Queries a SEPA or SWIFT payment transaction status from the core banking system, checks processing SLA compliance against Snowflake benchmarks, and escalates overdue payments via ServiceNow.

naftiko: '0.5'
info:
  label: Payment Transaction Status with SLA Check
  description: Queries a SEPA or SWIFT payment transaction status from the core banking system, checks processing SLA compliance against Snowflake benchmarks, and escalates overdue payments via ServiceNow.
  tags:
  - payments
  - banking
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: payments
    port: 8080
    tools:
    - name: get-payment-status-with-sla
      description: Look up a payment transaction by reference, check SLA compliance, and escalate if overdue.
      inputParameters:
      - name: payment_reference
        in: body
        type: string
        description: The unique payment reference or end-to-end ID.
      - name: expected_sla_hours
        in: body
        type: number
        description: Expected SLA in hours for payment settlement.
      steps:
      - name: get-payment
        type: call
        call: core-banking.get-payment
        with:
          reference: '{{payment_reference}}'
      - name: check-sla
        type: call
        call: snowflake.execute-query
        with:
          warehouse: PAYMENTS_WH
          database: PAYMENTS_DB
          query: SELECT TIMESTAMPDIFF(hour, initiated_at, CURRENT_TIMESTAMP()) as hours_elapsed FROM payment_tracking WHERE reference = '{{payment_reference}}'
      - name: escalate-overdue
        type: call
        call: servicenow.create-record
        with:
          table: u_payment_escalation
          short_description: 'Payment SLA breach: {{payment_reference}}'
          description: 'Payment {{payment_reference}} status: {{get-payment.status}}. Hours elapsed: {{check-sla.hours_elapsed}}. Expected SLA: {{expected_sla_hours}} hours.'
          assigned_group: Payment_Operations
  consumes:
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/payments
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: transactions
      path: /transactions/{{reference}}
      inputParameters:
      - name: reference
        in: path
      operations:
      - name: get-payment
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

On AML alert, enriches with customer data from Salesforce, checks sanctions lists, creates investigation case in ServiceNow, and notifies compliance via Teams.

naftiko: '0.5'
info:
  label: AML Alert Investigation Pipeline
  description: On AML alert, enriches with customer data from Salesforce, checks sanctions lists, creates investigation case in ServiceNow, and notifies compliance via Teams.
  tags:
  - aml
  - compliance
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: aml
    port: 8080
    tools:
    - name: aml_alert_investigation_pipeline
      description: Orchestrate aml alert investigation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-alert
        type: call
        call: aml.get-alert
        with:
          alert_id: '{{resource_id}}'
      - name: get-customer
        type: call
        call: salesforce.get-customer
        with:
          customer_id: '{{get-alert.customer_id}}'
      - name: create-case
        type: call
        call: servicenow.create-case
        with:
          short_description: 'AML investigation: {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: compliance
          text: 'AML alert {{resource_id}} for {{get-customer.name}}. Case: {{create-case.number}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Retrieves real-time market data for a given security from Bloomberg Enterprise Data, checks for significant price movements against Snowflake historical data, and alerts the trading desk in Microsoft Teams if volatility thresholds are breached.

naftiko: '0.5'
info:
  label: Bloomberg Market Data Lookup with Risk Check
  description: Retrieves real-time market data for a given security from Bloomberg Enterprise Data, checks for significant price movements against Snowflake historical data, and alerts the trading desk in Microsoft Teams if volatility thresholds are breached.
  tags:
  - trading
  - market-data
  - bloomberg-enterprise-data
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading-data
    port: 8080
    tools:
    - name: get-security-quote-with-check
      description: Look up real-time market data for a security by Bloomberg ticker, compare against historical volatility, and alert if thresholds are breached.
      inputParameters:
      - name: ticker
        in: body
        type: string
        description: Bloomberg ticker symbol (e.g., ABNA NA Equity).
      - name: volatility_threshold
        in: body
        type: number
        description: Percentage threshold for volatility alerts.
      steps:
      - name: get-quote
        type: call
        call: bloomberg.get-quote
        with:
          ticker: '{{ticker}}'
      - name: get-historical
        type: call
        call: snowflake.execute-query
        with:
          warehouse: TRADING_WH
          database: MARKET_DATA_DB
          query: SELECT AVG(close_price) as avg_price, STDDEV(close_price) as std_price FROM price_history WHERE ticker = '{{ticker}}' AND trade_date >= DATEADD(day, -30, CURRENT_DATE())
      - name: alert-desk
        type: call
        call: msteams.send-message
        with:
          channel: trading-desk-alerts
          text: 'Market data alert: {{ticker}} | Last: {{get-quote.last_price}} | 30d avg: {{get-historical.avg_price}} | Std: {{get-historical.std_price}} | Threshold: {{volatility_threshold}}%'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: quotes
      path: /market/quotes/{{ticker}}
      inputParameters:
      - name: ticker
        in: path
      operations:
      - name: get-quote
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Receives credit application, runs scoring model in Snowflake, checks exposure limits, generates decision in ServiceNow, and notifies the credit committee.

naftiko: '0.5'
info:
  label: Credit Decision Engine Pipeline
  description: Receives credit application, runs scoring model in Snowflake, checks exposure limits, generates decision in ServiceNow, and notifies the credit committee.
  tags:
  - credit
  - lending
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: credit
    port: 8080
    tools:
    - name: credit_decision_engine_pipeline
      description: Orchestrate credit decision engine pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-application
        type: call
        call: lending.get-credit-app
        with:
          app_id: '{{resource_id}}'
      - name: run-scoring
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL credit_score('{{resource_id}}')
          warehouse: CREDIT_WH
      - name: create-decision
        type: call
        call: servicenow.create-record
        with:
          table: credit_decisions
          app_id: '{{resource_id}}'
          score: '{{run-scoring.score}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: credit-committee
          text: 'Credit decision for {{resource_id}}: Score {{run-scoring.score}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Monitors FX hedging positions, calculates effectiveness in Snowflake, generates reports, creates alerts for breaches, and notifies treasury.

naftiko: '0.5'
info:
  label: FX Hedging Position Monitor
  description: Monitors FX hedging positions, calculates effectiveness in Snowflake, generates reports, creates alerts for breaches, and notifies treasury.
  tags:
  - fx
  - hedging
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: fx
    port: 8080
    tools:
    - name: fx_hedging_position_monitor
      description: Orchestrate fx hedging position monitor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Searches Elasticsearch for application logs by service name and time range, returning matching log entries for troubleshooting banking system issues.

naftiko: '0.5'
info:
  label: Elasticsearch Log Search
  description: Searches Elasticsearch for application logs by service name and time range, returning matching log entries for troubleshooting banking system issues.
  tags:
  - observability
  - logging
  - elasticsearch
capability:
  exposes:
  - type: mcp
    namespace: log-search
    port: 8080
    tools:
    - name: search-logs
      description: Search Elasticsearch logs by service name and time range. Returns matching log entries.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The service name to search logs for.
      - name: time_range
        in: body
        type: string
        description: Time range (e.g., 1h, 6h, 24h).
      - name: log_level
        in: body
        type: string
        description: 'Log level filter: ERROR, WARN, INFO, DEBUG.'
      call: elasticsearch.search
      with:
        index: logs-{{service_name}}-*
        query: level:{{log_level}} AND @timestamp:[now-{{time_range}} TO now]
      outputParameters:
      - name: hit_count
        type: string
        mapping: $.hits.total.value
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://es.abnamro.com:9200
    authentication:
      type: basic
      username: $secrets.elasticsearch_user
      password: $secrets.elasticsearch_password
    resources:
    - name: search
      path: /{{index}}/_search
      inputParameters:
      - name: index
        in: path
      operations:
      - name: search
        method: POST

Retrieves the current on-call schedule for ABN AMRO incident response teams.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Schedule
  description: Retrieves the current on-call schedule for ABN AMRO incident response teams.
  tags:
  - devops
  - pagerduty
  - on-call
capability:
  exposes:
  - type: mcp
    namespace: incident-mgmt
    port: 8080
    tools:
    - name: get-on-call
      description: Get current on-call schedule by policy.
      inputParameters:
      - name: policy_id
        in: body
        type: string
        description: The policy_id to look up.
      call: pagerduty.get-policy_id
      with:
        policy_id: '{{policy_id}}'
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty_on_call_schedule
        method: GET

On role change in Workday, updates SailPoint access, modifies Okta groups, adjusts ServiceNow assignments, and notifies the employee and manager.

naftiko: '0.5'
info:
  label: Employee Role Transfer Orchestrator
  description: On role change in Workday, updates SailPoint access, modifies Okta groups, adjusts ServiceNow assignments, and notifies the employee and manager.
  tags:
  - hr
  - workday
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: employee_role_transfer_orchestrator
      description: Orchestrate employee role transfer orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-transfer
        type: call
        call: workday.get-transfer
        with:
          transfer_id: '{{resource_id}}'
      - name: update-access
        type: call
        call: sailpoint.update-roles
        with:
          user_id: '{{get-transfer.employee_id}}'
          new_role: '{{get-transfer.new_role}}'
      - name: update-tickets
        type: call
        call: servicenow.update-assignments
        with:
          employee_id: '{{get-transfer.employee_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: hr-ops
          text: Transfer {{resource_id}} processed for {{get-transfer.employee_name}}
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/abn-amro
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Runs a liquidity stress test scenario by extracting positions from Snowflake, applying shock parameters, computing liquidity coverage ratio via Databricks, and publishing results to Power BI with compliance notification.

naftiko: '0.5'
info:
  label: Liquidity Stress Test Orchestrator
  description: Runs a liquidity stress test scenario by extracting positions from Snowflake, applying shock parameters, computing liquidity coverage ratio via Databricks, and publishing results to Power BI with compliance notification.
  tags:
  - risk-management
  - liquidity
  - stress-testing
  - snowflake
  - databricks
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk-liquidity
    port: 8080
    tools:
    - name: run-liquidity-stress-test
      description: Given a scenario name and stress parameters, run liquidity stress test across Snowflake and Databricks, publish results, and notify risk committee.
      inputParameters:
      - name: scenario_name
        in: body
        type: string
        description: Stress scenario name (e.g., market_crash_2008, idiosyncratic_run).
      - name: shock_severity
        in: body
        type: string
        description: 'Shock severity: mild, moderate, or severe.'
      - name: reporting_date
        in: body
        type: string
        description: Reporting date in YYYY-MM-DD format.
      steps:
      - name: extract-positions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: RISK_WH
          database: TREASURY_DB
          query: SELECT * FROM liquidity_positions WHERE report_date = '{{reporting_date}}'
      - name: run-model
        type: call
        call: databricks.run-job
        with:
          job_id: liquidity-stress-model
          parameters:
            scenario: '{{scenario_name}}'
            severity: '{{shock_severity}}'
            position_data: '{{extract-positions.statement_handle}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: risk-management-workspace
          dataset_id: liquidity-stress-results
      - name: notify-risk-committee
        type: call
        call: msteams.send-message
        with:
          channel: risk-committee
          text: 'Liquidity stress test complete: {{scenario_name}} ({{shock_severity}}) for {{reporting_date}}. Databricks run: {{run-model.run_id}}. Dashboard refreshed. Review results in Power BI.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://adb-abnamro.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Loads stress scenario parameters, runs calculations in Snowflake, generates reports in Power BI, submits to regulators via ServiceNow, and notifies risk team.

naftiko: '0.5'
info:
  label: Stress Testing Scenario Runner
  description: Loads stress scenario parameters, runs calculations in Snowflake, generates reports in Power BI, submits to regulators via ServiceNow, and notifies risk team.
  tags:
  - risk
  - stress-testing
  - snowflake
  - power-bi
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: risk
    port: 8080
    tools:
    - name: stress_testing_scenario_runner
      description: Orchestrate stress testing scenario runner workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: load-scenario
        type: call
        call: risk-engine.get-scenario
        with:
          scenario_id: '{{resource_id}}'
      - name: run-calculations
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL run_stress_test('{{resource_id}}')
          warehouse: RISK_WH
      - name: generate-report
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: stress_testing
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: risk-team
          text: 'Stress test {{resource_id}} complete. Impact: {{run-calculations.pnl_impact}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Retrieves portfolio positions and valuations from Bloomberg AIM for a given portfolio and valuation date, returning total NAV, position count, and top holdings.

naftiko: '0.5'
info:
  label: Bloomberg AIM Portfolio Valuation
  description: Retrieves portfolio positions and valuations from Bloomberg AIM for a given portfolio and valuation date, returning total NAV, position count, and top holdings.
  tags:
  - asset-management
  - portfolio
  - bloomberg-aim
capability:
  exposes:
  - type: mcp
    namespace: portfolio-management
    port: 8080
    tools:
    - name: get-portfolio-valuation
      description: Look up portfolio valuation from Bloomberg AIM. Returns NAV, position count, and top holdings by weight.
      inputParameters:
      - name: portfolio_id
        in: body
        type: string
        description: The Bloomberg AIM portfolio identifier.
      - name: valuation_date
        in: body
        type: string
        description: Valuation date in YYYY-MM-DD format.
      call: bloomberg-aim.get-valuation
      with:
        portfolio_id: '{{portfolio_id}}'
        valuation_date: '{{valuation_date}}'
      outputParameters:
      - name: nav
        type: string
        mapping: $.portfolio.nav
      - name: position_count
        type: string
        mapping: $.portfolio.positionCount
      - name: currency
        type: string
        mapping: $.portfolio.baseCurrency
  consumes:
  - type: http
    namespace: bloomberg-aim
    baseUri: https://api.bloomberg.com/aim/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_aim_token
    resources:
    - name: portfolios
      path: /portfolios/{{portfolio_id}}/valuations?date={{valuation_date}}
      inputParameters:
      - name: portfolio_id
        in: path
      - name: valuation_date
        in: query
      operations:
      - name: get-valuation
        method: GET

Executes a SQL query against ABN AMRO's Snowflake data warehouse and returns the result set for analytics and reporting purposes.

naftiko: '0.5'
info:
  label: Snowflake Query Execution
  description: Executes a SQL query against ABN AMRO's Snowflake data warehouse and returns the result set for analytics and reporting purposes.
  tags:
  - data
  - analytics
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: data-warehouse
    port: 8080
    tools:
    - name: run-query
      description: Execute a SQL query on Snowflake. Returns the query result set and row count.
      inputParameters:
      - name: warehouse
        in: body
        type: string
        description: The Snowflake warehouse to use.
      - name: database
        in: body
        type: string
        description: The Snowflake database to query.
      - name: query
        in: body
        type: string
        description: The SQL query to execute.
      call: snowflake.execute-query
      with:
        warehouse: '{{warehouse}}'
        database: '{{database}}'
        query: '{{query}}'
      outputParameters:
      - name: statement_handle
        type: string
        mapping: $.statementHandle
      - name: row_count
        type: string
        mapping: $.resultSetMetaData.numRows
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST

Queries active user sessions in Keycloak, cross-references with Azure AD sign-in logs for anomalous locations, and creates a security incident in ServiceNow when suspicious sessions are detected.

naftiko: '0.5'
info:
  label: Keycloak Suspicious Session Audit
  description: Queries active user sessions in Keycloak, cross-references with Azure AD sign-in logs for anomalous locations, and creates a security incident in ServiceNow when suspicious sessions are detected.
  tags:
  - identity-management
  - authentication
  - keycloak
  - azure-active-directory
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: identity-sessions
    port: 8080
    tools:
    - name: audit-user-sessions
      description: List Keycloak sessions, check Azure AD sign-in logs for anomalies, and create a ServiceNow security incident if suspicious.
      inputParameters:
      - name: realm
        in: body
        type: string
        description: The Keycloak realm name.
      - name: user_id
        in: body
        type: string
        description: The Keycloak user ID.
      - name: user_principal_name
        in: body
        type: string
        description: The user's Azure AD UPN for sign-in log lookup.
      steps:
      - name: get-sessions
        type: call
        call: keycloak.get-sessions
        with:
          realm: '{{realm}}'
          user_id: '{{user_id}}'
      - name: get-signin-logs
        type: call
        call: azuread.get-signin-logs
        with:
          user_principal_name: '{{user_principal_name}}'
      - name: create-security-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: '[Session Audit] Suspicious activity — {{user_principal_name}}'
          description: 'User: {{user_principal_name}}

            Keycloak sessions: {{get-sessions.session_count}}

            Recent sign-in locations: {{get-signin-logs.locations}}

            Review for potential account compromise.'
          assigned_group: Security_Operations_Center
          category: security_audit
  consumes:
  - type: http
    namespace: keycloak
    baseUri: https://auth.abnamro.com/admin/realms
    authentication:
      type: bearer
      token: $secrets.keycloak_admin_token
    resources:
    - name: sessions
      path: /{{realm}}/users/{{user_id}}/sessions
      inputParameters:
      - name: realm
        in: path
      - name: user_id
        in: path
      operations:
      - name: get-sessions
        method: GET
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: signin-logs
      path: /auditLogs/signIns?$filter=userPrincipalName eq '{{user_principal_name}}'&$top=10
      inputParameters:
      - name: user_principal_name
        in: query
      operations:
      - name: get-signin-logs
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Validates client identity, screens against sanctions lists, creates client record in Salesforce, provisions ServiceNow access, and notifies relationship manager.

naftiko: '0.5'
info:
  label: Client Onboarding KYC Pipeline
  description: Validates client identity, screens against sanctions lists, creates client record in Salesforce, provisions ServiceNow access, and notifies relationship manager.
  tags:
  - kyc
  - onboarding
  - salesforce
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: kyc
    port: 8080
    tools:
    - name: client_onboarding_kyc_pipeline
      description: Orchestrate client onboarding kyc pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: validate-identity
        type: call
        call: kyc.validate-client
        with:
          client_id: '{{resource_id}}'
      - name: screen-sanctions
        type: call
        call: sanctions.check-lists
        with:
          name: '{{validate-identity.legal_name}}'
      - name: create-client
        type: call
        call: salesforce.create-account
        with:
          name: '{{validate-identity.legal_name}}'
          kyc_status: '{{screen-sanctions.result}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: client-onboarding
          text: 'KYC complete for {{resource_id}}: {{screen-sanctions.result}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

On fraud alert, collects transaction history from core banking, enriches with customer profile from Salesforce, creates investigation in ServiceNow, and escalates via PagerDuty.

naftiko: '0.5'
info:
  label: Fraud Investigation Workflow
  description: On fraud alert, collects transaction history from core banking, enriches with customer profile from Salesforce, creates investigation in ServiceNow, and escalates via PagerDuty.
  tags:
  - fraud
  - investigation
  - salesforce
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: fraud
    port: 8080
    tools:
    - name: fraud_investigation_workflow
      description: Orchestrate fraud investigation workflow workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-transactions
        type: call
        call: corebanking.get-history
        with:
          account_id: '{{resource_id}}'
      - name: get-profile
        type: call
        call: salesforce.get-customer
        with:
          account_id: '{{resource_id}}'
      - name: create-investigation
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Fraud investigation: {{resource_id}}'
      - name: escalate
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Fraud alert: {{resource_id}} - {{get-profile.name}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST

Deploys a Helm chart to Azure Kubernetes Service for banking microservices, triggers a SonarQube quality gate check beforehand, and notifies the platform team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Helm Chart Deployment to AKS
  description: Deploys a Helm chart to Azure Kubernetes Service for banking microservices, triggers a SonarQube quality gate check beforehand, and notifies the platform team in Microsoft Teams.
  tags:
  - devops
  - deployment
  - helm
  - azure-kubernetes-service
  - sonarqube
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: k8s-deploy
    port: 8080
    tools:
    - name: deploy-helm-chart
      description: Given a chart name, version, and target namespace, validate quality gate, deploy to AKS, and notify the team.
      inputParameters:
      - name: chart_name
        in: body
        type: string
        description: The Helm chart name.
      - name: chart_version
        in: body
        type: string
        description: The Helm chart version to deploy.
      - name: k8s_namespace
        in: body
        type: string
        description: The Kubernetes namespace to deploy into.
      - name: project_key
        in: body
        type: string
        description: The SonarQube project key for quality gate verification.
      steps:
      - name: check-quality-gate
        type: call
        call: sonarqube.get-quality-gate
        with:
          project_key: '{{project_key}}'
      - name: deploy-chart
        type: call
        call: azuredevops.run-pipeline
        with:
          project: banking-services
          pipeline_id: helm-deploy
          variables:
            chart: '{{chart_name}}'
            version: '{{chart_version}}'
            namespace: '{{k8s_namespace}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: platform-deployments
          text: 'Helm deploy: {{chart_name}}:{{chart_version}} to {{k8s_namespace}}. Quality gate: {{check-quality-gate.status}}. Pipeline run: {{deploy-chart.run_id}}.'
  consumes:
  - type: http
    namespace: sonarqube
    baseUri: https://sonarqube.abnamro.com/api
    authentication:
      type: bearer
      token: $secrets.sonarqube_token
    resources:
    - name: quality-gates
      path: /qualitygates/project_status?projectKey={{project_key}}
      inputParameters:
      - name: project_key
        in: query
      operations:
      - name: get-quality-gate
        method: GET
  - type: http
    namespace: azuredevops
    baseUri: https://dev.azure.com/abnamro
    authentication:
      type: bearer
      token: $secrets.azuredevops_token
    resources:
    - name: pipelines
      path: /{{project}}/_apis/pipelines/{{pipeline_id}}/runs?api-version=7.1
      inputParameters:
      - name: project
        in: path
      - name: pipeline_id
        in: path
      operations:
      - name: run-pipeline
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Detects digital banking incidents via monitoring, creates war room in Teams, gathers diagnostics from Splunk, and coordinates resolution.

naftiko: '0.5'
info:
  label: Digital Channel Incident Response
  description: Detects digital banking incidents via monitoring, creates war room in Teams, gathers diagnostics from Splunk, and coordinates resolution.
  tags:
  - incident-response
  - digital
  - splunk
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: incident-response
    port: 8080
    tools:
    - name: digital_channel_incident_response
      description: Orchestrate digital channel incident response workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Processes a GDPR data subject access request by searching for personal data across Salesforce, Snowflake, and ServiceNow, compiling results, and creating a Jira task for the DPO team to review and respond.

naftiko: '0.5'
info:
  label: GDPR Data Subject Access Request Pipeline
  description: Processes a GDPR data subject access request by searching for personal data across Salesforce, Snowflake, and ServiceNow, compiling results, and creating a Jira task for the DPO team to review and respond.
  tags:
  - privacy
  - gdpr
  - data-protection
  - salesforce
  - snowflake
  - servicenow
  - jira
capability:
  exposes:
  - type: mcp
    namespace: privacy-gdpr
    port: 8080
    tools:
    - name: process-dsar
      description: Given a data subject email and request type, search for personal data across systems and create a review task.
      inputParameters:
      - name: subject_email
        in: body
        type: string
        description: The email address of the data subject.
      - name: request_type
        in: body
        type: string
        description: 'DSAR type: access, erasure, portability, or rectification.'
      - name: request_reference
        in: body
        type: string
        description: The DSAR reference number.
      steps:
      - name: search-crm
        type: call
        call: salesforce.search-contacts
        with:
          email: '{{subject_email}}'
      - name: search-data-warehouse
        type: call
        call: snowflake.execute-query
        with:
          warehouse: PRIVACY_WH
          database: CUSTOMER_DB
          query: SELECT data_category, record_count, last_updated FROM data_inventory WHERE email = '{{subject_email}}'
      - name: search-itsm
        type: call
        call: servicenow.search-records
        with:
          table: sys_user
          query: email={{subject_email}}
      - name: create-review-task
        type: call
        call: jira.create-issue
        with:
          project_key: PRIVACY
          issuetype: Task
          summary: '[DSAR] {{request_type}} — {{subject_email}} — {{request_reference}}'
          description: 'DSAR {{request_type}} request {{request_reference}}.

            Subject: {{subject_email}}

            Salesforce records: {{search-crm.total_size}}

            Snowflake categories found: {{search-data-warehouse.row_count}}

            ServiceNow records: {{search-itsm.count}}

            Deadline: 30 days from request receipt.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /parameterizedSearch/?q={{email}}&sobject=Contact&Contact.fields=Id,Name,Email
      inputParameters:
      - name: email
        in: query
      operations:
      - name: search-contacts
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}?sysparm_query={{query}}
      inputParameters:
      - name: table
        in: path
      - name: query
        in: query
      operations:
      - name: search-records
        method: GET
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Retrieves a ServiceNow incident by number, returning status, priority, assigned group, and resolution notes for support teams.

naftiko: '0.5'
info:
  label: ServiceNow Incident Lookup
  description: Retrieves a ServiceNow incident by number, returning status, priority, assigned group, and resolution notes for support teams.
  tags:
  - it-service-management
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: get-incident
      description: Look up a ServiceNow incident by number. Returns state, priority, assigned group, short description, and resolution notes.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: The ServiceNow incident number (e.g., INC0012345).
      call: servicenow.get-incident
      with:
        incident_number: '{{incident_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.result.state
      - name: priority
        type: string
        mapping: $.result.priority
      - name: assigned_group
        type: string
        mapping: $.result.assignment_group.display_value
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident?sysparm_query=number={{incident_number}}
      inputParameters:
      - name: incident_number
        in: query
      operations:
      - name: get-incident
        method: GET

Retrieves the current status of Grafana alerts for ABN AMRO infrastructure monitoring.

naftiko: '0.5'
info:
  label: Grafana Alert Status
  description: Retrieves the current status of Grafana alerts for ABN AMRO infrastructure monitoring.
  tags:
  - monitoring
  - grafana
  - alerting
capability:
  exposes:
  - type: mcp
    namespace: monitoring
    port: 8080
    tools:
    - name: get-alert-status
      description: Get Grafana alert status by rule ID.
      inputParameters:
      - name: rule_id
        in: body
        type: string
        description: The rule_id to look up.
      call: grafana.get-rule_id
      with:
        rule_id: '{{rule_id}}'
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://abn-amro-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana_alert_status
        method: GET

Collects access control evidence from Okta, change management evidence from ServiceNow, monitoring evidence from Datadog, and compiles in Confluence.

naftiko: '0.5'
info:
  label: SOC2 Evidence Collection Pipeline
  description: Collects access control evidence from Okta, change management evidence from ServiceNow, monitoring evidence from Datadog, and compiles in Confluence.
  tags:
  - compliance
  - audit
  - servicenow
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: soc2_evidence_collection_pipeline
      description: Orchestrate soc2 evidence collection pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-access-evidence
        type: call
        call: okta.get-access-logs
        with:
          period: '{{resource_id}}'
      - name: get-change-evidence
        type: call
        call: servicenow.get-changes
        with:
          period: '{{resource_id}}'
      - name: get-monitoring-evidence
        type: call
        call: datadog.get-alerts-history
        with:
          period: '{{resource_id}}'
      - name: compile-report
        type: call
        call: confluence.create-page
        with:
          space: AUDIT
          title: 'SOC2 Evidence: {{resource_id}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://abn-amro.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: okta-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://abn-amro.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST

When a periodic access certification is due, pulls user entitlements from SailPoint, cross-references with Workday org data, and creates a Jira review task for the user's manager.

naftiko: '0.5'
info:
  label: SailPoint Access Review Orchestrator
  description: When a periodic access certification is due, pulls user entitlements from SailPoint, cross-references with Workday org data, and creates a Jira review task for the user's manager.
  tags:
  - identity-management
  - access-review
  - sailpoint
  - workday
  - jira
capability:
  exposes:
  - type: mcp
    namespace: identity-access
    port: 8080
    tools:
    - name: initiate-access-review
      description: Given a user identity ID, pull entitlements from SailPoint, get manager info from Workday, and create a Jira access review task.
      inputParameters:
      - name: identity_id
        in: body
        type: string
        description: The SailPoint identity ID.
      - name: employee_id
        in: body
        type: string
        description: The Workday employee ID.
      - name: review_campaign
        in: body
        type: string
        description: The access review campaign name.
      steps:
      - name: get-entitlements
        type: call
        call: sailpoint.get-entitlements
        with:
          identity_id: '{{identity_id}}'
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: create-review-task
        type: call
        call: jira.create-issue
        with:
          project_key: IAM
          issuetype: Task
          summary: '[Access Review] {{get-employee.full_name}} — {{review_campaign}}'
          description: 'Review entitlements for {{get-employee.full_name}} ({{identity_id}}).

            Department: {{get-employee.department}}

            Manager: {{get-employee.manager_name}}

            Entitlements count: {{get-entitlements.count}}

            Entitlements: {{get-entitlements.summary}}'
          assignee: '{{get-employee.manager_email}}'
  consumes:
  - type: http
    namespace: sailpoint
    baseUri: https://abnamro.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: identities
      path: /identities/{{identity_id}}/entitlements
      inputParameters:
      - name: identity_id
        in: path
      operations:
      - name: get-entitlements
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd3-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Retrieves SWIFT message details by reference number for ABN AMRO payment operations.

naftiko: '0.5'
info:
  label: SWIFT Message Lookup
  description: Retrieves SWIFT message details by reference number for ABN AMRO payment operations.
  tags:
  - payments
  - swift
  - banking
capability:
  exposes:
  - type: mcp
    namespace: payments
    port: 8080
    tools:
    - name: get-swift-msg
      description: Look up SWIFT message by reference.
      inputParameters:
      - name: message_ref
        in: body
        type: string
        description: The message_ref to look up.
      call: servicenow.get-message_ref
      with:
        message_ref: '{{message_ref}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: swift_message_lookup
        method: GET

Scans Azure and AWS configurations, validates against CIS benchmarks, creates findings in Jira, and notifies cloud security team.

naftiko: '0.5'
info:
  label: Cloud Security Posture Assessment
  description: Scans Azure and AWS configurations, validates against CIS benchmarks, creates findings in Jira, and notifies cloud security team.
  tags:
  - security
  - cloud
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: cloud_security_posture_assessment
      description: Orchestrate cloud security posture assessment workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Extracts regulatory reporting data from Snowflake, transforms via Informatica, and loads into Oracle for DNB (Dutch Central Bank) submission, notifying compliance via Microsoft Teams upon completion.

naftiko: '0.5'
info:
  label: Regulatory Reporting Data Pipeline
  description: Extracts regulatory reporting data from Snowflake, transforms via Informatica, and loads into Oracle for DNB (Dutch Central Bank) submission, notifying compliance via Microsoft Teams upon completion.
  tags:
  - regulatory-compliance
  - reporting
  - snowflake
  - informatica
  - oracle-cloud
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: regulatory-reporting
    port: 8080
    tools:
    - name: run-regulatory-extract
      description: Given a report type and period, extract data from Snowflake, trigger Informatica transformation, and notify compliance team.
      inputParameters:
      - name: report_type
        in: body
        type: string
        description: 'Regulatory report type: corep, finrep, anacredit, or srep.'
      - name: reporting_period
        in: body
        type: string
        description: Reporting period in YYYY-QN format (e.g., 2026-Q1).
      steps:
      - name: extract-data
        type: call
        call: snowflake.execute-query
        with:
          warehouse: REG_REPORTING_WH
          database: REGULATORY_DB
          query: CALL sp_extract_{{report_type}}('{{reporting_period}}')
      - name: trigger-transform
        type: call
        call: informatica.start-task
        with:
          task_name: '{{report_type}}_transform_{{reporting_period}}'
          task_type: mapping
      - name: notify-compliance
        type: call
        call: msteams.send-message
        with:
          channel: regulatory-reporting
          text: 'Regulatory extract complete: {{report_type}} for {{reporting_period}}. Informatica job: {{trigger-transform.run_id}}. Data staged for DNB submission review.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: informatica
    baseUri: https://dm-eu.informaticacloud.com/saas/api/v2
    authentication:
      type: bearer
      token: $secrets.informatica_token
    resources:
    - name: tasks
      path: /job
      operations:
      - name: start-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves submitted expense reports from SAP Concur, validates against Workday cost center data, and opens a ServiceNow task for finance review when policy exceptions are detected.

naftiko: '0.5'
info:
  label: SAP Expense Report Processing
  description: Retrieves submitted expense reports from SAP Concur, validates against Workday cost center data, and opens a ServiceNow task for finance review when policy exceptions are detected.
  tags:
  - finance
  - expense-management
  - sap-concur
  - workday
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: finance-expense
    port: 8080
    tools:
    - name: review-expense-report
      description: Given a Concur expense report ID and employee ID, fetch report details, validate cost center, and flag policy violations to ServiceNow.
      inputParameters:
      - name: expense_report_id
        in: body
        type: string
        description: The SAP Concur expense report ID.
      - name: employee_id
        in: body
        type: string
        description: The Workday employee ID of the expense submitter.
      steps:
      - name: get-expense-report
        type: call
        call: concur.get-expense-report
        with:
          report_id: '{{expense_report_id}}'
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: open-review-task
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Expense policy review: {{get-expense-report.report_name}} — {{get-employee.full_name}}'
          description: 'Report {{expense_report_id}} total: {{get-expense-report.total_amount}} {{get-expense-report.currency}}. Cost center: {{get-employee.cost_center}}. Submitted: {{get-expense-report.submit_date}}.'
          assigned_group: Finance_Audit
          category: expense_review
  consumes:
  - type: http
    namespace: concur
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports/{{report_id}}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-expense-report
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd3-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST

Computes daily Value-at-Risk across the trading book by pulling positions from Snowflake, running Monte Carlo simulation in Databricks, storing results, and publishing the risk report to Power BI with breach alerts.

naftiko: '0.5'
info:
  label: Market Risk VaR Reporting Pipeline
  description: Computes daily Value-at-Risk across the trading book by pulling positions from Snowflake, running Monte Carlo simulation in Databricks, storing results, and publishing the risk report to Power BI with breach alerts.
  tags:
  - risk-management
  - market-risk
  - var
  - snowflake
  - databricks
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk-market
    port: 8080
    tools:
    - name: compute-daily-var
      description: Given a trading book and date, compute VaR using Monte Carlo simulation and publish results.
      inputParameters:
      - name: trading_book
        in: body
        type: string
        description: The trading book identifier.
      - name: valuation_date
        in: body
        type: string
        description: Valuation date in YYYY-MM-DD format.
      - name: simulation_count
        in: body
        type: number
        description: Number of Monte Carlo simulations (e.g., 10000).
      steps:
      - name: extract-positions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: RISK_WH
          database: TRADING_DB
          query: SELECT * FROM trading_positions WHERE book_id = '{{trading_book}}' AND position_date = '{{valuation_date}}'
      - name: run-simulation
        type: call
        call: databricks.run-job
        with:
          job_id: monte-carlo-var
          parameters:
            book_id: '{{trading_book}}'
            date: '{{valuation_date}}'
            simulations: '{{simulation_count}}'
      - name: refresh-report
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: risk-management-workspace
          dataset_id: market-risk-var-daily
      - name: alert-risk-management
        type: call
        call: msteams.send-message
        with:
          channel: market-risk
          text: 'Daily VaR computed: {{trading_book}} for {{valuation_date}}. VaR(99%): {{run-simulation.var_99}}. VaR(95%): {{run-simulation.var_95}}. Simulations: {{simulation_count}}. Dashboard refreshed.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://adb-abnamro.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Tracks digital banking user flows, identifies friction points in Snowflake, creates improvement tasks in Jira, and notifies product.

naftiko: '0.5'
info:
  label: Digital Banking User Journey Analyzer
  description: Tracks digital banking user flows, identifies friction points in Snowflake, creates improvement tasks in Jira, and notifies product.
  tags:
  - digital-banking
  - analytics
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: digital-banking
    port: 8080
    tools:
    - name: digital_banking_user_journey_analyzer
      description: Orchestrate digital banking user journey analyzer workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Queries Apache Kafka cluster metadata for a given topic, returning partition count, replication factor, and consumer group lag for banking event streaming.

naftiko: '0.5'
info:
  label: Apache Kafka Topic Lookup
  description: Queries Apache Kafka cluster metadata for a given topic, returning partition count, replication factor, and consumer group lag for banking event streaming.
  tags:
  - messaging
  - event-streaming
  - apache-kafka
capability:
  exposes:
  - type: mcp
    namespace: event-platform
    port: 8080
    tools:
    - name: get-topic-info
      description: Look up Kafka topic metadata. Returns partition count, replication factor, and consumer lag.
      inputParameters:
      - name: topic_name
        in: body
        type: string
        description: The Kafka topic name.
      - name: cluster
        in: body
        type: string
        description: The Kafka cluster identifier.
      call: kafka.get-topic
      with:
        topic_name: '{{topic_name}}'
        cluster: '{{cluster}}'
      outputParameters:
      - name: partition_count
        type: string
        mapping: $.topic.partitions
      - name: replication_factor
        type: string
        mapping: $.topic.replicationFactor
  consumes:
  - type: http
    namespace: kafka
    baseUri: https://kafka-rest.abnamro.com/v3
    authentication:
      type: bearer
      token: $secrets.kafka_rest_token
    resources:
    - name: topics
      path: /clusters/{{cluster}}/topics/{{topic_name}}
      inputParameters:
      - name: cluster
        in: path
      - name: topic_name
        in: path
      operations:
      - name: get-topic
        method: GET

Receives complaint from Zendesk, enriches with client history from Salesforce, creates resolution workflow in ServiceNow, and sends response via email.

naftiko: '0.5'
info:
  label: Customer Complaint Resolution Pipeline
  description: Receives complaint from Zendesk, enriches with client history from Salesforce, creates resolution workflow in ServiceNow, and sends response via email.
  tags:
  - customer-service
  - zendesk
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: customer-service
    port: 8080
    tools:
    - name: customer_complaint_resolution_pipeline
      description: Orchestrate customer complaint resolution pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-complaint
        type: call
        call: zendesk.get-ticket
        with:
          ticket_id: '{{resource_id}}'
      - name: get-history
        type: call
        call: salesforce.get-client-history
        with:
          client_id: '{{get-complaint.client_id}}'
      - name: create-resolution
        type: call
        call: servicenow.create-request
        with:
          short_description: 'Complaint resolution: {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: client-service
          text: 'Complaint {{resource_id}} resolution started. Client: {{get-history.name}}'
  consumes:
  - type: http
    namespace: zendesk
    baseUri: https://abn-amro.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: zendesk-op
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Initiates a SWIFT payment through the core banking system, validates the BIC code, creates the payment instruction, and tracks the transaction status with Microsoft Teams notifications at each stage.

naftiko: '0.5'
info:
  label: SWIFT Payment Initiation and Tracking
  description: Initiates a SWIFT payment through the core banking system, validates the BIC code, creates the payment instruction, and tracks the transaction status with Microsoft Teams notifications at each stage.
  tags:
  - payments
  - swift
  - banking
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: payments-swift
    port: 8080
    tools:
    - name: initiate-swift-payment
      description: Given payment details, validate BIC, create SWIFT payment instruction, and notify the treasury team of status changes.
      inputParameters:
      - name: debtor_iban
        in: body
        type: string
        description: Debtor IBAN.
      - name: creditor_iban
        in: body
        type: string
        description: Creditor IBAN.
      - name: creditor_bic
        in: body
        type: string
        description: Creditor bank BIC/SWIFT code.
      - name: amount
        in: body
        type: number
        description: Payment amount.
      - name: currency
        in: body
        type: string
        description: Payment currency (ISO 4217).
      - name: reference
        in: body
        type: string
        description: Payment reference for the beneficiary.
      steps:
      - name: validate-bic
        type: call
        call: core-banking.validate-bic
        with:
          bic: '{{creditor_bic}}'
      - name: create-payment
        type: call
        call: core-banking.create-swift-payment
        with:
          debtor_iban: '{{debtor_iban}}'
          creditor_iban: '{{creditor_iban}}'
          creditor_bic: '{{creditor_bic}}'
          amount: '{{amount}}'
          currency: '{{currency}}'
          reference: '{{reference}}'
      - name: notify-treasury
        type: call
        call: msteams.send-message
        with:
          channel: treasury-payments
          text: 'SWIFT payment initiated: {{create-payment.payment_id}} | {{amount}} {{currency}} to {{creditor_iban}} ({{creditor_bic}}) | Reference: {{reference}} | Status: {{create-payment.status}}'
  consumes:
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/payments
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: bic-validation
      path: /bic/validate
      operations:
      - name: validate-bic
        method: POST
    - name: swift-payments
      path: /swift
      operations:
      - name: create-swift-payment
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Captures operational risk events, categorizes by Basel taxonomy, calculates capital charges in Snowflake, and notifies risk management.

naftiko: '0.5'
info:
  label: Operational Risk Event Pipeline
  description: Captures operational risk events, categorizes by Basel taxonomy, calculates capital charges in Snowflake, and notifies risk management.
  tags:
  - risk
  - operational-risk
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: risk
    port: 8080
    tools:
    - name: operational_risk_event_pipeline
      description: Orchestrate operational risk event pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Orchestrates a new loan application by pulling applicant data from Salesforce, running credit scoring via Snowflake ML models, creating a ServiceNow case for underwriting review, and notifying the relationship manager in Microsoft Teams.

