and sending a welcome kit email.

naftiko: '0.5'
info:
  label: New Merchant Onboarding Orchestration
  description: Orchestrates new merchant onboarding by creating the merchant record, provisioning payment gateway credentials, assigning a relationship manager in Salesforce, and sending a welcome kit email.
  tags:
  - merchants
  - onboarding
  - salesforce
  - payments
capability:
  exposes:
  - type: mcp
    namespace: merchant-onboard
    port: 8080
    tools:
    - name: onboard-merchant
      description: Onboard a new merchant by creating their record, provisioning gateway credentials, creating a Salesforce account, and sending a welcome email. Use when a new merchant is approved for the network.
      inputParameters:
      - name: merchant_name
        in: body
        type: string
        description: Legal name of the merchant.
      - name: mcc_code
        in: body
        type: string
        description: Merchant category code.
      - name: contact_email
        in: body
        type: string
        description: Primary contact email.
      steps:
      - name: create-merchant
        type: call
        call: amex-merchants.create-merchant
        with:
          name: '{{merchant_name}}'
          mcc: '{{mcc_code}}'
          contact_email: '{{contact_email}}'
      - name: provision-gateway
        type: call
        call: amex-gateway.provision-credentials
        with:
          merchant_id: '{{create-merchant.merchant_id}}'
      - name: create-sf-account
        type: call
        call: salesforce.create-account
        with:
          Name: '{{merchant_name}}'
          Type: Merchant
          AmexMerchantId__c: '{{create-merchant.merchant_id}}'
      - name: send-welcome
        type: call
        call: email.send-email
        with:
          to: '{{contact_email}}'
          subject: Welcome to the American Express Network
          body: Your merchant ID is {{create-merchant.merchant_id}}. Gateway credentials have been provisioned. Your account manager will reach out shortly.
  consumes:
  - namespace: amex-merchants
    type: http
    baseUri: https://api.americanexpress.com/v1/merchants
    authentication:
      type: bearer
      token: $secrets.amex_merchant_token
    resources:
    - name: merchant
      path: /merchants
      operations:
      - name: create-merchant
        method: POST
  - namespace: amex-gateway
    type: http
    baseUri: https://api.americanexpress.com/v1/gateway
    authentication:
      type: bearer
      token: $secrets.amex_gateway_token
    resources:
    - name: credentials
      path: /merchants/{merchant_id}/credentials
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: provision-credentials
        method: POST
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account
      operations:
      - name: create-account
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a cardholder account triggers a KYC review flag, generates a document request via the customer communications platform and creates a Salesforce case for the KYC team to track.

naftiko: '0.5'
info:
  label: Cardholder KYC Document Request
  description: When a cardholder account triggers a KYC review flag, generates a document request via the customer communications platform and creates a Salesforce case for the KYC team to track.
  tags:
  - kyc
  - compliance
  - payments
  - salesforce
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: kyc-ops
    port: 8080
    tools:
    - name: initiate-kyc-review
      description: Given a cardholder account ID and KYC flag reason, create a Salesforce KYC case and send a document request notification to the cardholder. Use when account activity triggers a Know Your Customer review requirement.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID that triggered the KYC flag.
      - name: flag_reason
        in: body
        type: string
        description: The reason the KYC review was triggered (e.g., high_transaction_volume, new_market).
      - name: cardholder_email
        in: body
        type: string
        description: The cardholder's email address for document request communications.
      steps:
      - name: create-kyc-case
        type: call
        call: salesforce-kyc.create-case
        with:
          account_id: '{{account_id}}'
          subject: KYC Review Required — Account {{account_id}}
          description: 'KYC flag reason: {{flag_reason}}'
          type: KYC Review
          priority: High
      - name: send-doc-request
        type: call
        call: amex-comms.send-email
        with:
          to: '{{cardholder_email}}'
          template_id: kyc_document_request
          account_id: '{{account_id}}'
          case_number: '{{create-kyc-case.case_number}}'
  consumes:
  - namespace: salesforce-kyc
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: case
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST
  - namespace: amex-comms
    type: http
    baseUri: https://api.americanexpress.com/v1/communications
    authentication:
      type: bearer
      token: $secrets.amex_comms_token
    resources:
    - name: email
      path: /email/send
      operations:
      - name: send-email
        method: POST

Classifies documents uploaded to Box by extracting metadata, running classification, updating Box metadata, and logging results in ServiceNow.

naftiko: '0.5'
info:
  label: Box Document Classification Workflow
  description: Classifies documents uploaded to Box by extracting metadata, running classification, updating Box metadata, and logging results in ServiceNow.
  tags:
  - box
  - document-management
  - classification
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: doc-classify
    port: 8080
    tools:
    - name: classify-document
      description: Classify a Box document and update its metadata. Use when a new document is uploaded to a monitored Box folder.
      inputParameters:
      - name: file_id
        in: body
        type: string
        description: Box file ID.
      steps:
      - name: get-file
        type: call
        call: box.get-file
        with:
          file_id: '{{file_id}}'
      - name: classify
        type: call
        call: amex-classify.classify-document
        with:
          file_name: '{{get-file.name}}'
          file_type: '{{get-file.extension}}'
      - name: update-meta
        type: call
        call: box.update-metadata
        with:
          file_id: '{{file_id}}'
          classification: '{{classify.classification}}'
      - name: log-result
        type: call
        call: servicenow.create-record
        with:
          file_id: '{{file_id}}'
          classification: '{{classify.classification}}'
  consumes:
  - namespace: box
    type: http
    baseUri: https://api.box.com/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: files
      path: /files/{file_id}
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: get-file
        method: GET
      - name: update-metadata
        method: POST
  - namespace: amex-classify
    type: http
    baseUri: https://api.americanexpress.com/v1/ai
    authentication:
      type: bearer
      token: $secrets.amex_ai_token
    resources:
    - name: classify
      path: /classify
      operations:
      - name: classify-document
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/u_document_classification
      operations:
      - name: create-record
        method: POST

Detects Terraform infrastructure drift by triggering a plan, comparing state, creating a Jira remediation ticket, and alerting the platform team via Slack.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Drift Detection
  description: Detects Terraform infrastructure drift by triggering a plan, comparing state, creating a Jira remediation ticket, and alerting the platform team via Slack.
  tags:
  - terraform
  - infrastructure
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: drift-detection
    port: 8080
    tools:
    - name: detect-drift
      description: Trigger a Terraform plan to detect drift and report findings. Use during scheduled drift detection runs.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: Terraform Cloud workspace ID.
      steps:
      - name: trigger-plan
        type: call
        call: terraform-cloud.create-run
        with:
          workspace_id: '{{workspace_id}}'
          is_destroy: 'false'
          message: Drift detection run
      - name: check-plan
        type: call
        call: terraform-cloud.get-run
        with:
          run_id: '{{trigger-plan.id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: PLAT
          issuetype: Task
          summary: 'Terraform drift detected: {{workspace_id}}'
          description: 'Resources to add: {{check-plan.resource_additions}}. To change: {{check-plan.resource_changes}}. To destroy: {{check-plan.resource_destructions}}.'
      - name: alert-team
        type: call
        call: slack.post-message
        with:
          channel: platform-engineering
          text: 'Drift detected in {{workspace_id}} | +{{check-plan.resource_additions}} ~{{check-plan.resource_changes}} -{{check-plan.resource_destructions}} | Jira: {{create-ticket.key}}'
  consumes:
  - namespace: terraform-cloud
    type: http
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: create-run
        method: POST
    - name: run-detail
      path: /runs/{run_id}
      inputParameters:
      - name: run_id
        in: path
      operations:
      - name: get-run
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Scans GitHub pull requests for security vulnerabilities using SonarQube, posts findings as PR comments, and creates a Jira security issue if critical vulnerabilities are found.

naftiko: '0.5'
info:
  label: GitHub Pull Request Security Scan
  description: Scans GitHub pull requests for security vulnerabilities using SonarQube, posts findings as PR comments, and creates a Jira security issue if critical vulnerabilities are found.
  tags:
  - github
  - security
  - sonarqube
  - jira
capability:
  exposes:
  - type: mcp
    namespace: pr-security
    port: 8080
    tools:
    - name: scan-pr-security
      description: Scan a pull request for vulnerabilities and report findings. Use when a PR is opened against a protected branch.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository name.
      - name: pr_number
        in: body
        type: string
        description: Pull request number.
      steps:
      - name: get-pr
        type: call
        call: github.get-pr
        with:
          repo: '{{repo}}'
          pr_number: '{{pr_number}}'
      - name: scan
        type: call
        call: sonarqube.get-analysis
        with:
          projectKey: '{{repo}}-pr-{{pr_number}}'
      - name: comment
        type: call
        call: github.post-comment
        with:
          repo: '{{repo}}'
          pr_number: '{{pr_number}}'
          body: 'Security scan: {{scan.projectStatus.status}}. Vulnerabilities: {{scan.projectStatus.conditions}}'
      - name: create-sec-issue
        type: call
        call: jira.create-issue
        with:
          project_key: SEC
          issuetype: Bug
          summary: 'Security scan findings: {{repo}} PR#{{pr_number}}'
          description: 'Status: {{scan.projectStatus.status}}. PR: {{get-pr.html_url}}'
  consumes:
  - namespace: github
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pulls
      path: /repos/americanexpress/{repo}/pulls/{pr_number}
      inputParameters:
      - name: repo
        in: path
      - name: pr_number
        in: path
      operations:
      - name: get-pr
        method: GET
      - name: post-comment
        method: POST
  - namespace: sonarqube
    type: http
    baseUri: https://sonarqube.americanexpress.com/api
    authentication:
      type: bearer
      token: $secrets.sonarqube_token
    resources:
    - name: analysis
      path: /qualitygates/project_status
      operations:
      - name: get-analysis
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST

Routes compensation change requests through approval by fetching the proposal from Workday, creating a Jira approval task, and notifying HR leadership via Slack.

naftiko: '0.5'
info:
  label: Workday Compensation Change Approval
  description: Routes compensation change requests through approval by fetching the proposal from Workday, creating a Jira approval task, and notifying HR leadership via Slack.
  tags:
  - hr
  - workday
  - jira
  - slack
  - compensation
capability:
  exposes:
  - type: mcp
    namespace: comp-approval
    port: 8080
    tools:
    - name: route-comp-approval
      description: Route a compensation change through the approval workflow. Use when a manager submits a salary adjustment proposal.
      inputParameters:
      - name: proposal_id
        in: body
        type: string
        description: Workday compensation proposal ID.
      steps:
      - name: get-proposal
        type: call
        call: workday.get-proposal
        with:
          proposal_id: '{{proposal_id}}'
      - name: create-approval
        type: call
        call: jira.create-issue
        with:
          project_key: HRA
          issuetype: Task
          summary: Comp change approval — {{get-proposal.employee_name}}
          description: 'Current: ${{get-proposal.current_salary}}. Proposed: ${{get-proposal.proposed_salary}}. Reason: {{get-proposal.reason}}.'
      - name: notify-hr
        type: call
        call: slack.post-message
        with:
          channel: hr-leadership
          text: 'Comp change pending: {{get-proposal.employee_name}} | ${{get-proposal.current_salary}} → ${{get-proposal.proposed_salary}} | Jira: {{create-approval.key}}'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd3-impl-services1.workday.com/ccx/service/amex
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: compensation
      path: /compensation/proposals/{proposal_id}
      inputParameters:
      - name: proposal_id
        in: path
      operations:
      - name: get-proposal
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a new employee is created in Workday, provisions a corporate card account and sends onboarding instructions via Microsoft Teams.

naftiko: '0.5'
info:
  label: New Employee Card Provisioning
  description: When a new employee is created in Workday, provisions a corporate card account and sends onboarding instructions via Microsoft Teams.
  tags:
  - hr
  - onboarding
  - workday
  - payments
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-provisioning
    port: 8080
    tools:
    - name: provision-employee-card
      description: Given a Workday employee ID, retrieve employee details, create a corporate card account, and send the cardholder a Teams message with activation instructions. Invoke during new hire onboarding.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the new hire.
      - name: cost_center
        in: body
        type: string
        description: The cost center code to associate with the new corporate card.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: create-card-account
        type: call
        call: amex-corp.create-card-account
        with:
          first_name: '{{get-employee.first_name}}'
          last_name: '{{get-employee.last_name}}'
          email: '{{get-employee.work_email}}'
          cost_center: '{{cost_center}}'
      - name: send-instructions
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.work_email}}'
          text: 'Welcome! Your American Express corporate card has been provisioned. Account reference: {{create-card-account.account_id}}. Activate at amex.com/activate.'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: worker
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: amex-corp
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corp_token
    resources:
    - name: card-account
      path: /accounts
      operations:
      - name: create-card-account
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chat-message
      path: /users/{recipient_upn}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Monitors Oracle database health by querying performance metrics, creating a ServiceNow incident if thresholds are breached, and notifying the DBA team via Slack.

naftiko: '0.5'
info:
  label: Oracle Database Health Monitoring
  description: Monitors Oracle database health by querying performance metrics, creating a ServiceNow incident if thresholds are breached, and notifying the DBA team via Slack.
  tags:
  - oracle
  - database
  - servicenow
  - slack
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: oracle-health
    port: 8080
    tools:
    - name: monitor-oracle-health
      description: Check Oracle database health, create an incident if degraded, and notify DBAs. Use when scheduled health checks run or alerts trigger.
      inputParameters:
      - name: database_name
        in: body
        type: string
        description: Oracle database name.
      steps:
      - name: check-health
        type: call
        call: oracle-cloud.get-health
        with: {}
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: Oracle DB health alert — {{database_name}}
          category: database
          priority: '2'
          description: 'CPU: {{check-health.cpu_pct}}%. Sessions: {{check-health.active_sessions}}. Tablespace: {{check-health.tablespace_pct}}%.'
      - name: notify-dba
        type: call
        call: slack.post-message
        with:
          channel: dba-ops
          text: 'Oracle DB alert: {{database_name}} | CPU: {{check-health.cpu_pct}}% | Sessions: {{check-health.active_sessions}} | SNOW: {{create-incident.number}}'
  consumes:
  - namespace: oracle-cloud
    type: http
    baseUri: https://database.americanexpress.oraclecloud.com/ords
    authentication:
      type: bearer
      token: $secrets.oracle_token
    resources:
    - name: metrics
      path: /admin/health
      operations:
      - name: get-health
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Responds to New Relic performance alerts by fetching violation details, creating a PagerDuty incident, opening a Jira bug, and posting to the engineering Slack channel.