naftiko: '0.5'
info:
  label: Loan Application Processing Pipeline
  description: Orchestrates a new loan application by pulling applicant data from Salesforce, running credit scoring via Snowflake ML models, creating a ServiceNow case for underwriting review, and notifying the relationship manager in Microsoft Teams.
  tags:
  - lending
  - loan-origination
  - salesforce
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: lending
    port: 8080
    tools:
    - name: process-loan-application
      description: Given a loan application ID and applicant Salesforce ID, orchestrate credit scoring and underwriting workflow.
      inputParameters:
      - name: application_id
        in: body
        type: string
        description: The loan application reference number.
      - name: applicant_id
        in: body
        type: string
        description: The Salesforce account ID of the applicant.
      - name: loan_amount
        in: body
        type: number
        description: Requested loan amount in EUR.
      - name: loan_type
        in: body
        type: string
        description: 'Loan type: mortgage, corporate, sme, or consumer.'
      steps:
      - name: get-applicant
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{applicant_id}}'
      - name: run-credit-score
        type: call
        call: snowflake.execute-query
        with:
          warehouse: LENDING_WH
          database: LENDING_DB
          query: SELECT credit_score, pd_estimate, lgd_estimate FROM ml_credit_scores WHERE customer_id = '{{applicant_id}}' ORDER BY scored_at DESC LIMIT 1
      - name: create-case
        type: call
        call: servicenow.create-record
        with:
          table: u_loan_underwriting
          short_description: 'Loan underwriting: {{get-applicant.name}} — EUR {{loan_amount}}'
          description: 'Application: {{application_id}}

            Applicant: {{get-applicant.name}}

            Type: {{loan_type}}

            Amount: EUR {{loan_amount}}

            Credit score: {{run-credit-score.credit_score}}

            PD: {{run-credit-score.pd_estimate}}'
          assigned_group: Underwriting_{{loan_type}}
      - name: notify-rm
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-applicant.owner_email}}'
          text: 'Loan application {{application_id}} for {{get-applicant.name}} (EUR {{loan_amount}}) is now in underwriting. Credit score: {{run-credit-score.credit_score}}. ServiceNow case: {{create-case.number}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Executes a foreign exchange spot trade through Reuters, validates the rate against Bloomberg market data, books the trade in the core banking system, and confirms execution to the trader via Microsoft Teams.

naftiko: '0.5'
info:
  label: FX Spot Trade Execution
  description: Executes a foreign exchange spot trade through Reuters, validates the rate against Bloomberg market data, books the trade in the core banking system, and confirms execution to the trader via Microsoft Teams.
  tags:
  - trading
  - foreign-exchange
  - reuters
  - bloomberg
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading-fx
    port: 8080
    tools:
    - name: execute-fx-spot
      description: Given a currency pair and notional, validate the rate, execute on Reuters, book internally, and confirm to the trader.
      inputParameters:
      - name: currency_pair
        in: body
        type: string
        description: Currency pair (e.g., EUR/USD).
      - name: direction
        in: body
        type: string
        description: 'Trade direction: buy or sell (base currency).'
      - name: notional
        in: body
        type: number
        description: Notional amount in base currency.
      - name: trader_upn
        in: body
        type: string
        description: The UPN of the executing trader.
      steps:
      - name: get-market-rate
        type: call
        call: bloomberg.get-fx-rate
        with:
          currency_pair: '{{currency_pair}}'
      - name: execute-trade
        type: call
        call: reuters.execute-fx-spot
        with:
          currency_pair: '{{currency_pair}}'
          direction: '{{direction}}'
          notional: '{{notional}}'
      - name: book-trade
        type: call
        call: core-banking.book-fx-trade
        with:
          trade_id: '{{execute-trade.trade_id}}'
          currency_pair: '{{currency_pair}}'
          rate: '{{execute-trade.executed_rate}}'
          notional: '{{notional}}'
          direction: '{{direction}}'
      - name: confirm-trader
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{trader_upn}}'
          text: 'FX Spot executed: {{direction}} {{notional}} {{currency_pair}} at {{execute-trade.executed_rate}}. Trade ID: {{execute-trade.trade_id}}. Booked: {{book-trade.booking_ref}}. Settlement: {{execute-trade.value_date}}.'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: fx-rates
      path: /market/fx/{{currency_pair}}
      inputParameters:
      - name: currency_pair
        in: path
      operations:
      - name: get-fx-rate
        method: GET
  - type: http
    namespace: reuters
    baseUri: https://api.refinitiv.com/trading/fx/v1
    authentication:
      type: bearer
      token: $secrets.reuters_token
    resources:
    - name: spot-orders
      path: /spot/execute
      operations:
      - name: execute-fx-spot
        method: POST
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/trading
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: fx-bookings
      path: /fx/book
      operations:
      - name: book-fx-trade
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

On P1 incident, creates a Teams channel, pulls recent deployments from GitHub, gathers logs from Splunk, creates a bridge call, and updates StatusPage.

naftiko: '0.5'
info:
  label: Incident War Room Orchestrator
  description: On P1 incident, creates a Teams channel, pulls recent deployments from GitHub, gathers logs from Splunk, creates a bridge call, and updates StatusPage.
  tags:
  - incident-management
  - github
  - splunk
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: incident-management
    port: 8080
    tools:
    - name: incident_war_room_orchestrator
      description: Orchestrate incident war room orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-incident
        type: call
        call: pagerduty.get-incident
        with:
          incident_id: '{{resource_id}}'
      - name: get-deployments
        type: call
        call: github.get-recent-deployments
        with:
          repo: '{{get-incident.service}}'
      - name: get-logs
        type: call
        call: splunk.search-logs
        with:
          query: '{{get-incident.service}} error'
          time_range: -1h
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: war-room
          text: 'P1: {{get-incident.title}}. Recent deploys: {{get-deployments.count}}. Errors: {{get-logs.count}}'
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github-op
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://abn-amro-splunk.com/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: splunk-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Orchestrates collateral valuation by pulling positions from the core banking system, fetching market prices from Bloomberg, computing haircuts via Databricks, and updating the collateral management system in Snowflake.

naftiko: '0.5'
info:
  label: Collateral Valuation Pipeline
  description: Orchestrates collateral valuation by pulling positions from the core banking system, fetching market prices from Bloomberg, computing haircuts via Databricks, and updating the collateral management system in Snowflake.
  tags:
  - collateral-management
  - risk-management
  - bloomberg
  - databricks
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: collateral
    port: 8080
    tools:
    - name: revalue-collateral
      description: Given a collateral pool ID and valuation date, revalue all positions using market data and apply regulatory haircuts.
      inputParameters:
      - name: pool_id
        in: body
        type: string
        description: The collateral pool identifier.
      - name: valuation_date
        in: body
        type: string
        description: Valuation date in YYYY-MM-DD format.
      steps:
      - name: get-positions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: COLLATERAL_WH
          database: COLLATERAL_DB
          query: SELECT security_id, quantity, collateral_type FROM collateral_positions WHERE pool_id = '{{pool_id}}'
      - name: get-market-prices
        type: call
        call: bloomberg.get-bulk-prices
        with:
          securities: '{{get-positions.security_ids}}'
          date: '{{valuation_date}}'
      - name: compute-haircuts
        type: call
        call: databricks.run-job
        with:
          job_id: collateral-haircut-model
          parameters:
            pool_id: '{{pool_id}}'
            valuation_date: '{{valuation_date}}'
      - name: update-valuations
        type: call
        call: snowflake.execute-query
        with:
          warehouse: COLLATERAL_WH
          database: COLLATERAL_DB
          query: CALL sp_update_collateral_valuations('{{pool_id}}', '{{valuation_date}}')
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: bulk-prices
      path: /market/prices/bulk
      operations:
      - name: get-bulk-prices
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://adb-abnamro.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST

Triggers a Power BI dataset refresh, validates the refresh completed successfully by checking status, and notifies the analytics team in Microsoft Teams with the result.

naftiko: '0.5'
info:
  label: Power BI Dashboard Refresh with Validation
  description: Triggers a Power BI dataset refresh, validates the refresh completed successfully by checking status, and notifies the analytics team in Microsoft Teams with the result.
  tags:
  - analytics
  - reporting
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: refresh-and-validate-powerbi
      description: Trigger a Power BI dataset refresh, check completion status, and notify the analytics team.
      inputParameters:
      - name: group_id
        in: body
        type: string
        description: The Power BI workspace (group) ID.
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID.
      - name: report_name
        in: body
        type: string
        description: Human-readable report name for notifications.
      steps:
      - name: trigger-refresh
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: '{{group_id}}'
          dataset_id: '{{dataset_id}}'
      - name: check-status
        type: call
        call: powerbi.get-refresh-history
        with:
          group_id: '{{group_id}}'
          dataset_id: '{{dataset_id}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: analytics-reports
          text: 'Power BI refresh: {{report_name}} | Status: {{check-status.status}} | Duration: {{check-status.duration}} | Dataset: {{dataset_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
      - name: get-refresh-history
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Extracts payment batches from SWIFT, reconciles against core banking ledger, identifies breaks, creates Jira tickets, and reports to operations.

naftiko: '0.5'
info:
  label: Payment Processing Reconciliation
  description: Extracts payment batches from SWIFT, reconciles against core banking ledger, identifies breaks, creates Jira tickets, and reports to operations.
  tags:
  - payments
  - reconciliation
  - jira
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: payments
    port: 8080
    tools:
    - name: payment_processing_reconciliation
      description: Orchestrate payment processing reconciliation workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-payments
        type: call
        call: swift.get-batch
        with:
          batch_id: '{{resource_id}}'
      - name: reconcile
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL reconcile_payments('{{resource_id}}')
          warehouse: PAYMENTS_WH
      - name: create-breaks
        type: call
        call: jira.create-issue
        with:
          project: PAY
          summary: 'Payment breaks: batch {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: payment-ops
          text: 'Reconciliation complete for batch {{resource_id}}. Breaks: {{reconcile.break_count}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abn-amro.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Validates change request in ServiceNow, runs pre-deployment tests, executes Terraform plan, monitors Datadog health, and sends post-change report.

naftiko: '0.5'
info:
  label: IT Change Management Pipeline
  description: Validates change request in ServiceNow, runs pre-deployment tests, executes Terraform plan, monitors Datadog health, and sends post-change report.
  tags:
  - change-management
  - servicenow
  - datadog
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: it_change_management_pipeline
      description: Orchestrate it change management pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-change
        type: call
        call: servicenow.get-change
        with:
          change_id: '{{resource_id}}'
      - name: run-tests
        type: call
        call: postman.run-collection
        with:
          collection_id: pre_change_{{resource_id}}
      - name: check-health
        type: call
        call: datadog.get-monitors
        with:
          tag: change:{{resource_id}}
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: change-mgmt
          text: 'Change {{resource_id}} executed. Health: {{check-health.status}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Retrieves the service dependency map from Datadog for ABN AMRO microservices.

naftiko: '0.5'
info:
  label: Datadog Service Map Lookup
  description: Retrieves the service dependency map from Datadog for ABN AMRO microservices.
  tags:
  - observability
  - datadog
  - service-map
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: get-service-map
      description: Get Datadog service map for a service.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The service_name to look up.
      call: datadog.get-service_name
      with:
        service_name: '{{service_name}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog_service_map_lookup
        method: GET

Triggers a Postman collection run for banking API regression tests, logs results to Snowflake for trend analysis, and notifies the QA team in Microsoft Teams with pass/fail summary.

naftiko: '0.5'
info:
  label: Postman API Regression Suite with Reporting
  description: Triggers a Postman collection run for banking API regression tests, logs results to Snowflake for trend analysis, and notifies the QA team in Microsoft Teams with pass/fail summary.
  tags:
  - testing
  - api-testing
  - postman
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: api-testing
    port: 8080
    tools:
    - name: run-api-regression-suite
      description: Run a Postman collection, log results to Snowflake, and notify the QA team.
      inputParameters:
      - name: collection_id
        in: body
        type: string
        description: The Postman collection UID.
      - name: environment_id
        in: body
        type: string
        description: The Postman environment UID.
      - name: suite_name
        in: body
        type: string
        description: Human-readable test suite name.
      steps:
      - name: run-tests
        type: call
        call: postman.run-collection
        with:
          collection: '{{collection_id}}'
          environment: '{{environment_id}}'
      - name: log-results
        type: call
        call: snowflake.execute-query
        with:
          warehouse: QA_WH
          database: QA_DB
          query: INSERT INTO api_test_results (suite_name, run_id, status, executed_at) VALUES ('{{suite_name}}', '{{run-tests.run_id}}', '{{run-tests.status}}', CURRENT_TIMESTAMP())
      - name: notify-qa
        type: call
        call: msteams.send-message
        with:
          channel: qa-api-testing
          text: 'API Regression: {{suite_name}} | Run: {{run-tests.run_id}} | Status: {{run-tests.status}} | Results logged to Snowflake.'
  consumes:
  - type: http
    namespace: postman
    baseUri: https://api.getpostman.com
    authentication:
      type: bearer
      token: $secrets.postman_api_key
    resources:
    - name: collection-runs
      path: /collections/{{collection}}/runs
      inputParameters:
      - name: collection
        in: path
      operations:
      - name: run-collection
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Traces data lineage from Snowflake, identifies downstream dependencies in Alation catalog, assesses impact of schema changes, creates change requests in ServiceNow.

naftiko: '0.5'
info:
  label: Data Lineage Impact Analyzer
  description: Traces data lineage from Snowflake, identifies downstream dependencies in Alation catalog, assesses impact of schema changes, creates change requests in ServiceNow.
  tags:
  - data-governance
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: data_lineage_impact_analyzer
      description: Orchestrate data lineage impact analyzer workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-lineage
        type: call
        call: snowflake.get-lineage
        with:
          table: '{{resource_id}}'
      - name: get-dependencies
        type: call
        call: alation.get-downstream
        with:
          table: '{{resource_id}}'
      - name: create-change
        type: call
        call: servicenow.create-change
        with:
          short_description: 'Schema change impact: {{resource_id}}'
          downstream_count: '{{get-dependencies.count}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: data-eng
          text: 'Impact analysis for {{resource_id}}: {{get-dependencies.count}} downstream consumers'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Validates a bond trade against pre-trade compliance limits in Snowflake, submits the order to Tradeweb for execution, books the trade in the core banking system, and confirms to the trader via Microsoft Teams.

naftiko: '0.5'
info:
  label: Tradeweb Bond Execution with Compliance Check
  description: Validates a bond trade against pre-trade compliance limits in Snowflake, submits the order to Tradeweb for execution, books the trade in the core banking system, and confirms to the trader via Microsoft Teams.
  tags:
  - trading
  - fixed-income
  - tradeweb
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading-execution
    port: 8080
    tools:
    - name: execute-bond-trade
      description: Validate pre-trade limits, submit a bond trade to Tradeweb, book internally, and confirm to the trader.
      inputParameters:
      - name: isin
        in: body
        type: string
        description: The ISIN of the bond to trade.
      - name: direction
        in: body
        type: string
        description: 'Trade direction: buy or sell.'
      - name: notional
        in: body
        type: number
        description: Notional amount in the bond's denomination currency.
      - name: trader_upn
        in: body
        type: string
        description: The UPN of the executing trader.
      steps:
      - name: check-limits
        type: call
        call: snowflake.execute-query
        with:
          warehouse: TRADING_WH
          database: COMPLIANCE_DB
          query: SELECT remaining_limit FROM pre_trade_limits WHERE isin = '{{isin}}' AND direction = '{{direction}}'
      - name: submit-order
        type: call
        call: tradeweb.submit-order
        with:
          isin: '{{isin}}'
          direction: '{{direction}}'
          notional: '{{notional}}'
      - name: book-trade
        type: call
        call: core-banking.book-trade
        with:
          trade_id: '{{submit-order.trade_id}}'
          isin: '{{isin}}'
          direction: '{{direction}}'
          notional: '{{notional}}'
          price: '{{submit-order.execution_price}}'
      - name: confirm-trader
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{trader_upn}}'
          text: 'Bond trade executed: {{direction}} {{notional}} {{isin}} at {{submit-order.execution_price}}. Yield: {{submit-order.yield}}. Settlement: {{submit-order.settlement_date}}. Trade ID: {{submit-order.trade_id}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: tradeweb
    baseUri: https://api.tradeweb.com/v2
    authentication:
      type: bearer
      token: $secrets.tradeweb_token
    resources:
    - name: orders
      path: /orders
      operations:
      - name: submit-order
        method: POST
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/trading
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: bookings
      path: /book
      operations:
      - name: book-trade
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Performs Know Your Customer screening by querying Salesforce for client data, running sanctions checks against Bloomberg Enterprise Data, and logging results in ServiceNow for compliance audit.

naftiko: '0.5'
info:
  label: KYC Customer Screening
  description: Performs Know Your Customer screening by querying Salesforce for client data, running sanctions checks against Bloomberg Enterprise Data, and logging results in ServiceNow for compliance audit.
  tags:
  - compliance
  - kyc
  - salesforce
  - bloomberg-enterprise-data
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance-kyc
    port: 8080
    tools:
    - name: screen-customer
      description: Given a customer ID, retrieve Salesforce profile, check Bloomberg sanctions, and log screening outcome in ServiceNow.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: The Salesforce account ID for the customer.
      - name: screening_type
        in: body
        type: string
        description: 'Type of screening: initial, periodic, or event-triggered.'
      steps:
      - name: get-customer
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{customer_id}}'
      - name: check-sanctions
        type: call
        call: bloomberg.search-sanctions
        with:
          entity_name: '{{get-customer.name}}'
          country: '{{get-customer.billing_country}}'
      - name: log-screening
        type: call
        call: servicenow.create-record
        with:
          table: u_kyc_screening
          short_description: 'KYC {{screening_type}} screening: {{get-customer.name}}'
          description: 'Customer: {{get-customer.name}} ({{customer_id}}). Sanctions result: {{check-sanctions.match_status}}. Score: {{check-sanctions.risk_score}}.'
          assigned_group: Compliance_KYC
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: sanctions
      path: /sanctions/screen
      operations:
      - name: search-sanctions
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

Downloads updated sanctions lists from Bloomberg, updates the screening database in Snowflake, triggers a batch re-screening of all active clients, and notifies compliance of any new matches via Jira and Microsoft Teams.

naftiko: '0.5'
info:
  label: Sanctions List Update and Screening Refresh
  description: Downloads updated sanctions lists from Bloomberg, updates the screening database in Snowflake, triggers a batch re-screening of all active clients, and notifies compliance of any new matches via Jira and Microsoft Teams.
  tags:
  - compliance
  - sanctions
  - bloomberg
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: compliance-sanctions
    port: 8080
    tools:
    - name: refresh-sanctions-screening
      description: Download latest sanctions lists, update screening database, run batch re-screening, and alert on new matches.
      inputParameters:
      - name: list_type
        in: body
        type: string
        description: 'Sanctions list type: eu, ofac, un, or all.'
      - name: trigger_date
        in: body
        type: string
        description: The date of the list update in YYYY-MM-DD format.
      steps:
      - name: download-lists
        type: call
        call: bloomberg.get-sanctions-lists
        with:
          list_type: '{{list_type}}'
          effective_date: '{{trigger_date}}'
      - name: update-database
        type: call
        call: snowflake.execute-query
        with:
          warehouse: COMPLIANCE_WH
          database: SANCTIONS_DB
          query: CALL sp_update_sanctions_list('{{list_type}}', '{{trigger_date}}')
      - name: run-batch-screening
        type: call
        call: snowflake.execute-query
        with:
          warehouse: COMPLIANCE_WH
          database: SANCTIONS_DB
          query: CALL sp_batch_screen_active_clients('{{list_type}}')
      - name: create-review-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: SANCTIONS
          issuetype: Task
          summary: '[Sanctions Update] {{list_type}} list refresh — {{trigger_date}}'
          description: 'Sanctions list updated: {{list_type}} as of {{trigger_date}}.

            New entries: {{download-lists.new_entries_count}}

            Batch screening complete. Review any new matches.'
      - name: notify-compliance
        type: call
        call: msteams.send-message
        with:
          channel: compliance-sanctions
          text: 'Sanctions list refreshed: {{list_type}} ({{trigger_date}}). New entries: {{download-lists.new_entries_count}}. Batch re-screening complete. Jira: {{create-review-ticket.key}}'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: sanctions-lists
      path: /sanctions/lists
      operations:
      - name: get-sanctions-lists
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

When a Datadog monitor triggers a critical alert for a banking service, creates a Jira incident ticket and posts a notification to the engineering Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Datadog Alert to Jira Incident
  description: When a Datadog monitor triggers a critical alert for a banking service, creates a Jira incident ticket and posts a notification to the engineering Microsoft Teams channel.
  tags:
  - observability
  - incident-management
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: handle-datadog-alert
      description: Given a Datadog alert ID, create a Jira incident and notify the engineering team in Microsoft Teams.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Datadog monitor alert ID.
      - name: service_name
        in: body
        type: string
        description: The affected banking service name.
      - name: severity
        in: body
        type: string
        description: 'Alert severity: critical, warning, or info.'
      steps:
      - name: get-alert-details
        type: call
        call: datadog.get-monitor
        with:
          monitor_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: jira.create-issue
        with:
          project_key: INC
          issuetype: Incident
          summary: '[{{severity}}] {{service_name}} — {{get-alert-details.name}}'
          description: 'Datadog alert {{alert_id}} triggered.

            Service: {{service_name}}

            Severity: {{severity}}

            Message: {{get-alert-details.message}}

            Monitor URL: {{get-alert-details.url}}'
          priority: '{{severity}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: platform-engineering-alerts
          text: 'Incident Created: {{create-incident.key}} | {{service_name}} | {{severity}} | {{get-alert-details.name}} | Jira: {{create-incident.url}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.eu/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{monitor_id}}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Queries vendor data from SAP Ariba, runs risk scoring in Snowflake, creates assessment record in ServiceNow, and notifies procurement.

naftiko: '0.5'
info:
  label: Vendor Risk Assessment Pipeline
  description: Queries vendor data from SAP Ariba, runs risk scoring in Snowflake, creates assessment record in ServiceNow, and notifies procurement.
  tags:
  - procurement
  - vendor-risk
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: vendor_risk_assessment_pipeline
      description: Orchestrate vendor risk assessment pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-vendor
        type: call
        call: sap.get-vendor
        with:
          vendor_id: '{{resource_id}}'
      - name: score-risk
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL score_vendor_risk('{{resource_id}}')
          warehouse: PROC_WH
      - name: create-assessment
        type: call
        call: servicenow.create-record
        with:
          table: vendor_assessments
          vendor_id: '{{resource_id}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: procurement
          text: 'Vendor {{resource_id}} risk score: {{score-risk.risk_level}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://abn-amro-sap.com/api/v1
    authentication:
      type: bearer
      token: $secrets.sap_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: sap-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Aggregates client information from Salesforce CRM, Bloomberg financial data, and Snowflake transaction history to produce a unified 360-degree view for relationship managers.

naftiko: '0.5'
info:
  label: Client Relationship 360 View
  description: Aggregates client information from Salesforce CRM, Bloomberg financial data, and Snowflake transaction history to produce a unified 360-degree view for relationship managers.
  tags:
  - client-management
  - crm
  - salesforce
  - bloomberg
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: client-360
    port: 8080
    tools:
    - name: get-client-360
      description: Given a client Salesforce ID, aggregate CRM data, Bloomberg financials, and transaction history into a unified view.
      inputParameters:
      - name: client_id
        in: body
        type: string
        description: The Salesforce account ID for the client.
      steps:
      - name: get-crm-data
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{client_id}}'
      - name: get-financials
        type: call
        call: bloomberg.get-company
        with:
          company_name: '{{get-crm-data.name}}'
      - name: get-transactions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: CRM_WH
          database: CLIENT_DB
          query: SELECT product_type, SUM(volume) as total_volume, COUNT(*) as txn_count FROM client_transactions WHERE client_id = '{{client_id}}' AND txn_date >= DATEADD(month, -12, CURRENT_DATE()) GROUP BY product_type
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: companies
      path: /companies/search
      operations:
      - name: get-company
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST

Retrieves employee details from Workday by worker ID, returning name, department, manager, cost center, and employment status.

naftiko: '0.5'
info:
  label: Workday Employee Lookup
  description: Retrieves employee details from Workday by worker ID, returning name, department, manager, cost center, and employment status.
  tags:
  - hr
  - employee-data
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-data
    port: 8080
    tools:
    - name: get-employee
      description: Look up an employee in Workday by worker ID. Returns full name, department, manager, cost center, and status.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: The Workday worker ID.
      call: workday.get-worker
      with:
        worker_id: '{{worker_id}}'
      outputParameters:
      - name: full_name
        type: string
        mapping: $.worker.fullName
      - name: department
        type: string
        mapping: $.worker.department
      - name: manager
        type: string
        mapping: $.worker.managerName
      - name: cost_center
        type: string
        mapping: $.worker.costCenter
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd3-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET

Executes read-only queries against ABN AMRO Azure SQL databases for reporting.

naftiko: '0.5'
info:
  label: Azure SQL Query Runner
  description: Executes read-only queries against ABN AMRO Azure SQL databases for reporting.
  tags:
  - data
  - azure
  - sql
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: run-sql-query
      description: Execute a SQL query and return results.
      inputParameters:
      - name: sql_query
        in: body
        type: string
        description: The sql_query to look up.
      call: snowflake.get-sql_query
      with:
        sql_query: '{{sql_query}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: azure_sql_query_runner
        method: GET

Calculates derivatives portfolio risk metrics by extracting positions from Snowflake, computing Greeks and VaR via Databricks ML models, publishing to Power BI, and alerting the risk desk when thresholds are breached.

naftiko: '0.5'
info:
  label: Derivatives Risk Calculation Pipeline
  description: Calculates derivatives portfolio risk metrics by extracting positions from Snowflake, computing Greeks and VaR via Databricks ML models, publishing to Power BI, and alerting the risk desk when thresholds are breached.
  tags:
  - risk-management
  - derivatives
  - trading
  - snowflake
  - databricks
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk-derivatives
    port: 8080
    tools:
    - name: calculate-derivatives-risk
      description: Given a portfolio and valuation date, compute Greeks and VaR for the derivatives book and alert on threshold breaches.
      inputParameters:
      - name: portfolio_id
        in: body
        type: string
        description: The derivatives portfolio identifier.
      - name: valuation_date
        in: body
        type: string
        description: Valuation date in YYYY-MM-DD format.
      - name: var_confidence
        in: body
        type: string
        description: 'VaR confidence level: 95 or 99.'
      steps:
      - name: extract-positions
        type: call
        call: snowflake.execute-query
        with:
          warehouse: RISK_WH
          database: DERIVATIVES_DB
          query: SELECT * FROM derivatives_positions WHERE portfolio_id = '{{portfolio_id}}' AND position_date = '{{valuation_date}}'
      - name: compute-risk
        type: call
        call: databricks.run-job
        with:
          job_id: derivatives-risk-engine
          parameters:
            portfolio_id: '{{portfolio_id}}'
            valuation_date: '{{valuation_date}}'
            confidence: '{{var_confidence}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: trading-risk-workspace
          dataset_id: derivatives-risk-daily
      - name: alert-risk-desk
        type: call
        call: msteams.send-message
        with:
          channel: trading-risk-alerts
          text: 'Derivatives risk calculation complete: Portfolio {{portfolio_id}} for {{valuation_date}}. VaR({{var_confidence}}%): {{compute-risk.var_amount}}. Delta: {{compute-risk.total_delta}}. Gamma: {{compute-risk.total_gamma}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://adb-abnamro.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

When a transaction monitoring alert fires, retrieves alert details from the AML system, enriches with customer data from Salesforce, checks Bloomberg sanctions, and creates a Jira investigation ticket for the financial crime team.

naftiko: '0.5'
info:
  label: AML Transaction Monitoring Alert Triage
  description: When a transaction monitoring alert fires, retrieves alert details from the AML system, enriches with customer data from Salesforce, checks Bloomberg sanctions, and creates a Jira investigation ticket for the financial crime team.
  tags:
  - compliance
  - aml
  - transaction-monitoring
  - salesforce
  - bloomberg
  - jira
capability:
  exposes:
  - type: mcp
    namespace: compliance-aml
    port: 8080
    tools:
    - name: triage-aml-alert
      description: Given an AML alert ID, enrich with customer data, run sanctions check, and open a Jira investigation case.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The AML system alert identifier.
      - name: customer_id
        in: body
        type: string
        description: The Salesforce account ID associated with the flagged transaction.
      steps:
      - name: get-alert
        type: call
        call: core-banking.get-aml-alert
        with:
          alert_id: '{{alert_id}}'
      - name: get-customer
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{customer_id}}'
      - name: sanctions-check
        type: call
        call: bloomberg.search-sanctions
        with:
          entity_name: '{{get-customer.name}}'
          country: '{{get-customer.billing_country}}'
      - name: create-investigation
        type: call
        call: jira.create-issue
        with:
          project_key: FINCRIME
          issuetype: Investigation
          summary: '[AML Alert] {{get-alert.rule_name}} — {{get-customer.name}}'
          description: 'Alert: {{alert_id}}

            Rule: {{get-alert.rule_name}}

            Amount: {{get-alert.amount}} {{get-alert.currency}}

            Customer: {{get-customer.name}}

            Sanctions match: {{sanctions-check.match_status}}

            Risk score: {{sanctions-check.risk_score}}'
  consumes:
  - type: http
    namespace: core-banking
    baseUri: https://api.abnamro.com/v1/aml
    authentication:
      type: bearer
      token: $secrets.core_banking_token
    resources:
    - name: alerts
      path: /alerts/{{alert_id}}
      inputParameters:
      - name: alert_id
        in: path
      operations:
      - name: get-aml-alert
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: sanctions
      path: /sanctions/screen
      operations:
      - name: search-sanctions
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Triggers an Informatica data quality profiling job, stores quality scores in Snowflake for trend analysis, and alerts the data governance team in Microsoft Teams when quality thresholds are breached.

naftiko: '0.5'
info:
  label: Informatica Data Quality Pipeline with Reporting
  description: Triggers an Informatica data quality profiling job, stores quality scores in Snowflake for trend analysis, and alerts the data governance team in Microsoft Teams when quality thresholds are breached.
  tags:
  - data-quality
  - data-management
  - informatica
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: run-quality-profile-with-reporting
      description: Trigger Informatica quality profiling, store scores in Snowflake, and alert on threshold breaches.
      inputParameters:
      - name: task_name
        in: body
        type: string
        description: The Informatica data quality task name.
      - name: data_domain
        in: body
        type: string
        description: The data domain to profile (e.g., customer, transaction, risk).
      - name: quality_threshold
        in: body
        type: number
        description: Minimum acceptable quality score percentage.
      steps:
      - name: run-profiling
        type: call
        call: informatica.start-quality-task
        with:
          task_name: '{{task_name}}'
          data_domain: '{{data_domain}}'
      - name: store-results
        type: call
        call: snowflake.execute-query
        with:
          warehouse: DQ_WH
          database: DATA_QUALITY_DB
          query: INSERT INTO dq_scores (domain, task_name, run_id, score, profiled_at) VALUES ('{{data_domain}}', '{{task_name}}', '{{run-profiling.run_id}}', '{{run-profiling.quality_score}}', CURRENT_TIMESTAMP())
      - name: notify-governance
        type: call
        call: msteams.send-message
        with:
          channel: data-governance
          text: 'Data Quality: {{data_domain}} ({{task_name}}) | Run: {{run-profiling.run_id}} | Score: {{run-profiling.quality_score}}% | Threshold: {{quality_threshold}}%'
  consumes:
  - type: http
    namespace: informatica
    baseUri: https://dm-eu.informaticacloud.com/saas/api/v2
    authentication:
      type: bearer
      token: $secrets.informatica_token
    resources:
    - name: jobs
      path: /job
      operations:
      - name: start-quality-task
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves a secret value from Azure Key Vault for secure credential injection in downstream banking system integrations.

naftiko: '0.5'
info:
  label: Azure Key Vault Secret Retrieval
  description: Retrieves a secret value from Azure Key Vault for secure credential injection in downstream banking system integrations.
  tags:
  - security
  - secrets-management
  - azure-key-vault
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: get-secret
      description: Retrieve a secret from Azure Key Vault by name. Returns the secret value and version.
      inputParameters:
      - name: secret_name
        in: body
        type: string
        description: The name of the secret in Azure Key Vault.
      call: keyvault.get-secret
      with:
        secret_name: '{{secret_name}}'
      outputParameters:
      - name: value
        type: string
        mapping: $.value
      - name: version
        type: string
        mapping: $.id
  consumes:
  - type: http
    namespace: keyvault
    baseUri: https://abnamro-vault.vault.azure.net
    authentication:
      type: bearer
      token: $secrets.azure_keyvault_token
    resources:
    - name: secrets
      path: /secrets/{{secret_name}}?api-version=7.4
      inputParameters:
      - name: secret_name
        in: path
      operations:
      - name: get-secret
        method: GET

Pulls credit exposure data from Snowflake, aggregates by counterparty, and publishes a summary dashboard refresh to Power BI for the risk management team.

naftiko: '0.5'
info:
  label: Credit Risk Exposure Report
  description: Pulls credit exposure data from Snowflake, aggregates by counterparty, and publishes a summary dashboard refresh to Power BI for the risk management team.
  tags:
  - risk-management
  - credit-risk
  - snowflake
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: risk-credit
    port: 8080
    tools:
    - name: refresh-credit-exposure
      description: Given a reporting date and portfolio segment, query Snowflake for exposure data and trigger a Power BI dataset refresh.
      inputParameters:
      - name: reporting_date
        in: body
        type: string
        description: The reporting date in YYYY-MM-DD format.
      - name: portfolio_segment
        in: body
        type: string
        description: 'Portfolio segment: corporate, retail, or sme.'
      steps:
      - name: query-exposures
        type: call
        call: snowflake.execute-query
        with:
          warehouse: RISK_WH
          database: RISK_DB
          query: SELECT counterparty, SUM(exposure) as total_exposure, MAX(pd) as max_pd FROM credit_exposures WHERE report_date = '{{reporting_date}}' AND segment = '{{portfolio_segment}}' GROUP BY counterparty ORDER BY total_exposure DESC
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: risk-management-workspace
          dataset_id: credit-exposure-daily
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

Retrieves the status of a GitHub pull request including checks, review status, and merge readiness for banking application repositories.

naftiko: '0.5'
info:
  label: GitHub Pull Request Status
  description: Retrieves the status of a GitHub pull request including checks, review status, and merge readiness for banking application repositories.
  tags:
  - devops
  - code-review
  - github
capability:
  exposes:
  - type: mcp
    namespace: source-control
    port: 8080
    tools:
    - name: get-pr-status
      description: Look up a GitHub pull request by repo and PR number. Returns status, checks, and review state.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: The GitHub repository in owner/repo format.
      - name: pr_number
        in: body
        type: string
        description: The pull request number.
      call: github.get-pull-request
      with:
        repo: '{{repo}}'
        pr_number: '{{pr_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.state
      - name: mergeable
        type: string
        mapping: $.mergeable
      - name: title
        type: string
        mapping: $.title
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pull-requests
      path: /repos/{{repo}}/pulls/{{pr_number}}
      inputParameters:
      - name: repo
        in: path
      - name: pr_number
        in: path
      operations:
      - name: get-pull-request
        method: GET

Processes corporate actions for portfolio adjustments, updates positions in trading systems, reconciles in Snowflake, and notifies portfolio managers.

naftiko: '0.5'
info:
  label: Corporate Action Processing Pipeline
  description: Processes corporate actions for portfolio adjustments, updates positions in trading systems, reconciles in Snowflake, and notifies portfolio managers.
  tags:
  - trading
  - corporate-actions
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading
    port: 8080
    tools:
    - name: corporate_action_processing_pipeline
      description: Orchestrate corporate action processing pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Retrieves employee compensation details from Workday for ABN AMRO HR operations.

naftiko: '0.5'
info:
  label: Workday Compensation Lookup
  description: Retrieves employee compensation details from Workday for ABN AMRO HR operations.
  tags:
  - hr
  - workday
  - compensation
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: get-compensation
      description: Look up employee compensation by ID.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The employee_id to look up.
      call: workday.get-employee_id
      with:
        employee_id: '{{employee_id}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/abn-amro
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday_compensation_lookup
        method: GET

When Microsoft Defender raises a security alert, enriches with Azure AD user context, creates a ServiceNow security incident, and notifies the SOC team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Microsoft Defender Threat Alert Triage
  description: When Microsoft Defender raises a security alert, enriches with Azure AD user context, creates a ServiceNow security incident, and notifies the SOC team in Microsoft Teams.
  tags:
  - security
  - threat-detection
  - microsoft-defender
  - azure-active-directory
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security-ops
    port: 8080
    tools:
    - name: triage-defender-alert
      description: Given a Defender alert ID, enrich with user context, create a security incident, and notify the SOC.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Microsoft Defender alert ID.
      - name: user_principal_name
        in: body
        type: string
        description: The UPN of the affected user.
      steps:
      - name: get-alert
        type: call
        call: defender.get-alert
        with:
          alert_id: '{{alert_id}}'
      - name: get-user-context
        type: call
        call: azuread.get-user
        with:
          user_principal_name: '{{user_principal_name}}'
      - name: create-security-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: '[Security] {{get-alert.title}} — {{get-user-context.display_name}}'
          description: 'Defender Alert: {{alert_id}}

            Severity: {{get-alert.severity}}

            Category: {{get-alert.category}}

            User: {{get-user-context.display_name}} ({{user_principal_name}})

            Department: {{get-user-context.department}}

            Description: {{get-alert.description}}'
          assigned_group: Security_Operations_Center
          impact: '2'
      - name: notify-soc
        type: call
        call: msteams.send-message
        with:
          channel: soc-alerts
          text: 'Security Alert: {{get-alert.title}} | Severity: {{get-alert.severity}} | User: {{get-user-context.display_name}} | ServiceNow: {{create-security-incident.number}}'
  consumes:
  - type: http
    namespace: defender
    baseUri: https://api.security.microsoft.com/api
    authentication:
      type: bearer
      token: $secrets.defender_token
    resources:
    - name: alerts
      path: /alerts/{{alert_id}}
      inputParameters:
      - name: alert_id
        in: path
      operations:
      - name: get-alert
        method: GET
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{user_principal_name}}
      inputParameters:
      - name: user_principal_name
        in: path
      operations:
      - name: get-user
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Monitors employee personal trading activity, validates against restricted lists, creates compliance cases, and notifies compliance officer.

naftiko: '0.5'
info:
  label: Employee Trading Compliance Monitor
  description: Monitors employee personal trading activity, validates against restricted lists, creates compliance cases, and notifies compliance officer.
  tags:
  - compliance
  - employee-trading
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: employee_trading_compliance_monitor
      description: Orchestrate employee trading compliance monitor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Extracts position data from trading systems, calculates RWA in Snowflake, generates Basel III reports, files with DNB via API, and notifies risk management.

naftiko: '0.5'
info:
  label: Regulatory Capital Reporting Pipeline
  description: Extracts position data from trading systems, calculates RWA in Snowflake, generates Basel III reports, files with DNB via API, and notifies risk management.
  tags:
  - regulatory
  - capital
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: regulatory
    port: 8080
    tools:
    - name: regulatory_capital_reporting_pipeline
      description: Orchestrate regulatory capital reporting pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-positions
        type: call
        call: trading.get-positions
        with:
          date: '{{resource_id}}'
      - name: calculate-rwa
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL calculate_rwa('{{resource_id}}')
          warehouse: CAPITAL_WH
      - name: file-report
        type: call
        call: servicenow.create-record
        with:
          table: regulatory_filings
          report_date: '{{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: risk-management
          text: 'Capital report filed for {{resource_id}}. RWA: {{calculate-rwa.total_rwa}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Retrieves a Jira issue by key, returning summary, status, assignee, and priority for project tracking.

naftiko: '0.5'
info:
  label: Jira Issue Lookup
  description: Retrieves a Jira issue by key, returning summary, status, assignee, and priority for project tracking.
  tags:
  - project-management
  - jira
capability:
  exposes:
  - type: mcp
    namespace: project-tracking
    port: 8080
    tools:
    - name: get-jira-issue
      description: Look up a Jira issue by key. Returns summary, status, assignee, priority, and created date.
      inputParameters:
      - name: issue_key
        in: body
        type: string
        description: The Jira issue key (e.g., RISK-1234).
      call: jira.get-issue
      with:
        issue_key: '{{issue_key}}'
      outputParameters:
      - name: summary
        type: string
        mapping: $.fields.summary
      - name: status
        type: string
        mapping: $.fields.status.name
      - name: assignee
        type: string
        mapping: $.fields.assignee.displayName
  consumes:
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue/{{issue_key}}
      inputParameters:
      - name: issue_key
        in: path
      operations:
      - name: get-issue
        method: GET

Monitors corporate lending covenant compliance by pulling financial ratios from Snowflake, comparing against covenant thresholds, and alerting the credit team via Jira and Microsoft Teams when breaches are detected.

naftiko: '0.5'
info:
  label: Corporate Lending Covenant Monitoring
  description: Monitors corporate lending covenant compliance by pulling financial ratios from Snowflake, comparing against covenant thresholds, and alerting the credit team via Jira and Microsoft Teams when breaches are detected.
  tags:
  - lending
  - credit-risk
  - covenant-monitoring
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: lending-covenants
    port: 8080
    tools:
    - name: check-covenant-compliance
      description: Given a facility ID and reporting date, check covenant compliance and alert on breaches.
      inputParameters:
      - name: facility_id
        in: body
        type: string
        description: The lending facility identifier.
      - name: reporting_date
        in: body
        type: string
        description: The covenant test date in YYYY-MM-DD format.
      - name: borrower_name
        in: body
        type: string
        description: The borrower legal entity name.
      steps:
      - name: get-financial-ratios
        type: call
        call: snowflake.execute-query
        with:
          warehouse: LENDING_WH
          database: LENDING_DB
          query: SELECT covenant_type, actual_value, threshold_value, CASE WHEN actual_value > threshold_value THEN 'BREACH' ELSE 'COMPLIANT' END as status FROM covenant_monitoring WHERE facility_id = '{{facility_id}}' AND test_date = '{{reporting_date}}'
      - name: create-breach-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: CREDIT
          issuetype: Task
          summary: '[Covenant Check] {{borrower_name}} — {{facility_id}} — {{reporting_date}}'
          description: 'Covenant compliance check for {{borrower_name}} ({{facility_id}}) as of {{reporting_date}}.