naftiko: '0.5'
info:
  label: New Relic Performance Degradation Handler
  description: Responds to New Relic performance alerts by fetching violation details, creating a PagerDuty incident, opening a Jira bug, and posting to the engineering Slack channel.
  tags:
  - new-relic
  - monitoring
  - pagerduty
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: perf-handler
    port: 8080
    tools:
    - name: handle-perf-degradation
      description: Respond to a performance degradation alert by paging on-call, creating a bug, and notifying engineering. Use when New Relic detects performance issues.
      inputParameters:
      - name: policy_id
        in: body
        type: string
        description: New Relic alert policy ID.
      steps:
      - name: get-violations
        type: call
        call: newrelic.get-violations
        with:
          policy_id: '{{policy_id}}'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Perf degradation: {{get-violations.condition_name}}'
          service_id: $secrets.pd_service_id
          urgency: high
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: 'Perf degradation: {{get-violations.condition_name}}'
          description: 'Violation: {{get-violations.condition_name}}. Threshold: {{get-violations.threshold}}. Value: {{get-violations.value}}.'
      - name: alert-eng
        type: call
        call: slack.post-message
        with:
          channel: engineering-alerts
          text: 'Performance degradation: {{get-violations.condition_name}} | PD: {{page-oncall.incident_number}} | Jira: {{create-bug.key}}'
  consumes:
  - namespace: newrelic
    type: http
    baseUri: https://api.newrelic.com/v2
    authentication:
      type: bearer
      token: $secrets.newrelic_token
    resources:
    - name: alerts
      path: /alerts_violations.json
      operations:
      - name: get-violations
        method: GET
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a cardholder reports a lost card, cancels the existing card, orders a replacement, creates a ServiceNow case, and sends a confirmation via email.

naftiko: '0.5'
info:
  label: Cardholder Lost Card Replacement Workflow
  description: When a cardholder reports a lost card, cancels the existing card, orders a replacement, creates a ServiceNow case, and sends a confirmation via email.
  tags:
  - cardholder
  - cards
  - servicenow
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: card-replace
    port: 8080
    tools:
    - name: replace-lost-card
      description: Cancel a lost card, order a replacement, create a support case, and confirm with the cardholder. Use when a cardholder reports a lost or stolen card.
      inputParameters:
      - name: card_id
        in: body
        type: string
        description: The card ID to replace.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email address for confirmation.
      steps:
      - name: cancel-card
        type: call
        call: amex-cards.cancel-card
        with:
          card_id: '{{card_id}}'
      - name: order-replacement
        type: call
        call: amex-cards.order-replacement
        with:
          card_id: '{{card_id}}'
          shipping: expedited
      - name: create-case
        type: call
        call: servicenow.create-case
        with:
          short_description: Lost card replacement — {{card_id}}
          category: card-services
          priority: '2'
      - name: send-confirmation
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: Your replacement card is on its way
          body: 'Your card ending in {{cancel-card.last_four}} has been cancelled. A replacement will arrive within 2 business days. Case: {{create-case.number}}'
  consumes:
  - namespace: amex-cards
    type: http
    baseUri: https://api.americanexpress.com/v1/cards
    authentication:
      type: bearer
      token: $secrets.amex_cards_token
    resources:
    - name: card
      path: /cards/{card_id}
      inputParameters:
      - name: card_id
        in: path
      operations:
      - name: cancel-card
        method: POST
      - name: order-replacement
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_customerservice_case
      operations:
      - name: create-case
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Retrieves recent resolved Salesforce Service Cloud cases, submits case notes to OpenAI for sentiment and theme extraction, and posts a digest to a Slack channel for the customer experience team.

naftiko: '0.5'
info:
  label: Customer Sentiment Analysis from Support Cases
  description: Retrieves recent resolved Salesforce Service Cloud cases, submits case notes to OpenAI for sentiment and theme extraction, and posts a digest to a Slack channel for the customer experience team.
  tags:
  - customer-support
  - salesforce
  - openai
  - slack
  - ai
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: cx-intelligence
    port: 8080
    tools:
    - name: digest-support-sentiment
      description: Given a Salesforce queue name and date range, retrieve closed cases, send transcripts to OpenAI for sentiment analysis, and post a summary digest to Slack. Use when the CX team needs a weekly support sentiment report.
      inputParameters:
      - name: queue_name
        in: body
        type: string
        description: The Salesforce Service Cloud queue name to analyze (e.g., AmexCardholderSupport).
      - name: from_date
        in: body
        type: string
        description: Start date for case retrieval in YYYY-MM-DD format.
      - name: to_date
        in: body
        type: string
        description: End date for case retrieval in YYYY-MM-DD format.
      steps:
      - name: get-cases
        type: call
        call: salesforce.query-cases
        with:
          queue: '{{queue_name}}'
          closed_from: '{{from_date}}'
          closed_to: '{{to_date}}'
      - name: analyze-sentiment
        type: call
        call: openai.create-completion
        with:
          model: gpt-4o
          prompt: 'Analyze the following support case summaries and return a JSON object with: overall_sentiment (positive/neutral/negative), top_themes (array of strings), and recommended_actions (array of strings). Cases: {{get-cases.summaries}}'
      - name: post-digest
        type: call
        call: slack-cx.post-message
        with:
          channel: cx-insights
          text: 'CX Sentiment Digest ({{from_date}} to {{to_date}}) | Queue: {{queue_name}} | Sentiment: {{analyze-sentiment.overall_sentiment}} | Top themes: {{analyze-sentiment.top_themes}}'
  consumes:
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: cases
      path: /query
      inputParameters:
      - name: q
        in: query
      operations:
      - name: query-cases
        method: GET
  - namespace: openai
    type: http
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: completion
      path: /chat/completions
      operations:
      - name: create-completion
        method: POST
  - namespace: slack-cx
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Monitors Datadog for transaction volume anomaly alerts and, when triggered, creates a PagerDuty incident and posts to the payments operations Slack channel.

naftiko: '0.5'
info:
  label: Transaction Anomaly Monitoring Alert
  description: Monitors Datadog for transaction volume anomaly alerts and, when triggered, creates a PagerDuty incident and posts to the payments operations Slack channel.
  tags:
  - observability
  - datadog
  - pagerduty
  - slack
  - payments
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: payments-observability
    port: 8080
    tools:
    - name: handle-transaction-anomaly
      description: Given a Datadog anomaly alert ID and severity, retrieve alert details, create a PagerDuty incident for the on-call payments team, and post a Slack notification. Use when transaction processing anomalies are detected.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Datadog monitor alert ID for the transaction anomaly.
      - name: severity
        in: body
        type: string
        description: 'Alert severity level: critical, high, medium, or low.'
      - name: affected_service
        in: body
        type: string
        description: The name of the affected payments service or pipeline.
      steps:
      - name: get-alert
        type: call
        call: datadog-monitor.get-monitor
        with:
          monitor_id: '{{alert_id}}'
      - name: create-pd-incident
        type: call
        call: pagerduty.create-incident
        with:
          title: Transaction anomaly on {{affected_service}} — severity {{severity}}
          service_id: $secrets.pagerduty_payments_service_id
          urgency: '{{severity}}'
          body: 'Datadog alert {{alert_id}}: {{get-alert.message}}'
      - name: post-slack
        type: call
        call: slack-payments.post-message
        with:
          channel: payments-ops
          text: 'Transaction Anomaly Detected | Service: {{affected_service}} | Severity: {{severity}} | PagerDuty: {{create-pd-incident.incident_number}} | Alert: {{alert_id}}'
  consumes:
  - namespace: datadog-monitor
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitor
      path: /monitor/{monitor_id}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_api_key
      placement: header
    resources:
    - name: incident
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: slack-payments
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a fraud signal is raised on a cardholder account, retrieves transaction details from the core payments platform, opens a ServiceNow incident, and sends a Twilio SMS alert to the cardholder.

naftiko: '0.5'
info:
  label: Cardholder Fraud Alert Triage
  description: When a fraud signal is raised on a cardholder account, retrieves transaction details from the core payments platform, opens a ServiceNow incident, and sends a Twilio SMS alert to the cardholder.
  tags:
  - fraud
  - payments
  - servicenow
  - twilio
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: fraud-ops
    port: 8080
    tools:
    - name: handle-fraud-alert
      description: Given a card account ID and transaction ID, fetch transaction details, open a ServiceNow fraud incident, and send an SMS alert to the cardholder. Invoke when a fraud signal is detected on a cardholder account.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account identifier from the payments platform.
      - name: transaction_id
        in: body
        type: string
        description: The transaction ID flagged as potentially fraudulent.
      - name: cardholder_phone
        in: body
        type: string
        description: The cardholder's mobile phone number in E.164 format for SMS notification.
      steps:
      - name: get-transaction
        type: call
        call: amex-payments.get-transaction
        with:
          account_id: '{{account_id}}'
          transaction_id: '{{transaction_id}}'
      - name: open-incident
        type: call
        call: servicenow.create-incident
        with:
          category: fraud
          short_description: Fraud alert on account {{account_id}} — txn {{transaction_id}}
          urgency: '1'
          impact: '1'
      - name: send-sms
        type: call
        call: twilio.send-sms
        with:
          to: '{{cardholder_phone}}'
          body: 'American Express Alert: Suspicious activity detected on your account ending {{get-transaction.last_four}}. If unrecognized, call 1-800-528-4800. Ref: {{open-incident.number}}'
  consumes:
  - namespace: amex-payments
    type: http
    baseUri: https://api.americanexpress.com/v1/payments
    authentication:
      type: bearer
      token: $secrets.amex_payments_token
    resources:
    - name: transaction
      path: /accounts/{account_id}/transactions/{transaction_id}
      inputParameters:
      - name: account_id
        in: path
      - name: transaction_id
        in: path
      operations:
      - name: get-transaction
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: twilio
    type: http
    baseUri: https://api.twilio.com/2010-04-01
    authentication:
      type: basic
      username: $secrets.twilio_account_sid
      password: $secrets.twilio_auth_token
    resources:
    - name: messages
      path: /Accounts/{account_sid}/Messages.json
      inputParameters:
      - name: account_sid
        in: path
      operations:
      - name: send-sms
        method: POST

When a SAP Concur travel booking is submitted, validates it against the American Express travel policy and flags non-compliant bookings by creating a ServiceNow task for manager review.

naftiko: '0.5'
info:
  label: Corporate Travel Booking Policy Compliance Check
  description: When a SAP Concur travel booking is submitted, validates it against the American Express travel policy and flags non-compliant bookings by creating a ServiceNow task for manager review.
  tags:
  - travel
  - expense-management
  - sap-concur
  - servicenow
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: travel-compliance
    port: 8080
    tools:
    - name: check-travel-booking-compliance
      description: Given a Concur travel booking ID, retrieve booking details and validate against policy rules. If non-compliant, create a ServiceNow approval task for the employee's manager. Use when travel bookings are submitted for pre-trip approval.
      inputParameters:
      - name: booking_id
        in: body
        type: string
        description: The SAP Concur travel booking ID to validate.
      - name: employee_id
        in: body
        type: string
        description: The employee ID of the traveler.
      steps:
      - name: get-booking
        type: call
        call: concur-travel.get-booking
        with:
          booking_id: '{{booking_id}}'
      - name: create-approval-task
        type: call
        call: servicenow-travel.create-task
        with:
          category: travel_compliance
          short_description: 'Travel booking policy review required: {{booking_id}}'
          description: 'Employee: {{employee_id}}

            Destination: {{get-booking.destination}}

            Cost: ${{get-booking.total_cost}}

            Dates: {{get-booking.travel_dates}}

            Booking: {{booking_id}}'
  consumes:
  - namespace: concur-travel
    type: http
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_access_token
    resources:
    - name: booking
      path: /travel/trips/{booking_id}
      inputParameters:
      - name: booking_id
        in: path
      operations:
      - name: get-booking
        method: GET
  - namespace: servicenow-travel
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: task
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Queries Azure costs and publishes allocation to Confluence.

naftiko: '0.5'
info:
  label: Azure Cost Allocation Report Workflow
  description: Queries Azure costs and publishes allocation to Confluence.
  tags:
  - cloud
  - finance
  - microsoft-azure
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: cost-ops
    port: 8080
    tools:
    - name: gen-report
      description: Generate cost report.
      inputParameters:
      - name: period
        in: body
        type: string
        description: YYYY-MM.
      steps:
      - name: costs
        type: call
        call: azure-cost.get-usage
        with:
          period: '{{period}}'
      - name: publish
        type: call
        call: confluence.create-page
        with:
          space_key: FINOPS
          title: Azure Costs {{period}}
  consumes:
  - type: http
    namespace: azure-cost
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_token
    resources:
    - name: usage
      path: /subscriptions/$secrets.azure_sub/providers/Microsoft.CostManagement/query
      operations:
      - name: get-usage
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://axa.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST

Pulls AXA brand campaign performance metrics from LinkedIn Marketing, combines with HubSpot lead attribution data, and posts a weekly report to the Brand Marketing Teams channel.