            Results: {{get-financial-ratios.row_count}} covenants tested.

            Review financial ratios and escalate any breaches.'
      - name: notify-credit-team
        type: call
        call: msteams.send-message
        with:
          channel: credit-monitoring
          text: 'Covenant check complete: {{borrower_name}} ({{facility_id}}) — {{reporting_date}}. Jira: {{create-breach-ticket.key}}. Review results for potential breaches.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Reconciles ADP payroll data with Workday employee records and Snowflake cost center budgets, creating ServiceNow tasks for discrepancies found during the monthly payroll cycle.

naftiko: '0.5'
info:
  label: ADP Payroll Reconciliation
  description: Reconciles ADP payroll data with Workday employee records and Snowflake cost center budgets, creating ServiceNow tasks for discrepancies found during the monthly payroll cycle.
  tags:
  - hr
  - payroll
  - adp
  - workday
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-payroll
    port: 8080
    tools:
    - name: reconcile-payroll
      description: Given a pay period, reconcile ADP payroll with Workday and Snowflake budget data, flagging discrepancies.
      inputParameters:
      - name: pay_period
        in: body
        type: string
        description: The pay period in YYYY-MM format.
      - name: business_unit
        in: body
        type: string
        description: The business unit to reconcile.
      steps:
      - name: get-payroll-data
        type: call
        call: adp.get-payroll-summary
        with:
          pay_period: '{{pay_period}}'
          business_unit: '{{business_unit}}'
      - name: get-headcount
        type: call
        call: snowflake.execute-query
        with:
          warehouse: HR_WH
          database: HR_DB
          query: SELECT department, COUNT(*) as headcount, SUM(budgeted_salary) as budget_total FROM employee_budget WHERE business_unit = '{{business_unit}}' AND period = '{{pay_period}}' GROUP BY department
      - name: create-reconciliation-task
        type: call
        call: servicenow.create-record
        with:
          table: u_payroll_reconciliation
          short_description: 'Payroll reconciliation: {{business_unit}} — {{pay_period}}'
          description: 'ADP total: {{get-payroll-data.total_gross}}. Budget total from Snowflake. Review and resolve discrepancies.'
          assigned_group: HR_Payroll
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: payroll
      path: /workers/payroll-summary?payPeriod={{pay_period}}&businessUnit={{business_unit}}
      inputParameters:
      - name: pay_period
        in: query
      - name: business_unit
        in: query
      operations:
      - name: get-payroll-summary
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

Triggers portfolio rebalancing based on drift analysis, executes trades, updates positions, generates client reports, and notifies advisors.

naftiko: '0.5'
info:
  label: Client Portfolio Rebalancing Pipeline
  description: Triggers portfolio rebalancing based on drift analysis, executes trades, updates positions, generates client reports, and notifies advisors.
  tags:
  - wealth-management
  - portfolio
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: wealth-management
    port: 8080
    tools:
    - name: client_portfolio_rebalancing_pipeline
      description: Orchestrate client portfolio rebalancing pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Reconciles trade settlement data between Bloomberg Tradebook and the core banking system, identifies breaks, and creates Jira tickets for operations to investigate discrepancies.

naftiko: '0.5'
info:
  label: Trade Settlement Reconciliation
  description: Reconciles trade settlement data between Bloomberg Tradebook and the core banking system, identifies breaks, and creates Jira tickets for operations to investigate discrepancies.
  tags:
  - operations
  - settlement
  - reconciliation
  - bloomberg-tradebook
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: trade-ops
    port: 8080
    tools:
    - name: reconcile-settlements
      description: Given a trade date, compare Tradebook and core banking settlement records, identify breaks, and create Jira tickets.
      inputParameters:
      - name: trade_date
        in: body
        type: string
        description: The trade date to reconcile in YYYY-MM-DD format.
      - name: asset_class
        in: body
        type: string
        description: 'Asset class: equities, fixed_income, fx, or derivatives.'
      steps:
      - name: get-tradebook-settlements
        type: call
        call: bloomberg-tradebook.get-settlements
        with:
          trade_date: '{{trade_date}}'
          asset_class: '{{asset_class}}'
      - name: get-internal-settlements
        type: call
        call: snowflake.execute-query
        with:
          warehouse: OPS_WH
          database: SETTLEMENTS_DB
          query: SELECT trade_id, counterparty, amount, currency, status FROM settlements WHERE trade_date = '{{trade_date}}' AND asset_class = '{{asset_class}}'
      - name: create-break-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: TRADEOPS
          issuetype: Task
          summary: '[Settlement Break] {{asset_class}} — {{trade_date}}'
          description: 'Reconciliation results for {{trade_date}} ({{asset_class}}).

            Tradebook records: {{get-tradebook-settlements.count}}

            Internal records: {{get-internal-settlements.row_count}}

            Review breaks and resolve.'
  consumes:
  - type: http
    namespace: bloomberg-tradebook
    baseUri: https://api.bloomberg.com/tradebook/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_tradebook_token
    resources:
    - name: settlements
      path: /settlements?tradeDate={{trade_date}}&assetClass={{asset_class}}
      inputParameters:
      - name: trade_date
        in: query
      - name: asset_class
        in: query
      operations:
      - name: get-settlements
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Validates proposed trades against investment guidelines, checks exposure limits in Snowflake, approves or blocks, and logs decisions.

naftiko: '0.5'
info:
  label: Investment Compliance Pre-Trade Check
  description: Validates proposed trades against investment guidelines, checks exposure limits in Snowflake, approves or blocks, and logs decisions.
  tags:
  - compliance
  - trading
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: investment_compliance_pre_trade_check
      description: Orchestrate investment compliance pre-trade check workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Fetches yield curve data from Bloomberg, runs VaR calculations in Snowflake, generates risk report in Power BI, and notifies treasury via Teams.

naftiko: '0.5'
info:
  label: Interest Rate Risk Calculator
  description: Fetches yield curve data from Bloomberg, runs VaR calculations in Snowflake, generates risk report in Power BI, and notifies treasury via Teams.
  tags:
  - risk
  - treasury
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk
    port: 8080
    tools:
    - name: interest_rate_risk_calculator
      description: Orchestrate interest rate risk calculator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-yield-curve
        type: call
        call: bloomberg.get-yield-curve
        with:
          currency: '{{resource_id}}'
      - name: calculate-var
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL calculate_var('{{resource_id}}')
          warehouse: RISK_WH
      - name: refresh-report
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: interest_rate_risk
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: treasury
          text: 'IR risk report updated for {{resource_id}}. VaR: {{calculate-var.var_amount}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Queries Microsoft Entra for conditional access policies applied to a user, returning policy names, grant controls, and session controls for security audit.

naftiko: '0.5'
info:
  label: Microsoft Entra Conditional Access Policy Check
  description: Queries Microsoft Entra for conditional access policies applied to a user, returning policy names, grant controls, and session controls for security audit.
  tags:
  - security
  - identity-management
  - microsoft-entra
capability:
  exposes:
  - type: mcp
    namespace: identity-security
    port: 8080
    tools:
    - name: get-conditional-access
      description: List conditional access policies affecting a user. Returns policy names, states, and grant conditions.
      inputParameters:
      - name: user_principal_name
        in: body
        type: string
        description: The user principal name (UPN) to check policies for.
      call: entra.get-policies
      with:
        user_principal_name: '{{user_principal_name}}'
      outputParameters:
      - name: policy_count
        type: string
        mapping: $.value.length
  consumes:
  - type: http
    namespace: entra
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: policies
      path: /identity/conditionalAccess/policies?$filter=conditions/users/includeUsers/any(u:u eq '{{user_principal_name}}')
      inputParameters:
      - name: user_principal_name
        in: query
      operations:
      - name: get-policies
        method: GET

Collects cash positions from multiple bank accounts, aggregates in Snowflake, updates treasury dashboard in Power BI, and sends morning report to CFO.

naftiko: '0.5'
info:
  label: Treasury Cash Position Aggregator
  description: Collects cash positions from multiple bank accounts, aggregates in Snowflake, updates treasury dashboard in Power BI, and sends morning report to CFO.
  tags:
  - treasury
  - cash-management
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: treasury
    port: 8080
    tools:
    - name: treasury_cash_position_aggregator
      description: Orchestrate treasury cash position aggregator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-positions
        type: call
        call: swift.get-mt940
        with:
          date: '{{resource_id}}'
      - name: aggregate
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL aggregate_cash('{{resource_id}}')
          warehouse: TREASURY_WH
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: cash_positions
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: treasury-mgmt
          text: 'Cash position report for {{resource_id}}: Total: {{aggregate.total_balance}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Searches ABN AMRO transaction logs in Elasticsearch by criteria.

naftiko: '0.5'
info:
  label: Elasticsearch Transaction Search
  description: Searches ABN AMRO transaction logs in Elasticsearch by criteria.
  tags:
  - data
  - elasticsearch
  - transactions
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: search-transactions
      description: Search transactions by query.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The search_query to look up.
      call: elasticsearch.get-search_query
      with:
        search_query: '{{search_query}}'
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://abn-amro-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: elasticsearch_transaction_sear
        method: GET

On PR merge, runs SAST scan via SonarQube, checks dependency vulnerabilities, validates container image, approves or blocks deployment, and notifies dev team.

naftiko: '0.5'
info:
  label: CI/CD Security Gate Pipeline
  description: On PR merge, runs SAST scan via SonarQube, checks dependency vulnerabilities, validates container image, approves or blocks deployment, and notifies dev team.
  tags:
  - devops
  - security
  - github
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: devops
    port: 8080
    tools:
    - name: cicd_security_gate_pipeline
      description: Orchestrate ci/cd security gate pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-pr
        type: call
        call: github.get-pull-request
        with:
          pr_id: '{{resource_id}}'
      - name: run-sast
        type: call
        call: sonarqube.analyze-project
        with:
          project_key: '{{get-pr.repo}}'
      - name: check-deps
        type: call
        call: snyk.test-project
        with:
          project_id: '{{get-pr.repo}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: security-reviews
          text: 'Security gate for {{resource_id}}: SAST {{run-sast.status}}, Deps {{check-deps.issues}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abn-amro.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves change request details by number from ABN AMRO ServiceNow instance.

naftiko: '0.5'
info:
  label: ServiceNow Change Request Lookup
  description: Retrieves change request details by number from ABN AMRO ServiceNow instance.
  tags:
  - itsm
  - servicenow
  - change-management
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: get-change-request
      description: Look up a change request by number.
      inputParameters:
      - name: change_number
        in: body
        type: string
        description: The change_number to look up.
      call: servicenow.get-change_number
      with:
        change_number: '{{change_number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow_change_request_look
        method: GET

Scans API gateway for deprecated endpoints, identifies consuming applications, sends deprecation notices via email, creates migration tasks in Jira, and updates Confluence docs.

naftiko: '0.5'
info:
  label: API Deprecation Notification Pipeline
  description: Scans API gateway for deprecated endpoints, identifies consuming applications, sends deprecation notices via email, creates migration tasks in Jira, and updates Confluence docs.
  tags:
  - api-management
  - jira
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: api-management
    port: 8080
    tools:
    - name: api_deprecation_notification_pipeline
      description: Orchestrate api deprecation notification pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: scan-apis
        type: call
        call: kong.get-deprecated-routes
        with:
          gateway_id: '{{resource_id}}'
      - name: identify-consumers
        type: call
        call: apigee.get-consumers
        with:
          route_id: '{{scan-apis.route_id}}'
      - name: create-migration
        type: call
        call: jira.create-issue
        with:
          project: API
          summary: 'Migrate from deprecated API: {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: api-platform
          text: 'API deprecation: {{resource_id}}. Migration ticket: {{create-migration.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://abn-amro.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://abn-amro.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Validates incoming market data feeds against expected patterns, identifies anomalies in Snowflake, creates alerts in PagerDuty, and logs quality metrics in Grafana.

naftiko: '0.5'
info:
  label: Market Data Quality Monitor
  description: Validates incoming market data feeds against expected patterns, identifies anomalies in Snowflake, creates alerts in PagerDuty, and logs quality metrics in Grafana.
  tags:
  - market-data
  - quality
  - snowflake
  - pagerduty
  - grafana
capability:
  exposes:
  - type: mcp
    namespace: market-data
    port: 8080
    tools:
    - name: market_data_quality_monitor
      description: Orchestrate market data quality monitor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: validate-feeds
        type: call
        call: bloomberg.validate-feed
        with:
          feed_id: '{{resource_id}}'
      - name: check-anomalies
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL check_market_data_quality('{{resource_id}}')
          warehouse: MARKET_WH
      - name: create-alert
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Market data quality: {{resource_id}}'
          severity: '{{check-anomalies.severity}}'
      - name: log-metrics
        type: call
        call: grafana.push-metrics
        with:
          dashboard_uid: market-data-quality
          quality_score: '{{check-anomalies.score}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abn-amro.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://abn-amro-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST

Triggers a Microsoft Purview data classification scan on a specified data source and returns scan status and discovered sensitive data types for data governance compliance.

naftiko: '0.5'
info:
  label: Microsoft Purview Data Classification Scan
  description: Triggers a Microsoft Purview data classification scan on a specified data source and returns scan status and discovered sensitive data types for data governance compliance.
  tags:
  - data-governance
  - classification
  - microsoft-purview
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: trigger-classification-scan
      description: Trigger a Purview classification scan on a data source. Returns scan run ID and status.
      inputParameters:
      - name: data_source_name
        in: body
        type: string
        description: The Purview registered data source name.
      - name: scan_name
        in: body
        type: string
        description: The scan definition name.
      call: purview.run-scan
      with:
        data_source_name: '{{data_source_name}}'
        scan_name: '{{scan_name}}'
      outputParameters:
      - name: run_id
        type: string
        mapping: $.scanRunId
      - name: status
        type: string
        mapping: $.status
  consumes:
  - type: http
    namespace: purview
    baseUri: https://abnamro-purview.purview.azure.com
    authentication:
      type: bearer
      token: $secrets.purview_token
    resources:
    - name: scans
      path: /scan/datasources/{{data_source_name}}/scans/{{scan_name}}/runs?api-version=2023-09-01
      inputParameters:
      - name: data_source_name
        in: path
      - name: scan_name
        in: path
      operations:
      - name: run-scan
        method: POST

Identifies incomplete client records, creates remediation tasks, tracks completion progress, and reports to client data management.

naftiko: '0.5'
info:
  label: Client Data Remediation Pipeline
  description: Identifies incomplete client records, creates remediation tasks, tracks completion progress, and reports to client data management.
  tags:
  - data-quality
  - client-data
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: client_data_remediation_pipeline
      description: Orchestrate client data remediation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

On new hire creation in Workday, opens a ServiceNow onboarding ticket, provisions Azure Active Directory account, and sends a Microsoft Teams welcome message.

naftiko: '0.5'
info:
  label: Employee Onboarding Orchestrator
  description: On new hire creation in Workday, opens a ServiceNow onboarding ticket, provisions Azure Active Directory account, and sends a Microsoft Teams welcome message.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - azure-active-directory
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-onboarding
      description: Given a Workday employee ID and start date, orchestrate onboarding across ServiceNow, Azure AD, and Microsoft Teams.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the new hire.
      - name: start_date
        in: body
        type: string
        description: The employee start date in YYYY-MM-DD format.
      - name: department
        in: body
        type: string
        description: The department the new hire is joining.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: open-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'New hire onboarding: {{get-employee.full_name}}'
          category: hr_onboarding
          assigned_group: IT_Onboarding
          description: Onboarding for {{get-employee.full_name}} starting {{start_date}} in {{department}}.
      - name: provision-account
        type: call
        call: azuread.create-user
        with:
          display_name: '{{get-employee.full_name}}'
          user_principal_name: '{{get-employee.work_email}}'
          department: '{{department}}'
      - name: send-welcome
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.work_email}}'
          text: Welcome to ABN AMRO, {{get-employee.first_name}}! Your IT onboarding ticket is {{open-ticket.number}}. Your Azure AD account has been provisioned.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd3-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the current sprint status and velocity for an ABN AMRO engineering team board.

naftiko: '0.5'
info:
  label: Jira Sprint Status
  description: Retrieves the current sprint status and velocity for an ABN AMRO engineering team board.
  tags:
  - devops
  - jira
  - agile
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: get-sprint
      description: Get current sprint status by board ID.
      inputParameters:
      - name: board_id
        in: body
        type: string
        description: The board_id to look up.
      call: jira.get-board_id
      with:
        board_id: '{{board_id}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://abn-amro.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira_sprint_status
        method: GET

Checks if a user has access to a specific Okta application at ABN AMRO.

naftiko: '0.5'
info:
  label: Okta Application Assignment Check
  description: Checks if a user has access to a specific Okta application at ABN AMRO.
  tags:
  - security
  - okta
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: identity
    port: 8080
    tools:
    - name: check-app-access
      description: Check user application access in Okta.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: The user_email to look up.
      call: okta.get-user_email
      with:
        user_email: '{{user_email}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://abn-amro.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: okta_application_assignment_ch
        method: GET

Searches Splunk SIEM for security events matching a query pattern at ABN AMRO.

naftiko: '0.5'
info:
  label: Splunk Security Log Search
  description: Searches Splunk SIEM for security events matching a query pattern at ABN AMRO.
  tags:
  - security
  - splunk
  - siem
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: search-security-logs
      description: Search security logs by query.
      inputParameters:
      - name: query
        in: body
        type: string
        description: The query to look up.
      call: splunk.get-query
      with:
        query: '{{query}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://abn-amro-splunk.com/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: splunk_security_log_search
        method: GET

Audits data catalog completeness, validates data classifications, creates remediation tasks, and notifies data stewards.

naftiko: '0.5'
info:
  label: Data Catalog Governance Pipeline
  description: Audits data catalog completeness, validates data classifications, creates remediation tasks, and notifies data stewards.
  tags:
  - data-governance
  - catalog
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: data_catalog_governance_pipeline
      description: Orchestrate data catalog governance pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Retrieves a Salesforce opportunity by ID, returning stage, amount, close date, and owner for the sales team.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Lookup
  description: Retrieves a Salesforce opportunity by ID, returning stage, amount, close date, and owner for the sales team.
  tags:
  - sales
  - crm
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: sales-crm
    port: 8080
    tools:
    - name: get-opportunity
      description: Look up a Salesforce opportunity by ID. Returns name, stage, amount, close date, and owner.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID.
      call: salesforce.get-opportunity
      with:
        opportunity_id: '{{opportunity_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.Name
      - name: stage
        type: string
        mapping: $.StageName
      - name: amount
        type: string
        mapping: $.Amount
      - name: close_date
        type: string
        mapping: $.CloseDate
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET

Analyzes trade execution quality metrics, compares against benchmarks in Snowflake, identifies improvements, and reports to trading desk.

naftiko: '0.5'
info:
  label: Trade Execution Quality Analyzer
  description: Analyzes trade execution quality metrics, compares against benchmarks in Snowflake, identifies improvements, and reports to trading desk.
  tags:
  - trading
  - analytics
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: trading
    port: 8080
    tools:
    - name: trade_execution_quality_analyzer
      description: Orchestrate trade execution quality analyzer workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Queries Dynatrace for application performance metrics, compares against historical baselines in Snowflake, and creates a Jira performance ticket when degradation is detected.

naftiko: '0.5'
info:
  label: Dynatrace Performance Baseline Comparison
  description: Queries Dynatrace for application performance metrics, compares against historical baselines in Snowflake, and creates a Jira performance ticket when degradation is detected.
  tags:
  - observability
  - performance
  - dynatrace
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: observability-metrics
    port: 8080
    tools:
    - name: check-performance-baseline
      description: Query Dynatrace for metrics, compare against Snowflake baselines, and create a Jira ticket on degradation.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The Dynatrace entity ID of the service.
      - name: service_name
        in: body
        type: string
        description: Human-readable service name.
      - name: time_range
        in: body
        type: string
        description: Time range for metrics (e.g., last2h, last24h, last7d).
      steps:
      - name: get-current-metrics
        type: call
        call: dynatrace.get-metrics
        with:
          entity_id: '{{entity_id}}'
          time_range: '{{time_range}}'
      - name: get-baseline
        type: call
        call: snowflake.execute-query
        with:
          warehouse: OPS_WH
          database: OBSERVABILITY_DB
          query: SELECT avg_response_time, avg_error_rate, p95_response_time FROM service_baselines WHERE entity_id = '{{entity_id}}'
      - name: create-perf-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: PERF
          issuetype: Task
          summary: '[Performance] {{service_name}} — baseline deviation'
          description: 'Service: {{service_name}} ({{entity_id}})

            Current response time: {{get-current-metrics.response_time_ms}}ms

            Baseline: {{get-baseline.avg_response_time}}ms

            Current error rate: {{get-current-metrics.error_rate}}%

            Baseline error rate: {{get-baseline.avg_error_rate}}%'
  consumes:
  - type: http
    namespace: dynatrace
    baseUri: https://abnamro.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: metrics
      path: /metrics/query?entityId={{entity_id}}&from={{time_range}}
      inputParameters:
      - name: entity_id
        in: query
      - name: time_range
        in: query
      operations:
      - name: get-metrics
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Triggers a Terraform deployment through Azure DevOps pipelines for banking infrastructure changes, with approval gating and Teams notification.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Deployment
  description: Triggers a Terraform deployment through Azure DevOps pipelines for banking infrastructure changes, with approval gating and Teams notification.
  tags:
  - infrastructure
  - devops
  - terraform
  - azure-devops
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: infra-deploy
    port: 8080
    tools:
    - name: deploy-infrastructure
      description: Given a Terraform workspace and environment, trigger an Azure DevOps pipeline run and notify the platform team.
      inputParameters:
      - name: workspace
        in: body
        type: string
        description: The Terraform workspace name.
      - name: environment
        in: body
        type: string
        description: 'Target environment: dev, staging, or production.'
      - name: change_ticket
        in: body
        type: string
        description: The ServiceNow change request number for audit trail.
      steps:
      - name: trigger-pipeline
        type: call
        call: azuredevops.run-pipeline
        with:
          project: banking-infra
          pipeline_id: terraform-apply
          variables:
            workspace: '{{workspace}}'
            environment: '{{environment}}'
            change_ticket: '{{change_ticket}}'
      - name: notify-platform
        type: call
        call: msteams.send-message
        with:
          channel: platform-deployments
          text: 'Infrastructure deployment triggered: {{workspace}} to {{environment}}. Pipeline run: {{trigger-pipeline.run_id}}. Change ticket: {{change_ticket}}.'
  consumes:
  - type: http
    namespace: azuredevops
    baseUri: https://dev.azure.com/abnamro
    authentication:
      type: bearer
      token: $secrets.azuredevops_token
    resources:
    - name: pipelines
      path: /{{project}}/_apis/pipelines/{{pipeline_id}}/runs?api-version=7.1
      inputParameters:
      - name: project
        in: path
      - name: pipeline_id
        in: path
      operations:
      - name: run-pipeline
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves a document from SharePoint by site and document path, returning the download URL, modified date, and author for banking document management.

naftiko: '0.5'
info:
  label: SharePoint Document Retrieval
  description: Retrieves a document from SharePoint by site and document path, returning the download URL, modified date, and author for banking document management.
  tags:
  - document-management
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: document-mgmt
    port: 8080
    tools:
    - name: get-document
      description: Retrieve a document from SharePoint. Returns download URL, last modified date, and author.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The SharePoint site ID.
      - name: document_path
        in: body
        type: string
        description: The document path relative to the site root.
      call: sharepoint.get-document
      with:
        site_id: '{{site_id}}'
        document_path: '{{document_path}}'
      outputParameters:
      - name: download_url
        type: string
        mapping: $.@microsoft.graph.downloadUrl
      - name: last_modified
        type: string
        mapping: $.lastModifiedDateTime
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{document_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: document_path
        in: path
      operations:
      - name: get-document
        method: GET

Reconciles nostro accounts with correspondent banks, identifies breaks in Snowflake, creates resolution tickets, and notifies operations.

naftiko: '0.5'
info:
  label: Nostro Reconciliation Pipeline
  description: Reconciles nostro accounts with correspondent banks, identifies breaks in Snowflake, creates resolution tickets, and notifies operations.
  tags:
  - operations
  - reconciliation
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: nostro_reconciliation_pipeline
      description: Orchestrate nostro reconciliation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

When a critical banking service goes down, sends mass notifications via Everbridge to affected stakeholders and creates a ServiceNow major incident record.

naftiko: '0.5'
info:
  label: Everbridge Mass Notification for IT Incidents
  description: When a critical banking service goes down, sends mass notifications via Everbridge to affected stakeholders and creates a ServiceNow major incident record.
  tags:
  - incident-management
  - business-continuity
  - everbridge
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: crisis-management
    port: 8080
    tools:
    - name: trigger-mass-notification
      description: Given an incident description and impacted service, send Everbridge notifications, create a ServiceNow major incident, and post to Teams.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The name of the impacted banking service.
      - name: incident_summary
        in: body
        type: string
        description: Brief description of the incident.
      - name: severity
        in: body
        type: string
        description: 'Incident severity: P1, P2, P3.'
      - name: contact_group
        in: body
        type: string
        description: The Everbridge contact group to notify.
      steps:
      - name: send-notification
        type: call
        call: everbridge.send-notification
        with:
          notification_type: Standard
          subject: '[{{severity}}] {{service_name}} — Service Disruption'
          body: '{{incident_summary}}'
          contact_group: '{{contact_group}}'
      - name: create-major-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: '[{{severity}}] {{service_name}} — {{incident_summary}}'
          impact: '1'
          urgency: '1'
          assigned_group: Major_Incident_Management
          category: service_disruption
      - name: post-to-teams
        type: call
        call: msteams.send-message
        with:
          channel: major-incidents
          text: 'MAJOR INCIDENT: {{severity}} | {{service_name}} | {{incident_summary}} | ServiceNow: {{create-major-incident.number}} | Everbridge notification sent to {{contact_group}}'
  consumes:
  - type: http
    namespace: everbridge
    baseUri: https://api.everbridge.net/rest
    authentication:
      type: bearer
      token: $secrets.everbridge_token
    resources:
    - name: notifications
      path: /notifications
      operations:
      - name: send-notification
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Checks the last refresh status of a Power BI dataset used for ABN AMRO reporting.

naftiko: '0.5'
info:
  label: Power BI Dataset Refresh Status
  description: Checks the last refresh status of a Power BI dataset used for ABN AMRO reporting.
  tags:
  - analytics
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: get-refresh-status
      description: Get Power BI dataset refresh status.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: The dataset_id to look up.
      call: powerbi.get-dataset_id
      with:
        dataset_id: '{{dataset_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: power_bi_dataset_refresh_statu
        method: GET

Receives mortgage application, runs credit check, validates documents in SharePoint, creates workflow in ServiceNow, and notifies the applicant via email.

naftiko: '0.5'
info:
  label: Mortgage Application Processor
  description: Receives mortgage application, runs credit check, validates documents in SharePoint, creates workflow in ServiceNow, and notifies the applicant via email.
  tags:
  - lending
  - mortgage
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: lending
    port: 8080
    tools:
    - name: mortgage_application_processor
      description: Orchestrate mortgage application processor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-application
        type: call
        call: lending.get-application
        with:
          app_id: '{{resource_id}}'
      - name: run-credit-check
        type: call
        call: creditbureau.check-score
        with:
          ssn: '{{get-application.ssn}}'
      - name: create-workflow
        type: call
        call: servicenow.create-request
        with:
          short_description: 'Mortgage: {{resource_id}}'
          credit_score: '{{run-credit-check.score}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: lending-ops
          text: 'Mortgage {{resource_id}} processed. Score: {{run-credit-check.score}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://abn-amro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Searches ABN AMRO Confluence knowledge base for articles matching a query.

naftiko: '0.5'
info:
  label: Confluence Knowledge Search
  description: Searches ABN AMRO Confluence knowledge base for articles matching a query.
  tags:
  - collaboration
  - confluence
  - knowledge-base
capability:
  exposes:
  - type: mcp
    namespace: collaboration
    port: 8080
    tools:
    - name: search-articles
      description: Search Confluence articles by query.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The search_query to look up.
      call: confluence.get-search_query
      with:
        search_query: '{{search_query}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://abn-amro.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence_knowledge_search
        method: GET

When a real-time fraud detection model flags a suspicious transaction in Snowflake, enriches the alert with customer data from Salesforce, blocks the card via Mastercard API, and notifies the fraud operations team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Fraud Detection Alert Pipeline
  description: When a real-time fraud detection model flags a suspicious transaction in Snowflake, enriches the alert with customer data from Salesforce, blocks the card via Mastercard API, and notifies the fraud operations team in Microsoft Teams.
  tags:
  - fraud-detection
  - security
  - snowflake
  - salesforce
  - mastercard
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: fraud-ops
    port: 8080
    tools:
    - name: handle-fraud-alert
      description: Given a fraud alert ID, enrich with customer data, optionally block the card, and notify fraud ops.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The fraud detection alert ID from the ML pipeline.
      - name: customer_id
        in: body
        type: string
        description: The Salesforce customer account ID.
      - name: card_number_token
        in: body
        type: string
        description: Tokenized card number for Mastercard API.
      - name: block_card
        in: body
        type: string
        description: 'Whether to block the card: true or false.'
      steps:
      - name: get-alert-data
        type: call
        call: snowflake.execute-query
        with:
          warehouse: FRAUD_WH
          database: FRAUD_DB
          query: SELECT * FROM fraud_alerts WHERE alert_id = '{{alert_id}}'
      - name: get-customer
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{customer_id}}'
      - name: block-card
        type: call
        call: mastercard.block-card
        with:
          card_token: '{{card_number_token}}'
          reason: fraud_suspected
      - name: notify-fraud-ops
        type: call
        call: msteams.send-message
        with:
          channel: fraud-operations
          text: 'Fraud Alert: {{alert_id}} | Customer: {{get-customer.name}} | Card blocked: {{block_card}} | Transaction details from Snowflake query. Review immediately.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://abnamro.eu-west-1.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://abnamro.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: mastercard
    baseUri: https://api.mastercard.com/fraud/v1
    authentication:
      type: bearer
      token: $secrets.mastercard_token
    resources:
    - name: cards
      path: /cards/block
      operations:
      - name: block-card
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel}}/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Checks the review status and approval state of a GitHub pull request.

naftiko: '0.5'
info:
  label: GitHub PR Review Status
  description: Checks the review status and approval state of a GitHub pull request.
  tags:
  - devops
  - github
  - code-review
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: get-pr-status
      description: Get PR review status by number.
      inputParameters:
      - name: pr_number
        in: body
        type: string
        description: The pr_number to look up.
      call: github.get-pr_number
      with:
        pr_number: '{{pr_number}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github_pr_review_status
        method: GET

Queries the MuleSoft Anypoint Platform for API deployment status and health metrics, compares against SLA thresholds in Datadog, and creates a ServiceNow incident when error rates exceed acceptable levels.

naftiko: '0.5'
info:
  label: MuleSoft API Health Check with Incident Creation
  description: Queries the MuleSoft Anypoint Platform for API deployment status and health metrics, compares against SLA thresholds in Datadog, and creates a ServiceNow incident when error rates exceed acceptable levels.
  tags:
  - api-management
  - integration
  - mulesoft
  - datadog
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: api-gateway
    port: 8080
    tools:
    - name: check-api-health-with-escalation
      description: Check MuleSoft API health, compare against Datadog SLA metrics, and create a ServiceNow incident on degradation.
      inputParameters:
      - name: api_id
        in: body
        type: string
        description: The MuleSoft Anypoint API instance ID.
      - name: environment
        in: body
        type: string
        description: 'Deployment environment: sandbox or production.'
      - name: error_rate_threshold
        in: body
        type: number
        description: Error rate threshold percentage for escalation.
      steps:
      - name: get-api-status
        type: call
        call: mulesoft.get-api-status
        with:
          api_id: '{{api_id}}'
          environment: '{{environment}}'
      - name: get-datadog-metrics
        type: call
        call: datadog.get-metrics
        with:
          query: avg:mulesoft.api.error_rate{api_id:{{api_id}},env:{{environment}}}
          time_range: 1h
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'API degradation: {{api_id}} in {{environment}}'
          description: 'MuleSoft API {{api_id}} ({{environment}}) is degraded.

            Status: {{get-api-status.status}}

            Error rate: {{get-datadog-metrics.error_rate}}%

            Threshold: {{error_rate_threshold}}%'
          assigned_group: API_Platform
          category: api_degradation
  consumes:
  - type: http
    namespace: mulesoft
    baseUri: https://anypoint.mulesoft.com/apimanager/api/v1
    authentication:
      type: bearer
      token: $secrets.mulesoft_token
    resources:
    - name: apis
      path: /organizations/{{org_id}}/environments/{{environment}}/apis/{{api_id}}
      inputParameters:
      - name: api_id
        in: path
      - name: environment
        in: path
      operations:
      - name: get-api-status
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.eu/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: get-metrics
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://abnamro.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Queries Prometheus for active alerts on Kubernetes-hosted banking microservices, enriches with Datadog APM trace data, and creates Jira incident tickets for critical alerts.

naftiko: '0.5'
info:
  label: Prometheus Alert Triage and Escalation
  description: Queries Prometheus for active alerts on Kubernetes-hosted banking microservices, enriches with Datadog APM trace data, and creates Jira incident tickets for critical alerts.
  tags:
  - observability
  - alerting
  - prometheus
  - datadog
  - jira
capability:
  exposes:
  - type: mcp
    namespace: monitoring
    port: 8080
    tools:
    - name: triage-prometheus-alerts
      description: Query Prometheus alerts, enrich with Datadog traces, and create Jira incidents for critical ones.
      inputParameters:
      - name: namespace
        in: body
        type: string
        description: The Kubernetes namespace to filter alerts.
      - name: severity_filter
        in: body
        type: string
        description: 'Minimum severity to triage: critical, warning, or info.'
      steps:
      - name: get-alerts
        type: call
        call: prometheus.query-alerts
        with:
          namespace: '{{namespace}}'
      - name: get-traces
        type: call
        call: datadog.get-traces
        with:
          service: '{{namespace}}'
          time_range: 1h
      - name: create-incident
        type: call
        call: jira.create-issue
        with:
          project_key: INC
          issuetype: Incident
          summary: '[Prometheus] {{namespace}} — {{get-alerts.alert_count}} active alerts'
          description: 'Namespace: {{namespace}}

            Active alerts: {{get-alerts.alert_count}}

            Severity filter: {{severity_filter}}

            Datadog traces available for correlation.'
  consumes:
  - type: http
    namespace: prometheus
    baseUri: https://prometheus.abnamro.com/api/v1
    authentication:
      type: bearer
      token: $secrets.prometheus_token
    resources:
    - name: alerts
      path: /alerts?filter=namespace%3D{{namespace}}
      inputParameters:
      - name: namespace
        in: query
      operations:
      - name: query-alerts
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.eu/api/v2
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: traces
      path: /traces?service={{service}}&timeRange={{time_range}}
      inputParameters:
      - name: service
        in: query
      - name: time_range
        in: query
      operations:
      - name: get-traces
        method: GET
  - type: http
    namespace: jira
    baseUri: https://abnamro.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Validates wire transfers against AML rules, screens beneficiaries, creates compliance records, and notifies compliance team.

naftiko: '0.5'
info:
  label: Wire Transfer Compliance Pipeline
  description: Validates wire transfers against AML rules, screens beneficiaries, creates compliance records, and notifies compliance team.
  tags:
  - payments
  - compliance
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: payments
    port: 8080
    tools:
    - name: wire_transfer_compliance_pipeline
      description: Orchestrate wire transfer compliance pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Generates annual client review documents from portfolio data, compliance records, and performance metrics, and sends to advisors.

naftiko: '0.5'
info:
  label: Annual Review Document Generator
  description: Generates annual client review documents from portfolio data, compliance records, and performance metrics, and sends to advisors.
  tags:
  - client-management
  - documents
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: client-management
    port: 8080
    tools:
    - name: annual_review_document_generator
      description: Orchestrate annual review document generator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Fetches real-time market data from Bloomberg Terminal API for ABN AMRO trading desks.

naftiko: '0.5'
info:
  label: Bloomberg Terminal Data Fetch
  description: Fetches real-time market data from Bloomberg Terminal API for ABN AMRO trading desks.
  tags:
  - trading
  - bloomberg
  - market-data
capability:
  exposes:
  - type: mcp
    namespace: trading
    port: 8080
    tools:
    - name: get-market-data
      description: Fetch Bloomberg market data by ticker.
      inputParameters:
      - name: ticker
        in: body
        type: string
        description: The ticker to look up.
      call: salesforce.get-ticker
      with:
        ticker: '{{ticker}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://abn-amro.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bloomberg_terminal_data_fetch
        method: GET

Queries distributed traces from the OpenTelemetry-backed tracing backend for a given trace ID, returning span details and latency breakdown for banking microservice debugging.

naftiko: '0.5'
info:
  label: OpenTelemetry Trace Lookup
  description: Queries distributed traces from the OpenTelemetry-backed tracing backend for a given trace ID, returning span details and latency breakdown for banking microservice debugging.
  tags:
  - observability
  - tracing
  - opentelemetry
capability:
  exposes:
  - type: mcp
    namespace: distributed-tracing
    port: 8080
    tools:
    - name: get-trace
      description: Look up a distributed trace by trace ID. Returns span tree, total duration, and error spans.
      inputParameters:
      - name: trace_id
        in: body
        type: string
        description: The OpenTelemetry trace ID (32-char hex).
      call: otel.get-trace
      with:
        trace_id: '{{trace_id}}'
      outputParameters:
      - name: span_count
        type: string
        mapping: $.spans.length
      - name: total_duration_ms
        type: string
        mapping: $.duration
  consumes:
  - type: http
    namespace: otel
    baseUri: https://tracing.abnamro.com/api/v2
    authentication:
      type: bearer
      token: $secrets.otel_token
    resources:
    - name: traces
      path: /traces/{{trace_id}}
      inputParameters:
      - name: trace_id
        in: path
      operations:
      - name: get-trace
        method: GET

Retrieves the current discount rate and fee structure for a merchant enrolled in the Amex network.

naftiko: '0.5'
info:
  label: Merchant Fee Rate Lookup
  description: Retrieves the current discount rate and fee structure for a merchant enrolled in the Amex network.
  tags:
  - merchants
  - payments
  - fees
capability:
  exposes:
  - type: mcp
    namespace: amex-merchant-data
    port: 8080
    tools:
    - name: get-fee-rate
      description: Given a merchant ID, return the discount rate, transaction fee, and effective date. Use when reviewing merchant fee arrangements.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: The merchant identifier.
      call: amex-merchant-data.get-fee-rate
      with:
        merchant_id: '{{merchant_id}}'
      outputParameters:
      - name: discount_rate
        type: number
        mapping: $.discount_rate
      - name: transaction_fee
        type: number
        mapping: $.transaction_fee
      - name: effective_date
        type: string
        mapping: $.effective_date
  consumes:
  - namespace: amex-merchant-data
    type: http
    baseUri: https://api.americanexpress.com/v1/merchants
    authentication:
      type: bearer
      token: $secrets.amex_merchant_token
    resources:
    - name: fees
      path: /merchants/{merchant_id}/fees
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: get-fee-rate
        method: GET

Escalates high-priority Zendesk support tickets by fetching ticket details, creating a Jira issue for the product team, and alerting the support lead via Slack.

naftiko: '0.5'
info:
  label: Zendesk Ticket Escalation Workflow
  description: Escalates high-priority Zendesk support tickets by fetching ticket details, creating a Jira issue for the product team, and alerting the support lead via Slack.
  tags:
  - zendesk
  - customer-support
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: ticket-escalation
    port: 8080
    tools:
    - name: escalate-ticket
      description: Escalate a Zendesk ticket to the product team via Jira and notify the support lead. Use when a support ticket requires product team intervention.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: Zendesk ticket ID.
      steps:
      - name: get-ticket
        type: call
        call: zendesk.get-ticket
        with:
          ticket_id: '{{ticket_id}}'
      - name: create-jira
        type: call
        call: jira.create-issue
        with:
          project_key: SUP
          issuetype: Bug
          summary: 'Escalation: {{get-ticket.subject}}'
          description: 'Zendesk #{{ticket_id}}: {{get-ticket.description}}. Priority: {{get-ticket.priority}}.'
      - name: alert-lead
        type: call
        call: slack.post-message
        with:
          channel: support-escalations
          text: 'Ticket escalated: #{{ticket_id}} — {{get-ticket.subject}} | Priority: {{get-ticket.priority}} | Jira: {{create-jira.key}}'
  consumes:
  - namespace: zendesk
    type: http
    baseUri: https://americanexpress.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: tickets
      path: /tickets/{ticket_id}
      inputParameters:
      - name: ticket_id
        in: path
      operations:
      - name: get-ticket
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Triggers a Tableau workbook refresh for monthly financial reporting dashboards and posts the refresh status to the Finance Slack channel.

naftiko: '0.5'
info:
  label: Tableau Financial Dashboard Refresh
  description: Triggers a Tableau workbook refresh for monthly financial reporting dashboards and posts the refresh status to the Finance Slack channel.
  tags:
  - data
  - analytics
  - tableau
  - slack
  - finance
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: finance-reporting
    port: 8080
    tools:
    - name: refresh-financial-dashboard
      description: Given a Tableau workbook ID, trigger a datasource refresh and post the job status to the finance Slack channel once complete. Use at month-end or quarter-end to refresh executive financial dashboards.
      inputParameters:
      - name: workbook_id
        in: body
        type: string
        description: The Tableau workbook ID to refresh.
      - name: site_id
        in: body
        type: string
        description: The Tableau site ID where the workbook is hosted.
      steps:
      - name: trigger-refresh
        type: call
        call: tableau.refresh-workbook
        with:
          site_id: '{{site_id}}'
          workbook_id: '{{workbook_id}}'
      - name: post-status
        type: call
        call: slack-finance.post-message
        with:
          channel: finance-reporting
          text: 'Tableau dashboard refresh triggered | Workbook: {{workbook_id}} | Job ID: {{trigger-refresh.job_id}} | Status: {{trigger-refresh.status}}'
  consumes:
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.tableau.com/api/2.8
    authentication:
      type: apikey
      key: X-Tableau-Auth
      value: $secrets.tableau_auth_token
      placement: header
    resources:
    - name: workbook-refresh
      path: /sites/{site_id}/workbooks/{workbook_id}/refresh
      inputParameters:
      - name: site_id
        in: path
      - name: workbook_id
        in: path
      operations:
      - name: refresh-workbook
        method: POST
  - namespace: slack-finance
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Processes a chargeback by retrieving the original transaction, filing the chargeback with the merchant acquirer, updating the cardholder ledger, and sending status notification.

naftiko: '0.5'
info:
  label: Cardholder Chargeback Processing
  description: Processes a chargeback by retrieving the original transaction, filing the chargeback with the merchant acquirer, updating the cardholder ledger, and sending status notification.
  tags:
  - chargebacks
  - payments
  - cardholder
  - settlements
capability:
  exposes:
  - type: mcp
    namespace: chargeback-ops
    port: 8080
    tools:
    - name: process-chargeback
      description: File a chargeback, issue provisional credit, and notify the cardholder. Use when a cardholder disputes a transaction and a chargeback is warranted.
      inputParameters:
      - name: transaction_id
        in: body
        type: string
        description: Original transaction ID.
      - name: reason_code
        in: body
        type: string
        description: Chargeback reason code.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email address.
      steps:
      - name: get-txn
        type: call
        call: amex-transactions.get-transaction
        with:
          txn_id: '{{transaction_id}}'
      - name: file-cb
        type: call
        call: amex-chargebacks.file-chargeback
        with:
          transaction_id: '{{transaction_id}}'
          reason_code: '{{reason_code}}'
          amount: '{{get-txn.amount}}'
      - name: credit-ledger
        type: call
        call: amex-ledger.create-entry
        with:
          account_id: '{{get-txn.account_id}}'
          amount: '{{get-txn.amount}}'
          type: provisional_credit
          reference: '{{file-cb.chargeback_id}}'
      - name: notify
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: Chargeback filed — provisional credit issued
          body: 'A provisional credit of ${{get-txn.amount}} has been applied. Chargeback ID: {{file-cb.chargeback_id}}'
  consumes:
  - namespace: amex-transactions
    type: http
    baseUri: https://api.americanexpress.com/v1/transactions
    authentication:
      type: bearer
      token: $secrets.amex_transactions_token
    resources:
    - name: transaction
      path: /transactions/{txn_id}
      inputParameters:
      - name: txn_id
        in: path
      operations:
      - name: get-transaction
        method: GET
  - namespace: amex-chargebacks
    type: http
    baseUri: https://api.americanexpress.com/v1/chargebacks
    authentication:
      type: bearer
      token: $secrets.amex_chargebacks_token
    resources:
    - name: chargeback
      path: /chargebacks
      operations:
      - name: file-chargeback
        method: POST
  - namespace: amex-ledger
    type: http
    baseUri: https://api.americanexpress.com/v1/ledger
    authentication:
      type: bearer
      token: $secrets.amex_ledger_token
    resources:
    - name: entries
      path: /entries
      operations:
      - name: create-entry
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a Snowflake data quality check fails for a critical financial dataset, logs the failure details and creates a Jira data engineering issue for remediation.

naftiko: '0.5'
info:
  label: Snowflake Data Quality Monitoring Alert
  description: When a Snowflake data quality check fails for a critical financial dataset, logs the failure details and creates a Jira data engineering issue for remediation.
  tags:
  - data
  - analytics
  - snowflake
  - jira
  - data-quality
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: handle-data-quality-failure
      description: Given a Snowflake table name, failed check name, and failure details, create a Jira issue for the data engineering team and post a Slack notification to the data ops channel. Use when automated data quality checks fail on financial or compliance datasets.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: The fully-qualified Snowflake table name (database.schema.table) where the quality check failed.
      - name: check_name
        in: body
        type: string
        description: The name of the data quality check that failed (e.g., null_count_check, row_count_threshold).
      - name: failure_details
        in: body
        type: string
        description: A description of why the check failed and what values were observed.
      steps:
      - name: create-dq-issue
        type: call
        call: jira-data.create-issue
        with:
          project_key: DATA
          issuetype: Bug
          summary: 'Data quality failure: {{check_name}} on {{table_name}}'
          description: 'Table: {{table_name}}

            Check: {{check_name}}

            Details: {{failure_details}}'
          priority: High
      - name: post-data-alert
        type: call
        call: slack-data.post-message
        with:
          channel: data-ops
          text: 'Data Quality Failure | Table: {{table_name}} | Check: {{check_name}} | Jira: {{create-dq-issue.key}}'
  consumes:
  - namespace: jira-data
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-data
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Responds to DDoS attacks by activating Cloudflare under-attack mode, creating a security incident in ServiceNow, alerting via PagerDuty, and posting status to Slack.

naftiko: '0.5'
info:
  label: Cloudflare DDoS Mitigation Response
  description: Responds to DDoS attacks by activating Cloudflare under-attack mode, creating a security incident in ServiceNow, alerting via PagerDuty, and posting status to Slack.
  tags:
  - cloudflare
  - security
  - servicenow
  - pagerduty
  - slack
capability:
  exposes:
  - type: mcp
    namespace: ddos-response
    port: 8080
    tools:
    - name: mitigate-ddos
      description: Activate DDoS mitigation and alert security teams. Use when a DDoS attack is detected.
      inputParameters:
      - name: zone_id
        in: body
        type: string
        description: Cloudflare zone ID.
      steps:
      - name: activate-uam
        type: call
        call: cloudflare.set-security-level
        with:
          zone_id: '{{zone_id}}'
          value: under_attack
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: DDoS attack — {{zone_id}}
          category: security
          priority: '1'
      - name: page-security
        type: call
        call: pagerduty.create-incident
        with:
          title: 'DDoS attack: zone {{zone_id}}'
          service_id: $secrets.pd_security_service_id
          urgency: high
      - name: post-status
        type: call
        call: slack.post-message
        with:
          channel: security-ops
          text: 'DDoS mitigation active: {{zone_id}} | SNOW: {{create-incident.number}} | PD: {{page-security.incident_number}}'
  consumes:
  - namespace: cloudflare
    type: http
    baseUri: https://api.cloudflare.com/client/v4
    authentication:
      type: bearer
      token: $secrets.cloudflare_token
    resources:
    - name: zones
      path: /zones/{zone_id}/settings/security_level
      inputParameters:
      - name: zone_id
        in: path
      operations:
      - name: set-security-level
        method: PATCH
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Responds to Dynatrace application slowdown alerts by fetching problem details, creating a PagerDuty incident, and opening a Jira issue for the responsible team.

naftiko: '0.5'
info:
  label: Dynatrace Application Slowdown Response
  description: Responds to Dynatrace application slowdown alerts by fetching problem details, creating a PagerDuty incident, and opening a Jira issue for the responsible team.
  tags:
  - dynatrace
  - monitoring
  - pagerduty
  - jira
capability:
  exposes:
  - type: mcp
    namespace: dt-response
    port: 8080
    tools:
    - name: handle-slowdown
      description: Respond to a Dynatrace slowdown by paging on-call and creating a tracking issue. Use when Dynatrace detects application performance degradation.
      inputParameters:
      - name: problem_id
        in: body
        type: string
        description: Dynatrace problem ID.
      steps:
      - name: get-problem
        type: call
        call: dynatrace.get-problem
        with:
          problem_id: '{{problem_id}}'
      - name: page-team
        type: call
        call: pagerduty.create-incident
        with:
          title: 'App slowdown: {{get-problem.title}}'
          service_id: $secrets.pd_app_service_id
          urgency: high
          body: 'Impact: {{get-problem.impactLevel}}. Root cause: {{get-problem.rootCauseEntity}}.'
      - name: create-issue
        type: call
        call: jira.create-issue
        with:
          project_key: OPS
          issuetype: Bug
          summary: 'Dynatrace: {{get-problem.title}}'
          description: 'Problem ID: {{problem_id}}. Impact: {{get-problem.impactLevel}}. PagerDuty: {{page-team.incident_number}}.'
  consumes:
  - namespace: dynatrace
    type: http
    baseUri: https://americanexpress.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: problems
      path: /problems/{problem_id}
      inputParameters:
      - name: problem_id
        in: path
      operations:
      - name: get-problem
        method: GET
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST

When a role change is recorded in Workday, updates the employee's Okta group memberships and notifies the employee via Microsoft Teams of their new access.

naftiko: '0.5'
info:
  label: Okta Access Provisioning for New Role
  description: When a role change is recorded in Workday, updates the employee's Okta group memberships and notifies the employee via Microsoft Teams of their new access.
  tags:
  - identity
  - security
  - okta
  - workday
  - microsoft-teams
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: identity-provisioning
    port: 8080
    tools:
    - name: provision-role-access
      description: Given a Workday employee ID and new role, retrieve the employee's Okta user ID, update their group memberships to reflect the new role, and notify them via Teams. Use when an employee changes roles and needs updated system access.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID of the employee whose role is changing.
      - name: new_role
        in: body
        type: string
        description: The new role or job title as defined in Workday.
      - name: okta_group_id
        in: body
        type: string
        description: The Okta group ID corresponding to the new role's access profile.
      steps:
      - name: get-employee
        type: call
        call: workday-iam.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: get-okta-user
        type: call
        call: okta.get-user-by-login
        with:
          login: '{{get-employee.work_email}}'
      - name: add-to-group
        type: call
        call: okta-groups.add-user-to-group
        with:
          group_id: '{{okta_group_id}}'
          user_id: '{{get-okta-user.id}}'
      - name: notify-employee
        type: call
        call: msteams-iam.send-message
        with:
          recipient_upn: '{{get-employee.work_email}}'
          text: 'Your access has been updated for your new role: {{new_role}}. If you have questions, contact the IT help desk.'
  consumes:
  - namespace: workday-iam
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: worker
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: okta
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user
      path: /users/{login}
      inputParameters:
      - name: login
        in: path
      operations:
      - name: get-user-by-login
        method: GET
  - namespace: okta-groups
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: group-membership
      path: /groups/{group_id}/users/{user_id}
      inputParameters:
      - name: group_id
        in: path
      - name: user_id
        in: path
      operations:
      - name: add-user-to-group
        method: PUT
  - namespace: msteams-iam
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/{recipient_upn}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the latest settlement status and payout details for a merchant from the settlements service.

naftiko: '0.5'
info:
  label: Merchant Settlement Status Lookup
  description: Retrieves the latest settlement status and payout details for a merchant from the settlements service.
  tags:
  - merchants
  - payments
  - settlements
capability:
  exposes:
  - type: mcp
    namespace: amex-settlements
    port: 8080
    tools:
    - name: get-settlement-status
      description: Given a merchant ID, return the latest settlement amount, status, and payout date. Use when a merchant inquires about payment settlement.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: The merchant identifier.
      call: amex-settlements.get-settlement-status
      with:
        merchant_id: '{{merchant_id}}'
      outputParameters:
      - name: settlement_amount
        type: number
        mapping: $.amount
      - name: status
        type: string
        mapping: $.status
      - name: payout_date
        type: string
        mapping: $.payout_date
  consumes:
  - namespace: amex-settlements
    type: http
    baseUri: https://api.americanexpress.com/v1/settlements
    authentication:
      type: bearer
      token: $secrets.amex_settlements_token
    resources:
    - name: settlement
      path: /merchants/{merchant_id}/settlements/latest
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: get-settlement-status
        method: GET

When a new lead is created in Salesforce for a card product, enriches the lead with firmographic data from ZoomInfo and updates the Salesforce record with company and contact details.

naftiko: '0.5'
info:
  label: Salesforce Lead to Card Applicant Enrichment
  description: When a new lead is created in Salesforce for a card product, enriches the lead with firmographic data from ZoomInfo and updates the Salesforce record with company and contact details.
  tags:
  - sales
  - crm
  - salesforce
  - zoominfo
  - lead-enrichment
capability:
  exposes:
  - type: mcp
    namespace: lead-enrichment
    port: 8080
    tools:
    - name: enrich-card-lead
      description: Given a Salesforce lead ID, retrieve lead details, search ZoomInfo for matching company and contact data, and update the Salesforce lead record with enriched firmographic information. Use when new B2B card product leads are created.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: The Salesforce lead ID to enrich.
      steps:
      - name: get-lead
        type: call
        call: salesforce-leads.get-lead
        with:
          lead_id: '{{lead_id}}'
      - name: search-zoominfo
        type: call
        call: zoominfo.search-contact
        with:
          first_name: '{{get-lead.first_name}}'
          last_name: '{{get-lead.last_name}}'
          company_name: '{{get-lead.company}}'
      - name: update-lead
        type: call
        call: salesforce-leads-update.update-lead
        with:
          lead_id: '{{lead_id}}'
          company_revenue: '{{search-zoominfo.company_revenue}}'
          employee_count: '{{search-zoominfo.employee_count}}'
          industry: '{{search-zoominfo.industry}}'
          linkedin_url: '{{search-zoominfo.linkedin_url}}'
  consumes:
  - namespace: salesforce-leads
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: lead
      path: /sobjects/Lead/{lead_id}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: get-lead
        method: GET
  - namespace: zoominfo
    type: http
    baseUri: https://api.zoominfo.com/search
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: contact
      path: /contact
      operations:
      - name: search-contact
        method: POST
  - namespace: salesforce-leads-update
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: lead
      path: /sobjects/Lead/{lead_id}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: update-lead
        method: PATCH

Generates a sprint retrospective digest by pulling completed stories from Jira, calculating velocity metrics, and posting the summary to Confluence and Slack.

naftiko: '0.5'
info:
  label: Jira Sprint Retrospective Digest
  description: Generates a sprint retrospective digest by pulling completed stories from Jira, calculating velocity metrics, and posting the summary to Confluence and Slack.
  tags:
  - jira
  - engineering
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: sprint-retro
    port: 8080
    tools:
    - name: generate-retro-digest
      description: Generate a sprint retrospective by summarizing completed work and posting to Confluence and Slack. Use at the end of each sprint.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: Jira project key.
      - name: sprint_id
        in: body
        type: string
        description: Sprint ID.
      - name: confluence_space
        in: body
        type: string
        description: Confluence space key.
      - name: team_channel
        in: body
        type: string
        description: Team Slack channel.
      steps:
      - name: get-completed
        type: call
        call: jira.search-issues
        with:
          jql: project={{project_key}} AND sprint={{sprint_id}} AND status=Done
      - name: create-retro
        type: call
        call: confluence.create-page
        with:
          spaceKey: '{{confluence_space}}'
          title: Sprint {{sprint_id}} Retrospective
          body: 'Completed: {{get-completed.total}} stories. Story points: {{get-completed.total_points}}.'
      - name: post-digest
        type: call
        call: slack.post-message
        with:
          channel: '{{team_channel}}'
          text: 'Sprint {{sprint_id}} complete: {{get-completed.total}} stories ({{get-completed.total_points}} pts). Retro: {{create-retro.url}}'
  consumes:
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search-issues
        method: GET
  - namespace: confluence
    type: http
    baseUri: https://americanexpress.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves a cardholder's current Membership Rewards point balance and tier status from the rewards platform and returns a structured summary.

naftiko: '0.5'
info:
  label: Cardholder Rewards Balance Lookup
  description: Retrieves a cardholder's current Membership Rewards point balance and tier status from the rewards platform and returns a structured summary.
  tags:
  - rewards
  - payments
  - cardholder
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: rewards
    port: 8080
    tools:
    - name: get-rewards-balance
      description: Given a cardholder account ID, return the current Membership Rewards point balance, tier, and expiry date. Use when an agent or representative needs to check a cardholder's rewards standing.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID for which to retrieve rewards balance.
      call: amex-rewards.get-balance
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: points_balance
        type: number
        mapping: $.points_balance
      - name: tier
        type: string
        mapping: $.tier
      - name: expiry_date
        type: string
        mapping: $.expiry_date
  consumes:
  - namespace: amex-rewards
    type: http
    baseUri: https://api.americanexpress.com/v1/rewards
    authentication:
      type: bearer
      token: $secrets.amex_rewards_token
    resources:
    - name: balance
      path: /accounts/{account_id}/balance
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-balance
        method: GET

Provisions a cardholder's card into a digital wallet by verifying identity, generating a token, registering with the wallet provider, and confirming via push notification.

naftiko: '0.5'
info:
  label: Cardholder Digital Wallet Provisioning
  description: Provisions a cardholder's card into a digital wallet by verifying identity, generating a token, registering with the wallet provider, and confirming via push notification.
  tags:
  - cardholder
  - digital-wallets
  - payments
  - security
capability:
  exposes:
  - type: mcp
    namespace: wallet-provision
    port: 8080
    tools:
    - name: provision-wallet
      description: Provision a card into a digital wallet with identity verification and token generation. Use when a cardholder adds their card to Apple Pay or Google Pay.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: card_id
        in: body
        type: string
        description: Card ID to provision.
      - name: wallet_type
        in: body
        type: string
        description: Wallet type (apple-pay, google-pay).
      - name: device_id
        in: body
        type: string
        description: Device identifier.
      - name: verification_method
        in: body
        type: string
        description: Verification method (sms, email).
      steps:
      - name: verify
        type: call
        call: amex-identity.verify-identity
        with:
          account_id: '{{account_id}}'
          verification_method: '{{verification_method}}'
      - name: tokenize
        type: call
        call: amex-tokens.generate-token
        with:
          card_id: '{{card_id}}'
          wallet_type: '{{wallet_type}}'
      - name: register
        type: call
        call: amex-wallets.register-wallet
        with:
          token_id: '{{tokenize.token_id}}'
          wallet_type: '{{wallet_type}}'
          device_id: '{{device_id}}'
      - name: confirm
        type: call
        call: amex-push.send-push
        with:
          account_id: '{{account_id}}'
          title: Card added to {{wallet_type}}
          body: Your card ending in {{tokenize.last_four}} is now available in {{wallet_type}}.
  consumes:
  - namespace: amex-identity
    type: http
    baseUri: https://api.americanexpress.com/v1/identity
    authentication:
      type: bearer
      token: $secrets.amex_identity_token
    resources:
    - name: verify
      path: /verify
      operations:
      - name: verify-identity
        method: POST
  - namespace: amex-tokens
    type: http
    baseUri: https://api.americanexpress.com/v1/tokens
    authentication:
      type: bearer
      token: $secrets.amex_tokens_token
    resources:
    - name: tokens
      path: /tokens
      operations:
      - name: generate-token
        method: POST
  - namespace: amex-wallets
    type: http
    baseUri: https://api.americanexpress.com/v1/wallets
    authentication:
      type: bearer
      token: $secrets.amex_wallets_token
    resources:
    - name: registrations
      path: /registrations
      operations:
      - name: register-wallet
        method: POST
  - namespace: amex-push
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: push
      path: /push/send
      operations:
      - name: send-push
        method: POST

Queries Datadog for the current health status and error rate of a specified American Express microservice.

naftiko: '0.5'
info:
  label: Datadog Service Health Check
  description: Queries Datadog for the current health status and error rate of a specified American Express microservice.
  tags:
  - datadog
  - monitoring
  - infrastructure
capability:
  exposes:
  - type: mcp
    namespace: datadog
    port: 8080
    tools:
    - name: get-service-health
      description: Given a service name, return the current monitor status and error rate from Datadog. Use when checking the health of a production service.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The microservice name to check.
      call: datadog.get-service-health
      with:
        service_name: '{{service_name}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.monitors[0].overall_state
      - name: error_rate
        type: number
        mapping: $.monitors[0].error_rate
      - name: name
        type: string
        mapping: $.monitors[0].name
  consumes:
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/search
      operations:
      - name: get-service-health
        method: GET

Checks whether a cardholder is eligible for a specific Amex Offer based on account profile and spending history.

naftiko: '0.5'
info:
  label: Cardholder Offer Eligibility Check
  description: Checks whether a cardholder is eligible for a specific Amex Offer based on account profile and spending history.
  tags:
  - offers
  - cardholder
  - marketing
capability:
  exposes:
  - type: mcp
    namespace: amex-offers
    port: 8080
    tools:
    - name: check-eligibility
      description: Given an offer ID and account ID, return eligibility status, reason, and offer name. Use when verifying if a cardholder qualifies for a specific Amex Offer.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      - name: offer_id
        in: body
        type: string
        description: The Amex Offer identifier.
      call: amex-offers.check-eligibility
      with:
        account_id: '{{account_id}}'
        offer_id: '{{offer_id}}'
      outputParameters:
      - name: eligible
        type: boolean
        mapping: $.eligible
      - name: reason
        type: string
        mapping: $.reason
      - name: offer_name
        type: string
        mapping: $.offer_name
  consumes:
  - namespace: amex-offers
    type: http
    baseUri: https://api.americanexpress.com/v1/offers
    authentication:
      type: bearer
      token: $secrets.amex_offers_token
    resources:
    - name: eligibility
      path: /offers/{offer_id}/eligibility/{account_id}
      inputParameters:
      - name: account_id
        in: path
      - name: offer_id
        in: path
      operations:
      - name: check-eligibility
        method: GET

Retrieves the current status, credit limit, and outstanding balance for a cardholder account from the American Express accounts platform.

naftiko: '0.5'
info:
  label: Cardholder Account Status Lookup
  description: Retrieves the current status, credit limit, and outstanding balance for a cardholder account from the American Express accounts platform.
  tags:
  - payments
  - cardholder
  - lookup
  - account-management
capability:
  exposes:
  - type: mcp
    namespace: account-lookup
    port: 8080
    tools:
    - name: get-account-status
      description: Given a cardholder account ID, return the account status, credit limit, current balance, and payment due date. Use when a customer service representative or agent needs to check account standing before processing a request.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID to look up.
      call: amex-accounts.get-account
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.account_status
      - name: credit_limit
        type: number
        mapping: $.credit_limit
      - name: current_balance
        type: number
        mapping: $.current_balance
      - name: payment_due_date
        type: string
        mapping: $.payment_due_date
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: account
      path: /{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET

Deprovisions a terminated employee by deactivating their Okta account, revoking all app assignments, creating a ServiceNow closure ticket, and notifying security via Slack.

naftiko: '0.5'
info:
  label: Okta User Deprovisioning Workflow
  description: Deprovisions a terminated employee by deactivating their Okta account, revoking all app assignments, creating a ServiceNow closure ticket, and notifying security via Slack.
  tags:
  - identity
  - okta
  - servicenow
  - security
  - offboarding
capability:
  exposes:
  - type: mcp
    namespace: okta-deprovision
    port: 8080
    tools:
    - name: deprovision-user
      description: Deactivate an Okta user, revoke app assignments, create a closure ticket, and notify security. Use when an employee is terminated.
      inputParameters:
      - name: user_id
        in: body
        type: string
        description: Okta user ID of the terminated employee.
      steps:
      - name: deactivate
        type: call
        call: okta.deactivate-user
        with:
          user_id: '{{user_id}}'
      - name: revoke-apps
        type: call
        call: okta.list-apps
        with:
          user_id: '{{user_id}}'
      - name: create-ticket
        type: call
        call: servicenow.create-request
        with:
          short_description: User deprovisioned — {{user_id}}
          description: 'Okta account deactivated. App assignments revoked: {{revoke-apps.app_count}}.'
      - name: notify-security
        type: call
        call: slack.post-message
        with:
          channel: security-ops
          text: 'User deprovisioned: {{user_id}}. {{revoke-apps.app_count}} app assignments revoked. SNOW: {{create-ticket.number}}'
  consumes:
  - namespace: okta
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: users
      path: /users/{user_id}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: deactivate-user
        method: POST
      - name: list-apps
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Detects corporate card expense policy violations, creates a compliance case in Jira, notifies the employee's manager via email, and flags the expense in the expense management system.

naftiko: '0.5'
info:
  label: Corporate Expense Policy Violation Handler
  description: Detects corporate card expense policy violations, creates a compliance case in Jira, notifies the employee's manager via email, and flags the expense in the expense management system.
  tags:
  - corporate
  - compliance
  - jira
  - expense-management
capability:
  exposes:
  - type: mcp
    namespace: expense-compliance
    port: 8080
    tools:
    - name: handle-policy-violation
      description: Flag a policy-violating expense, create a compliance case, and notify the manager. Use when an expense policy violation is detected.
      inputParameters:
      - name: expense_id
        in: body
        type: string
        description: Expense record ID.
      - name: violation_reason
        in: body
        type: string
        description: Reason for the policy violation.
      steps:
      - name: get-expense
        type: call
        call: amex-expenses.get-expense
        with:
          expense_id: '{{expense_id}}'
      - name: flag-violation
        type: call
        call: amex-expenses.flag-expense
        with:
          expense_id: '{{expense_id}}'
          flag: policy-violation
          reason: '{{violation_reason}}'
      - name: create-case
        type: call
        call: jira.create-issue
        with:
          project_key: COMP
          issuetype: Task
          summary: Expense policy violation — {{get-expense.employee_name}}
          description: 'Expense: ${{get-expense.amount}} at {{get-expense.merchant}}. Violation: {{violation_reason}}.'
      - name: notify-manager
        type: call
        call: email.send-email
        with:
          to: '{{get-expense.manager_email}}'
          subject: Expense policy violation flagged
          body: 'An expense by {{get-expense.employee_name}} for ${{get-expense.amount}} has been flagged. Jira: {{create-case.key}}'
  consumes:
  - namespace: amex-expenses
    type: http
    baseUri: https://api.americanexpress.com/v1/expenses
    authentication:
      type: bearer
      token: $secrets.amex_expenses_token
    resources:
    - name: expense
      path: /expenses/{expense_id}
      inputParameters:
      - name: expense_id
        in: path
      operations:
      - name: get-expense
        method: GET
      - name: flag-expense
        method: PUT
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Generates a postmortem for a PagerDuty incident by fetching incident timeline, creating a Confluence postmortem page, and notifying stakeholders via Slack.

naftiko: '0.5'
info:
  label: PagerDuty Incident Postmortem Generator
  description: Generates a postmortem for a PagerDuty incident by fetching incident timeline, creating a Confluence postmortem page, and notifying stakeholders via Slack.
  tags:
  - pagerduty
  - incident-management
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: postmortem-gen
    port: 8080
    tools:
    - name: generate-postmortem
      description: Generate a postmortem document from a PagerDuty incident and share it. Use after an incident is resolved.
      inputParameters:
      - name: incident_id
        in: body
        type: string
        description: PagerDuty incident ID.
      steps:
      - name: get-incident
        type: call
        call: pagerduty.get-incident
        with:
          incident_id: '{{incident_id}}'
      - name: get-timeline
        type: call
        call: pagerduty.get-timeline
        with:
          incident_id: '{{incident_id}}'
      - name: create-postmortem
        type: call
        call: confluence.create-page
        with:
          spaceKey: ENG
          title: 'Postmortem: {{get-incident.title}}'
          body: 'Severity: {{get-incident.urgency}}. Duration: {{get-incident.duration}}. Timeline entries: {{get-timeline.total}}.'
      - name: notify
        type: call
        call: slack.post-message
        with:
          channel: engineering
          text: 'Postmortem ready: {{get-incident.title}} | Severity: {{get-incident.urgency}} | Doc: {{create-postmortem.url}}'
  consumes:
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents/{incident_id}
      inputParameters:
      - name: incident_id
        in: path
      operations:
      - name: get-incident
        method: GET
    - name: logs
      path: /incidents/{incident_id}/log_entries
      inputParameters:
      - name: incident_id
        in: path
      operations:
      - name: get-timeline
        method: GET
  - namespace: confluence
    type: http
    baseUri: https://americanexpress.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Screens high-value transactions for anti-money laundering by running sanctions checks, creating a compliance review case, and filing a suspicious activity report if needed.

naftiko: '0.5'
info:
  label: AML Transaction Screening Workflow
  description: Screens high-value transactions for anti-money laundering by running sanctions checks, creating a compliance review case, and filing a suspicious activity report if needed.
  tags:
  - compliance
  - aml
  - security
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: aml-screening
    port: 8080
    tools:
    - name: screen-transaction
      description: Screen a transaction for AML, create a compliance case, and file a SAR if warranted. Use when a high-value transaction triggers AML rules.
      inputParameters:
      - name: transaction_id
        in: body
        type: string
        description: Transaction ID to screen.
      - name: amount
        in: body
        type: string
        description: Transaction amount.
      - name: parties
        in: body
        type: string
        description: Comma-separated party names.
      steps:
      - name: screen
        type: call
        call: amex-sanctions.screen-transaction
        with:
          transaction_id: '{{transaction_id}}'
          amount: '{{amount}}'
          parties: '{{parties}}'
      - name: create-review
        type: call
        call: servicenow.create-case
        with:
          short_description: AML screening — txn {{transaction_id}}
          category: aml
          priority: '{{screen.risk_level}}'
          description: 'Screening result: {{screen.result}}. Hit count: {{screen.hit_count}}.'
      - name: file-report
        type: call
        call: amex-sar.file-sar
        with:
          transaction_id: '{{transaction_id}}'
          case_id: '{{create-review.sys_id}}'
          screening_result: '{{screen.result}}'
  consumes:
  - namespace: amex-sanctions
    type: http
    baseUri: https://api.americanexpress.com/v1/sanctions
    authentication:
      type: bearer
      token: $secrets.amex_sanctions_token
    resources:
    - name: screening
      path: /screen
      operations:
      - name: screen-transaction
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_compliance_case
      operations:
      - name: create-case
        method: POST
  - namespace: amex-sar
    type: http
    baseUri: https://api.americanexpress.com/v1/sar
    authentication:
      type: bearer
      token: $secrets.amex_sar_token
    resources:
    - name: reports
      path: /reports
      operations:
      - name: file-sar
        method: POST

Orchestrates employee termination by updating Workday, deactivating Okta, revoking corporate card, and creating a ServiceNow offboarding ticket.

naftiko: '0.5'
info:
  label: Workday Employee Termination Orchestration
  description: Orchestrates employee termination by updating Workday, deactivating Okta, revoking corporate card, and creating a ServiceNow offboarding ticket.
  tags:
  - hr
  - workday
  - okta
  - offboarding
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: termination-ops
    port: 8080
    tools:
    - name: orchestrate-termination
      description: Process an employee termination across all systems. Use when HR initiates an employee separation.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: Workday worker ID.
      - name: okta_user_id
        in: body
        type: string
        description: Okta user ID.
      - name: card_id
        in: body
        type: string
        description: Corporate card ID.
      - name: termination_date
        in: body
        type: string
        description: Last day of employment.
      - name: reason
        in: body
        type: string
        description: Termination reason.
      steps:
      - name: terminate-wd
        type: call
        call: workday.terminate-worker
        with:
          worker_id: '{{worker_id}}'
          termination_date: '{{termination_date}}'
          reason: '{{reason}}'
      - name: deactivate-okta
        type: call
        call: okta.deactivate-user
        with:
          user_id: '{{okta_user_id}}'
      - name: cancel-card
        type: call
        call: amex-corporate.cancel-card
        with:
          card_id: '{{card_id}}'
      - name: create-ticket
        type: call
        call: servicenow.create-request
        with:
          short_description: Offboarding — {{worker_id}}
          description: 'Workday terminated. Okta deactivated. Corporate card cancelled. Termination date: {{termination_date}}.'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd3-impl-services1.workday.com/ccx/service/amex
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{worker_id}/terminate
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: terminate-worker
        method: POST
  - namespace: okta
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: users
      path: /users/{user_id}/lifecycle/deactivate
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: deactivate-user
        method: POST
  - namespace: amex-corporate
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corporate_token
    resources:
    - name: cards
      path: /cards/{card_id}/cancel
      inputParameters:
      - name: card_id
        in: path
      operations:
      - name: cancel-card
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST

When AWS Cost Explorer detects a spend anomaly above threshold, retrieves the anomaly details, opens a ServiceNow change request, and notifies the cloud FinOps Slack channel.

naftiko: '0.5'
info:
  label: Cloud Cost Anomaly Response
  description: When AWS Cost Explorer detects a spend anomaly above threshold, retrieves the anomaly details, opens a ServiceNow change request, and notifies the cloud FinOps Slack channel.
  tags:
  - cloud
  - finops
  - aws
  - servicenow
  - slack
  - cost-management
capability:
  exposes:
  - type: mcp
    namespace: cloud-finops
    port: 8080
    tools:
    - name: handle-cost-anomaly
      description: Given an AWS cost anomaly ID and the affected service/account, retrieve anomaly details from AWS Cost Explorer, open a ServiceNow change request for cost investigation, and alert the FinOps Slack channel. Invoke when a cost spike exceeds defined thresholds.
      inputParameters:
      - name: anomaly_id
        in: body
        type: string
        description: The AWS Cost Explorer anomaly ID.
      - name: aws_account_id
        in: body
        type: string
        description: The AWS account ID where the anomaly was detected.
      - name: estimated_overage_usd
        in: body
        type: number
        description: Estimated cost overage in USD.
      steps:
      - name: get-anomaly
        type: call
        call: aws-cost.get-anomaly
        with:
          anomaly_id: '{{anomaly_id}}'
      - name: open-change-request
        type: call
        call: servicenow-cloud.create-change
        with:
          category: cloud_cost
          short_description: Cost anomaly on AWS account {{aws_account_id}} — est. overage ${{estimated_overage_usd}}
          description: 'Anomaly ID: {{anomaly_id}}

            Service: {{get-anomaly.service}}

            Root cause hypothesis: {{get-anomaly.root_cause}}

            Impact period: {{get-anomaly.start_date}} to {{get-anomaly.end_date}}'
      - name: post-alert
        type: call
        call: slack-finops.post-message
        with:
          channel: cloud-finops
          text: 'AWS Cost Anomaly | Account: {{aws_account_id}} | Service: {{get-anomaly.service}} | Overage: ${{estimated_overage_usd}} | ServiceNow: {{open-change-request.number}}'
  consumes:
  - namespace: aws-cost
    type: http
    baseUri: https://ce.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_sigv4_auth
      placement: header
    resources:
    - name: anomaly
      path: /GetAnomalies
      operations:
      - name: get-anomaly
        method: POST
  - namespace: servicenow-cloud
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change
      path: /table/change_request
      operations:
      - name: create-change
        method: POST
  - namespace: slack-finops
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Rotates TLS certificates for payment gateway endpoints by generating a new certificate, deploying it via Terraform, validating connectivity, and notifying the infrastructure team via Slack.

naftiko: '0.5'
info:
  label: Payment Gateway Certificate Rotation
  description: Rotates TLS certificates for payment gateway endpoints by generating a new certificate, deploying it via Terraform, validating connectivity, and notifying the infrastructure team via Slack.
  tags:
  - security
  - infrastructure
  - terraform
  - slack
capability:
  exposes:
  - type: mcp
    namespace: cert-rotation
    port: 8080
    tools:
    - name: rotate-gateway-cert
      description: Generate a new TLS certificate, deploy via Terraform, validate, and notify the team. Use during scheduled certificate rotation windows.
      inputParameters: []
      steps:
      - name: generate-cert
        type: call
        call: amex-pki.generate-cert
        with:
          domain: gateway.americanexpress.com
          validity_days: '365'
      - name: deploy-cert
        type: call
        call: terraform-cloud.trigger-apply
        with:
          workspace_id: $secrets.tf_gateway_workspace
          message: Cert rotation — {{generate-cert.serial_number}}
      - name: validate
        type: call
        call: amex-gateway.check-health
        with: {}
      - name: notify
        type: call
        call: slack.post-message
        with:
          channel: infra-ops
          text: 'TLS cert rotated for gateway.americanexpress.com. Serial: {{generate-cert.serial_number}}. Health: {{validate.status}}'
  consumes:
  - namespace: amex-pki
    type: http
    baseUri: https://api.americanexpress.com/v1/pki
    authentication:
      type: bearer
      token: $secrets.amex_pki_token
    resources:
    - name: certificates
      path: /certificates
      operations:
      - name: generate-cert
        method: POST
  - namespace: terraform-cloud
    type: http
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: trigger-apply
        method: POST
  - namespace: amex-gateway
    type: http
    baseUri: https://api.americanexpress.com/v1/gateway
    authentication:
      type: bearer
      token: $secrets.amex_gateway_token
    resources:
    - name: health
      path: /health
      operations:
      - name: check-health
        method: GET
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Routes a vendor invoice through approval by validating the PO in SAP, creating an approval task in ServiceNow, and notifying the approver via Slack.

naftiko: '0.5'
info:
  label: Vendor Invoice Approval Workflow
  description: Routes a vendor invoice through approval by validating the PO in SAP, creating an approval task in ServiceNow, and notifying the approver via Slack.
  tags:
  - finance
  - procurement
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: invoice-approval
    port: 8080
    tools:
    - name: route-invoice-approval
      description: Validate a purchase order, create an approval task, and notify the approver. Use when a vendor invoice requires approval routing.
      inputParameters:
      - name: po_number
        in: body
        type: string
        description: Purchase order number.
      - name: vendor_name
        in: body
        type: string
        description: Vendor name.
      - name: invoice_amount
        in: body
        type: string
        description: Invoice amount.
      steps:
      - name: validate-po
        type: call
        call: sap.get-po
        with:
          po_number: '{{po_number}}'
      - name: create-approval
        type: call
        call: servicenow.create-approval
        with:
          source_table: ap_invoice
          approver: '{{validate-po.budget_owner}}'
          state: requested
      - name: notify-approver
        type: call
        call: slack.post-message
        with:
          channel: '{{validate-po.budget_owner_slack}}'
          text: 'Invoice approval needed: PO {{po_number}} | Vendor: {{vendor_name}} | Amount: ${{invoice_amount}} | Approval: {{create-approval.sys_id}}'
  consumes:
  - namespace: sap
    type: http
    baseUri: https://api.americanexpress.com/v1/sap
    authentication:
      type: bearer
      token: $secrets.sap_token
    resources:
    - name: purchase-orders
      path: /purchase-orders/{po_number}
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: approvals
      path: /table/sysapproval_approver
      operations:
      - name: create-approval
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Checks the PCI-DSS compliance status of a merchant from the compliance registry.