naftiko: '0.5'
info:
  label: LinkedIn Brand Campaign Performance Report
  description: Pulls AXA brand campaign performance metrics from LinkedIn Marketing, combines with HubSpot lead attribution data, and posts a weekly report to the Brand Marketing Teams channel.
  tags:
  - marketing
  - social
  - linkedin
  - hubspot
  - microsoft-teams
  - brand
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: brand-marketing
    port: 8080
    tools:
    - name: publish-linkedin-brand-report
      description: Given a LinkedIn organization URN and date range, fetch campaign analytics and merge with HubSpot lead data attributed to LinkedIn, then post a weekly brand performance report to Teams.
      inputParameters:
      - name: org_urn
        in: body
        type: string
        description: The LinkedIn organization URN for AXA, e.g. 'urn:li:organization:1234'.
      - name: start_date
        in: body
        type: string
        description: Report start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: Report end date in YYYY-MM-DD format.
      steps:
      - name: get-linkedin-metrics
        type: call
        call: linkedin.get-organization-follower-statistics
        with:
          organizationalEntity: '{{org_urn}}'
      - name: get-hubspot-attribution
        type: call
        call: hubspot.list-leads
        with:
          source: LinkedIn
          start: '{{start_date}}'
          end: '{{end_date}}'
      - name: post-report
        type: call
        call: msteams.post-channel-message
        with:
          channel: brand-marketing
          message: 'LinkedIn Brand Report ({{start_date}} to {{end_date}}): Followers {{get-linkedin-metrics.followerCount}}, New HubSpot leads from LinkedIn: {{get-hubspot-attribution.count}}'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: organization-follower-statistics
      path: /organizationalEntityFollowerStatistics
      operations:
      - name: get-organization-follower-statistics
        method: GET
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com/crm/v3
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /objects/contacts/search
      operations:
      - name: list-leads
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Queries Snowflake for treaty data, validates terms, and publishes to Confluence.

naftiko: '0.5'
info:
  label: Reinsurance Treaty Compliance Report
  description: Queries Snowflake for treaty data, validates terms, and publishes to Confluence.
  tags:
  - insurance
  - actuarial
  - compliance
  - snowflake
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: reinsurance-ops
    port: 8080
    tools:
    - name: treaty-report
      description: Generate treaty report.
      inputParameters:
      - name: treaty
        in: body
        type: string
        description: Treaty ID.
      - name: period
        in: body
        type: string
        description: YYYY-Q.
      steps:
      - name: query
        type: call
        call: snowflake.query
        with:
          query: SELECT * FROM TREATY WHERE treaty='{{treaty}}'
      - name: validate
        type: call
        call: reinsurance-api.validate
        with:
          treaty: '{{treaty}}'
      - name: publish
        type: call
        call: confluence.create-page
        with:
          space_key: REINSURANCE
          title: Treaty {{treaty}} - {{period}}
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://axa.service-now.com/api/now
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query
        method: POST
  - type: http
    namespace: reinsurance-api
    baseUri: https://api.axa.com/reinsurance/v1
    authentication:
      type: bearer
      token: $secrets.reinsurance_token
    resources:
    - name: validation
      path: /treaties/validate
      operations:
      - name: validate
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://axa.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST

Processes GDPR/CCPA requests by querying systems and logging in ServiceNow.

naftiko: '0.5'
info:
  label: Data Subject Request Workflow
  description: Processes GDPR/CCPA requests by querying systems and logging in ServiceNow.
  tags:
  - insurance
  - compliance
  - privacy
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: dsar-ops
    port: 8080
    tools:
    - name: process-dsar
      description: Process DSAR.
      inputParameters:
      - name: email
        in: body
        type: string
        description: Subject email.
      - name: type
        in: body
        type: string
        description: Request type.
      steps:
      - name: sf
        type: call
        call: salesforce.search
        with:
          email: '{{email}}'
      - name: claims
        type: call
        call: claims-api.search
        with:
          email: '{{email}}'
      - name: log
        type: call
        call: servicenow.create-record
        with:
          table: u_dsar
          email: '{{email}}'
          type: '{{type}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://axa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search
        method: GET
  - type: http
    namespace: claims-api
    baseUri: https://api.axa.com/claims/v2
    authentication:
      type: bearer
      token: $secrets.claims_api_token
    resources:
    - name: search
      path: /claims/search
      operations:
      - name: search
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://axa.snowflakecomputing.com/api/v2
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/u_dsar
      operations:
      - name: create-record
        method: POST

Generates medical record request, creates tracking, and sets Jira follow-up.

naftiko: '0.5'
info:
  label: Claims Medical Record Request Workflow
  description: Generates medical record request, creates tracking, and sets Jira follow-up.
  tags:
  - insurance
  - claims
  - servicenow
  - jira
capability:
  exposes:
  - type: mcp
    namespace: medrecord-ops
    port: 8080
    tools:
    - name: request-records
      description: Request medical records.
      inputParameters:
      - name: claim_id
        in: body
        type: string
        description: Claim.
      - name: provider
        in: body
        type: string
        description: Provider.
      - name: claimant
        in: body
        type: string
        description: Claimant.
      steps:
      - name: gen
        type: call
        call: document-api.generate
        with:
          claim_id: '{{claim_id}}'
          provider: '{{provider}}'
      - name: track
        type: call
        call: servicenow.create-record
        with:
          table: u_med_request
          claim_id: '{{claim_id}}'
      - name: followup
        type: call
        call: jira.create-issue
        with:
          project_key: CLAIMS
          issuetype: Task
          summary: 'Med records: {{claim_id}}'
  consumes:
  - type: http
    namespace: document-api
    baseUri: https://api.axa.com/documents/v1
    authentication:
      type: bearer
      token: $secrets.document_api_token
    resources:
    - name: medical
      path: /generate/medical-request
      operations:
      - name: generate
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://axa.snowflakecomputing.com/api/v2
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/u_med_request
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: jira
    baseUri: https://axa.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Calculates BI reserve, updates claim, and notifies manager.

naftiko: '0.5'
info:
  label: Bodily Injury Reserve Calculator
  description: Calculates BI reserve, updates claim, and notifies manager.
  tags:
  - insurance
  - claims
  - actuarial
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: bi-reserve
    port: 8080
    tools:
    - name: calc-bi
      description: Calculate BI reserve.
      inputParameters:
      - name: claim_id
        in: body
        type: string
        description: Claim.
      - name: injury
        in: body
        type: string
        description: Injury.
      - name: jurisdiction
        in: body
        type: string
        description: State.
      steps:
      - name: calc
        type: call
        call: reserve-engine.calc
        with:
          injury: '{{injury}}'
          jurisdiction: '{{jurisdiction}}'
      - name: update
        type: call
        call: servicenow.update
        with:
          claim_id: '{{claim_id}}'
          reserve: '{{calc.amount}}'
      - name: notify
        type: call
        call: msteams.post
        with:
          channel_id: $secrets.claims_mgr
          text: 'BI: {{claim_id}} = ${{calc.amount}}'
  consumes:
  - type: http
    namespace: reserve-engine
    baseUri: https://api.axa.com/actuarial/v1
    authentication:
      type: bearer
      token: $secrets.actuarial_api_token
    resources:
    - name: bi-reserves
      path: /reserves/bodily-injury
      operations:
      - name: calc
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://axa.snowflakecomputing.com/api/v2
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: reserves
      path: /table/sn_claim_reserve/{{claim_id}}
      inputParameters:
      - name: claim_id
        in: path
      operations:
      - name: update
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post
        method: POST

Retrieves mortality rate data for age, gender, and table version for life insurance pricing.

naftiko: '0.5'
info:
  label: Actuarial Mortality Table Lookup
  description: Retrieves mortality rate data for age, gender, and table version for life insurance pricing.
  tags:
  - insurance
  - actuarial
  - life
capability:
  exposes:
  - type: mcp
    namespace: mortality-ops
    port: 8080
    tools:
    - name: get-rate
      description: Look up mortality rate. Returns rate and expectancy.
      inputParameters:
      - name: age
        in: body
        type: integer
        description: Insured age.
      - name: gender
        in: body
        type: string
        description: Gender.
      - name: table
        in: body
        type: string
        description: Table version.
      call: actuarial-api.get-rate
      with:
        age: '{{age}}'
        gender: '{{gender}}'
        table: '{{table}}'
      outputParameters:
      - name: rate
        type: number
        mapping: $.annualMortalityRate
      - name: expectancy
        type: number
        mapping: $.lifeExpectancy
  consumes:
  - type: http
    namespace: actuarial-api
    baseUri: https://api.axa.com/actuarial/v1
    authentication:
      type: bearer
      token: $secrets.actuarial_api_token
    resources:
    - name: mortality
      path: /mortality-tables/{{table}}/rates
      inputParameters:
      - name: table
        in: path
      operations:
      - name: get-rate
        method: GET

Validates adjuster authority, updates reserve in ServiceNow, and notifies claims manager.

naftiko: '0.5'
info:
  label: Claims Reserve Adjustment Workflow
  description: Validates adjuster authority, updates reserve in ServiceNow, and notifies claims manager.
  tags:
  - insurance
  - claims
  - actuarial
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: reserve-adj
    port: 8080
    tools:
    - name: adjust-reserve
      description: Adjust claim reserve.
      inputParameters:
      - name: claim_id
        in: body
        type: string
        description: Claim.
      - name: amount
        in: body
        type: number
        description: New reserve.
      - name: adjuster
        in: body
        type: string
        description: Adjuster.
      steps:
      - name: check
        type: call
        call: claims-api.check-auth
        with:
          adjuster: '{{adjuster}}'
          amount: '{{amount}}'
      - name: update
        type: call
        call: servicenow.update-reserve
        with:
          claim_id: '{{claim_id}}'
          reserve: '{{amount}}'
      - name: notify
        type: call
        call: msteams.post
        with:
          channel_id: $secrets.claims_mgr
          text: 'Reserve: {{claim_id}} = ${{amount}}'
  consumes:
  - type: http
    namespace: claims-api
    baseUri: https://api.axa.com/claims/v2
    authentication:
      type: bearer
      token: $secrets.claims_api_token
    resources:
    - name: authority
      path: /authority/check
      operations:
      - name: check-auth
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://axa.snowflakecomputing.com/api/v2
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: reserves
      path: /table/sn_claim_reserve/{{claim_id}}
      inputParameters:
      - name: claim_id
        in: path
      operations:
      - name: update-reserve
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post
        method: POST

Evaluates loss type and adjuster workload, assigns optimal adjuster in Salesforce, and notifies via Microsoft Teams.

naftiko: '0.5'
info:
  label: Claims Adjuster Assignment Router
  description: Evaluates loss type and adjuster workload, assigns optimal adjuster in Salesforce, and notifies via Microsoft Teams.
  tags:
  - insurance
  - claims
  - salesforce
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: claims-route
    port: 8080
    tools:
    - name: route-claim
      description: Route claim to best adjuster. Checks capacity, assigns, notifies.
      inputParameters:
      - name: claim_id
        in: body
        type: string
        description: Claim ID.
      - name: loss_type
        in: body
        type: string
        description: Loss type.
      steps:
      - name: get-capacity
        type: call
        call: workday.get-capacity
        with:
          department: claims-{{loss_type}}
      - name: assign
        type: call
        call: salesforce.assign
        with:
          claim_id: '{{claim_id}}'
          adjuster: '{{get-capacity.id}}'
      - name: notify
        type: call
        call: msteams.post
        with:
          channel_id: $secrets.claims_channel
          text: Claim {{claim_id}} ({{loss_type}}) assigned.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/axa
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: capacity
      path: /staffing/teamCapacity
      operations:
      - name: get-capacity
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://axa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: claims
      path: /sobjects/Claim__c/{{claim_id}}
      inputParameters:
      - name: claim_id
        in: path
      operations:
      - name: assign
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post
        method: POST

Triggers quarterly reserve calculations in Snowflake, validates results, and publishes to Power BI.

naftiko: '0.5'
info:
  label: Actuarial Reserve Calculation Trigger
  description: Triggers quarterly reserve calculations in Snowflake, validates results, and publishes to Power BI.
  tags:
  - insurance
  - actuarial
  - snowflake
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: reserve-ops
    port: 8080
    tools:
    - name: run-reserves
      description: Run quarterly reserves. Executes and refreshes dashboard.
      inputParameters:
      - name: lob
        in: body
        type: string
        description: LOB.
      - name: quarter
        in: body
        type: string
        description: YYYY-Q.
      steps:
      - name: calc
        type: call
        call: snowflake.query
        with:
          query: CALL CALCULATE_RESERVES('{{lob}}','{{quarter}}')
      - name: validate
        type: call
        call: snowflake.query
        with:
          query: SELECT * FROM RESERVE_VALIDATION WHERE lob='{{lob}}'
      - name: refresh
        type: call
        call: powerbi.refresh
        with:
          group_id: $secrets.pbi_group
          dataset_id: $secrets.pbi_reserves
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://axa.service-now.com/api/now
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh
        method: POST

Queries SAP Concur for expense reports pending manager approval beyond 5 days, and sends reminder notifications to approvers via Microsoft Teams.

naftiko: '0.5'
info:
  label: Concur Expense Report Approval Reminder
  description: Queries SAP Concur for expense reports pending manager approval beyond 5 days, and sends reminder notifications to approvers via Microsoft Teams.
  tags:
  - finance
  - expense-management
  - sap-concur
  - microsoft-teams
  - approval
capability:
  exposes:
  - type: mcp
    namespace: expense-management
    port: 8080
    tools:
    - name: send-expense-approval-reminders
      description: Query SAP Concur for expense reports in Pending Manager Approval status older than 5 days, and send Teams reminders to each approver.
      inputParameters:
      - name: days_pending
        in: body
        type: integer
        description: 'Number of days an expense report must be pending before sending a reminder. Default: 5.'
      steps:
      - name: get-pending-reports
        type: call
        call: concur.list-pending-reports
        with:
          approvalStatus: A_PEND
          daysOld: '{{days_pending}}'
      - name: notify-approvers
        type: call
        call: msteams.post-channel-message
        with:
          channel: finance-approvals
          message: '{{get-pending-reports.count}} expense reports pending approval for more than {{days_pending}} days. Please review in SAP Concur.'
  consumes:
  - type: http
    namespace: concur
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports
      operations:
      - name: list-pending-reports
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

On a GitHub pull request opened against a protected branch, triggers a security scan via Datadog SAST, reports findings back as a PR comment, and opens a Jira ticket for any critical issues.