naftiko: '0.5'
info:
  label: PCI Compliance Status Lookup
  description: Checks the PCI-DSS compliance status of a merchant from the compliance registry.
  tags:
  - compliance
  - merchants
  - security
capability:
  exposes:
  - type: mcp
    namespace: amex-compliance
    port: 8080
    tools:
    - name: get-pci-status
      description: Given a merchant ID, return the PCI-DSS compliance status, last assessment date, and compliance level. Use when verifying merchant security compliance.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: The merchant identifier.
      call: amex-compliance.get-pci-status
      with:
        merchant_id: '{{merchant_id}}'
      outputParameters:
      - name: compliant
        type: boolean
        mapping: $.compliant
      - name: last_assessment
        type: string
        mapping: $.last_assessment
      - name: level
        type: string
        mapping: $.level
  consumes:
  - namespace: amex-compliance
    type: http
    baseUri: https://api.americanexpress.com/v1/compliance
    authentication:
      type: bearer
      token: $secrets.amex_compliance_token
    resources:
    - name: pci-status
      path: /merchants/{merchant_id}/pci-status
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: get-pci-status
        method: GET

Provisions Tableau dashboard access for a user by verifying their role in Okta, adding them to the Tableau site, and confirming via email.

naftiko: '0.5'
info:
  label: Tableau Dashboard Access Provisioning
  description: Provisions Tableau dashboard access for a user by verifying their role in Okta, adding them to the Tableau site, and confirming via email.
  tags:
  - tableau
  - okta
  - access-management
  - email
capability:
  exposes:
  - type: mcp
    namespace: tableau-access
    port: 8080
    tools:
    - name: provision-tableau-access
      description: Verify a user's role and provision Tableau access. Use when a user requests dashboard access.
      inputParameters:
      - name: user_id
        in: body
        type: string
        description: Okta user ID.
      - name: tableau_role
        in: body
        type: string
        description: Tableau site role (Viewer, Explorer, Creator).
      steps:
      - name: verify-role
        type: call
        call: okta.get-user
        with:
          user_id: '{{user_id}}'
      - name: add-to-tableau
        type: call
        call: tableau.add-user
        with:
          site_id: $secrets.tableau_site_id
          email: '{{verify-role.profile.email}}'
          role: '{{tableau_role}}'
      - name: confirm
        type: call
        call: email.send-email
        with:
          to: '{{verify-role.profile.email}}'
          subject: Tableau access granted
          body: You now have {{tableau_role}} access to the Tableau site. Login at https://americanexpress.online.tableau.com
  consumes:
  - namespace: okta
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: users
      path: /users/{user_id}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: get-user
        method: GET
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.online.tableau.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: users
      path: /sites/{site_id}/users
      inputParameters:
      - name: site_id
        in: path
      operations:
      - name: add-user
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Retrieves weekly campaign performance metrics from Adobe Analytics and posts a formatted digest to the marketing Slack channel and Microsoft Teams marketing hub.

naftiko: '0.5'
info:
  label: Marketing Campaign Performance Digest
  description: Retrieves weekly campaign performance metrics from Adobe Analytics and posts a formatted digest to the marketing Slack channel and Microsoft Teams marketing hub.
  tags:
  - marketing
  - adobe-analytics
  - slack
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: marketing-reporting
    port: 8080
    tools:
    - name: digest-campaign-performance
      description: Given an Adobe Analytics report suite ID and date range, retrieve campaign performance metrics (impressions, clicks, conversions) and post a summary digest to the marketing Slack channel and Teams. Use for weekly or monthly campaign performance reviews.
      inputParameters:
      - name: report_suite_id
        in: body
        type: string
        description: The Adobe Analytics report suite ID to query.
      - name: from_date
        in: body
        type: string
        description: Start date for the performance period in YYYY-MM-DD format.
      - name: to_date
        in: body
        type: string
        description: End date for the performance period in YYYY-MM-DD format.
      steps:
      - name: get-metrics
        type: call
        call: adobe-analytics.get-report
        with:
          report_suite_id: '{{report_suite_id}}'
          date_from: '{{from_date}}'
          date_to: '{{to_date}}'
          metrics: pageviews,visits,orders,revenue
      - name: post-slack-digest
        type: call
        call: slack-marketing.post-message
        with:
          channel: marketing-performance
          text: 'Campaign Performance {{from_date}} to {{to_date}} | Visits: {{get-metrics.visits}} | Conversions: {{get-metrics.orders}} | Revenue: ${{get-metrics.revenue}}'
      - name: post-teams-digest
        type: call
        call: msteams-marketing.post-channel-message
        with:
          channel_id: $secrets.teams_marketing_channel_id
          content: 'Weekly Campaign Summary ({{from_date}} — {{to_date}})

            Visits: {{get-metrics.visits}}

            Orders: {{get-metrics.orders}}

            Revenue: ${{get-metrics.revenue}}'
  consumes:
  - namespace: adobe-analytics
    type: http
    baseUri: https://analytics.adobe.io/api
    authentication:
      type: bearer
      token: $secrets.adobe_analytics_token
    resources:
    - name: report
      path: /{global_company_id}/reports
      inputParameters:
      - name: global_company_id
        in: path
      operations:
      - name: get-report
        method: POST
  - namespace: slack-marketing
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
  - namespace: msteams-marketing
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-message
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves the current status of a merchant onboarding application from the merchant services platform and returns structured status details.

naftiko: '0.5'
info:
  label: Merchant Onboarding Application Status Check
  description: Retrieves the current status of a merchant onboarding application from the merchant services platform and returns structured status details.
  tags:
  - merchant-services
  - onboarding
  - payments
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: merchant-onboarding
    port: 8080
    tools:
    - name: get-merchant-application-status
      description: Given a merchant application ID, return the current onboarding status, review stage, and any pending requirements. Use when a merchant services agent needs to check where an application stands.
      inputParameters:
      - name: application_id
        in: body
        type: string
        description: The merchant onboarding application ID issued at submission.
      call: amex-merchant.get-application
      with:
        application_id: '{{application_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: review_stage
        type: string
        mapping: $.review_stage
      - name: pending_items
        type: array
        mapping: $.pending_items
  consumes:
  - namespace: amex-merchant
    type: http
    baseUri: https://api.americanexpress.com/v1/merchant-services
    authentication:
      type: bearer
      token: $secrets.amex_merchant_token
    resources:
    - name: application
      path: /applications/{application_id}
      inputParameters:
      - name: application_id
        in: path
      operations:
      - name: get-application
        method: GET

Generates a merchant renewal pipeline digest by querying Salesforce opportunities, summarizing in Snowflake, and distributing via Slack.

naftiko: '0.5'
info:
  label: Salesforce Renewal Pipeline Digest
  description: Generates a merchant renewal pipeline digest by querying Salesforce opportunities, summarizing in Snowflake, and distributing via Slack.
  tags:
  - salesforce
  - renewals
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: renewal-digest
    port: 8080
    tools:
    - name: generate-renewal-digest
      description: Summarize the renewal pipeline and share with the team. Use for weekly pipeline reviews.
      inputParameters: []
      steps:
      - name: get-renewals
        type: call
        call: salesforce.run-soql
        with:
          q: SELECT Name, Amount, CloseDate FROM Opportunity WHERE StageName='Renewal' AND CloseDate=THIS_QUARTER
      - name: summarize
        type: call
        call: snowflake.run-query
        with:
          query: SELECT COUNT(*) as total, SUM(amount) as pipeline_value FROM SALES_DB.PUBLIC.RENEWAL_PIPELINE WHERE quarter=CURRENT_QUARTER()
      - name: post-digest
        type: call
        call: slack.post-message
        with:
          channel: merchant-renewals
          text: 'Renewal pipeline: {{summarize.total}} renewals | ${{summarize.pipeline_value}} | Details in Salesforce'
  consumes:
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      operations:
      - name: run-soql
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Triggers the annual performance review cycle in Workday for a specified business unit and sends a Microsoft Teams notification to all managers in that unit.

naftiko: '0.5'
info:
  label: Employee Performance Review Cycle Initiation
  description: Triggers the annual performance review cycle in Workday for a specified business unit and sends a Microsoft Teams notification to all managers in that unit.
  tags:
  - hr
  - performance-management
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: performance-hr
    port: 8080
    tools:
    - name: initiate-performance-review
      description: Given a Workday business unit ID and review period, trigger the performance review process in Workday and send a Teams notification to all managers in the unit with instructions. Use at the start of annual or mid-year review cycles.
      inputParameters:
      - name: business_unit_id
        in: body
        type: string
        description: The Workday business unit ID for which to initiate the review cycle.
      - name: review_period
        in: body
        type: string
        description: The review period label (e.g., 2026-Annual, 2026-MidYear).
      - name: due_date
        in: body
        type: string
        description: The deadline for review completion in YYYY-MM-DD format.
      steps:
      - name: start-review-process
        type: call
        call: workday-perf.initiate-review
        with:
          business_unit_id: '{{business_unit_id}}'
          review_period: '{{review_period}}'
          due_date: '{{due_date}}'
      - name: notify-managers
        type: call
        call: msteams-hr.post-channel-message
        with:
          channel_id: $secrets.teams_managers_channel_id
          content: 'The {{review_period}} performance review cycle has been initiated. Please complete reviews for your direct reports by {{due_date}}. Process ID: {{start-review-process.process_id}}'
  consumes:
  - namespace: workday-perf
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: review
      path: /performanceReviews
      operations:
      - name: initiate-review
        method: POST
  - namespace: msteams-hr
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-message
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Responds to CloudWatch alarms for Lambda error spikes by fetching error logs, creating a PagerDuty incident, and posting diagnostics to Slack.

naftiko: '0.5'
info:
  label: CloudWatch Lambda Error Spike Response
  description: Responds to CloudWatch alarms for Lambda error spikes by fetching error logs, creating a PagerDuty incident, and posting diagnostics to Slack.
  tags:
  - aws
  - cloudwatch
  - lambda
  - pagerduty
  - slack
capability:
  exposes:
  - type: mcp
    namespace: lambda-errors
    port: 8080
    tools:
    - name: respond-lambda-errors
      description: Fetch Lambda error logs, page on-call, and post diagnostics. Use when CloudWatch detects an error spike in a Lambda function.
      inputParameters:
      - name: function_name
        in: body
        type: string
        description: AWS Lambda function name.
      steps:
      - name: get-errors
        type: call
        call: cloudwatch.get-log-events
        with:
          logGroupName: /aws/lambda/{{function_name}}
          filterPattern: ERROR
          limit: '25'
      - name: page-team
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Lambda error spike: {{function_name}}'
          service_id: $secrets.pd_lambda_service_id
          urgency: high
      - name: post-diagnostics
        type: call
        call: slack.post-message
        with:
          channel: serverless-ops
          text: 'Lambda error spike: {{function_name}} | Errors: {{get-errors.event_count}} | PD: {{page-team.incident_number}} | Latest: {{get-errors.events[0].message}}'
  consumes:
  - namespace: cloudwatch
    type: http
    baseUri: https://logs.us-east-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_token
    resources:
    - name: logs
      path: /
      operations:
      - name: get-log-events
        method: POST
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When CrowdStrike detects a suspicious login event for a privileged account, suspends the Okta user session, opens a ServiceNow security incident, and alerts the SOC Slack channel.

naftiko: '0.5'
info:
  label: Suspicious Login Threat Response
  description: When CrowdStrike detects a suspicious login event for a privileged account, suspends the Okta user session, opens a ServiceNow security incident, and alerts the SOC Slack channel.
  tags:
  - security
  - crowdstrike
  - okta
  - servicenow
  - slack
  - identity
  - threat-response
capability:
  exposes:
  - type: mcp
    namespace: soc-response
    port: 8080
    tools:
    - name: respond-to-suspicious-login
      description: Given a CrowdStrike detection ID and the affected user's email, retrieve detection details, suspend the user's Okta sessions, open a ServiceNow security incident, and alert the SOC Slack channel. Use for privileged account compromise response.
      inputParameters:
      - name: detection_id
        in: body
        type: string
        description: The CrowdStrike Falcon detection ID for the suspicious login event.
      - name: user_email
        in: body
        type: string
        description: The email address of the account flagged in the detection.
      steps:
      - name: get-detection
        type: call
        call: crowdstrike.get-detection
        with:
          detection_id: '{{detection_id}}'
      - name: get-okta-user
        type: call
        call: okta-soc.get-user-by-login
        with:
          login: '{{user_email}}'
      - name: clear-sessions
        type: call
        call: okta-sessions.clear-user-sessions
        with:
          user_id: '{{get-okta-user.id}}'
      - name: create-sec-incident
        type: call
        call: servicenow-soc.create-incident
        with:
          category: security
          subcategory: suspicious_login
          short_description: Suspicious login detected for {{user_email}}
          description: 'CrowdStrike Detection: {{detection_id}}

            User: {{user_email}}

            Okta sessions cleared: true

            Detection details: {{get-detection.description}}'
          urgency: '1'
          impact: '2'
      - name: alert-soc
        type: call
        call: slack-soc.post-message
        with:
          channel: soc-alerts
          text: 'Suspicious Login Response | User: {{user_email}} | Detection: {{detection_id}} | Okta sessions cleared | SNOW: {{create-sec-incident.number}}'
  consumes:
  - namespace: crowdstrike
    type: http
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_access_token
    resources:
    - name: detection
      path: /detects/entities/detect/v2
      operations:
      - name: get-detection
        method: GET
  - namespace: okta-soc
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user
      path: /users/{login}
      inputParameters:
      - name: login
        in: path
      operations:
      - name: get-user-by-login
        method: GET
  - namespace: okta-sessions
    type: http
    baseUri: https://americanexpress.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user-sessions
      path: /users/{user_id}/sessions
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: clear-user-sessions
        method: DELETE
  - namespace: servicenow-soc
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack-soc
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Looks up a merchant category code and returns its description and risk classification from the merchant data service.

naftiko: '0.5'
info:
  label: Merchant Category Code Lookup
  description: Looks up a merchant category code and returns its description and risk classification from the merchant data service.
  tags:
  - merchants
  - payments
  - data
capability:
  exposes:
  - type: mcp
    namespace: amex-merchant-data
    port: 8080
    tools:
    - name: get-mcc
      description: Given a merchant category code, return its description, risk level, and category. Use when classifying merchant transactions.
      inputParameters:
      - name: mcc_code
        in: body
        type: string
        description: The merchant category code to look up.
      call: amex-merchant-data.get-mcc
      with:
        mcc_code: '{{mcc_code}}'
      outputParameters:
      - name: description
        type: string
        mapping: $.description
      - name: risk_level
        type: string
        mapping: $.risk_level
      - name: category
        type: string
        mapping: $.category
  consumes:
  - namespace: amex-merchant-data
    type: http
    baseUri: https://api.americanexpress.com/v1/merchants
    authentication:
      type: bearer
      token: $secrets.amex_merchant_token
    resources:
    - name: mcc
      path: /mcc/{mcc_code}
      inputParameters:
      - name: mcc_code
        in: path
      operations:
      - name: get-mcc
        method: GET

Checks whether a cardholder has active travel notifications on file and returns destination and date ranges.

naftiko: '0.5'
info:
  label: Cardholder Travel Notification Status
  description: Checks whether a cardholder has active travel notifications on file and returns destination and date ranges.
  tags:
  - cardholder
  - travel
  - notifications
capability:
  exposes:
  - type: mcp
    namespace: amex-travel
    port: 8080
    tools:
    - name: get-travel-notifications
      description: Given a cardholder account ID, return active travel notifications including destinations and dates. Use when verifying travel alerts before flagging foreign transactions.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-travel.get-travel-notifications
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: notifications
        type: array
        mapping: $.notifications
      - name: active_count
        type: number
        mapping: $.active_count
  consumes:
  - namespace: amex-travel
    type: http
    baseUri: https://api.americanexpress.com/v1/travel
    authentication:
      type: bearer
      token: $secrets.amex_travel_token
    resources:
    - name: notifications
      path: /accounts/{account_id}/travel-notifications
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-travel-notifications
        method: GET

Pulls a headcount snapshot from Workday by department and pushes the data to Snowflake for aggregation in workforce analytics dashboards.

naftiko: '0.5'
info:
  label: Headcount Reporting Snapshot
  description: Pulls a headcount snapshot from Workday by department and pushes the data to Snowflake for aggregation in workforce analytics dashboards.
  tags:
  - hr
  - workforce-analytics
  - workday
  - snowflake
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: hr-reporting
    port: 8080
    tools:
    - name: publish-headcount-snapshot
      description: Given a department ID and reporting period, retrieve headcount data from Workday and insert a snapshot record into the Snowflake workforce analytics table. Use for monthly headcount reporting and workforce planning.
      inputParameters:
      - name: department_id
        in: body
        type: string
        description: The Workday department ID to pull headcount data for.
      - name: reporting_period
        in: body
        type: string
        description: The reporting period in YYYY-MM format (e.g., 2026-03).
      steps:
      - name: get-headcount
        type: call
        call: workday-hr.get-headcount
        with:
          department_id: '{{department_id}}'
          as_of_date: '{{reporting_period}}'
      - name: insert-snapshot
        type: call
        call: snowflake-hr.insert-headcount
        with:
          department_id: '{{department_id}}'
          period: '{{reporting_period}}'
          headcount: '{{get-headcount.total_headcount}}'
          fte_count: '{{get-headcount.fte_count}}'
          contractor_count: '{{get-headcount.contractor_count}}'
  consumes:
  - namespace: workday-hr
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: headcount
      path: /organizations/{department_id}/headcount
      inputParameters:
      - name: department_id
        in: path
      operations:
      - name: get-headcount
        method: GET
  - namespace: snowflake-hr
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: headcount
      path: /statements
      operations:
      - name: insert-headcount
        method: POST

Launches a targeted Amex Offers campaign by querying eligible cardholders in Snowflake, creating the offer in the offers platform, and triggering email notifications via Adobe Campaign.

naftiko: '0.5'
info:
  label: Amex Offer Activation Campaign
  description: Launches a targeted Amex Offers campaign by querying eligible cardholders in Snowflake, creating the offer in the offers platform, and triggering email notifications via Adobe Campaign.
  tags:
  - offers
  - marketing
  - snowflake
  - adobe-campaign
capability:
  exposes:
  - type: mcp
    namespace: offer-campaigns
    port: 8080
    tools:
    - name: launch-offer-campaign
      description: Find eligible cardholders, create an offer, and trigger the email campaign. Use when launching a new Amex Offers promotion.
      inputParameters:
      - name: offer_name
        in: body
        type: string
        description: Name of the Amex Offer.
      - name: merchant_id
        in: body
        type: string
        description: Participating merchant ID.
      - name: discount_percent
        in: body
        type: string
        description: Discount percentage.
      - name: target_segment
        in: body
        type: string
        description: Target cardholder segment.
      - name: campaign_template_id
        in: body
        type: string
        description: Adobe Campaign template ID.
      steps:
      - name: find-eligible
        type: call
        call: snowflake.run-query
        with:
          query: SELECT account_id FROM MARKETING_DB.PUBLIC.CARDHOLDER_SEGMENTS WHERE segment='{{target_segment}}' AND eligible=TRUE
      - name: create-offer
        type: call
        call: amex-offers.create-offer
        with:
          name: '{{offer_name}}'
          merchant_id: '{{merchant_id}}'
          discount: '{{discount_percent}}'
          segment: '{{target_segment}}'
      - name: trigger-emails
        type: call
        call: adobe-campaign.trigger-campaign
        with:
          campaign_id: '{{campaign_template_id}}'
          offer_id: '{{create-offer.offer_id}}'
          audience_count: '{{find-eligible.row_count}}'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: amex-offers
    type: http
    baseUri: https://api.americanexpress.com/v1/offers
    authentication:
      type: bearer
      token: $secrets.amex_offers_token
    resources:
    - name: offers
      path: /offers
      operations:
      - name: create-offer
        method: POST
  - namespace: adobe-campaign
    type: http
    baseUri: https://mc.adobe.io/americanexpress/campaign
    authentication:
      type: bearer
      token: $secrets.adobe_campaign_token
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: trigger-campaign
        method: POST

Generates a campaign ROI report by pulling performance data from Google Analytics, enriching with spend data from Snowflake, and distributing via email.

naftiko: '0.5'
info:
  label: Google Analytics Campaign ROI Report
  description: Generates a campaign ROI report by pulling performance data from Google Analytics, enriching with spend data from Snowflake, and distributing via email.
  tags:
  - google-analytics
  - marketing
  - snowflake
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: campaign-roi
    port: 8080
    tools:
    - name: generate-roi-report
      description: Pull campaign performance, enrich with spend data, and distribute. Use for periodic campaign reporting.
      inputParameters:
      - name: ga_property_id
        in: body
        type: string
        description: Google Analytics property ID.
      - name: date_range
        in: body
        type: string
        description: Date range for the report.
      steps:
      - name: get-performance
        type: call
        call: google-analytics.run-report
        with:
          property_id: '{{ga_property_id}}'
          dateRange: '{{date_range}}'
      - name: get-spend
        type: call
        call: snowflake.run-query
        with:
          query: SELECT SUM(spend) as total_spend FROM MARKETING_DB.PUBLIC.CAMPAIGN_SPEND WHERE date_range='{{date_range}}'
      - name: distribute
        type: call
        call: email.send-email
        with:
          to: marketing-leadership@americanexpress.com
          subject: Campaign ROI Report — {{date_range}}
          body: 'Sessions: {{get-performance.totals.sessions}}. Conversions: {{get-performance.totals.conversions}}. Revenue: ${{get-performance.totals.revenue}}. Spend: ${{get-spend.total_spend}}.'
  consumes:
  - namespace: google-analytics
    type: http
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /properties/{property_id}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Pulls approved corporate card transactions from SAP Concur and posts summarized expense entries to SAP S/4HANA for financial reconciliation.

naftiko: '0.5'
info:
  label: Corporate Card Expense Report Sync
  description: Pulls approved corporate card transactions from SAP Concur and posts summarized expense entries to SAP S/4HANA for financial reconciliation.
  tags:
  - finance
  - expense-management
  - sap-concur
  - sap-s4hana
  - reconciliation
capability:
  exposes:
  - type: mcp
    namespace: expense-finance
    port: 8080
    tools:
    - name: sync-expense-report
      description: Given a Concur expense report ID, fetch the approved report and post each line item as a journal entry in SAP S/4HANA. Use when corporate card expenses need to be reconciled in the general ledger.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: The SAP Concur expense report ID to sync.
      - name: company_code
        in: body
        type: string
        description: The SAP S/4HANA company code for posting journal entries (e.g., 1000).
      steps:
      - name: get-report
        type: call
        call: concur.get-expense-report
        with:
          report_id: '{{report_id}}'
      - name: post-journal
        type: call
        call: s4hana.post-journal-entry
        with:
          company_code: '{{company_code}}'
          amount: '{{get-report.total_amount}}'
          currency: '{{get-report.currency_code}}'
          cost_center: '{{get-report.cost_center}}'
          reference: '{{report_id}}'
  consumes:
  - namespace: concur
    type: http
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_access_token
    resources:
    - name: expense-report
      path: /expense/reports/{report_id}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-expense-report
        method: GET
  - namespace: s4hana
    type: http
    baseUri: https://americanexpress-s4.sap.com/sap/opu/odata/sap/API_JOURNALENTRYITEMBASIC_SRV
    authentication:
      type: basic
      username: $secrets.s4hana_user
      password: $secrets.s4hana_password
    resources:
    - name: journal-entry
      path: /JournalEntryItemBasic
      operations:
      - name: post-journal-entry
        method: POST

Retrieves a compliance document from SharePoint, submits it to Anthropic Claude for key obligation extraction, and posts the summary to the Legal & Compliance Teams channel.

naftiko: '0.5'
info:
  label: Regulatory Compliance Document Summarization
  description: Retrieves a compliance document from SharePoint, submits it to Anthropic Claude for key obligation extraction, and posts the summary to the Legal & Compliance Teams channel.
  tags:
  - compliance
  - legal
  - sharepoint
  - anthropic
  - ai
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: compliance-ai
    port: 8080
    tools:
    - name: summarize-compliance-doc
      description: Given a SharePoint document site ID and file path, retrieve the document, send it to Anthropic Claude to extract key regulatory obligations and risk items, and post the summary to a Teams channel. Use when legal or compliance teams need rapid document triage.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The SharePoint site ID where the compliance document is stored.
      - name: file_path
        in: body
        type: string
        description: The relative file path of the document within the SharePoint site.
      - name: teams_channel_id
        in: body
        type: string
        description: The Microsoft Teams channel ID to post the summary to.
      steps:
      - name: get-document
        type: call
        call: sharepoint.get-file-content
        with:
          site_id: '{{site_id}}'
          file_path: '{{file_path}}'
      - name: extract-obligations
        type: call
        call: anthropic.create-message
        with:
          model: claude-opus-4-5
          prompt: 'You are a regulatory compliance analyst. Extract and list: (1) key obligations, (2) compliance deadlines, (3) risk areas from this document. Be concise. Document: {{get-document.content}}'
      - name: post-to-teams
        type: call
        call: msteams-compliance.post-channel-message
        with:
          channel_id: '{{teams_channel_id}}'
          content: 'Compliance Summary for {{file_path}}:


            {{extract-obligations.content}}'
  consumes:
  - namespace: sharepoint
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: file-content
      path: /sites/{site_id}/drive/root:/{file_path}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: file_path
        in: path
      operations:
      - name: get-file-content
        method: GET
  - namespace: anthropic
    type: http
    baseUri: https://api.anthropic.com/v1
    authentication:
      type: apikey
      key: x-api-key
      value: $secrets.anthropic_api_key
      placement: header
    resources:
    - name: message
      path: /messages
      operations:
      - name: create-message
        method: POST
  - namespace: msteams-compliance
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-message
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Provisions corporate cards in bulk by reading employee data from Workday, creating card accounts, and sending activation instructions via email.

naftiko: '0.5'
info:
  label: Corporate Card Bulk Provisioning
  description: Provisions corporate cards in bulk by reading employee data from Workday, creating card accounts, and sending activation instructions via email.
  tags:
  - corporate
  - cards
  - workday
  - onboarding
capability:
  exposes:
  - type: mcp
    namespace: bulk-provision
    port: 8080
    tools:
    - name: bulk-provision-cards
      description: Provision corporate cards for a department by pulling employees from Workday and creating card accounts. Use during new department onboarding.
      inputParameters:
      - name: department
        in: body
        type: string
        description: Department name.
      - name: card_program
        in: body
        type: string
        description: Corporate card program ID.
      - name: spending_limit
        in: body
        type: string
        description: Default spending limit.
      - name: distribution_list
        in: body
        type: string
        description: Distribution list email.
      steps:
      - name: get-employees
        type: call
        call: workday.get-workers
        with:
          department: '{{department}}'
          status: active
      - name: provision-cards
        type: call
        call: amex-corporate.bulk-provision
        with:
          employees: '{{get-employees.workers}}'
          card_program: '{{card_program}}'
          spending_limit: '{{spending_limit}}'
      - name: send-instructions
        type: call
        call: email.send-email
        with:
          to: '{{distribution_list}}'
          subject: Corporate Amex cards provisioned
          body: '{{provision-cards.provisioned_count}} cards provisioned for {{department}}. Employees will receive activation instructions individually.'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd3-impl-services1.workday.com/ccx/service/amex
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers
      operations:
      - name: get-workers
        method: GET
  - namespace: amex-corporate
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corporate_token
    resources:
    - name: cards
      path: /cards/bulk-provision
      operations:
      - name: bulk-provision
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Monitors Bloomberg market data feeds for significant movements, creates an alert in ServiceNow, and notifies the trading desk via Slack with context from Snowflake analytics.

naftiko: '0.5'
info:
  label: Bloomberg Market Data Alert Workflow
  description: Monitors Bloomberg market data feeds for significant movements, creates an alert in ServiceNow, and notifies the trading desk via Slack with context from Snowflake analytics.
  tags:
  - bloomberg
  - market-data
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: market-alerts
    port: 8080
    tools:
    - name: process-market-alert
      description: Process a market data movement by calculating exposure, creating an incident, and alerting the desk. Use when Bloomberg detects significant price movements.
      inputParameters:
      - name: dataset
        in: body
        type: string
        description: Bloomberg dataset identifier.
      - name: securities
        in: body
        type: string
        description: Comma-separated security identifiers.
      steps:
      - name: get-data
        type: call
        call: bloomberg.get-market-data
        with:
          dataset: '{{dataset}}'
          securities: '{{securities}}'
      - name: get-exposure
        type: call
        call: snowflake.run-query
        with:
          query: SELECT SUM(notional) as exposure FROM TREASURY_DB.PUBLIC.POSITIONS WHERE security IN ('{{securities}}')
      - name: create-alert
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Market movement alert: {{securities}}'
          category: market-risk
          description: 'Movement: {{get-data.change_pct}}%. Exposure: ${{get-exposure.exposure}}.'
      - name: notify-desk
        type: call
        call: slack.post-message
        with:
          channel: trading-desk
          text: 'Market alert: {{securities}} moved {{get-data.change_pct}}%. Our exposure: ${{get-exposure.exposure}}. SNOW: {{create-alert.number}}'
  consumes:
  - namespace: bloomberg
    type: http
    baseUri: https://api.bloomberg.com/eap/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: data
      path: /data/{dataset}
      inputParameters:
      - name: dataset
        in: path
      operations:
      - name: get-market-data
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a Salesforce opportunity for a new corporate card program is marked Closed-Won, creates the program account in the corporate card platform and sends confirmation to the sales rep via email.

naftiko: '0.5'
info:
  label: Salesforce Opportunity to Card Program Sync
  description: When a Salesforce opportunity for a new corporate card program is marked Closed-Won, creates the program account in the corporate card platform and sends confirmation to the sales rep via email.
  tags:
  - sales
  - crm
  - salesforce
  - payments
  - corporate-cards
capability:
  exposes:
  - type: mcp
    namespace: sales-card-sync
    port: 8080
    tools:
    - name: activate-card-program
      description: Given a Salesforce opportunity ID for a closed-won corporate card program deal, retrieve opportunity details, create the card program account, and notify the responsible sales representative. Use when a B2B card program deal is won and needs activation.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID for the closed-won card program.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce-crm.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: create-program
        type: call
        call: amex-programs.create-program
        with:
          company_name: '{{get-opportunity.account_name}}'
          credit_limit: '{{get-opportunity.amount}}'
          billing_contact_email: '{{get-opportunity.billing_email}}'
          program_type: corporate_card
      - name: notify-rep
        type: call
        call: salesforce-email.send-email
        with:
          to: '{{get-opportunity.owner_email}}'
          subject: Card program activated for {{get-opportunity.account_name}}
          body: 'The corporate card program for {{get-opportunity.account_name}} has been activated. Program ID: {{create-program.program_id}}.'
  consumes:
  - namespace: salesforce-crm
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: opportunity
      path: /sobjects/Opportunity/{opportunity_id}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - namespace: amex-programs
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corp_token
    resources:
    - name: program
      path: /programs
      operations:
      - name: create-program
        method: POST
  - namespace: salesforce-email
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: email
      path: /actions/standard/emailSimple
      operations:
      - name: send-email
        method: POST

Recovers from a Snowflake data pipeline failure by checking pipeline status, retrying the failed task, creating a ServiceNow incident, and notifying the data engineering team via Slack.

naftiko: '0.5'
info:
  label: Snowflake Data Pipeline Failure Recovery
  description: Recovers from a Snowflake data pipeline failure by checking pipeline status, retrying the failed task, creating a ServiceNow incident, and notifying the data engineering team via Slack.
  tags:
  - snowflake
  - data-engineering
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: pipeline-recovery
    port: 8080
    tools:
    - name: recover-pipeline
      description: Check a failed Snowflake pipeline, retry execution, create an incident, and notify the team. Use when a data pipeline task fails.
      inputParameters:
      - name: task_name
        in: body
        type: string
        description: Snowflake task name.
      steps:
      - name: check-status
        type: call
        call: snowflake.run-query
        with:
          query: SELECT * FROM TABLE(INFORMATION_SCHEMA.TASK_HISTORY()) WHERE NAME='{{task_name}}' AND STATE='FAILED' ORDER BY SCHEDULED_TIME DESC LIMIT 1
      - name: retry-task
        type: call
        call: snowflake.run-query
        with:
          query: EXECUTE TASK {{task_name}}
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Snowflake pipeline failure: {{task_name}}'
          category: data-engineering
          priority: '2'
          description: 'Task {{task_name}} failed. Error: {{check-status.error_message}}. Retry initiated.'
      - name: notify-team
        type: call
        call: slack.post-message
        with:
          channel: data-engineering
          text: 'Pipeline failure: {{task_name}}. Error: {{check-status.error_message}}. Retry initiated. SNOW: {{create-incident.number}}'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Performs merchant risk assessment by aggregating transaction data from Snowflake, running a risk model, updating the merchant profile in Salesforce, and filing findings in ServiceNow.

naftiko: '0.5'
info:
  label: Merchant Risk Assessment Workflow
  description: Performs merchant risk assessment by aggregating transaction data from Snowflake, running a risk model, updating the merchant profile in Salesforce, and filing findings in ServiceNow.
  tags:
  - merchants
  - risk
  - snowflake
  - salesforce
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: merchant-risk
    port: 8080
    tools:
    - name: assess-merchant-risk
      description: Assess merchant risk by analyzing transaction patterns and scoring. Use during periodic merchant risk reviews.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: Merchant ID.
      - name: sf_account_id
        in: body
        type: string
        description: Salesforce account ID.
      steps:
      - name: get-txn-data
        type: call
        call: snowflake.run-query
        with:
          query: SELECT AVG(amount) as avg_txn, COUNT(*) as txn_count, SUM(chargeback_amount) as cb_total FROM MERCHANT_DB.PUBLIC.TRANSACTIONS WHERE merchant_id='{{merchant_id}}' AND date >= DATEADD(month, -6, CURRENT_DATE())
      - name: score
        type: call
        call: amex-risk.score-merchant
        with:
          merchant_id: '{{merchant_id}}'
          avg_transaction: '{{get-txn-data.avg_txn}}'
          chargeback_total: '{{get-txn-data.cb_total}}'
      - name: update-sf
        type: call
        call: salesforce.update-account
        with:
          account_id: '{{sf_account_id}}'
          Risk_Score__c: '{{score.risk_score}}'
          Last_Assessment__c: '{{score.assessment_date}}'
      - name: file-findings
        type: call
        call: servicenow.create-case
        with:
          short_description: Merchant risk assessment — {{merchant_id}}
          description: 'Risk score: {{score.risk_score}}. Avg txn: ${{get-txn-data.avg_txn}}. Chargeback total: ${{get-txn-data.cb_total}}.'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: amex-risk
    type: http
    baseUri: https://api.americanexpress.com/v1/risk
    authentication:
      type: bearer
      token: $secrets.amex_risk_token
    resources:
    - name: merchant-risk
      path: /merchants/score
      operations:
      - name: score-merchant
        method: POST
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-account
        method: PATCH
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_risk_case
      operations:
      - name: create-case
        method: POST

Generates personalized spending insights for a cardholder by analyzing spend categories in Snowflake, creating a visual in Tableau, and delivering via email.

naftiko: '0.5'
info:
  label: Cardholder Spend Category Insights Digest
  description: Generates personalized spending insights for a cardholder by analyzing spend categories in Snowflake, creating a visual in Tableau, and delivering via email.
  tags:
  - cardholder
  - analytics
  - snowflake
  - tableau
  - personalization
capability:
  exposes:
  - type: mcp
    namespace: spend-insights
    port: 8080
    tools:
    - name: generate-spend-insights
      description: Analyze spending patterns and deliver a personalized insights digest. Use for monthly cardholder engagement.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: month
        in: body
        type: string
        description: Month for insights (e.g. 2026-03).
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email.
      steps:
      - name: analyze-spend
        type: call
        call: snowflake.run-query
        with:
          query: SELECT category, SUM(amount) as total FROM CARDHOLDER_DB.PUBLIC.TRANSACTIONS WHERE account_id='{{account_id}}' AND month='{{month}}' GROUP BY category ORDER BY total DESC LIMIT 5
      - name: generate-visual
        type: call
        call: tableau.get-view-image
        with:
          site_id: $secrets.tableau_site_id
          view_id: $secrets.spend_insights_view_id
      - name: deliver
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: Your {{month}} Spending Insights
          body: Your top category was {{analyze-spend.results[0].category}} at ${{analyze-spend.results[0].total}}.
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.online.tableau.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: views
      path: /sites/{site_id}/views/{view_id}/image
      inputParameters:
      - name: site_id
        in: path
      - name: view_id
        in: path
      operations:
      - name: get-view-image
        method: GET
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Fetches real-time currency exchange rates from the Amex FX service for a given currency pair.

naftiko: '0.5'
info:
  label: Currency Exchange Rate Lookup
  description: Fetches real-time currency exchange rates from the Amex FX service for a given currency pair.
  tags:
  - payments
  - forex
  - data
capability:
  exposes:
  - type: mcp
    namespace: amex-fx
    port: 8080
    tools:
    - name: get-exchange-rate
      description: Given base and target currencies, return the current exchange rate, spread, and timestamp. Use when processing international transactions or quoting FX rates.
      inputParameters:
      - name: base_currency
        in: body
        type: string
        description: The base currency code (e.g. USD).
      - name: target_currency
        in: body
        type: string
        description: The target currency code (e.g. EUR).
      call: amex-fx.get-exchange-rate
      with:
        base_currency: '{{base_currency}}'
        target_currency: '{{target_currency}}'
      outputParameters:
      - name: rate
        type: number
        mapping: $.rate
      - name: spread
        type: number
        mapping: $.spread
      - name: timestamp
        type: string
        mapping: $.timestamp
  consumes:
  - namespace: amex-fx
    type: http
    baseUri: https://api.americanexpress.com/v1/fx
    authentication:
      type: bearer
      token: $secrets.amex_fx_token
    resources:
    - name: rates
      path: /rates/{base_currency}/{target_currency}
      inputParameters:
      - name: base_currency
        in: path
      - name: target_currency
        in: path
      operations:
      - name: get-exchange-rate
        method: GET

Verifies a cardholder's lounge access entitlement based on card product and returns nearby eligible lounges for a given airport.

naftiko: '0.5'
info:
  label: Global Lounge Access Lookup
  description: Verifies a cardholder's lounge access entitlement based on card product and returns nearby eligible lounges for a given airport.
  tags:
  - travel
  - cardholder
  - lounges
capability:
  exposes:
  - type: mcp
    namespace: amex-lounges
    port: 8080
    tools:
    - name: get-lounge-access
      description: Given a card product and airport code, return lounge eligibility and available lounges. Use when a cardholder asks about airport lounge access.
      inputParameters:
      - name: airport_code
        in: body
        type: string
        description: The IATA airport code.
      - name: card_product
        in: body
        type: string
        description: The card product identifier.
      call: amex-lounges.get-lounge-access
      with:
        airport_code: '{{airport_code}}'
        card_product: '{{card_product}}'
      outputParameters:
      - name: eligible
        type: boolean
        mapping: $.eligible
      - name: lounges
        type: array
        mapping: $.lounges
      - name: pass_type
        type: string
        mapping: $.pass_type
  consumes:
  - namespace: amex-lounges
    type: http
    baseUri: https://api.americanexpress.com/v1/lounges
    authentication:
      type: bearer
      token: $secrets.amex_lounges_token
    resources:
    - name: access
      path: /cards/{card_product}/airports/{airport_code}/lounges
      inputParameters:
      - name: airport_code
        in: path
      - name: card_product
        in: path
      operations:
      - name: get-lounge-access
        method: GET

Retrieves the spending limits and current utilization for a corporate card account.

naftiko: '0.5'
info:
  label: Corporate Card Spending Limit Lookup
  description: Retrieves the spending limits and current utilization for a corporate card account.
  tags:
  - corporate
  - payments
  - accounts
capability:
  exposes:
  - type: mcp
    namespace: amex-corporate
    port: 8080
    tools:
    - name: get-spending-limit
      description: Given a corporate card ID, return the monthly spending limit, current utilization, and remaining balance. Use when checking corporate card spending capacity.
      inputParameters:
      - name: card_id
        in: body
        type: string
        description: The corporate card ID.
      call: amex-corporate.get-spending-limit
      with:
        card_id: '{{card_id}}'
      outputParameters:
      - name: monthly_limit
        type: number
        mapping: $.monthly_limit
      - name: utilized
        type: number
        mapping: $.utilized
      - name: remaining
        type: number
        mapping: $.remaining
  consumes:
  - namespace: amex-corporate
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corporate_token
    resources:
    - name: spending-limits
      path: /cards/{card_id}/spending-limits
      inputParameters:
      - name: card_id
        in: path
      operations:
      - name: get-spending-limit
        method: GET

Generates a conversion funnel report from Adobe Analytics, stores results in Snowflake, and distributes findings via Slack and email to the product team.

naftiko: '0.5'
info:
  label: Adobe Analytics Conversion Funnel Report
  description: Generates a conversion funnel report from Adobe Analytics, stores results in Snowflake, and distributes findings via Slack and email to the product team.
  tags:
  - adobe-analytics
  - analytics
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: funnel-report
    port: 8080
    tools:
    - name: generate-funnel-report
      description: Generate a conversion funnel report and distribute to stakeholders. Use for periodic product analytics reviews.
      inputParameters:
      - name: report_suite_id
        in: body
        type: string
        description: Adobe Analytics report suite ID.
      steps:
      - name: run-funnel
        type: call
        call: adobe-analytics.run-report
        with:
          rsid: '{{report_suite_id}}'
          dimension: evar1
          metrics: visits,applications,approvals
      - name: store-results
        type: call
        call: snowflake.run-query
        with:
          query: INSERT INTO ANALYTICS_DB.PUBLIC.FUNNEL_REPORTS VALUES ('{{report_suite_id}}', {{run-funnel.visits}}, {{run-funnel.applications}}, {{run-funnel.approvals}}, CURRENT_TIMESTAMP())
      - name: post-summary
        type: call
        call: slack.post-message
        with:
          channel: product-analytics
          text: 'Funnel: Visits={{run-funnel.visits}} > Applications={{run-funnel.applications}} > Approvals={{run-funnel.approvals}}'
  consumes:
  - namespace: adobe-analytics
    type: http
    baseUri: https://analytics.adobe.io/api/americanexpress/reports
    authentication:
      type: bearer
      token: $secrets.adobe_analytics_token
    resources:
    - name: reports
      path: /ranked
      operations:
      - name: run-report
        method: POST
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves the list of supplementary cards associated with a primary cardholder account.

naftiko: '0.5'
info:
  label: Supplementary Card List Lookup
  description: Retrieves the list of supplementary cards associated with a primary cardholder account.
  tags:
  - cardholder
  - accounts
  - cards
capability:
  exposes:
  - type: mcp
    namespace: amex-accounts
    port: 8080
    tools:
    - name: get-supplementary-cards
      description: Given a primary cardholder account ID, return all supplementary cards with their status and holder names. Use when managing additional cards on an account.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The primary cardholder account ID.
      call: amex-accounts.get-supplementary-cards
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: cards
        type: array
        mapping: $.cards
      - name: total_count
        type: number
        mapping: $.total_count
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: supplementary-cards
      path: /accounts/{account_id}/supplementary-cards
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-supplementary-cards
        method: GET

Identifies underutilized Azure resources by querying cost data, creates a Jira ticket for the cloud team, and posts a summary to Slack.

naftiko: '0.5'
info:
  label: Azure Resource Cost Optimization Alert
  description: Identifies underutilized Azure resources by querying cost data, creates a Jira ticket for the cloud team, and posts a summary to Slack.
  tags:
  - cloud
  - azure
  - finops
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: azure-finops
    port: 8080
    tools:
    - name: alert-cost-optimization
      description: Query Azure costs, create a remediation ticket, and alert the FinOps team. Use when Azure cost thresholds are breached.
      inputParameters:
      - name: subscription_id
        in: body
        type: string
        description: Azure subscription ID.
      steps:
      - name: query-costs
        type: call
        call: azure.query-costs
        with:
          subscription_id: '{{subscription_id}}'
          timeframe: MonthToDate
          type: Usage
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: CLOUD
          issuetype: Task
          summary: Azure cost optimization — ${{query-costs.total_cost}}
          description: 'Subscription: {{subscription_id}}. Total MTD: ${{query-costs.total_cost}}. Top resource: {{query-costs.top_resource}}.'
      - name: post-summary
        type: call
        call: slack.post-message
        with:
          channel: cloud-finops
          text: 'Azure cost alert: ${{query-costs.total_cost}} MTD for subscription {{subscription_id}}. Top resource: {{query-costs.top_resource}}. Jira: {{create-ticket.key}}'
  consumes:
  - namespace: azure
    type: http
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_token
    resources:
    - name: cost
      path: /subscriptions/{subscription_id}/providers/Microsoft.CostManagement/query
      inputParameters:
      - name: subscription_id
        in: path
      operations:
      - name: query-costs
        method: POST
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Evaluates a cardholder's spend history to determine annual fee waiver eligibility, creates a decision record, and sends the outcome notification.

naftiko: '0.5'
info:
  label: Cardholder Annual Fee Waiver Evaluation
  description: Evaluates a cardholder's spend history to determine annual fee waiver eligibility, creates a decision record, and sends the outcome notification.
  tags:
  - cardholder
  - billing
  - retention
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: fee-waiver
    port: 8080
    tools:
    - name: evaluate-fee-waiver
      description: Evaluate fee waiver eligibility based on spend history, record the decision, and notify the cardholder. Use when a cardholder requests an annual fee waiver.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email.
      steps:
      - name: get-spend
        type: call
        call: amex-accounts.get-spend-summary
        with:
          account_id: '{{account_id}}'
      - name: create-decision
        type: call
        call: salesforce.create-case
        with:
          Subject: Fee waiver evaluation — {{account_id}}
          Description: 'Annual spend: ${{get-spend.annual_spend}}. Tenure: {{get-spend.tenure_years}} years.'
          Type: Fee Waiver
      - name: send-outcome
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: Annual Fee Review Complete
          body: 'Based on your ${{get-spend.annual_spend}} annual spend and {{get-spend.tenure_years}} year membership, your fee waiver decision has been recorded. Reference: {{create-decision.id}}'
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: spend-summary
      path: /accounts/{account_id}/spend-summary
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-spend-summary
        method: GET
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a Datadog monitor detects payment network latency breaching SLA thresholds, creates a PagerDuty critical incident, updates a ServiceNow major incident, and posts a status update to the executive Slack channel.

naftiko: '0.5'
info:
  label: Payment Network Incident Escalation
  description: When a Datadog monitor detects payment network latency breaching SLA thresholds, creates a PagerDuty critical incident, updates a ServiceNow major incident, and posts a status update to the executive Slack channel.
  tags:
  - payments
  - sla
  - datadog
  - pagerduty
  - servicenow
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: network-incident
    port: 8080
    tools:
    - name: escalate-network-incident
      description: Given a Datadog monitor ID and affected payment network segment, retrieve monitor state, create a critical PagerDuty incident, open a ServiceNow major incident, and post an executive Slack alert. Use when payment network SLAs are breached.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: The Datadog monitor ID for the payment network SLA check.
      - name: network_segment
        in: body
        type: string
        description: The affected payment network segment (e.g., card-auth, settlement).
      - name: latency_p99_ms
        in: body
        type: number
        description: The measured P99 latency in milliseconds that breached SLA.
      steps:
      - name: get-monitor-state
        type: call
        call: datadog-network.get-monitor
        with:
          monitor_id: '{{monitor_id}}'
      - name: create-pd-critical
        type: call
        call: pagerduty-network.create-incident
        with:
          title: 'CRITICAL: Payment network SLA breach — {{network_segment}}'
          service_id: $secrets.pagerduty_network_service_id
          urgency: high
          body: 'Segment: {{network_segment}} | P99: {{latency_p99_ms}}ms | Monitor: {{monitor_id}}'
      - name: open-major-incident
        type: call
        call: servicenow-network.create-incident
        with:
          category: network
          subcategory: payment_processing
          short_description: 'Payment network SLA breach: {{network_segment}} P99={{latency_p99_ms}}ms'
          urgency: '1'
          impact: '1'
          severity: '1'
      - name: post-executive-alert
        type: call
        call: slack-executive.post-message
        with:
          channel: exec-alerts
          text: 'CRITICAL | Payment Network | Segment: {{network_segment}} | P99 Latency: {{latency_p99_ms}}ms | PagerDuty: {{create-pd-critical.incident_number}} | SNOW: {{open-major-incident.number}}'
  consumes:
  - namespace: datadog-network
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitor
      path: /monitor/{monitor_id}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - namespace: pagerduty-network
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_api_key
      placement: header
    resources:
    - name: incident
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: servicenow-network
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack-executive
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When GitHub Dependabot raises a critical vulnerability alert on an American Express repository, opens a Jira security issue and sends a Slack notification to the AppSec team.

naftiko: '0.5'
info:
  label: GitHub Security Vulnerability Triage
  description: When GitHub Dependabot raises a critical vulnerability alert on an American Express repository, opens a Jira security issue and sends a Slack notification to the AppSec team.
  tags:
  - security
  - devops
  - github
  - jira
  - slack
  - vulnerability-management
capability:
  exposes:
  - type: mcp
    namespace: appsec-triage
    port: 8080
    tools:
    - name: triage-vulnerability-alert
      description: Given a GitHub repository and Dependabot alert number, retrieve alert details, open a Jira security issue, and notify the AppSec Slack channel. Use when a critical or high severity Dependabot alert is raised.
      inputParameters:
      - name: repo_owner
        in: body
        type: string
        description: The GitHub organization or owner of the repository (e.g., americanexpress).
      - name: repo_name
        in: body
        type: string
        description: The name of the GitHub repository with the vulnerability.
      - name: alert_number
        in: body
        type: integer
        description: The Dependabot alert number from GitHub.
      steps:
      - name: get-alert
        type: call
        call: github.get-dependabot-alert
        with:
          owner: '{{repo_owner}}'
          repo: '{{repo_name}}'
          alert_number: '{{alert_number}}'
      - name: create-security-issue
        type: call
        call: jira-security.create-issue
        with:
          project_key: SEC
          issuetype: Security Vulnerability
          summary: '[Dependabot] {{get-alert.dependency_name}} {{get-alert.severity}} in {{repo_name}}'
          description: 'CVE: {{get-alert.cve_id}}

            Package: {{get-alert.dependency_name}}

            Severity: {{get-alert.severity}}

            Repo: {{repo_owner}}/{{repo_name}}

            Alert: {{alert_number}}

            Fixed version: {{get-alert.fixed_version}}'
      - name: notify-appsec
        type: call
        call: slack-appsec.post-message
        with:
          channel: appsec-alerts
          text: 'Vulnerability Alert | Repo: {{repo_owner}}/{{repo_name}} | Package: {{get-alert.dependency_name}} | Severity: {{get-alert.severity}} | CVE: {{get-alert.cve_id}} | Jira: {{create-security-issue.key}}'
  consumes:
  - namespace: github
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: dependabot-alert
      path: /repos/{owner}/{repo}/dependabot/alerts/{alert_number}
      inputParameters:
      - name: owner
        in: path
      - name: repo
        in: path
      - name: alert_number
        in: path
      operations:
      - name: get-dependabot-alert
        method: GET
  - namespace: jira-security
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-appsec
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Evaluates a cardholder's credit limit increase request by pulling account history, running a risk score, creating a Jira review task, and notifying the cardholder via SMS.

naftiko: '0.5'
info:
  label: Cardholder Credit Limit Increase Review
  description: Evaluates a cardholder's credit limit increase request by pulling account history, running a risk score, creating a Jira review task, and notifying the cardholder via SMS.
  tags:
  - cardholder
  - credit
  - risk
  - jira
capability:
  exposes:
  - type: mcp
    namespace: cli-review
    port: 8080
    tools:
    - name: review-cli-request
      description: Evaluate a credit limit increase request by checking account history, scoring risk, and creating a review task. Use when a cardholder requests a credit limit increase.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: requested_amount
        in: body
        type: string
        description: Requested credit limit increase amount.
      steps:
      - name: get-account
        type: call
        call: amex-accounts.get-account
        with:
          account_id: '{{account_id}}'
      - name: risk-score
        type: call
        call: amex-risk.get-risk-score
        with:
          account_id: '{{account_id}}'
          requested_increase: '{{requested_amount}}'
      - name: create-review
        type: call
        call: jira.create-issue
        with:
          project_key: CLR
          issuetype: Task
          summary: CLI review — {{account_id}} risk={{risk-score.score}}
          description: 'Requested: ${{requested_amount}}. Current limit: ${{get-account.credit_limit}}. Risk score: {{risk-score.score}}.'
      - name: notify-cardholder
        type: call
        call: amex-sms.send-sms
        with:
          phone: '{{get-account.phone}}'
          message: 'Your credit limit increase request is under review. Reference: {{create-review.key}}'
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: account
      path: /accounts/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - namespace: amex-risk
    type: http
    baseUri: https://api.americanexpress.com/v1/risk
    authentication:
      type: bearer
      token: $secrets.amex_risk_token
    resources:
    - name: scoring
      path: /score
      operations:
      - name: get-risk-score
        method: POST
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: amex-sms
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: sms
      path: /sms/send
      operations:
      - name: send-sms
        method: POST

Synchronizes cardholder benefits enrollment by fetching card product details, enrolling the cardholder in benefits, and confirming via push notification.

naftiko: '0.5'
info:
  label: Cardholder Benefits Enrollment Sync
  description: Synchronizes cardholder benefits enrollment by fetching card product details, enrolling the cardholder in benefits, and confirming via push notification.
  tags:
  - cardholder
  - benefits
  - enrollment
  - notifications
capability:
  exposes:
  - type: mcp
    namespace: benefits-sync
    port: 8080
    tools:
    - name: sync-benefits
      description: Enroll a cardholder in their card product benefits and confirm activation. Use when a new card is activated or a product upgrade occurs.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: product_id
        in: body
        type: string
        description: Card product ID.
      steps:
      - name: get-product
        type: call
        call: amex-products.get-product
        with:
          product_id: '{{product_id}}'
      - name: enroll-benefits
        type: call
        call: amex-benefits.enroll
        with:
          account_id: '{{account_id}}'
          benefits: '{{get-product.included_benefits}}'
      - name: confirm
        type: call
        call: amex-push.send-push
        with:
          account_id: '{{account_id}}'
          title: Benefits activated
          body: Your {{get-product.name}} benefits are now active. {{enroll-benefits.benefit_count}} benefits enrolled.
  consumes:
  - namespace: amex-products
    type: http
    baseUri: https://api.americanexpress.com/v1/products
    authentication:
      type: bearer
      token: $secrets.amex_products_token
    resources:
    - name: products
      path: /products/{product_id}
      inputParameters:
      - name: product_id
        in: path
      operations:
      - name: get-product
        method: GET
  - namespace: amex-benefits
    type: http
    baseUri: https://api.americanexpress.com/v1/benefits
    authentication:
      type: bearer
      token: $secrets.amex_benefits_token
    resources:
    - name: enrollment
      path: /enrollment
      operations:
      - name: enroll
        method: POST
  - namespace: amex-push
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: push
      path: /push/send
      operations:
      - name: send-push
        method: POST

Processes a cardholder account closure by verifying zero balance, closing the account, archiving data to S3, and sending a confirmation letter via DocuSign.

naftiko: '0.5'
info:
  label: Cardholder Account Closure Workflow
  description: Processes a cardholder account closure by verifying zero balance, closing the account, archiving data to S3, and sending a confirmation letter via DocuSign.
  tags:
  - cardholder
  - accounts
  - s3
  - docusign
capability:
  exposes:
  - type: mcp
    namespace: account-closure
    port: 8080
    tools:
    - name: close-account
      description: Close a cardholder account, archive data, and send confirmation. Use when a cardholder requests account closure.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: closure_reason
        in: body
        type: string
        description: Reason for closure.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email.
      steps:
      - name: verify-balance
        type: call
        call: amex-accounts.get-account
        with:
          account_id: '{{account_id}}'
      - name: close
        type: call
        call: amex-accounts.close-account
        with:
          account_id: '{{account_id}}'
          reason: '{{closure_reason}}'
      - name: archive
        type: call
        call: s3.upload-archive
        with:
          account_id: '{{account_id}}'
          data: '{{close.archive_payload}}'
      - name: send-letter
        type: call
        call: docusign.send-envelope
        with:
          ds_account_id: $secrets.docusign_account_id
          recipient_email: '{{cardholder_email}}'
          template_id: $secrets.closure_template_id
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: account
      path: /accounts/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
      - name: close-account
        method: POST
  - namespace: s3
    type: http
    baseUri: https://s3.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_token
    resources:
    - name: objects
      path: /amex-archive/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: upload-archive
        method: PUT
  - namespace: docusign
    type: http
    baseUri: https://na4.docusign.net/restapi/v2.1
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: envelopes
      path: /accounts/{ds_account_id}/envelopes
      inputParameters:
      - name: ds_account_id
        in: path
      operations:
      - name: send-envelope
        method: POST

When a ServiceNow change request reaches the Approval state, retrieves the change details and notifies all relevant stakeholders via Microsoft Teams.

naftiko: '0.5'
info:
  label: ServiceNow Change Management Notification
  description: When a ServiceNow change request reaches the Approval state, retrieves the change details and notifies all relevant stakeholders via Microsoft Teams.
  tags:
  - itsm
  - servicenow
  - microsoft-teams
  - change-management
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: notify-change-approvers
      description: Given a ServiceNow change request number, retrieve change details and send a Teams notification to all listed approvers with context and an approval link. Use when change requests require stakeholder awareness and sign-off.
      inputParameters:
      - name: change_number
        in: body
        type: string
        description: The ServiceNow change request number (e.g., CHG0012345).
      - name: approver_upns
        in: body
        type: string
        description: Comma-separated list of approver UPNs (email addresses) to notify.
      steps:
      - name: get-change
        type: call
        call: servicenow-chg.get-change
        with:
          number: '{{change_number}}'
      - name: notify-team
        type: call
        call: msteams-change.post-channel-message
        with:
          channel_id: $secrets.teams_change_mgmt_channel_id
          content: 'Change Request Pending Approval

            CHG: {{change_number}}

            Summary: {{get-change.short_description}}

            Scheduled: {{get-change.start_date}}

            Risk: {{get-change.risk}}

            Approvers: {{approver_upns}}'
  consumes:
  - namespace: servicenow-chg
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change
      path: /table/change_request
      inputParameters:
      - name: number
        in: query
      operations:
      - name: get-change
        method: GET
  - namespace: msteams-change
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-message
      path: /teams/{team_id}/channels/{channel_id}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When a fraud alert triggers, retrieves transaction details, creates a case in the fraud investigation system, suspends the card, and notifies the cardholder via push notification.

naftiko: '0.5'
info:
  label: Fraud Alert Investigation Workflow
  description: When a fraud alert triggers, retrieves transaction details, creates a case in the fraud investigation system, suspends the card, and notifies the cardholder via push notification.
  tags:
  - fraud
  - security
  - cardholder
  - investigations
capability:
  exposes:
  - type: mcp
    namespace: fraud-ops
    port: 8080
    tools:
    - name: investigate-fraud-alert
      description: Investigate a fraud alert by fetching details, creating a case, suspending the card, and notifying the cardholder. Use when a fraud detection alert fires.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The fraud alert identifier.
      steps:
      - name: get-alert
        type: call
        call: amex-fraud.get-alert
        with:
          alert_id: '{{alert_id}}'
      - name: create-case
        type: call
        call: amex-fraud.create-case
        with:
          alert_id: '{{alert_id}}'
          amount: '{{get-alert.amount}}'
          merchant: '{{get-alert.merchant_name}}'
          card_id: '{{get-alert.card_id}}'
      - name: suspend-card
        type: call
        call: amex-cards.suspend-card
        with:
          card_id: '{{get-alert.card_id}}'
      - name: notify-cardholder
        type: call
        call: amex-push.send-push
        with:
          account_id: '{{get-alert.account_id}}'
          title: Suspicious activity detected
          body: 'A ${{get-alert.amount}} charge at {{get-alert.merchant_name}} was flagged. Your card has been temporarily suspended. Case: {{create-case.case_id}}'
  consumes:
  - namespace: amex-fraud
    type: http
    baseUri: https://api.americanexpress.com/v1/fraud
    authentication:
      type: bearer
      token: $secrets.amex_fraud_token
    resources:
    - name: alerts
      path: /alerts/{alert_id}
      inputParameters:
      - name: alert_id
        in: path
      operations:
      - name: get-alert
        method: GET
    - name: cases
      path: /cases
      operations:
      - name: create-case
        method: POST
  - namespace: amex-cards
    type: http
    baseUri: https://api.americanexpress.com/v1/cards
    authentication:
      type: bearer
      token: $secrets.amex_cards_token
    resources:
    - name: card
      path: /cards/{card_id}/suspend
      inputParameters:
      - name: card_id
        in: path
      operations:
      - name: suspend-card
        method: POST
  - namespace: amex-push
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: push
      path: /push/send
      operations:
      - name: send-push
        method: POST

Retrieves the latest statement balance and minimum payment due for a cardholder account.

naftiko: '0.5'
info:
  label: Cardholder Statement Balance Lookup
  description: Retrieves the latest statement balance and minimum payment due for a cardholder account.
  tags:
  - payments
  - cardholder
  - billing
capability:
  exposes:
  - type: mcp
    namespace: amex-billing
    port: 8080
    tools:
    - name: get-statement-balance
      description: Given a cardholder account ID, return the current statement balance, minimum payment due, and due date. Use when a representative needs billing information.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-billing.get-statement-balance
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: statement_balance
        type: number
        mapping: $.statement_balance
      - name: minimum_payment
        type: number
        mapping: $.minimum_payment
      - name: due_date
        type: string
        mapping: $.due_date
  consumes:
  - namespace: amex-billing
    type: http
    baseUri: https://api.americanexpress.com/v1/billing
    authentication:
      type: bearer
      token: $secrets.amex_billing_token
    resources:
    - name: statement
      path: /accounts/{account_id}/statement
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-statement-balance
        method: GET

When Palo Alto Networks detects a blocked threat on the corporate network, retrieves the threat log entry and creates a ServiceNow security incident for the SOC team to review.

naftiko: '0.5'
info:
  label: Palo Alto Networks Threat Block and Incident Log
  description: When Palo Alto Networks detects a blocked threat on the corporate network, retrieves the threat log entry and creates a ServiceNow security incident for the SOC team to review.
  tags:
  - security
  - palo-alto-networks
  - servicenow
  - threat-response
  - network-security
capability:
  exposes:
  - type: mcp
    namespace: network-security
    port: 8080
    tools:
    - name: log-network-threat
      description: Given a Palo Alto Networks threat log entry ID, retrieve the threat details and create a ServiceNow security incident for SOC review. Use when automated threat blocking events require case tracking and analyst review.
      inputParameters:
      - name: threat_log_id
        in: body
        type: string
        description: The Palo Alto Networks threat log entry ID.
      - name: firewall_hostname
        in: body
        type: string
        description: The hostname of the Palo Alto firewall that generated the log.
      steps:
      - name: get-threat-log
        type: call
        call: paloalto.get-threat-log
        with:
          log_id: '{{threat_log_id}}'
      - name: create-soc-incident
        type: call
        call: servicenow-netsec.create-incident
        with:
          category: security
          subcategory: network_threat
          short_description: 'Network threat blocked by {{firewall_hostname}}: {{get-threat-log.threat_name}}'
          description: 'Firewall: {{firewall_hostname}}

            Threat: {{get-threat-log.threat_name}}

            Severity: {{get-threat-log.severity}}

            Source IP: {{get-threat-log.source_ip}}

            Destination: {{get-threat-log.destination_ip}}

            Action: {{get-threat-log.action}}'
          urgency: '2'
  consumes:
  - namespace: paloalto
    type: http
    baseUri: https://panorama.americanexpress.com/restapi/v10.1
    authentication:
      type: apikey
      key: X-PAN-KEY
      value: $secrets.paloalto_api_key
      placement: header
    resources:
    - name: threat-log
      path: /Objects/Threats/{log_id}
      inputParameters:
      - name: log_id
        in: path
      operations:
      - name: get-threat-log
        method: GET
  - namespace: servicenow-netsec
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

Generates a quarterly revenue report for a merchant by querying Snowflake analytics, creating a Tableau extract refresh, and distributing the report via email.

naftiko: '0.5'
info:
  label: Quarterly Merchant Revenue Report
  description: Generates a quarterly revenue report for a merchant by querying Snowflake analytics, creating a Tableau extract refresh, and distributing the report via email.
  tags:
  - merchants
  - analytics
  - snowflake
  - tableau
capability:
  exposes:
  - type: mcp
    namespace: merchant-reports
    port: 8080
    tools:
    - name: generate-revenue-report
      description: Generate a quarterly revenue report for a merchant using Snowflake data and Tableau visualization. Use at quarter end for merchant reporting.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: Merchant ID for the report.
      - name: quarter
        in: body
        type: string
        description: Quarter identifier (e.g. Q1-2026).
      - name: merchant_email
        in: body
        type: string
        description: Merchant contact email.
      - name: datasource_id
        in: body
        type: string
        description: Tableau datasource ID.
      steps:
      - name: run-revenue-query
        type: call
        call: snowflake.run-query
        with:
          query: SELECT SUM(amount) as total_revenue, COUNT(*) as txn_count FROM MERCHANT_DB.PUBLIC.TRANSACTIONS WHERE merchant_id='{{merchant_id}}' AND quarter='{{quarter}}'
      - name: refresh-tableau
        type: call
        call: tableau.refresh-extract
        with:
          site_id: $secrets.tableau_site_id
          datasource_id: '{{datasource_id}}'
      - name: send-report
        type: call
        call: email.send-email
        with:
          to: '{{merchant_email}}'
          subject: Q{{quarter}} Revenue Report
          body: 'Total revenue: ${{run-revenue-query.total_revenue}}. Transaction count: {{run-revenue-query.txn_count}}. Your Tableau dashboard has been refreshed.'
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.online.tableau.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: extracts
      path: /sites/{site_id}/datasources/{datasource_id}/refresh
      inputParameters:
      - name: site_id
        in: path
      - name: datasource_id
        in: path
      operations:
      - name: refresh-extract
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a purchase order is submitted in SAP Ariba, retrieves PO details and creates a ServiceNow approval task for the appropriate budget owner.

naftiko: '0.5'
info:
  label: Purchase Order Approval Workflow
  description: When a purchase order is submitted in SAP Ariba, retrieves PO details and creates a ServiceNow approval task for the appropriate budget owner.
  tags:
  - procurement
  - finance
  - sap-ariba
  - servicenow
  - approval
capability:
  exposes:
  - type: mcp
    namespace: procurement-approval
    port: 8080
    tools:
    - name: route-po-for-approval
      description: Given an SAP Ariba purchase order ID, retrieve PO details including amount and vendor, and create a ServiceNow approval task for the budget owner. Use when purchase orders above threshold require additional approval routing.
      inputParameters:
      - name: po_id
        in: body
        type: string
        description: The SAP Ariba purchase order ID to route for approval.
      - name: approver_email
        in: body
        type: string
        description: The email address of the designated budget approver.
      steps:
      - name: get-po
        type: call
        call: ariba.get-purchase-order
        with:
          po_id: '{{po_id}}'
      - name: create-approval
        type: call
        call: servicenow-procurement.create-task
        with:
          category: procurement_approval
          short_description: 'PO approval required: {{po_id}} — ${{get-po.total_amount}} {{get-po.currency}}'
          description: 'PO: {{po_id}}

            Vendor: {{get-po.vendor_name}}

            Amount: ${{get-po.total_amount}} {{get-po.currency}}

            Line items: {{get-po.line_item_count}}

            Requested by: {{get-po.requester_name}}'
          assigned_to: '{{approver_email}}'
  consumes:
  - namespace: ariba
    type: http
    baseUri: https://openapi.ariba.com/api/purchase-orders/v1
    authentication:
      type: bearer
      token: $secrets.ariba_access_token
    resources:
    - name: purchase-order
      path: /purchaseOrders/{po_id}
      inputParameters:
      - name: po_id
        in: path
      operations:
      - name: get-purchase-order
        method: GET
  - namespace: servicenow-procurement
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: task
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Retrieves the weekly SLO compliance summary from Datadog across all payment processing services and posts a structured digest to the engineering Slack channel.

naftiko: '0.5'
info:
  label: Datadog SLO Breach Weekly Digest
  description: Retrieves the weekly SLO compliance summary from Datadog across all payment processing services and posts a structured digest to the engineering Slack channel.
  tags:
  - observability
  - datadog
  - slo
  - slack
  - payments
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: slo-reporting
    port: 8080
    tools:
    - name: digest-slo-compliance
      description: Given a list of Datadog SLO IDs and a reporting week, retrieve SLO compliance data for all payment services and post a digest to Slack. Use every Monday to review the prior week's SLO performance.
      inputParameters:
      - name: slo_ids
        in: body
        type: string
        description: Comma-separated list of Datadog SLO IDs to include in the digest.
      - name: week_start
        in: body
        type: string
        description: Start date of the reporting week in YYYY-MM-DD format.
      steps:
      - name: get-slo-history
        type: call
        call: datadog-slo.get-slo-history
        with:
          slo_ids: '{{slo_ids}}'
          from_ts: '{{week_start}}'
      - name: post-digest
        type: call
        call: slack-slo.post-message
        with:
          channel: engineering-slo
          text: 'SLO Compliance Digest | Week of {{week_start}} | Overall: {{get-slo-history.overall_compliance}}% | Breaches: {{get-slo-history.breach_count}} | Details in Datadog.'
  consumes:
  - namespace: datadog-slo
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: slo-history
      path: /slo/history
      operations:
      - name: get-slo-history
        method: GET
  - namespace: slack-slo
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Checks the current AutoPay enrollment status and payment method for a cardholder account.

naftiko: '0.5'
info:
  label: Cardholder AutoPay Status Lookup
  description: Checks the current AutoPay enrollment status and payment method for a cardholder account.
  tags:
  - payments
  - cardholder
  - autopay
capability:
  exposes:
  - type: mcp
    namespace: amex-payments
    port: 8080
    tools:
    - name: get-autopay-status
      description: Given a cardholder account ID, return the AutoPay enrollment status, payment method, and amount type. Use when verifying automatic payment settings.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-payments.get-autopay-status
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: enrolled
        type: boolean
        mapping: $.enrolled
      - name: payment_method
        type: string
        mapping: $.payment_method
      - name: amount_type
        type: string
        mapping: $.amount_type
  consumes:
  - namespace: amex-payments
    type: http
    baseUri: https://api.americanexpress.com/v1/payments
    authentication:
      type: bearer
      token: $secrets.amex_payments_token
    resources:
    - name: autopay
      path: /accounts/{account_id}/autopay
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-autopay-status
        method: GET

Retrieves the current credit limit and available credit for a cardholder account from the accounts platform.

naftiko: '0.5'
info:
  label: Cardholder Credit Limit Lookup
  description: Retrieves the current credit limit and available credit for a cardholder account from the accounts platform.
  tags:
  - payments
  - cardholder
  - accounts
capability:
  exposes:
  - type: mcp
    namespace: amex-accounts
    port: 8080
    tools:
    - name: get-credit-limit
      description: Given a cardholder account ID, return the current credit limit, available credit, and currency. Use when an agent needs to check a cardholder's credit availability.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-accounts.get-credit-limit
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: credit_limit
        type: number
        mapping: $.credit_limit
      - name: available_credit
        type: number
        mapping: $.available_credit
      - name: currency
        type: string
        mapping: $.currency
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: credit-limit
      path: /accounts/{account_id}/credit-limit
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-credit-limit
        method: GET

Synchronizes new contacts from HubSpot to Salesforce by fetching contact details, creating the Salesforce record, and logging the sync in Snowflake.

naftiko: '0.5'
info:
  label: HubSpot to Salesforce Contact Sync
  description: Synchronizes new contacts from HubSpot to Salesforce by fetching contact details, creating the Salesforce record, and logging the sync in Snowflake.
  tags:
  - hubspot
  - salesforce
  - data-sync
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: contact-sync
    port: 8080
    tools:
    - name: sync-contact
      description: Sync a HubSpot contact to Salesforce and log the operation. Use when a new contact is created in HubSpot.
      inputParameters:
      - name: contact_id
        in: body
        type: string
        description: HubSpot contact ID.
      steps:
      - name: get-hs-contact
        type: call
        call: hubspot.get-contact
        with:
          contact_id: '{{contact_id}}'
      - name: create-sf-contact
        type: call
        call: salesforce.create-contact
        with:
          FirstName: '{{get-hs-contact.properties.firstname}}'
          LastName: '{{get-hs-contact.properties.lastname}}'
          Email: '{{get-hs-contact.properties.email}}'
          Company: '{{get-hs-contact.properties.company}}'
      - name: log-sync
        type: call
        call: snowflake.run-query
        with:
          query: INSERT INTO SYNC_DB.PUBLIC.CONTACT_SYNC_LOG VALUES ('{{contact_id}}', '{{create-sf-contact.id}}', CURRENT_TIMESTAMP())
  consumes:
  - namespace: hubspot
    type: http
    baseUri: https://api.hubapi.com
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /crm/v3/objects/contacts/{contact_id}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: get-contact
        method: GET
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /sobjects/Contact
      operations:
      - name: create-contact
        method: POST
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST

Prepares quarterly compliance audit materials by extracting control evidence from ServiceNow, generating a summary from Snowflake, and distributing the report via SharePoint and email.

naftiko: '0.5'
info:
  label: Quarterly Compliance Audit Preparation
  description: Prepares quarterly compliance audit materials by extracting control evidence from ServiceNow, generating a summary from Snowflake, and distributing the report via SharePoint and email.
  tags:
  - compliance
  - audit
  - servicenow
  - snowflake
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: audit-prep
    port: 8080
    tools:
    - name: prepare-audit
      description: Gather compliance evidence, generate a summary, upload to SharePoint, and distribute. Use at quarter end for audit preparation.
      inputParameters:
      - name: quarter
        in: body
        type: string
        description: Quarter identifier (e.g. Q1-2026).
      steps:
      - name: get-controls
        type: call
        call: servicenow.list-controls
        with:
          state: active
          quarter: '{{quarter}}'
      - name: generate-summary
        type: call
        call: snowflake.run-query
        with:
          query: SELECT control_id, status, evidence_count FROM COMPLIANCE_DB.PUBLIC.AUDIT_EVIDENCE WHERE quarter='{{quarter}}'
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          drive_id: $secrets.compliance_drive_id
          name: Q{{quarter}}_audit_report.pdf
          content: '{{generate-summary.results}}'
      - name: distribute
        type: call
        call: email.send-email
        with:
          to: compliance-team@americanexpress.com
          subject: Q{{quarter}} Compliance Audit Materials Ready
          body: 'Audit materials uploaded to SharePoint. Controls reviewed: {{get-controls.count}}. Evidence items: {{generate-summary.row_count}}.'
  consumes:
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: controls
      path: /table/sn_compliance_control
      operations:
      - name: list-controls
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: sharepoint
    type: http
    baseUri: https://americanexpress.sharepoint.com/_api/v2.0
    authentication:
      type: bearer
      token: $secrets.sharepoint_token
    resources:
    - name: files
      path: /drives/{drive_id}/items
      inputParameters:
      - name: drive_id
        in: path
      operations:
      - name: upload-file
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Retrieves the paperless statement enrollment status for a cardholder account.

naftiko: '0.5'
info:
  label: Cardholder Paperless Preference Lookup
  description: Retrieves the paperless statement enrollment status for a cardholder account.
  tags:
  - cardholder
  - accounts
  - preferences
capability:
  exposes:
  - type: mcp
    namespace: amex-preferences
    port: 8080
    tools:
    - name: get-paperless-status
      description: Given a cardholder account ID, return the paperless enrollment status and notification email. Use when verifying statement delivery preferences.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-preferences.get-paperless-status
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: enrolled
        type: boolean
        mapping: $.enrolled
      - name: email
        type: string
        mapping: $.notification_email
      - name: enrollment_date
        type: string
        mapping: $.enrollment_date
  consumes:
  - namespace: amex-preferences
    type: http
    baseUri: https://api.americanexpress.com/v1/preferences
    authentication:
      type: bearer
      token: $secrets.amex_preferences_token
    resources:
    - name: paperless
      path: /accounts/{account_id}/paperless
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-paperless-status
        method: GET

When a cardholder dispute is filed, retrieves dispute details from the disputes platform, creates a Jira case for the disputes team, and posts a Slack notification to the resolution channel.

naftiko: '0.5'
info:
  label: Merchant Dispute Resolution Workflow
  description: When a cardholder dispute is filed, retrieves dispute details from the disputes platform, creates a Jira case for the disputes team, and posts a Slack notification to the resolution channel.
  tags:
  - disputes
  - payments
  - jira
  - slack
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: disputes-ops
    port: 8080
    tools:
    - name: open-dispute-case
      description: Given a dispute ID, fetch dispute details and open a Jira issue for the disputes resolution team. Post a Slack alert to the disputes channel with key context. Use when a new cardholder dispute requires case management.
      inputParameters:
      - name: dispute_id
        in: body
        type: string
        description: The unique dispute identifier from the disputes platform.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for dispute cases (e.g., DISP).
      steps:
      - name: get-dispute
        type: call
        call: amex-disputes.get-dispute
        with:
          dispute_id: '{{dispute_id}}'
      - name: create-jira-issue
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Task
          summary: Dispute {{dispute_id}} — {{get-dispute.merchant_name}} ${{get-dispute.amount}}
          description: 'Cardholder: {{get-dispute.cardholder_name}}

            Merchant: {{get-dispute.merchant_name}}

            Amount: {{get-dispute.amount}} {{get-dispute.currency}}

            Date: {{get-dispute.transaction_date}}'
      - name: post-slack-alert
        type: call
        call: slack.post-message
        with:
          channel: disputes-team
          text: 'New dispute opened: {{dispute_id}} | Merchant: {{get-dispute.merchant_name}} | Amount: ${{get-dispute.amount}} | Jira: {{create-jira-issue.key}}'
  consumes:
  - namespace: amex-disputes
    type: http
    baseUri: https://api.americanexpress.com/v1/disputes
    authentication:
      type: bearer
      token: $secrets.amex_disputes_token
    resources:
    - name: dispute
      path: /disputes/{dispute_id}
      inputParameters:
      - name: dispute_id
        in: path
      operations:
      - name: get-dispute
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Launches a customer retention campaign by identifying at-risk cardholders in Snowflake, creating a Mailchimp campaign, and logging results in Salesforce.

naftiko: '0.5'
info:
  label: Mailchimp Customer Retention Campaign
  description: Launches a customer retention campaign by identifying at-risk cardholders in Snowflake, creating a Mailchimp campaign, and logging results in Salesforce.
  tags:
  - marketing
  - mailchimp
  - snowflake
  - salesforce
  - retention
capability:
  exposes:
  - type: mcp
    namespace: retention-campaign
    port: 8080
    tools:
    - name: launch-retention-campaign
      description: Identify at-risk cardholders and launch a retention email campaign. Use for periodic retention outreach.
      inputParameters: []
      steps:
      - name: find-at-risk
        type: call
        call: snowflake.run-query
        with:
          query: SELECT account_id, email FROM RETENTION_DB.PUBLIC.AT_RISK_CARDHOLDERS WHERE churn_score > 0.7
      - name: create-campaign
        type: call
        call: mailchimp.create-campaign
        with:
          type: regular
          subject_line: We miss you — exclusive offer inside
          from_name: American Express
      - name: send
        type: call
        call: mailchimp.send-campaign
        with:
          campaign_id: '{{create-campaign.id}}'
      - name: log-campaign
        type: call
        call: salesforce.create-campaign
        with:
          Name: Retention — {{create-campaign.id}}
          Type: Email
          Status: Sent
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: mailchimp
    type: http
    baseUri: https://us1.api.mailchimp.com/3.0
    authentication:
      type: basic
      username: apikey
      password: $secrets.mailchimp_api_key
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: create-campaign
        method: POST
      - name: send-campaign
        method: POST
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: campaigns
      path: /sobjects/Campaign
      operations:
      - name: create-campaign
        method: POST

Retrieves the primary mailing address on file for a cardholder account.

naftiko: '0.5'
info:
  label: Cardholder Address on File Lookup
  description: Retrieves the primary mailing address on file for a cardholder account.
  tags:
  - cardholder
  - accounts
  - data
capability:
  exposes:
  - type: mcp
    namespace: amex-accounts
    port: 8080
    tools:
    - name: get-address
      description: Given a cardholder account ID, return the primary mailing address on file. Use when verifying cardholder address information.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-accounts.get-address
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: street
        type: string
        mapping: $.street
      - name: city
        type: string
        mapping: $.city
      - name: state
        type: string
        mapping: $.state
      - name: zip
        type: string
        mapping: $.zip
      - name: country
        type: string
        mapping: $.country
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: address
      path: /accounts/{account_id}/address
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-address
        method: GET

Synchronizes employer brand campaign data from LinkedIn to Snowflake analytics, refreshes the Tableau dashboard, and sends a performance summary to the recruitment marketing team via Slack.