naftiko: '0.5'
info:
  label: GitHub Pull Request Security Scan Gating
  description: On a GitHub pull request opened against a protected branch, triggers a security scan via Datadog SAST, reports findings back as a PR comment, and opens a Jira ticket for any critical issues.
  tags:
  - devops
  - security
  - github
  - datadog
  - jira
  - ci-cd
  - code-quality
capability:
  exposes:
  - type: mcp
    namespace: pr-security
    port: 8080
    tools:
    - name: handle-pr-security-gate
      description: Given a GitHub pull request number and repository, run a security analysis, post findings as a PR review comment on GitHub, and open a Jira bug for any critical vulnerabilities found.
      inputParameters:
      - name: repo_full_name
        in: body
        type: string
        description: The GitHub repository full name, e.g. 'axa-group/claims-api'.
      - name: pr_number
        in: body
        type: integer
        description: The pull request number to analyse.
      - name: commit_sha
        in: body
        type: string
        description: The head commit SHA for the pull request.
      steps:
      - name: get-pr-details
        type: call
        call: github.get-pull-request
        with:
          repo: '{{repo_full_name}}'
          pull_number: '{{pr_number}}'
      - name: post-pr-comment
        type: call
        call: github.create-pr-comment
        with:
          repo: '{{repo_full_name}}'
          pull_number: '{{pr_number}}'
          body: Security scan initiated for commit {{commit_sha}}.
      - name: create-jira-issue
        type: call
        call: jira.create-issue
        with:
          project_key: SEC
          issuetype: Bug
          summary: 'Security finding: {{repo_full_name}} PR #{{pr_number}}'
          description: 'Commit: {{commit_sha}} | PR: {{get-pr-details.html_url}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pull-requests
      path: /repos/{{repo}}/pulls/{{pull_number}}
      inputParameters:
      - name: repo
        in: path
      - name: pull_number
        in: path
      operations:
      - name: get-pull-request
        method: GET
    - name: pr-comments
      path: /repos/{{repo}}/issues/{{pull_number}}/comments
      inputParameters:
      - name: repo
        in: path
      - name: pull_number
        in: path
      operations:
      - name: create-pr-comment
        method: POST
  - type: http
    namespace: jira
    baseUri: https://axa.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

When a GitHub Actions deployment workflow fails on main branch, creates a Jira incident ticket and posts a failure alert with context to the DevOps Microsoft Teams channel.

naftiko: '0.5'
info:
  label: GitHub Deployment Pipeline Failure Handler
  description: When a GitHub Actions deployment workflow fails on main branch, creates a Jira incident ticket and posts a failure alert with context to the DevOps Microsoft Teams channel.
  tags:
  - devops
  - ci-cd
  - github
  - jira
  - microsoft-teams
  - deployment
capability:
  exposes:
  - type: mcp
    namespace: devops-cicd
    port: 8080
    tools:
    - name: handle-deployment-failure
      description: Given a GitHub Actions workflow run ID and repository, retrieve failure details, create a Jira incident, and alert the DevOps Teams channel with full context.
      inputParameters:
      - name: repo_full_name
        in: body
        type: string
        description: The GitHub repository full name, e.g. 'axa-group/policy-service'.
      - name: run_id
        in: body
        type: integer
        description: The GitHub Actions workflow run ID that failed.
      - name: branch
        in: body
        type: string
        description: The branch the deployment was targeting, typically 'main'.
      steps:
      - name: get-run-details
        type: call
        call: github.get-workflow-run
        with:
          repo: '{{repo_full_name}}'
          run_id: '{{run_id}}'
      - name: create-jira-incident
        type: call
        call: jira.create-issue
        with:
          project_key: OPS
          issuetype: Incident
          summary: 'Deployment failure: {{repo_full_name}} on {{branch}}'
          description: 'Run ID: {{run_id}} | Status: {{get-run-details.conclusion}} | URL: {{get-run-details.html_url}}'
      - name: alert-devops-channel
        type: call
        call: msteams.post-channel-message
        with:
          channel: devops-alerts
          message: 'Deployment FAILED: {{repo_full_name}} | Branch: {{branch}} | Jira: {{create-jira-incident.key}} | Run: {{get-run-details.html_url}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /repos/{{repo}}/actions/runs/{{run_id}}
      inputParameters:
      - name: repo
        in: path
      - name: run_id
        in: path
      operations:
      - name: get-workflow-run
        method: GET
  - type: http
    namespace: jira
    baseUri: https://axa.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Creates ServiceNow case, links to Salesforce policy, and notifies CX team.

naftiko: '0.5'
info:
  label: Customer Complaint Tracking Workflow
  description: Creates ServiceNow case, links to Salesforce policy, and notifies CX team.
  tags:
  - insurance
  - compliance
  - servicenow
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: complaint-ops
    port: 8080
    tools:
    - name: log-complaint
      description: Log complaint.
      inputParameters:
      - name: policy
        in: body
        type: string
        description: Policy.
      - name: category
        in: body
        type: string
        description: Category.
      - name: desc
        in: body
        type: string
        description: Description.
      steps:
      - name: case
        type: call
        call: servicenow.create-case
        with:
          short_description: 'Complaint: {{category}} - {{policy}}'
          description: '{{desc}}'
      - name: link
        type: call
        call: salesforce.create-note
        with:
          policy: '{{policy}}'
          note: 'Complaint: {{case.number}}'
      - name: notify
        type: call
        call: msteams.post
        with:
          channel_id: $secrets.cx_channel
          text: 'Complaint: {{policy}}. Case: {{case.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://axa.snowflakecomputing.com/api/v2
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_customerservice_case
      operations:
      - name: create-case
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://axa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: notes
      path: /sobjects/CaseNote__c
      operations:
      - name: create-note
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post
        method: POST

Exports current headcount by department and cost center from ADP, uploads the snapshot to SharePoint, and posts a digest to the Finance Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Payroll Headcount Snapshot
  description: Exports current headcount by department and cost center from ADP, uploads the snapshot to SharePoint, and posts a digest to the Finance Microsoft Teams channel.
  tags:
  - hr
  - finance
  - payroll
  - headcount
  - adp
  - sharepoint
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-finance
    port: 8080
    tools:
    - name: get-payroll-headcount-snapshot
      description: Export current headcount and cost center data from ADP, upload the report to SharePoint, and post a summary to the Finance Teams channel. Use for monthly headcount reconciliation.
      inputParameters:
      - name: report_month
        in: body
        type: string
        description: The report month in YYYY-MM format, e.g. '2026-03'.
      - name: cost_center_filter
        in: body
        type: string
        description: Optional cost center code to filter results. Leave blank for all.
      steps:
      - name: export-headcount
        type: call
        call: adp.export-workers
        with:
          asOfDate: '{{report_month}}'
          costCenter: '{{cost_center_filter}}'
      - name: upload-to-sharepoint
        type: call
        call: sharepoint.upload-file
        with:
          site_id: finance-reports
          folder: Payroll/Headcount
          filename: headcount-{{report_month}}.csv
          content: '{{export-headcount.csv_data}}'
      - name: post-digest
        type: call
        call: msteams.post-channel-message
        with:
          channel: finance-reporting
          message: 'Headcount snapshot for {{report_month}} uploaded to SharePoint. Total employees: {{export-headcount.total_count}}.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: workers-export
      path: /hr/v2/workers/export
      operations:
      - name: export-workers
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /sites/{{site_id}}/drive/root:/{{folder}}/{{filename}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder
        in: path
      - name: filename
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Pulls vendor data from SAP, scores risk, and creates assessment in ServiceNow.