naftiko: '0.5'
info:
  label: LinkedIn Employer Brand Campaign Sync
  description: Synchronizes employer brand campaign data from LinkedIn to Snowflake analytics, refreshes the Tableau dashboard, and sends a performance summary to the recruitment marketing team via Slack.
  tags:
  - linkedin
  - marketing
  - snowflake
  - tableau
  - slack
capability:
  exposes:
  - type: mcp
    namespace: linkedin-sync
    port: 8080
    tools:
    - name: sync-linkedin-campaign
      description: Sync LinkedIn campaign data to analytics and notify the team. Use after a campaign period ends.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: LinkedIn campaign ID.
      steps:
      - name: get-campaign
        type: call
        call: linkedin.get-campaign
        with:
          campaign_id: '{{campaign_id}}'
      - name: sync-data
        type: call
        call: snowflake.run-query
        with:
          query: INSERT INTO MARKETING_DB.PUBLIC.LINKEDIN_CAMPAIGNS VALUES ('{{campaign_id}}', '{{get-campaign.name}}', {{get-campaign.impressions}}, {{get-campaign.clicks}}, {{get-campaign.spend}})
      - name: refresh-dash
        type: call
        call: tableau.refresh-extract
        with:
          site_id: $secrets.tableau_site_id
          datasource_id: $secrets.linkedin_datasource_id
      - name: notify-team
        type: call
        call: slack.post-message
        with:
          channel: recruitment-marketing
          text: 'LinkedIn campaign synced: {{get-campaign.name}} | Impressions: {{get-campaign.impressions}} | Clicks: {{get-campaign.clicks}} | Spend: ${{get-campaign.spend}}'
  consumes:
  - namespace: linkedin
    type: http
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: campaigns
      path: /adCampaignsV2/{campaign_id}
      inputParameters:
      - name: campaign_id
        in: path
      operations:
      - name: get-campaign
        method: GET
  - namespace: snowflake
    type: http
    baseUri: https://americanexpress.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - namespace: tableau
    type: http
    baseUri: https://americanexpress.online.tableau.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: extracts
      path: /sites/{site_id}/datasources/{datasource_id}/refresh
      inputParameters:
      - name: site_id
        in: path
      - name: datasource_id
        in: path
      operations:
      - name: refresh-extract
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When an employee termination is recorded in Workday, cancels the employee's corporate card account and opens a ServiceNow offboarding task.

naftiko: '0.5'
info:
  label: Employee Offboarding Card Cancellation
  description: When an employee termination is recorded in Workday, cancels the employee's corporate card account and opens a ServiceNow offboarding task.
  tags:
  - hr
  - offboarding
  - workday
  - payments
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: cancel-employee-card
      description: Given a Workday employee ID and termination date, retrieve the employee's corporate card account ID, cancel the card, and open a ServiceNow offboarding task. Invoke on confirmed employee termination.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID of the departing employee.
      - name: termination_date
        in: body
        type: string
        description: The effective termination date in YYYY-MM-DD format.
      - name: card_account_id
        in: body
        type: string
        description: The corporate card account ID to cancel.
      steps:
      - name: get-employee
        type: call
        call: workday-offboard.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: cancel-card
        type: call
        call: amex-corp-offboard.cancel-account
        with:
          account_id: '{{card_account_id}}'
          reason: employee_termination
          effective_date: '{{termination_date}}'
      - name: open-offboarding-task
        type: call
        call: servicenow-offboard.create-task
        with:
          category: hr_offboarding
          short_description: Corporate card cancelled for {{get-employee.full_name}} ({{workday_employee_id}})
          description: 'Card account {{card_account_id}} cancelled effective {{termination_date}}. Cancel ref: {{cancel-card.confirmation_id}}'
  consumes:
  - namespace: workday-offboard
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: worker
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: amex-corp-offboard
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corp_token
    resources:
    - name: account
      path: /accounts/{account_id}/cancel
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: cancel-account
        method: POST
  - namespace: servicenow-offboard
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: task
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Retrieves the latest commit status and open issue count for a given GitHub repository.

naftiko: '0.5'
info:
  label: GitHub Repository Status Check
  description: Retrieves the latest commit status and open issue count for a given GitHub repository.
  tags:
  - github
  - engineering
  - development
capability:
  exposes:
  - type: mcp
    namespace: github
    port: 8080
    tools:
    - name: get-repo-status
      description: Given a repository name, return the default branch, open issues count, and last updated timestamp. Use when checking repository health.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The GitHub repository name.
      call: github.get-repo-status
      with:
        repo_name: '{{repo_name}}'
      outputParameters:
      - name: default_branch
        type: string
        mapping: $.default_branch
      - name: open_issues_count
        type: number
        mapping: $.open_issues_count
      - name: updated_at
        type: string
        mapping: $.updated_at
  consumes:
  - namespace: github
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: repo
      path: /repos/americanexpress/{repo_name}
      inputParameters:
      - name: repo_name
        in: path
      operations:
      - name: get-repo-status
        method: GET

Retrieves the current list of open job requisitions from Workday for a specified organization and returns structured data for workforce planning analysis.

naftiko: '0.5'
info:
  label: Workday Open Requisition Report
  description: Retrieves the current list of open job requisitions from Workday for a specified organization and returns structured data for workforce planning analysis.
  tags:
  - hr
  - recruiting
  - workday
  - workforce-planning
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: recruiting
    port: 8080
    tools:
    - name: get-open-requisitions
      description: Given a Workday organization ID, return all open job requisitions including job title, department, level, and days open. Use when HR business partners or talent acquisition teams need visibility into open headcount.
      inputParameters:
      - name: organization_id
        in: body
        type: string
        description: The Workday organization ID to retrieve open requisitions for.
      call: workday-recruiting.get-requisitions
      with:
        organization_id: '{{organization_id}}'
      outputParameters:
      - name: requisitions
        type: array
        mapping: $.data
      - name: total_open
        type: number
        mapping: $.total
  consumes:
  - namespace: workday-recruiting
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: requisitions
      path: /jobRequisitions
      inputParameters:
      - name: organization_id
        in: query
      operations:
      - name: get-requisitions
        method: GET

Automatically remediates common ServiceNow incidents by identifying the issue type, executing a remediation runbook, updating the incident, and notifying the on-call engineer via PagerDuty.

naftiko: '0.5'
info:
  label: ServiceNow Incident Auto-Remediation
  description: Automatically remediates common ServiceNow incidents by identifying the issue type, executing a remediation runbook, updating the incident, and notifying the on-call engineer via PagerDuty.
  tags:
  - servicenow
  - automation
  - pagerduty
  - incident-management
capability:
  exposes:
  - type: mcp
    namespace: auto-remediation
    port: 8080
    tools:
    - name: auto-remediate-incident
      description: Auto-remediate a ServiceNow incident by executing a runbook and notifying on-call. Use when an incident matches an auto-remediation pattern.
      inputParameters:
      - name: incident_id
        in: body
        type: string
        description: ServiceNow incident ID.
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident
        with:
          incident_id: '{{incident_id}}'
      - name: run-remediation
        type: call
        call: amex-runbooks.execute-runbook
        with:
          runbook_id: '{{get-incident.category}}-auto-fix'
          incident_id: '{{incident_id}}'
          ci: '{{get-incident.cmdb_ci}}'
      - name: update-incident
        type: call
        call: servicenow.update-incident
        with:
          incident_id: '{{incident_id}}'
          state: resolved
          work_notes: 'Auto-remediated via runbook. Result: {{run-remediation.status}}'
      - name: notify-oncall
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Auto-remediation completed: {{incident_id}}'
          body: 'Incident {{incident_id}} was auto-remediated. Status: {{run-remediation.status}}'
  consumes:
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident/{incident_id}
      inputParameters:
      - name: incident_id
        in: path
      operations:
      - name: get-incident
        method: GET
      - name: update-incident
        method: PATCH
  - namespace: amex-runbooks
    type: http
    baseUri: https://api.americanexpress.com/v1/automation
    authentication:
      type: bearer
      token: $secrets.amex_automation_token
    resources:
    - name: runbooks
      path: /runbooks/{runbook_id}/execute
      inputParameters:
      - name: runbook_id
        in: path
      operations:
      - name: execute-runbook
        method: POST
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST

Returns the most recent transactions for a cardholder account from the transaction history API.

naftiko: '0.5'
info:
  label: Cardholder Recent Transactions Lookup
  description: Returns the most recent transactions for a cardholder account from the transaction history API.
  tags:
  - payments
  - cardholder
  - transactions
capability:
  exposes:
  - type: mcp
    namespace: amex-transactions
    port: 8080
    tools:
    - name: get-recent-transactions
      description: Given a cardholder account ID, return the most recent transactions including merchant, amount, and date. Use when reviewing recent account activity.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID.
      call: amex-transactions.get-recent-transactions
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: transactions
        type: array
        mapping: $.transactions
      - name: count
        type: number
        mapping: $.count
  consumes:
  - namespace: amex-transactions
    type: http
    baseUri: https://api.americanexpress.com/v1/transactions
    authentication:
      type: bearer
      token: $secrets.amex_transactions_token
    resources:
    - name: transactions
      path: /accounts/{account_id}/transactions
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-recent-transactions
        method: GET

Generates and delivers international fee disclosures for cardholders traveling abroad by fetching fee schedules, generating the disclosure document, and emailing it to the cardholder.

naftiko: '0.5'
info:
  label: Cardholder International Fee Disclosure
  description: Generates and delivers international fee disclosures for cardholders traveling abroad by fetching fee schedules, generating the disclosure document, and emailing it to the cardholder.
  tags:
  - cardholder
  - compliance
  - travel
  - notifications
capability:
  exposes:
  - type: mcp
    namespace: fee-disclosure
    port: 8080
    tools:
    - name: send-fee-disclosure
      description: Generate and deliver an international fee disclosure. Use when a cardholder sets a travel notification for an international destination.
      inputParameters:
      - name: product_id
        in: body
        type: string
        description: Card product ID.
      - name: destination
        in: body
        type: string
        description: Destination country.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email.
      steps:
      - name: get-fees
        type: call
        call: amex-fees.get-fee-schedule
        with:
          product_id: '{{product_id}}'
          destination_country: '{{destination}}'
      - name: generate-doc
        type: call
        call: amex-docs.generate-disclosure
        with:
          template: international-fee-disclosure
          fee_schedule: '{{get-fees.schedule}}'
          destination: '{{destination}}'
      - name: deliver
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: International Fee Disclosure for {{destination}}
          body: 'Attached is your fee disclosure for travel to {{destination}}. Foreign transaction fee: {{get-fees.fx_fee_pct}}%.'
  consumes:
  - namespace: amex-fees
    type: http
    baseUri: https://api.americanexpress.com/v1/fees
    authentication:
      type: bearer
      token: $secrets.amex_fees_token
    resources:
    - name: schedules
      path: /products/{product_id}/international-fees
      inputParameters:
      - name: product_id
        in: path
      operations:
      - name: get-fee-schedule
        method: GET
  - namespace: amex-docs
    type: http
    baseUri: https://api.americanexpress.com/v1/documents
    authentication:
      type: bearer
      token: $secrets.amex_docs_token
    resources:
    - name: disclosures
      path: /generate
      operations:
      - name: generate-disclosure
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

On a CI/CD pipeline failure in GitHub Actions, creates a Datadog event marker, opens a Jira bug, and posts an alert to the engineering Slack channel.

naftiko: '0.5'
info:
  label: Application Pipeline Failure Response
  description: On a CI/CD pipeline failure in GitHub Actions, creates a Datadog event marker, opens a Jira bug, and posts an alert to the engineering Slack channel.
  tags:
  - devops
  - github-actions
  - datadog
  - jira
  - slack
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: devops-ops
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions workflow failure, create a Datadog event, open a Jira bug, and alert Slack. Invoke when a protected-branch pipeline fails in any American Express engineering repository.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The GitHub repository name where the failure occurred.
      - name: workflow_name
        in: body
        type: string
        description: The name of the failed GitHub Actions workflow.
      - name: run_id
        in: body
        type: string
        description: The GitHub Actions run ID for the failed workflow.
      - name: commit_sha
        in: body
        type: string
        description: The commit SHA that triggered the failed run.
      - name: branch
        in: body
        type: string
        description: The branch on which the failure occurred.
      steps:
      - name: create-datadog-event
        type: call
        call: datadog.create-event
        with:
          title: 'Pipeline failure: {{repo_name}} / {{workflow_name}}'
          text: Run {{run_id}} failed on branch {{branch}} at commit {{commit_sha}}
          alert_type: error
          tags: repo:{{repo_name}},env:ci
      - name: open-jira-bug
        type: call
        call: jira-eng.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[CI Failure] {{repo_name}} — {{workflow_name}} on {{branch}}'
          description: 'Workflow: {{workflow_name}}

            Run ID: {{run_id}}

            Branch: {{branch}}

            Commit: {{commit_sha}}

            Datadog event: {{create-datadog-event.id}}'
      - name: post-alert
        type: call
        call: slack-eng.post-message
        with:
          channel: engineering-alerts
          text: 'Pipeline Failure | Repo: {{repo_name}} | Workflow: {{workflow_name}} | Branch: {{branch}} | Jira: {{open-jira-bug.key}}'
  consumes:
  - namespace: datadog
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: event
      path: /events
      operations:
      - name: create-event
        method: POST
  - namespace: jira-eng
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack-eng
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Verifies whether a specific merchant is enrolled in the American Express acceptance network.

naftiko: '0.5'
info:
  label: Merchant Acceptance Verification
  description: Verifies whether a specific merchant is enrolled in the American Express acceptance network.
  tags:
  - merchants
  - payments
  - network
capability:
  exposes:
  - type: mcp
    namespace: amex-network
    port: 8080
    tools:
    - name: verify-acceptance
      description: Given a merchant ID, verify their enrollment in the Amex acceptance network and return network status and enrollment date. Use when confirming merchant acceptance.
      inputParameters:
      - name: merchant_id
        in: body
        type: string
        description: The merchant identifier.
      call: amex-network.verify-acceptance
      with:
        merchant_id: '{{merchant_id}}'
      outputParameters:
      - name: accepted
        type: boolean
        mapping: $.accepted
      - name: network_status
        type: string
        mapping: $.network_status
      - name: enrollment_date
        type: string
        mapping: $.enrollment_date
  consumes:
  - namespace: amex-network
    type: http
    baseUri: https://api.americanexpress.com/v1/network
    authentication:
      type: bearer
      token: $secrets.amex_network_token
    resources:
    - name: acceptance
      path: /merchants/{merchant_id}/acceptance
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: verify-acceptance
        method: GET

Enriches Salesforce leads with ZoomInfo company data, calculates a lead score, updates the lead record, and notifies the assigned sales rep via Slack.

naftiko: '0.5'
info:
  label: Salesforce Lead Scoring Enrichment
  description: Enriches Salesforce leads with ZoomInfo company data, calculates a lead score, updates the lead record, and notifies the assigned sales rep via Slack.
  tags:
  - salesforce
  - zoominfo
  - sales
  - slack
capability:
  exposes:
  - type: mcp
    namespace: lead-enrichment
    port: 8080
    tools:
    - name: enrich-lead
      description: Enrich a Salesforce lead with ZoomInfo data and notify the sales rep. Use when a new high-potential lead enters the pipeline.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: Salesforce lead ID.
      - name: company_name
        in: body
        type: string
        description: Company name to enrich.
      - name: sales_rep_channel
        in: body
        type: string
        description: Sales rep Slack channel.
      steps:
      - name: enrich
        type: call
        call: zoominfo.search-company
        with:
          company_name: '{{company_name}}'
      - name: update-lead
        type: call
        call: salesforce.update-lead
        with:
          lead_id: '{{lead_id}}'
          Company_Size__c: '{{enrich.employee_count}}'
          Revenue__c: '{{enrich.revenue}}'
          Lead_Score__c: '{{enrich.score}}'
      - name: notify-rep
        type: call
        call: slack.post-message
        with:
          channel: '{{sales_rep_channel}}'
          text: 'Lead enriched: {{company_name}} | Revenue: ${{enrich.revenue}} | Score: {{enrich.score}} | Employees: {{enrich.employee_count}}'
  consumes:
  - namespace: zoominfo
    type: http
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /search/company
      operations:
      - name: search-company
        method: POST
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{lead_id}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: update-lead
        method: PATCH
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Sets up a payment plan for a cardholder by evaluating eligibility, creating the plan, updating the billing system, and confirming via email.

naftiko: '0.5'
info:
  label: Cardholder Payment Plan Setup
  description: Sets up a payment plan for a cardholder by evaluating eligibility, creating the plan, updating the billing system, and confirming via email.
  tags:
  - cardholder
  - billing
  - payments
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: payment-plans
    port: 8080
    tools:
    - name: setup-payment-plan
      description: Create a payment plan for a cardholder and confirm enrollment. Use when a cardholder requests to pay a balance in installments.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Cardholder account ID.
      - name: amount
        in: body
        type: string
        description: Plan amount.
      - name: term_months
        in: body
        type: string
        description: Number of months for the plan.
      steps:
      - name: get-account
        type: call
        call: amex-accounts.get-account
        with:
          account_id: '{{account_id}}'
      - name: create-plan
        type: call
        call: amex-plans.create-plan
        with:
          account_id: '{{account_id}}'
          amount: '{{amount}}'
          term_months: '{{term_months}}'
          interest_rate: '{{get-account.plan_rate}}'
      - name: confirm
        type: call
        call: email.send-email
        with:
          to: '{{get-account.email}}'
          subject: Payment plan confirmed
          body: 'Your payment plan of ${{amount}} over {{term_months}} months has been set up. Monthly payment: ${{create-plan.monthly_payment}}. Plan ID: {{create-plan.plan_id}}'
  consumes:
  - namespace: amex-accounts
    type: http
    baseUri: https://api.americanexpress.com/v1/accounts
    authentication:
      type: bearer
      token: $secrets.amex_accounts_token
    resources:
    - name: account
      path: /accounts/{account_id}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - namespace: amex-plans
    type: http
    baseUri: https://api.americanexpress.com/v1/payment-plans
    authentication:
      type: bearer
      token: $secrets.amex_plans_token
    resources:
    - name: plans
      path: /plans
      operations:
      - name: create-plan
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Manages vendor contract renewals by fetching contract details from DocuSign, creating a review task in Jira, and notifying procurement via Slack and email.

naftiko: '0.5'
info:
  label: Vendor Contract Renewal Workflow
  description: Manages vendor contract renewals by fetching contract details from DocuSign, creating a review task in Jira, and notifying procurement via Slack and email.
  tags:
  - procurement
  - docusign
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: contract-renewal
    port: 8080
    tools:
    - name: process-renewal
      description: Fetch contract details, create a review task, and notify stakeholders. Use when a vendor contract approaches its renewal date.
      inputParameters:
      - name: envelope_id
        in: body
        type: string
        description: DocuSign envelope ID.
      - name: vendor_name
        in: body
        type: string
        description: Vendor name.
      - name: contract_value
        in: body
        type: string
        description: Contract value.
      - name: vendor_email
        in: body
        type: string
        description: Vendor contact email.
      steps:
      - name: get-contract
        type: call
        call: docusign.get-envelope
        with:
          ds_account_id: $secrets.docusign_account_id
          envelope_id: '{{envelope_id}}'
      - name: create-review
        type: call
        call: jira.create-issue
        with:
          project_key: PROC
          issuetype: Task
          summary: 'Contract renewal: {{get-contract.emailSubject}}'
          description: 'Vendor: {{vendor_name}}. Expiry: {{get-contract.expireAfter}}. Value: ${{contract_value}}.'
      - name: notify-procurement
        type: call
        call: slack.post-message
        with:
          channel: procurement
          text: 'Contract renewal due: {{vendor_name}} | Expiry: {{get-contract.expireAfter}} | Value: ${{contract_value}} | Jira: {{create-review.key}}'
      - name: notify-vendor
        type: call
        call: email.send-email
        with:
          to: '{{vendor_email}}'
          subject: Contract renewal notice
          body: Your contract with American Express is approaching renewal. Our procurement team will be in touch.
  consumes:
  - namespace: docusign
    type: http
    baseUri: https://na4.docusign.net/restapi/v2.1
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: envelopes
      path: /accounts/{ds_account_id}/envelopes/{envelope_id}
      inputParameters:
      - name: ds_account_id
        in: path
      - name: envelope_id
        in: path
      operations:
      - name: get-envelope
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a Terraform Cloud plan is created for a production workspace, retrieves plan details, posts a summary to the engineering Slack channel, and creates a ServiceNow change request for approval.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Provisioning Approval
  description: When a Terraform Cloud plan is created for a production workspace, retrieves plan details, posts a summary to the engineering Slack channel, and creates a ServiceNow change request for approval.
  tags:
  - cloud
  - infrastructure
  - terraform
  - servicenow
  - slack
  - devops
capability:
  exposes:
  - type: mcp
    namespace: infra-provisioning
    port: 8080
    tools:
    - name: request-infra-change-approval
      description: Given a Terraform Cloud workspace ID and run ID, fetch the plan summary, open a ServiceNow change request for the infrastructure change, and post a Slack notification to the engineering channel with plan details. Use when production Terraform plans need change management approval.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: The Terraform Cloud workspace ID where the plan was created.
      - name: run_id
        in: body
        type: string
        description: The Terraform Cloud run ID for the plan.
      steps:
      - name: get-plan
        type: call
        call: terraform.get-run
        with:
          run_id: '{{run_id}}'
      - name: create-change
        type: call
        call: servicenow-infra.create-change
        with:
          category: infrastructure
          short_description: 'Terraform plan requires approval: workspace {{workspace_id}}'
          description: 'Run ID: {{run_id}}

            Workspace: {{workspace_id}}

            Add: {{get-plan.resource_additions}}

            Change: {{get-plan.resource_changes}}

            Destroy: {{get-plan.resource_destructions}}'
          risk: moderate
      - name: post-notification
        type: call
        call: slack-infra.post-message
        with:
          channel: infra-changes
          text: 'Terraform Plan Pending Approval | Workspace: {{workspace_id}} | Run: {{run_id}} | +{{get-plan.resource_additions}} ~{{get-plan.resource_changes}} -{{get-plan.resource_destructions}} | SNOW: {{create-change.number}}'
  consumes:
  - namespace: terraform
    type: http
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: run
      path: /runs/{run_id}
      inputParameters:
      - name: run_id
        in: path
      operations:
      - name: get-run
        method: GET
  - namespace: servicenow-infra
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change
      path: /table/change_request
      operations:
      - name: create-change
        method: POST
  - namespace: slack-infra
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Retrieves the current status of an open dispute for a cardholder from the disputes platform.

naftiko: '0.5'
info:
  label: Cardholder Dispute Status Lookup
  description: Retrieves the current status of an open dispute for a cardholder from the disputes platform.
  tags:
  - disputes
  - cardholder
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: amex-disputes
    port: 8080
    tools:
    - name: get-dispute-status
      description: Given a dispute ID, return the current status, resolution ETA, and last update timestamp. Use when a cardholder inquires about an ongoing dispute.
      inputParameters:
      - name: dispute_id
        in: body
        type: string
        description: The dispute identifier.
      call: amex-disputes.get-dispute-status
      with:
        dispute_id: '{{dispute_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: resolution_eta
        type: string
        mapping: $.resolution_eta
      - name: last_update
        type: string
        mapping: $.last_update
  consumes:
  - namespace: amex-disputes
    type: http
    baseUri: https://api.americanexpress.com/v1/disputes
    authentication:
      type: bearer
      token: $secrets.amex_disputes_token
    resources:
    - name: status
      path: /disputes/{dispute_id}/status
      inputParameters:
      - name: dispute_id
        in: path
      operations:
      - name: get-dispute-status
        method: GET

Orchestrates new merchant onboarding by creating the merchant record, provisioning payment gateway credentials, assigning a relationship manager in Salesforce, and sending a welcome kit email.

naftiko: '0.5'
info:
  label: New Merchant Onboarding Orchestration
  description: Orchestrates new merchant onboarding by creating the merchant record, provisioning payment gateway credentials, assigning a relationship manager in Salesforce, and sending a welcome kit email.
  tags:
  - merchants
  - onboarding
  - salesforce
  - payments
capability:
  exposes:
  - type: mcp
    namespace: merchant-onboard
    port: 8080
    tools:
    - name: onboard-merchant
      description: Onboard a new merchant by creating their record, provisioning gateway credentials, creating a Salesforce account, and sending a welcome email. Use when a new merchant is approved for the network.
      inputParameters:
      - name: merchant_name
        in: body
        type: string
        description: Legal name of the merchant.
      - name: mcc_code
        in: body
        type: string
        description: Merchant category code.
      - name: contact_email
        in: body
        type: string
        description: Primary contact email.
      steps:
      - name: create-merchant
        type: call
        call: amex-merchants.create-merchant
        with:
          name: '{{merchant_name}}'
          mcc: '{{mcc_code}}'
          contact_email: '{{contact_email}}'
      - name: provision-gateway
        type: call
        call: amex-gateway.provision-credentials
        with:
          merchant_id: '{{create-merchant.merchant_id}}'
      - name: create-sf-account
        type: call
        call: salesforce.create-account
        with:
          Name: '{{merchant_name}}'
          Type: Merchant
          AmexMerchantId__c: '{{create-merchant.merchant_id}}'
      - name: send-welcome
        type: call
        call: email.send-email
        with:
          to: '{{contact_email}}'
          subject: Welcome to the American Express Network
          body: Your merchant ID is {{create-merchant.merchant_id}}. Gateway credentials have been provisioned. Your account manager will reach out shortly.
  consumes:
  - namespace: amex-merchants
    type: http
    baseUri: https://api.americanexpress.com/v1/merchants
    authentication:
      type: bearer
      token: $secrets.amex_merchant_token
    resources:
    - name: merchant
      path: /merchants
      operations:
      - name: create-merchant
        method: POST
  - namespace: amex-gateway
    type: http
    baseUri: https://api.americanexpress.com/v1/gateway
    authentication:
      type: bearer
      token: $secrets.amex_gateway_token
    resources:
    - name: credentials
      path: /merchants/{merchant_id}/credentials
      inputParameters:
      - name: merchant_id
        in: path
      operations:
      - name: provision-credentials
        method: POST
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account
      operations:
      - name: create-account
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

When a cardholder account triggers a KYC review flag, generates a document request via the customer communications platform and creates a Salesforce case for the KYC team to track.

naftiko: '0.5'
info:
  label: Cardholder KYC Document Request
  description: When a cardholder account triggers a KYC review flag, generates a document request via the customer communications platform and creates a Salesforce case for the KYC team to track.
  tags:
  - kyc
  - compliance
  - payments
  - salesforce
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: kyc-ops
    port: 8080
    tools:
    - name: initiate-kyc-review
      description: Given a cardholder account ID and KYC flag reason, create a Salesforce KYC case and send a document request notification to the cardholder. Use when account activity triggers a Know Your Customer review requirement.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account ID that triggered the KYC flag.
      - name: flag_reason
        in: body
        type: string
        description: The reason the KYC review was triggered (e.g., high_transaction_volume, new_market).
      - name: cardholder_email
        in: body
        type: string
        description: The cardholder's email address for document request communications.
      steps:
      - name: create-kyc-case
        type: call
        call: salesforce-kyc.create-case
        with:
          account_id: '{{account_id}}'
          subject: KYC Review Required — Account {{account_id}}
          description: 'KYC flag reason: {{flag_reason}}'
          type: KYC Review
          priority: High
      - name: send-doc-request
        type: call
        call: amex-comms.send-email
        with:
          to: '{{cardholder_email}}'
          template_id: kyc_document_request
          account_id: '{{account_id}}'
          case_number: '{{create-kyc-case.case_number}}'
  consumes:
  - namespace: salesforce-kyc
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: case
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST
  - namespace: amex-comms
    type: http
    baseUri: https://api.americanexpress.com/v1/communications
    authentication:
      type: bearer
      token: $secrets.amex_comms_token
    resources:
    - name: email
      path: /email/send
      operations:
      - name: send-email
        method: POST

Classifies documents uploaded to Box by extracting metadata, running classification, updating Box metadata, and logging results in ServiceNow.

naftiko: '0.5'
info:
  label: Box Document Classification Workflow
  description: Classifies documents uploaded to Box by extracting metadata, running classification, updating Box metadata, and logging results in ServiceNow.
  tags:
  - box
  - document-management
  - classification
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: doc-classify
    port: 8080
    tools:
    - name: classify-document
      description: Classify a Box document and update its metadata. Use when a new document is uploaded to a monitored Box folder.
      inputParameters:
      - name: file_id
        in: body
        type: string
        description: Box file ID.
      steps:
      - name: get-file
        type: call
        call: box.get-file
        with:
          file_id: '{{file_id}}'
      - name: classify
        type: call
        call: amex-classify.classify-document
        with:
          file_name: '{{get-file.name}}'
          file_type: '{{get-file.extension}}'
      - name: update-meta
        type: call
        call: box.update-metadata
        with:
          file_id: '{{file_id}}'
          classification: '{{classify.classification}}'
      - name: log-result
        type: call
        call: servicenow.create-record
        with:
          file_id: '{{file_id}}'
          classification: '{{classify.classification}}'
  consumes:
  - namespace: box
    type: http
    baseUri: https://api.box.com/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: files
      path: /files/{file_id}
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: get-file
        method: GET
      - name: update-metadata
        method: POST
  - namespace: amex-classify
    type: http
    baseUri: https://api.americanexpress.com/v1/ai
    authentication:
      type: bearer
      token: $secrets.amex_ai_token
    resources:
    - name: classify
      path: /classify
      operations:
      - name: classify-document
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/u_document_classification
      operations:
      - name: create-record
        method: POST

Detects Terraform infrastructure drift by triggering a plan, comparing state, creating a Jira remediation ticket, and alerting the platform team via Slack.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Drift Detection
  description: Detects Terraform infrastructure drift by triggering a plan, comparing state, creating a Jira remediation ticket, and alerting the platform team via Slack.
  tags:
  - terraform
  - infrastructure
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: drift-detection
    port: 8080
    tools:
    - name: detect-drift
      description: Trigger a Terraform plan to detect drift and report findings. Use during scheduled drift detection runs.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: Terraform Cloud workspace ID.
      steps:
      - name: trigger-plan
        type: call
        call: terraform-cloud.create-run
        with:
          workspace_id: '{{workspace_id}}'
          is_destroy: 'false'
          message: Drift detection run
      - name: check-plan
        type: call
        call: terraform-cloud.get-run
        with:
          run_id: '{{trigger-plan.id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: PLAT
          issuetype: Task
          summary: 'Terraform drift detected: {{workspace_id}}'
          description: 'Resources to add: {{check-plan.resource_additions}}. To change: {{check-plan.resource_changes}}. To destroy: {{check-plan.resource_destructions}}.'
      - name: alert-team
        type: call
        call: slack.post-message
        with:
          channel: platform-engineering
          text: 'Drift detected in {{workspace_id}} | +{{check-plan.resource_additions}} ~{{check-plan.resource_changes}} -{{check-plan.resource_destructions}} | Jira: {{create-ticket.key}}'
  consumes:
  - namespace: terraform-cloud
    type: http
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: create-run
        method: POST
    - name: run-detail
      path: /runs/{run_id}
      inputParameters:
      - name: run_id
        in: path
      operations:
      - name: get-run
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Scans GitHub pull requests for security vulnerabilities using SonarQube, posts findings as PR comments, and creates a Jira security issue if critical vulnerabilities are found.

naftiko: '0.5'
info:
  label: GitHub Pull Request Security Scan
  description: Scans GitHub pull requests for security vulnerabilities using SonarQube, posts findings as PR comments, and creates a Jira security issue if critical vulnerabilities are found.
  tags:
  - github
  - security
  - sonarqube
  - jira
capability:
  exposes:
  - type: mcp
    namespace: pr-security
    port: 8080
    tools:
    - name: scan-pr-security
      description: Scan a pull request for vulnerabilities and report findings. Use when a PR is opened against a protected branch.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository name.
      - name: pr_number
        in: body
        type: string
        description: Pull request number.
      steps:
      - name: get-pr
        type: call
        call: github.get-pr
        with:
          repo: '{{repo}}'
          pr_number: '{{pr_number}}'
      - name: scan
        type: call
        call: sonarqube.get-analysis
        with:
          projectKey: '{{repo}}-pr-{{pr_number}}'
      - name: comment
        type: call
        call: github.post-comment
        with:
          repo: '{{repo}}'
          pr_number: '{{pr_number}}'
          body: 'Security scan: {{scan.projectStatus.status}}. Vulnerabilities: {{scan.projectStatus.conditions}}'
      - name: create-sec-issue
        type: call
        call: jira.create-issue
        with:
          project_key: SEC
          issuetype: Bug
          summary: 'Security scan findings: {{repo}} PR#{{pr_number}}'
          description: 'Status: {{scan.projectStatus.status}}. PR: {{get-pr.html_url}}'
  consumes:
  - namespace: github
    type: http
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pulls
      path: /repos/americanexpress/{repo}/pulls/{pr_number}
      inputParameters:
      - name: repo
        in: path
      - name: pr_number
        in: path
      operations:
      - name: get-pr
        method: GET
      - name: post-comment
        method: POST
  - namespace: sonarqube
    type: http
    baseUri: https://sonarqube.americanexpress.com/api
    authentication:
      type: bearer
      token: $secrets.sonarqube_token
    resources:
    - name: analysis
      path: /qualitygates/project_status
      operations:
      - name: get-analysis
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST

Routes compensation change requests through approval by fetching the proposal from Workday, creating a Jira approval task, and notifying HR leadership via Slack.

naftiko: '0.5'
info:
  label: Workday Compensation Change Approval
  description: Routes compensation change requests through approval by fetching the proposal from Workday, creating a Jira approval task, and notifying HR leadership via Slack.
  tags:
  - hr
  - workday
  - jira
  - slack
  - compensation
capability:
  exposes:
  - type: mcp
    namespace: comp-approval
    port: 8080
    tools:
    - name: route-comp-approval
      description: Route a compensation change through the approval workflow. Use when a manager submits a salary adjustment proposal.
      inputParameters:
      - name: proposal_id
        in: body
        type: string
        description: Workday compensation proposal ID.
      steps:
      - name: get-proposal
        type: call
        call: workday.get-proposal
        with:
          proposal_id: '{{proposal_id}}'
      - name: create-approval
        type: call
        call: jira.create-issue
        with:
          project_key: HRA
          issuetype: Task
          summary: Comp change approval — {{get-proposal.employee_name}}
          description: 'Current: ${{get-proposal.current_salary}}. Proposed: ${{get-proposal.proposed_salary}}. Reason: {{get-proposal.reason}}.'
      - name: notify-hr
        type: call
        call: slack.post-message
        with:
          channel: hr-leadership
          text: 'Comp change pending: {{get-proposal.employee_name}} | ${{get-proposal.current_salary}} → ${{get-proposal.proposed_salary}} | Jira: {{create-approval.key}}'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd3-impl-services1.workday.com/ccx/service/amex
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: compensation
      path: /compensation/proposals/{proposal_id}
      inputParameters:
      - name: proposal_id
        in: path
      operations:
      - name: get-proposal
        method: GET
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a new employee is created in Workday, provisions a corporate card account and sends onboarding instructions via Microsoft Teams.

naftiko: '0.5'
info:
  label: New Employee Card Provisioning
  description: When a new employee is created in Workday, provisions a corporate card account and sends onboarding instructions via Microsoft Teams.
  tags:
  - hr
  - onboarding
  - workday
  - payments
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-provisioning
    port: 8080
    tools:
    - name: provision-employee-card
      description: Given a Workday employee ID, retrieve employee details, create a corporate card account, and send the cardholder a Teams message with activation instructions. Invoke during new hire onboarding.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the new hire.
      - name: cost_center
        in: body
        type: string
        description: The cost center code to associate with the new corporate card.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: create-card-account
        type: call
        call: amex-corp.create-card-account
        with:
          first_name: '{{get-employee.first_name}}'
          last_name: '{{get-employee.last_name}}'
          email: '{{get-employee.work_email}}'
          cost_center: '{{cost_center}}'
      - name: send-instructions
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-employee.work_email}}'
          text: 'Welcome! Your American Express corporate card has been provisioned. Account reference: {{create-card-account.account_id}}. Activate at amex.com/activate.'
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_access_token
    resources:
    - name: worker
      path: /workers/{worker_id}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - namespace: amex-corp
    type: http
    baseUri: https://api.americanexpress.com/v1/corporate
    authentication:
      type: bearer
      token: $secrets.amex_corp_token
    resources:
    - name: card-account
      path: /accounts
      operations:
      - name: create-card-account
        method: POST
  - namespace: msteams
    type: http
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chat-message
      path: /users/{recipient_upn}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Monitors Oracle database health by querying performance metrics, creating a ServiceNow incident if thresholds are breached, and notifying the DBA team via Slack.

naftiko: '0.5'
info:
  label: Oracle Database Health Monitoring
  description: Monitors Oracle database health by querying performance metrics, creating a ServiceNow incident if thresholds are breached, and notifying the DBA team via Slack.
  tags:
  - oracle
  - database
  - servicenow
  - slack
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: oracle-health
    port: 8080
    tools:
    - name: monitor-oracle-health
      description: Check Oracle database health, create an incident if degraded, and notify DBAs. Use when scheduled health checks run or alerts trigger.
      inputParameters:
      - name: database_name
        in: body
        type: string
        description: Oracle database name.
      steps:
      - name: check-health
        type: call
        call: oracle-cloud.get-health
        with: {}
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: Oracle DB health alert — {{database_name}}
          category: database
          priority: '2'
          description: 'CPU: {{check-health.cpu_pct}}%. Sessions: {{check-health.active_sessions}}. Tablespace: {{check-health.tablespace_pct}}%.'
      - name: notify-dba
        type: call
        call: slack.post-message
        with:
          channel: dba-ops
          text: 'Oracle DB alert: {{database_name}} | CPU: {{check-health.cpu_pct}}% | Sessions: {{check-health.active_sessions}} | SNOW: {{create-incident.number}}'
  consumes:
  - namespace: oracle-cloud
    type: http
    baseUri: https://database.americanexpress.oraclecloud.com/ords
    authentication:
      type: bearer
      token: $secrets.oracle_token
    resources:
    - name: metrics
      path: /admin/health
      operations:
      - name: get-health
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Responds to New Relic performance alerts by fetching violation details, creating a PagerDuty incident, opening a Jira bug, and posting to the engineering Slack channel.

naftiko: '0.5'
info:
  label: New Relic Performance Degradation Handler
  description: Responds to New Relic performance alerts by fetching violation details, creating a PagerDuty incident, opening a Jira bug, and posting to the engineering Slack channel.
  tags:
  - new-relic
  - monitoring
  - pagerduty
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: perf-handler
    port: 8080
    tools:
    - name: handle-perf-degradation
      description: Respond to a performance degradation alert by paging on-call, creating a bug, and notifying engineering. Use when New Relic detects performance issues.
      inputParameters:
      - name: policy_id
        in: body
        type: string
        description: New Relic alert policy ID.
      steps:
      - name: get-violations
        type: call
        call: newrelic.get-violations
        with:
          policy_id: '{{policy_id}}'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Perf degradation: {{get-violations.condition_name}}'
          service_id: $secrets.pd_service_id
          urgency: high
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: 'Perf degradation: {{get-violations.condition_name}}'
          description: 'Violation: {{get-violations.condition_name}}. Threshold: {{get-violations.threshold}}. Value: {{get-violations.value}}.'
      - name: alert-eng
        type: call
        call: slack.post-message
        with:
          channel: engineering-alerts
          text: 'Performance degradation: {{get-violations.condition_name}} | PD: {{page-oncall.incident_number}} | Jira: {{create-bug.key}}'
  consumes:
  - namespace: newrelic
    type: http
    baseUri: https://api.newrelic.com/v2
    authentication:
      type: bearer
      token: $secrets.newrelic_token
    resources:
    - name: alerts
      path: /alerts_violations.json
      operations:
      - name: get-violations
        method: GET
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: jira
    type: http
    baseUri: https://americanexpress.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - namespace: slack
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a cardholder reports a lost card, cancels the existing card, orders a replacement, creates a ServiceNow case, and sends a confirmation via email.

naftiko: '0.5'
info:
  label: Cardholder Lost Card Replacement Workflow
  description: When a cardholder reports a lost card, cancels the existing card, orders a replacement, creates a ServiceNow case, and sends a confirmation via email.
  tags:
  - cardholder
  - cards
  - servicenow
  - customer-support
capability:
  exposes:
  - type: mcp
    namespace: card-replace
    port: 8080
    tools:
    - name: replace-lost-card
      description: Cancel a lost card, order a replacement, create a support case, and confirm with the cardholder. Use when a cardholder reports a lost or stolen card.
      inputParameters:
      - name: card_id
        in: body
        type: string
        description: The card ID to replace.
      - name: cardholder_email
        in: body
        type: string
        description: Cardholder email address for confirmation.
      steps:
      - name: cancel-card
        type: call
        call: amex-cards.cancel-card
        with:
          card_id: '{{card_id}}'
      - name: order-replacement
        type: call
        call: amex-cards.order-replacement
        with:
          card_id: '{{card_id}}'
          shipping: expedited
      - name: create-case
        type: call
        call: servicenow.create-case
        with:
          short_description: Lost card replacement — {{card_id}}
          category: card-services
          priority: '2'
      - name: send-confirmation
        type: call
        call: email.send-email
        with:
          to: '{{cardholder_email}}'
          subject: Your replacement card is on its way
          body: 'Your card ending in {{cancel-card.last_four}} has been cancelled. A replacement will arrive within 2 business days. Case: {{create-case.number}}'
  consumes:
  - namespace: amex-cards
    type: http
    baseUri: https://api.americanexpress.com/v1/cards
    authentication:
      type: bearer
      token: $secrets.amex_cards_token
    resources:
    - name: card
      path: /cards/{card_id}
      inputParameters:
      - name: card_id
        in: path
      operations:
      - name: cancel-card
        method: POST
      - name: order-replacement
        method: POST
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_customerservice_case
      operations:
      - name: create-case
        method: POST
  - namespace: email
    type: http
    baseUri: https://api.americanexpress.com/v1/notifications
    authentication:
      type: bearer
      token: $secrets.amex_notifications_token
    resources:
    - name: messages
      path: /email/send
      operations:
      - name: send-email
        method: POST