naftiko: '0.5'
info:
  label: Vendor Risk Assessment Workflow
  description: Pulls vendor data from SAP, scores risk, and creates assessment in ServiceNow.
  tags:
  - insurance
  - compliance
  - sap
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: vendor-risk
    port: 8080
    tools:
    - name: assess-vendor
      description: Assess vendor risk.
      inputParameters:
      - name: vendor_id
        in: body
        type: string
        description: Vendor ID.
      - name: type
        in: body
        type: string
        description: Assessment type.
      steps:
      - name: get
        type: call
        call: sap.get-vendor
        with:
          vendor_id: '{{vendor_id}}'
      - name: score
        type: call
        call: risk-api.score
        with:
          name: '{{get.name}}'
          type: '{{type}}'
      - name: log
        type: call
        call: servicenow.create-record
        with:
          table: u_vendor_risk
          vendor: '{{vendor_id}}'
          level: '{{score.level}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://axa-sap.s4hana.cloud.sap/api/v1
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: vendors
      path: /suppliers/{{vendor_id}}
      inputParameters:
      - name: vendor_id
        in: path
      operations:
      - name: get-vendor
        method: GET
  - type: http
    namespace: risk-api
    baseUri: https://api.axa.com/risk/v1
    authentication:
      type: bearer
      token: $secrets.risk_token
    resources:
    - name: scoring
      path: /vendors/score
      operations:
      - name: score
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://axa.snowflakecomputing.com/api/v2
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/u_vendor_risk
      operations:
      - name: create-record
        method: POST

Creates a ServiceNow change request for infrastructure changes, routes it through the CAB approval chain, and notifies stakeholders via Microsoft Teams at each stage.

naftiko: '0.5'
info:
  label: ServiceNow Change Request Approval Workflow
  description: Creates a ServiceNow change request for infrastructure changes, routes it through the CAB approval chain, and notifies stakeholders via Microsoft Teams at each stage.
  tags:
  - itsm
  - change-management
  - servicenow
  - microsoft-teams
  - approval
  - operations
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: submit-change-request
      description: Given change details, create a ServiceNow change request, assign it to the CAB, and notify the Change Management Teams channel with a link for approval.
      inputParameters:
      - name: change_title
        in: body
        type: string
        description: Short description of the proposed change.
      - name: change_description
        in: body
        type: string
        description: Detailed description of what is changing, why, and the rollback plan.
      - name: risk_level
        in: body
        type: string
        description: 'Risk level: ''low'', ''medium'', or ''high''.'
      - name: planned_date
        in: body
        type: string
        description: Planned implementation date in YYYY-MM-DD format.
      steps:
      - name: create-change
        type: call
        call: servicenow.create-change
        with:
          short_description: '{{change_title}}'
          description: '{{change_description}}'
          risk: '{{risk_level}}'
          planned_start_date: '{{planned_date}}'
      - name: notify-cab
        type: call
        call: msteams.post-channel-message
        with:
          channel: change-advisory-board
          message: 'New change request submitted: {{change_title}} | Risk: {{risk_level}} | Planned: {{planned_date}} | SNOW: {{create-change.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://axa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Enriches Salesforce prospect with firmographic data from ZoomInfo.

naftiko: '0.5'
info:
  label: Prospect Enrichment Workflow
  description: Enriches Salesforce prospect with firmographic data from ZoomInfo.
  tags:
  - insurance
  - sales
  - zoominfo
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: enrichment
    port: 8080
    tools:
    - name: enrich
      description: Enrich prospect.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: Lead ID.
      - name: company
        in: body
        type: string
        description: Company.
      steps:
      - name: search
        type: call
        call: zoominfo.search
        with:
          company: '{{company}}'
      - name: update
        type: call
        call: salesforce.update-lead
        with:
          lead_id: '{{lead_id}}'
          industry: '{{search.industry}}'
  consumes:
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /search/company
      operations:
      - name: search
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://axa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{{lead_id}}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: update-lead
        method: PATCH

Pulls claims history from Snowflake, recalculates risk, updates renewal offer in Salesforce, and notifies agent.

naftiko: '0.5'
info:
  label: Policy Renewal Underwriting Review
  description: Pulls claims history from Snowflake, recalculates risk, updates renewal offer in Salesforce, and notifies agent.
  tags:
  - insurance
  - underwriting
  - policy
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: renewal-ops
    port: 8080
    tools:
    - name: process-renewal
      description: Process renewal review. Pulls history, recalcs, updates.
      inputParameters:
      - name: policy_number
        in: body
        type: string
        description: Policy number.
      steps:
      - name: history
        type: call
        call: snowflake.query
        with:
          query: SELECT * FROM CLAIMS WHERE policy='{{policy_number}}'
      - name: recalc
        type: call
        call: underwriting.calculate
        with:
          policy_number: '{{policy_number}}'
      - name: update
        type: call
        call: salesforce.update-renewal
        with:
          policy_number: '{{policy_number}}'
          premium: '{{recalc.premium}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://axa.service-now.com/api/now
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://axa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: renewals
      path: /sobjects/Renewal__c
      operations:
      - name: update-renewal
        method: PATCH

Given a SharePoint document URL containing an insurance policy or claim document, retrieves the content and generates a concise executive summary using OpenAI, returning it for agent or advisor consumption.

naftiko: '0.5'
info:
  label: AI-Assisted Insurance Document Summarization
  description: Given a SharePoint document URL containing an insurance policy or claim document, retrieves the content and generates a concise executive summary using OpenAI, returning it for agent or advisor consumption.
  tags:
  - ai
  - openai
  - sharepoint
  - document-processing
  - insurance
  - automation
capability:
  exposes:
  - type: mcp
    namespace: doc-ai
    port: 8080
    tools:
    - name: summarize-insurance-document
      description: Given a SharePoint document site ID and item ID, retrieve the document content and generate a structured summary using OpenAI GPT-4o. Returns a 5-point executive summary suitable for advisors.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The SharePoint site ID where the document is stored.
      - name: item_id
        in: body
        type: string
        description: The SharePoint drive item ID for the document to summarize.
      - name: document_type
        in: body
        type: string
        description: 'The type of document: ''policy'', ''claim'', ''endorsement'', or ''report''.'
      steps:
      - name: get-document
        type: call
        call: sharepoint.get-document-content
        with:
          site_id: '{{site_id}}'
          item_id: '{{item_id}}'
      - name: generate-summary
        type: call
        call: openai.create-chat-completion
        with:
          model: gpt-4o
          system_prompt: You are an expert insurance document analyst. Summarize the following {{document_type}} document in 5 bullet points, highlighting key terms, coverage limits, exclusions, and dates.
          user_message: '{{get-document.content}}'
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: document-content
      path: /sites/{{site_id}}/drive/items/{{item_id}}/content
      inputParameters:
      - name: site_id
        in: path
      - name: item_id
        in: path
      operations:
      - name: get-document-content
        method: GET
  - type: http
    namespace: openai
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: chat-completions
      path: /chat/completions
      operations:
      - name: create-chat-completion
        method: POST