Retrieves recent resolved Salesforce Service Cloud cases, submits case notes to OpenAI for sentiment and theme extraction, and posts a digest to a Slack channel for the customer experience team.

naftiko: '0.5'
info:
  label: Customer Sentiment Analysis from Support Cases
  description: Retrieves recent resolved Salesforce Service Cloud cases, submits case notes to OpenAI for sentiment and theme extraction, and posts a digest to a Slack channel for the customer experience team.
  tags:
  - customer-support
  - salesforce
  - openai
  - slack
  - ai
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: cx-intelligence
    port: 8080
    tools:
    - name: digest-support-sentiment
      description: Given a Salesforce queue name and date range, retrieve closed cases, send transcripts to OpenAI for sentiment analysis, and post a summary digest to Slack. Use when the CX team needs a weekly support sentiment report.
      inputParameters:
      - name: queue_name
        in: body
        type: string
        description: The Salesforce Service Cloud queue name to analyze (e.g., AmexCardholderSupport).
      - name: from_date
        in: body
        type: string
        description: Start date for case retrieval in YYYY-MM-DD format.
      - name: to_date
        in: body
        type: string
        description: End date for case retrieval in YYYY-MM-DD format.
      steps:
      - name: get-cases
        type: call
        call: salesforce.query-cases
        with:
          queue: '{{queue_name}}'
          closed_from: '{{from_date}}'
          closed_to: '{{to_date}}'
      - name: analyze-sentiment
        type: call
        call: openai.create-completion
        with:
          model: gpt-4o
          prompt: 'Analyze the following support case summaries and return a JSON object with: overall_sentiment (positive/neutral/negative), top_themes (array of strings), and recommended_actions (array of strings). Cases: {{get-cases.summaries}}'
      - name: post-digest
        type: call
        call: slack-cx.post-message
        with:
          channel: cx-insights
          text: 'CX Sentiment Digest ({{from_date}} to {{to_date}}) | Queue: {{queue_name}} | Sentiment: {{analyze-sentiment.overall_sentiment}} | Top themes: {{analyze-sentiment.top_themes}}'
  consumes:
  - namespace: salesforce
    type: http
    baseUri: https://americanexpress.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_access_token
    resources:
    - name: cases
      path: /query
      inputParameters:
      - name: q
        in: query
      operations:
      - name: query-cases
        method: GET
  - namespace: openai
    type: http
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: completion
      path: /chat/completions
      operations:
      - name: create-completion
        method: POST
  - namespace: slack-cx
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

Monitors Datadog for transaction volume anomaly alerts and, when triggered, creates a PagerDuty incident and posts to the payments operations Slack channel.

naftiko: '0.5'
info:
  label: Transaction Anomaly Monitoring Alert
  description: Monitors Datadog for transaction volume anomaly alerts and, when triggered, creates a PagerDuty incident and posts to the payments operations Slack channel.
  tags:
  - observability
  - datadog
  - pagerduty
  - slack
  - payments
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: payments-observability
    port: 8080
    tools:
    - name: handle-transaction-anomaly
      description: Given a Datadog anomaly alert ID and severity, retrieve alert details, create a PagerDuty incident for the on-call payments team, and post a Slack notification. Use when transaction processing anomalies are detected.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Datadog monitor alert ID for the transaction anomaly.
      - name: severity
        in: body
        type: string
        description: 'Alert severity level: critical, high, medium, or low.'
      - name: affected_service
        in: body
        type: string
        description: The name of the affected payments service or pipeline.
      steps:
      - name: get-alert
        type: call
        call: datadog-monitor.get-monitor
        with:
          monitor_id: '{{alert_id}}'
      - name: create-pd-incident
        type: call
        call: pagerduty.create-incident
        with:
          title: Transaction anomaly on {{affected_service}} — severity {{severity}}
          service_id: $secrets.pagerduty_payments_service_id
          urgency: '{{severity}}'
          body: 'Datadog alert {{alert_id}}: {{get-alert.message}}'
      - name: post-slack
        type: call
        call: slack-payments.post-message
        with:
          channel: payments-ops
          text: 'Transaction Anomaly Detected | Service: {{affected_service}} | Severity: {{severity}} | PagerDuty: {{create-pd-incident.incident_number}} | Alert: {{alert_id}}'
  consumes:
  - namespace: datadog-monitor
    type: http
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitor
      path: /monitor/{monitor_id}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_api_key
      placement: header
    resources:
    - name: incident
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - namespace: slack-payments
    type: http
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: message
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST

When a fraud signal is raised on a cardholder account, retrieves transaction details from the core payments platform, opens a ServiceNow incident, and sends a Twilio SMS alert to the cardholder.

naftiko: '0.5'
info:
  label: Cardholder Fraud Alert Triage
  description: When a fraud signal is raised on a cardholder account, retrieves transaction details from the core payments platform, opens a ServiceNow incident, and sends a Twilio SMS alert to the cardholder.
  tags:
  - fraud
  - payments
  - servicenow
  - twilio
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: fraud-ops
    port: 8080
    tools:
    - name: handle-fraud-alert
      description: Given a card account ID and transaction ID, fetch transaction details, open a ServiceNow fraud incident, and send an SMS alert to the cardholder. Invoke when a fraud signal is detected on a cardholder account.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The cardholder account identifier from the payments platform.
      - name: transaction_id
        in: body
        type: string
        description: The transaction ID flagged as potentially fraudulent.
      - name: cardholder_phone
        in: body
        type: string
        description: The cardholder's mobile phone number in E.164 format for SMS notification.
      steps:
      - name: get-transaction
        type: call
        call: amex-payments.get-transaction
        with:
          account_id: '{{account_id}}'
          transaction_id: '{{transaction_id}}'
      - name: open-incident
        type: call
        call: servicenow.create-incident
        with:
          category: fraud
          short_description: Fraud alert on account {{account_id}} — txn {{transaction_id}}
          urgency: '1'
          impact: '1'
      - name: send-sms
        type: call
        call: twilio.send-sms
        with:
          to: '{{cardholder_phone}}'
          body: 'American Express Alert: Suspicious activity detected on your account ending {{get-transaction.last_four}}. If unrecognized, call 1-800-528-4800. Ref: {{open-incident.number}}'
  consumes:
  - namespace: amex-payments
    type: http
    baseUri: https://api.americanexpress.com/v1/payments
    authentication:
      type: bearer
      token: $secrets.amex_payments_token
    resources:
    - name: transaction
      path: /accounts/{account_id}/transactions/{transaction_id}
      inputParameters:
      - name: account_id
        in: path
      - name: transaction_id
        in: path
      operations:
      - name: get-transaction
        method: GET
  - namespace: servicenow
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incident
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - namespace: twilio
    type: http
    baseUri: https://api.twilio.com/2010-04-01
    authentication:
      type: basic
      username: $secrets.twilio_account_sid
      password: $secrets.twilio_auth_token
    resources:
    - name: messages
      path: /Accounts/{account_sid}/Messages.json
      inputParameters:
      - name: account_sid
        in: path
      operations:
      - name: send-sms
        method: POST

When a SAP Concur travel booking is submitted, validates it against the American Express travel policy and flags non-compliant bookings by creating a ServiceNow task for manager review.

naftiko: '0.5'
info:
  label: Corporate Travel Booking Policy Compliance Check
  description: When a SAP Concur travel booking is submitted, validates it against the American Express travel policy and flags non-compliant bookings by creating a ServiceNow task for manager review.
  tags:
  - travel
  - expense-management
  - sap-concur
  - servicenow
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: travel-compliance
    port: 8080
    tools:
    - name: check-travel-booking-compliance
      description: Given a Concur travel booking ID, retrieve booking details and validate against policy rules. If non-compliant, create a ServiceNow approval task for the employee's manager. Use when travel bookings are submitted for pre-trip approval.
      inputParameters:
      - name: booking_id
        in: body
        type: string
        description: The SAP Concur travel booking ID to validate.
      - name: employee_id
        in: body
        type: string
        description: The employee ID of the traveler.
      steps:
      - name: get-booking
        type: call
        call: concur-travel.get-booking
        with:
          booking_id: '{{booking_id}}'
      - name: create-approval-task
        type: call
        call: servicenow-travel.create-task
        with:
          category: travel_compliance
          short_description: 'Travel booking policy review required: {{booking_id}}'
          description: 'Employee: {{employee_id}}

            Destination: {{get-booking.destination}}

            Cost: ${{get-booking.total_cost}}

            Dates: {{get-booking.travel_dates}}

            Booking: {{booking_id}}'
  consumes:
  - namespace: concur-travel
    type: http
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_access_token
    resources:
    - name: booking
      path: /travel/trips/{booking_id}
      inputParameters:
      - name: booking_id
        in: path
      operations:
      - name: get-booking
        method: GET
  - namespace: servicenow-travel
    type: http
    baseUri: https://americanexpress.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: task
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

When a critical Datadog alert fires for a banking platform, creates a ServiceNow P1 incident, pages the on-call engineer via PagerDuty, and posts a war-room message to Microsoft Teams.

naftiko: '0.5'
info:
  label: Critical IT Incident Response and Escalation
  description: When a critical Datadog alert fires for a banking platform, creates a ServiceNow P1 incident, pages the on-call engineer via PagerDuty, and posts a war-room message to Microsoft Teams.
  tags:
  - itsm
  - incident-response
  - datadog
  - servicenow
  - pagerduty
  - microsoft-teams
  - operations
capability:
  exposes:
  - type: mcp
    namespace: incident-ops
    port: 8080
    tools:
    - name: handle-critical-incident
      description: Given a Datadog alert with monitor ID, severity, and affected banking service, create a ServiceNow P1 incident, page PagerDuty on-call, and post a war-room alert to Teams.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: The Datadog monitor ID that triggered the critical alert.
      - name: affected_service
        in: body
        type: string
        description: The affected banking service name, e.g. 'Online Banking Portal', 'ACH Processing'.
      - name: alert_message
        in: body
        type: string
        description: The Datadog alert message describing the failure condition.
      - name: severity
        in: body
        type: string
        description: 'Alert severity: ''critical'' or ''warning''.'
      steps:
      - name: create-p1-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'P1: {{affected_service}} — {{alert_message}}'
          urgency: '1'
          impact: '1'
          category: infrastructure
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          title: 'CRITICAL: {{affected_service}} — {{alert_message}}'
          service_id: $secrets.pagerduty_banking_service_id
          severity: critical
          body: 'Monitor: {{monitor_id}} | SNOW: {{create-p1-incident.number}}'
      - name: open-war-room
        type: call
        call: msteams.post-channel-message
        with:
          channel: incident-war-room
          message: 'P1 INCIDENT: {{affected_service}} | {{alert_message}} | SNOW: {{create-p1-incident.number}} | PD: {{page-oncall.id}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://bankofamerica.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_api_key
      placement: header
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When an employee undergoes a role change in Workday, updates their Okta group memberships to match the new role profile and creates a ServiceNow task to confirm access provisioning.

naftiko: '0.5'
info:
  label: Workday Role Change Access Provisioning
  description: When an employee undergoes a role change in Workday, updates their Okta group memberships to match the new role profile and creates a ServiceNow task to confirm access provisioning.
  tags:
  - hr
  - identity
  - workday
  - okta
  - servicenow
  - role-change
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: hr-access
    port: 8080
    tools:
    - name: sync-role-change-access
      description: Given a Workday worker ID, new role, and old role, update Okta group memberships for the employee and create a ServiceNow provisioning confirmation task.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID for the employee with the role change.
      - name: new_role
        in: body
        type: string
        description: The new job role from the BofA role catalogue.
      - name: old_role
        in: body
        type: string
        description: The previous job role for de-provisioning reference.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: update-okta-groups
        type: call
        call: okta.update-user-groups
        with:
          user_login: '{{get-worker.work_email}}'
          add_group: '{{new_role}}'
          remove_group: '{{old_role}}'
      - name: create-task
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Role change access update: {{get-worker.full_name}} — {{old_role}} to {{new_role}}'
          assignment_group: IT_Access_Management
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /bankofamerica/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://bankofamerica.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user-groups
      path: /users/{{user_login}}/groups
      inputParameters:
      - name: user_login
        in: path
      operations:
      - name: update-user-groups
        method: PUT
  - type: http
    namespace: servicenow
    baseUri: https://bankofamerica.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Triggers a Power BI dataset refresh for the Bank of America executive financial dashboard and posts status to the Finance Reporting Teams channel.

naftiko: '0.5'
info:
  label: Power BI Executive Dashboard Refresh
  description: Triggers a Power BI dataset refresh for the Bank of America executive financial dashboard and posts status to the Finance Reporting Teams channel.
  tags:
  - analytics
  - power-bi
  - microsoft-teams
  - reporting
  - finance
capability:
  exposes:
  - type: mcp
    namespace: bi-reporting
    port: 8080
    tools:
    - name: trigger-executive-dashboard-refresh
      description: Given a Power BI workspace ID and dataset ID, trigger a dataset refresh and notify the Finance Reporting Teams channel with the status and completion time.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: The Power BI workspace ID containing the dataset.
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID to refresh.
      steps:
      - name: trigger-refresh
        type: call
        call: powerbi.trigger-refresh
        with:
          workspace_id: '{{workspace_id}}'
          dataset_id: '{{dataset_id}}'
      - name: notify-finance
        type: call
        call: msteams.post-channel-message
        with:
          channel: finance-reporting
          message: 'Power BI refresh triggered for dataset {{dataset_id}}. Status: {{trigger-refresh.status}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: workspace_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves current market price for a security from Bloomberg Enterprise Data.

naftiko: '0.5'
info:
  label: Bloomberg Security Price Lookup
  description: Retrieves current market price for a security from Bloomberg Enterprise Data.
  tags:
  - banking
  - bloomberg
  - market-data
  - trading
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: market-ops
    port: 8080
    tools:
    - name: get-security-price
      description: Given a Bloomberg security identifier, return the last price, change, and volume.
      inputParameters:
      - name: security_id
        in: body
        type: string
        description: Bloomberg security identifier.
      call: bloomberg.get-quote
      with:
        securities: '{{security_id}}'
      outputParameters:
      - name: last_price
        type: number
        mapping: $.data[0].last_price
      - name: change_pct
        type: number
        mapping: $.data[0].change_pct
  consumes:
  - namespace: bloomberg
    type: http
    baseUri: https://api.bloomberg.com/eap/catalogs/bbg/datasets
    authentication:
      type: bearer
      token: $secrets.bloomberg_token
    resources:
    - name: quotes
      path: /quotes?securities={{securities}}
      operations:
      - name: get-quote
        method: GET

Fetches a Jira issue by key and returns the summary, status, assignee, and priority.

naftiko: '0.5'
info:
  label: Jira Issue Detail Lookup
  description: Fetches a Jira issue by key and returns the summary, status, assignee, and priority.
  tags:
  - banking
  - engineering
  - jira
  - project-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: eng-ops
    port: 8080
    tools:
    - name: get-jira-issue
      description: Given a Jira issue key, return the issue summary, status, assignee, and priority.
      inputParameters:
      - name: issue_key
        in: body
        type: string
        description: Jira issue key.
      call: jira.get-issue
      with:
        issueKey: '{{issue_key}}'
      outputParameters:
      - name: summary
        type: string
        mapping: $.fields.summary
      - name: status
        type: string
        mapping: $.fields.status.name
      - name: assignee
        type: string
        mapping: $.fields.assignee.displayName
  consumes:
  - namespace: jira
    type: http
    baseUri: https://bofa.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: eng-ops
      path: /{{id}}
      operations:
      - name: get-issue
        method: GET

Audits MFA enrollment by querying Okta for unenrolled users, creating compliance tasks in ServiceNow, and notifying IT security via Teams.

naftiko: '0.5'
info:
  label: Okta MFA Enrollment Compliance Audit
  description: Audits MFA enrollment by querying Okta for unenrolled users, creating compliance tasks in ServiceNow, and notifying IT security via Teams.
  tags:
  - banking
  - security
  - okta
  - mfa
  - servicenow
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: mfa-ops
    port: 8080
    tools:
    - name: audit-mfa-compliance
      description: Query Okta for users without MFA, create a compliance task in ServiceNow, and notify IT security in Teams.
      inputParameters:
      - name: department
        in: body
        type: string
        description: Department to audit.
      - name: security_lead_upn
        in: body
        type: string
        description: UPN of security lead.
      steps:
      - name: get-unenrolled
        type: call
        call: okta.list-unenrolled
        with:
          department: '{{department}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'MFA non-compliance: {{department}}'
          description: 'Unenrolled: {{get-unenrolled.count}}'
      - name: notify-lead
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{security_lead_upn}}'
          text: 'MFA audit: {{department}} — {{get-unenrolled.count}} unenrolled. Task: {{create-task.number}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://bofa.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: users
      path: /users?filter=profile.department eq "{{department}}"
      inputParameters:
      - name: department
        in: query
      operations:
      - name: list-unenrolled
        method: GET
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_compliance_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the assigned relationship manager for a client account from Salesforce.

naftiko: '0.5'
info:
  label: Salesforce Relationship Manager Assignment Lookup
  description: Retrieves the assigned relationship manager for a client account from Salesforce.
  tags:
  - banking
  - salesforce
  - relationship-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: rm-ops
    port: 8080
    tools:
    - name: get-rm-assignment
      description: Given a client account ID, return the relationship manager name, email, and last contact date.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Salesforce account ID.
      call: sf.get-rm
      with:
        accountId: '{{account_id}}'
      outputParameters:
      - name: rm_name
        type: string
        mapping: $.Owner.Name
      - name: rm_email
        type: string
        mapping: $.Owner.Email
      - name: last_contact
        type: string
        mapping: $.Last_Contact_Date__c
  consumes:
  - namespace: sf
    type: http
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{accountId}}
      operations:
      - name: get-rm
        method: GET

Screens wire transfers by checking patterns in Snowflake, creating a hold in SAP, and alerting the fraud team.

naftiko: '0.5'
info:
  label: Wire Transfer Fraud Screening Workflow
  description: Screens wire transfers by checking patterns in Snowflake, creating a hold in SAP, and alerting the fraud team.
  tags:
  - banking
  - fraud-detection
  - payments
  - snowflake
  - sap
capability:
  exposes:
  - type: mcp
    namespace: fraud-ops
    port: 8080
    tools:
    - name: screen-wire-transfer
      description: Given a wire transfer ID and amount, check patterns in Snowflake, hold in SAP, and alert fraud team.
      inputParameters:
      - name: transfer_id
        in: body
        type: string
        description: Transfer ID.
      - name: amount
        in: body
        type: number
        description: Amount.
      - name: fraud_channel_id
        in: body
        type: string
        description: Fraud channel.
      steps:
      - name: check
        type: call
        call: snowflake.check-wire
        with:
          transfer_id: '{{transfer_id}}'
          amount: '{{amount}}'
      - name: hold
        type: call
        call: sap-fi.create-hold
        with:
          transfer_id: '{{transfer_id}}'
          reason: 'Screening: {{check.risk_level}}'
      - name: alert
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{fraud_channel_id}}'
          text: 'Wire screening: {{transfer_id}} — ${{amount}}. Risk: {{check.risk_level}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: check-wire
        method: POST
  - type: http
    namespace: sap-fi
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: holds
      path: /A_JournalEntry
      operations:
      - name: create-hold
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      operations:
      - name: post-channel
        method: POST

Coordinates BC drills by pulling participant lists from Workday, creating tasks in ServiceNow, and distributing instructions via Teams.

naftiko: '0.5'
info:
  label: Business Continuity Drill Coordinator
  description: Coordinates BC drills by pulling participant lists from Workday, creating tasks in ServiceNow, and distributing instructions via Teams.
  tags:
  - banking
  - operations
  - business-continuity
  - workday
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: bcp-ops
    port: 8080
    tools:
    - name: coordinate-bc-drill
      description: Given a drill scenario and date, pull department staff from Workday, create drill tasks in ServiceNow, and post instructions to Teams.
      inputParameters:
      - name: drill_scenario
        in: body
        type: string
        description: Drill scenario.
      - name: drill_date
        in: body
        type: string
        description: Drill date.
      - name: bcp_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: get-participants
        type: call
        call: workday.get-staff
        with:
          scenario: '{{drill_scenario}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'BC Drill: {{drill_scenario}} — {{drill_date}}'
          description: 'Participants: {{get-participants.count}}'
      - name: notify-channel
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{bcp_channel_id}}'
          text: 'BC Drill: {{drill_scenario}} on {{drill_date}}. Participants: {{get-participants.count}}. Task: {{create-task.number}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/bofa/Human_Resources/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: staff
      path: /workers
      operations:
      - name: get-staff
        method: GET
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_bc_drill
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Validates period-end journal entries by pulling entries from SAP, cross-checking balances in Snowflake, and notifying the controller via Teams.

naftiko: '0.5'
info:
  label: SAP Period-End Journal Entry Validation
  description: Validates period-end journal entries by pulling entries from SAP, cross-checking balances in Snowflake, and notifying the controller via Teams.
  tags:
  - banking
  - finance
  - accounting
  - sap
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: gl-ops
    port: 8080
    tools:
    - name: validate-journal-entries
      description: Given a company code and posting period, retrieve journal entries from SAP, validate against Snowflake, and notify the controller of discrepancies.
      inputParameters:
      - name: company_code
        in: body
        type: string
        description: SAP company code.
      - name: posting_period
        in: body
        type: string
        description: Posting period.
      - name: controller_upn
        in: body
        type: string
        description: UPN of controller.
      steps:
      - name: get-entries
        type: call
        call: sap-fi.get-journal-entries
        with:
          company_code: '{{company_code}}'
          period: '{{posting_period}}'
      - name: validate-balances
        type: call
        call: snowflake.check-recon
        with:
          company_code: '{{company_code}}'
          period: '{{posting_period}}'
      - name: notify-controller
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{controller_upn}}'
          text: 'Period-end validation: {{company_code}} — {{posting_period}}. Entries: {{get-entries.count}} | Status: {{validate-balances.status}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: entries
      path: /A_JournalEntry?$filter=CompanyCode eq '{{company_code}}'
      inputParameters:
      - name: company_code
        in: query
      operations:
      - name: get-journal-entries
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: check-recon
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Queries Dynatrace for the response time and failure rate of a specified application.

naftiko: '0.5'
info:
  label: Dynatrace Application Metrics Lookup
  description: Queries Dynatrace for the response time and failure rate of a specified application.
  tags:
  - banking
  - it-operations
  - dynatrace
  - monitoring
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: apm-ops
    port: 8080
    tools:
    - name: get-app-metrics
      description: Given a Dynatrace entity ID, return the median response time and failure rate.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: Dynatrace application entity ID.
      call: dynatrace.get-metrics
      with:
        entityId: '{{entity_id}}'
      outputParameters:
      - name: response_time_ms
        type: number
        mapping: $.result[0].data[0].values.median
      - name: failure_rate
        type: number
        mapping: $.result[1].data[0].values.avg
  consumes:
  - namespace: dynatrace
    type: http
    baseUri: https://bofa.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: apm-ops
      path: /{{id}}
      operations:
      - name: get-metrics
        method: GET

Generates a daily VaR report by pulling positions from Snowflake, computing VaR, and posting to Teams.

naftiko: '0.5'
info:
  label: Market Risk Daily VaR Reporter
  description: Generates a daily VaR report by pulling positions from Snowflake, computing VaR, and posting to Teams.
  tags:
  - banking
  - market-risk
  - trading
  - snowflake
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: risk-ops
    port: 8080
    tools:
    - name: generate-var-report
      description: Given a trading desk and date, pull positions, compute VaR, and post to the risk channel.
      inputParameters:
      - name: trading_desk
        in: body
        type: string
        description: Trading desk.
      - name: report_date
        in: body
        type: string
        description: Report date.
      - name: risk_channel_id
        in: body
        type: string
        description: Risk channel.
      steps:
      - name: get-positions
        type: call
        call: snowflake.query-positions
        with:
          desk: '{{trading_desk}}'
          date: '{{report_date}}'
      - name: compute-var
        type: call
        call: snowflake.compute-var
        with:
          desk: '{{trading_desk}}'
      - name: post-report
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{risk_channel_id}}'
          text: 'VaR: {{trading_desk}} — {{report_date}}. VaR(95): ${{compute-var.var_95}} | VaR(99): ${{compute-var.var_99}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-positions
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      operations:
      - name: post-channel
        method: POST

Checks capital adequacy by pulling RWA from Snowflake, comparing SAP capital, and reporting to compliance.

naftiko: '0.5'
info:
  label: Regulatory Capital Adequacy Reporter
  description: Checks capital adequacy by pulling RWA from Snowflake, comparing SAP capital, and reporting to compliance.
  tags:
  - banking
  - regulatory
  - capital
  - snowflake
  - sap
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: capital-ops
    port: 8080
    tools:
    - name: check-capital
      description: Given a report date, pull RWA from Snowflake, compare with SAP capital, and notify compliance.
      inputParameters:
      - name: report_date
        in: body
        type: string
        description: Report date.
      - name: compliance_channel_id
        in: body
        type: string
        description: Compliance channel.
      steps:
      - name: get-rwa
        type: call
        call: snowflake.query-rwa
        with:
          date: '{{report_date}}'
      - name: get-capital
        type: call
        call: sap-fi.get-capital
        with:
          date: '{{report_date}}'
      - name: notify
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{compliance_channel_id}}'
          text: 'Capital adequacy: RWA: ${{get-rwa.total}} | Capital: ${{get-capital.total}} | Ratio: {{get-capital.ratio}}%'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-rwa
        method: POST
  - type: http
    namespace: sap-fi
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: capital
      path: /A_JournalEntry
      operations:
      - name: get-capital
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      operations:
      - name: post-channel
        method: POST

Fetches LinkedIn Talent Solutions job posting performance metrics and combines them with Workday recruiting pipeline data to produce a weekly talent acquisition digest for the Recruiting Teams channel.

naftiko: '0.5'
info:
  label: LinkedIn Talent Acquisition Campaign Report
  description: Fetches LinkedIn Talent Solutions job posting performance metrics and combines them with Workday recruiting pipeline data to produce a weekly talent acquisition digest for the Recruiting Teams channel.
  tags:
  - hr
  - recruiting
  - linkedin
  - workday
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: talent-acquisition
    port: 8080
    tools:
    - name: digest-recruiting-pipeline
      description: Given a LinkedIn organization URN and date range, fetch job posting metrics and merge with Workday open requisition counts, then post a weekly recruiting digest to the Talent Acquisition Teams channel.
      inputParameters:
      - name: org_urn
        in: body
        type: string
        description: The LinkedIn organization URN for Bank of America.
      - name: start_date
        in: body
        type: string
        description: Report start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: Report end date in YYYY-MM-DD format.
      steps:
      - name: get-linkedin-job-metrics
        type: call
        call: linkedin.get-job-postings
        with:
          organizationalEntity: '{{org_urn}}'
      - name: get-workday-requisitions
        type: call
        call: workday.list-open-requisitions
        with:
          asOfDate: '{{end_date}}'
      - name: post-recruiting-digest
        type: call
        call: msteams.post-channel-message
        with:
          channel: talent-acquisition
          message: 'Recruiting digest ({{start_date}} to {{end_date}}): LinkedIn job views {{get-linkedin-job-metrics.views}}, Applications {{get-linkedin-job-metrics.applications}}, Workday open reqs: {{get-workday-requisitions.count}}'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: job-postings
      path: /jobPostings
      operations:
      - name: get-job-postings
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: requisitions
      path: /bankofamerica/recruitingJobRequisitions
      operations:
      - name: list-open-requisitions
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Looks up a ServiceNow incident by number and returns current state, priority, and assigned group.

naftiko: '0.5'
info:
  label: ServiceNow Incident Status Check
  description: Looks up a ServiceNow incident by number and returns current state, priority, and assigned group.
  tags:
  - banking
  - it-operations
  - servicenow
  - incident-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: it-ops
    port: 8080
    tools:
    - name: get-incident-status
      description: Given a ServiceNow incident number, return the state, priority, and assignment group.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number.
      call: snow.get-incident
      with:
        number: '{{incident_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.result.state
      - name: priority
        type: string
        mapping: $.result.priority
      - name: assigned_to
        type: string
        mapping: $.result.assignment_group.display_value
  consumes:
  - namespace: snow
    type: http
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: it-ops
      path: /{{id}}
      operations:
      - name: get-incident
        method: GET

Tracks compliance training by pulling enrollment data from Workday Learning, checking ServiceNow escalation thresholds, and notifying managers via Teams.

naftiko: '0.5'
info:
  label: Compliance Training Completion Tracker
  description: Tracks compliance training by pulling enrollment data from Workday Learning, checking ServiceNow escalation thresholds, and notifying managers via Teams.
  tags:
  - banking
  - compliance
  - training
  - workday
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: compliance-training
    port: 8080
    tools:
    - name: track-training-completion
      description: Given a program ID and deadline, query Workday for incomplete enrollments, check escalation status in ServiceNow, and notify managers in Teams.
      inputParameters:
      - name: program_id
        in: body
        type: string
        description: Training program ID.
      - name: deadline
        in: body
        type: string
        description: Deadline date.
      steps:
      - name: get-enrollments
        type: call
        call: workday.get-training-status
        with:
          program_id: '{{program_id}}'
      - name: check-escalation
        type: call
        call: snow.check-escalation
        with:
          program_id: '{{program_id}}'
          deadline: '{{deadline}}'
      - name: notify-managers
        type: call
        call: msteams.send-notification
        with:
          subject: 'Training overdue: {{program_id}}'
          body: 'Deadline: {{deadline}}. Incomplete: {{get-enrollments.incomplete_count}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/bofa/Learning/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: training
      path: /learning-enrollments?program={{program_id}}
      inputParameters:
      - name: program_id
        in: query
      operations:
      - name: get-training-status
        method: GET
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: escalation
      path: /table/u_training_compliance
      operations:
      - name: check-escalation
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Generates a daily Value-at-Risk report by pulling positions from Snowflake, computing VaR, and distributing to risk management via Teams.

naftiko: '0.5'
info:
  label: Market Risk Daily VaR Report
  description: Generates a daily Value-at-Risk report by pulling positions from Snowflake, computing VaR, and distributing to risk management via Teams.
  tags:
  - banking
  - market-risk
  - trading
  - snowflake
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: risk-ops
    port: 8080
    tools:
    - name: generate-var-report
      description: Given a trading desk and report date, pull positions from Snowflake, compute VaR metrics, and post to the risk channel.
      inputParameters:
      - name: trading_desk
        in: body
        type: string
        description: Trading desk name.
      - name: report_date
        in: body
        type: string
        description: Report date.
      - name: risk_channel_id
        in: body
        type: string
        description: Risk Teams channel.
      steps:
      - name: get-positions
        type: call
        call: snowflake.query-positions
        with:
          desk: '{{trading_desk}}'
          date: '{{report_date}}'
      - name: compute-var
        type: call
        call: snowflake.compute-var
        with:
          desk: '{{trading_desk}}'
          date: '{{report_date}}'
      - name: post-report
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{risk_channel_id}}'
          text: 'Daily VaR: {{trading_desk}} — {{report_date}}. VaR(95): ${{compute-var.var_95}} | VaR(99): ${{compute-var.var_99}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-positions
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: compute-var
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Looks up a trading platform incident in ServiceNow by incident number and returns status, severity, and affected trading system.

naftiko: '0.5'
info:
  label: ServiceNow Trading Incident Lookup
  description: Looks up a trading platform incident in ServiceNow by incident number and returns status, severity, and affected trading system.
  tags:
  - banking
  - banking
  - trading
  - servicenow
  - incident-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: trading-ops
    port: 8080
    tools:
    - name: get-trading-incident
      description: Given a ServiceNow incident number, return the incident state, severity, affected trading system, and resolution target.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number.
      call: snow.get-incident
      with:
        number: '{{incident_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.result.state
      - name: severity
        type: string
        mapping: $.result.severity
      - name: system
        type: string
        mapping: $.result.cmdb_ci.display_value
  consumes:
  - namespace: snow
    type: http
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: trading-ops
      path: /{{id}}
      operations:
      - name: get-incident
        method: GET

Generates a daily treasury report by pulling SAP balances, Snowflake market rates, and posting to Teams.

naftiko: '0.5'
info:
  label: Treasury Cash Position Daily Report
  description: Generates a daily treasury report by pulling SAP balances, Snowflake market rates, and posting to Teams.
  tags:
  - banking
  - treasury
  - finance
  - sap
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: treasury-ops
    port: 8080
    tools:
    - name: generate-cash-report
      description: Given a report date, pull cash balances from SAP, get market rates from Snowflake, and post to Teams.
      inputParameters:
      - name: report_date
        in: body
        type: string
        description: Report date.
      - name: treasury_channel_id
        in: body
        type: string
        description: Treasury channel.
      steps:
      - name: get-balances
        type: call
        call: sap-fi.get-cash
        with:
          date: '{{report_date}}'
      - name: get-rates
        type: call
        call: snowflake.get-rates
        with:
          date: '{{report_date}}'
      - name: post-report
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{treasury_channel_id}}'
          text: 'Treasury {{report_date}}: Cash: ${{get-balances.total}} | Rates updated.'
  consumes:
  - type: http
    namespace: sap-fi
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: balances
      path: /A_JournalEntry
      operations:
      - name: get-cash
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: get-rates
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      operations:
      - name: post-channel
        method: POST

Enriches Salesforce account health scores by pulling data from Snowflake, checking billing in SAP, and updating the Salesforce record.

naftiko: '0.5'
info:
  label: Salesforce Account Health Enrichment
  description: Enriches Salesforce account health scores by pulling data from Snowflake, checking billing in SAP, and updating the Salesforce record.
  tags:
  - banking
  - crm
  - salesforce
  - snowflake
  - sap
capability:
  exposes:
  - type: mcp
    namespace: account-ops
    port: 8080
    tools:
    - name: enrich-account-health
      description: Given a Salesforce account ID, pull performance data from Snowflake, check billing in SAP, and update the health score in Salesforce.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Salesforce account ID.
      - name: account_manager_upn
        in: body
        type: string
        description: UPN of account manager.
      steps:
      - name: get-data
        type: call
        call: snowflake.query-account-data
        with:
          account_id: '{{account_id}}'
      - name: get-billing
        type: call
        call: sap-fi.get-ar-aging
        with:
          account_id: '{{account_id}}'
      - name: update-sf
        type: call
        call: sf.update-health-score
        with:
          account_id: '{{account_id}}'
          score: '{{get-data.health_score}}'
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{account_manager_upn}}'
          text: 'Account health updated: {{account_id}}. Score: {{get-data.health_score}} | AR: {{get-billing.days_outstanding}} days'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-account-data
        method: POST
  - type: http
    namespace: sap
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: ar
      path: /A_JournalEntry?$filter=AccountID eq '{{account_id}}'
      inputParameters:
      - name: account_id
        in: query
      operations:
      - name: get-ar-aging
        method: GET
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-health-score
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

When a Snowflake pipeline fails, creates a Jira incident, pages the on-call engineer via PagerDuty, and notifies the pipeline owner in Teams.

naftiko: '0.5'
info:
  label: Snowflake Data Pipeline Failure Response
  description: When a Snowflake pipeline fails, creates a Jira incident, pages the on-call engineer via PagerDuty, and notifies the pipeline owner in Teams.
  tags:
  - banking
  - data-engineering
  - snowflake
  - jira
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: data-reliability
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a Snowflake task name and error, create a Jira incident, trigger a PagerDuty alert, and notify the owner in Teams.
      inputParameters:
      - name: task_name
        in: body
        type: string
        description: Snowflake task name.
      - name: error_message
        in: body
        type: string
        description: Error message.
      - name: pipeline_owner
        in: body
        type: string
        description: Pipeline owner email.
      steps:
      - name: create-incident
        type: call
        call: jira.create-issue
        with:
          project: DATA
          summary: 'Pipeline failure: {{task_name}}'
          description: 'Error: {{error_message}}'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: data-engineering
          title: 'Pipeline failure: {{task_name}}'
      - name: notify-owner
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{pipeline_owner}}'
          text: 'Pipeline failure: {{task_name}}. Jira: {{create-incident.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://bofa.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Queries Snowflake to return the row count and last update timestamp for a specified data table.

naftiko: '0.5'
info:
  label: Snowflake Table Row Count Check
  description: Queries Snowflake to return the row count and last update timestamp for a specified data table.
  tags:
  - banking
  - data-engineering
  - snowflake
  - analytics
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: get-table-stats
      description: Given a Snowflake table name, return the row count and last DML timestamp.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: Fully qualified Snowflake table name.
      call: snowflake.query-stats
      with:
        table: '{{table_name}}'
      outputParameters:
      - name: row_count
        type: integer
        mapping: $.data[0].ROW_COUNT
      - name: last_altered
        type: string
        mapping: $.data[0].LAST_ALTERED
  consumes:
  - namespace: snowflake
    type: http
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: data-ops
      path: /{{id}}
      operations:
      - name: query-stats
        method: GET

Generates a performance calibration report by pulling ratings from Workday, aggregating in Snowflake, and distributing to HR leadership via Teams.

naftiko: '0.5'
info:
  label: Workday Performance Calibration Report
  description: Generates a performance calibration report by pulling ratings from Workday, aggregating in Snowflake, and distributing to HR leadership via Teams.
  tags:
  - banking
  - hr
  - performance-management
  - workday
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: perf-ops
    port: 8080
    tools:
    - name: generate-calibration-report
      description: Given a review cycle and business unit, pull ratings from Workday, aggregate in Snowflake, and post to HR leadership channel.
      inputParameters:
      - name: review_cycle
        in: body
        type: string
        description: Review cycle ID.
      - name: business_unit
        in: body
        type: string
        description: Business unit.
      - name: hr_channel_id
        in: body
        type: string
        description: HR Teams channel ID.
      steps:
      - name: get-ratings
        type: call
        call: workday.get-performance-data
        with:
          cycle: '{{review_cycle}}'
          bu: '{{business_unit}}'
      - name: aggregate
        type: call
        call: snowflake.aggregate-ratings
        with:
          cycle: '{{review_cycle}}'
          bu: '{{business_unit}}'
      - name: post-report
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{hr_channel_id}}'
          text: 'Calibration: {{business_unit}} — {{review_cycle}}. Exceeds: {{aggregate.exceeds_pct}}% | Meets: {{aggregate.meets_pct}}%'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/bofa/Performance_Management/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: reviews
      path: /performance-reviews
      operations:
      - name: get-performance-data
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: aggregate-ratings
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

When a GitHub Actions deployment workflow fails on the main banking platform branch, creates a Jira incident ticket, and notifies the Engineering leadership team via Microsoft Teams.

naftiko: '0.5'
info:
  label: GitHub Actions Deployment Failure Handler
  description: When a GitHub Actions deployment workflow fails on the main banking platform branch, creates a Jira incident ticket, and notifies the Engineering leadership team via Microsoft Teams.
  tags:
  - devops
  - ci-cd
  - github
  - jira
  - microsoft-teams
  - deployment
capability:
  exposes:
  - type: mcp
    namespace: devops-cicd
    port: 8080
    tools:
    - name: handle-deployment-failure
      description: Given a failed GitHub Actions run ID and repository, retrieve failure details, create a Jira incident, and post an alert to the DevOps Teams channel.
      inputParameters:
      - name: repo_full_name
        in: body
        type: string
        description: The GitHub repository full name, e.g. 'bankofamerica/payments-api'.
      - name: run_id
        in: body
        type: integer
        description: The GitHub Actions workflow run ID that failed.
      - name: branch
        in: body
        type: string
        description: The branch that was being deployed, typically 'main'.
      steps:
      - name: get-run
        type: call
        call: github.get-workflow-run
        with:
          repo: '{{repo_full_name}}'
          run_id: '{{run_id}}'
      - name: create-jira-incident
        type: call
        call: jira.create-issue
        with:
          project_key: OPS
          issuetype: Incident
          summary: 'Deployment failure: {{repo_full_name}} on {{branch}}'
          description: 'Run: {{run_id}} | Status: {{get-run.conclusion}} | URL: {{get-run.html_url}}'
      - name: alert-teams
        type: call
        call: msteams.post-channel-message
        with:
          channel: devops-alerts
          message: 'Deployment FAILED: {{repo_full_name}} | Branch: {{branch}} | Jira: {{create-jira-incident.key}} | Run: {{get-run.html_url}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /repos/{{repo}}/actions/runs/{{run_id}}
      inputParameters:
      - name: repo
        in: path
      - name: run_id
        in: path
      operations:
      - name: get-workflow-run
        method: GET
  - type: http
    namespace: jira
    baseUri: https://bankofamerica.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Looks up the approval status, dates, and leave type of an employee absence request in Workday by request ID.

naftiko: '0.5'
info:
  label: Workday Absence Request Status Lookup
  description: Looks up the approval status, dates, and leave type of an employee absence request in Workday by request ID.
  tags:
  - hr
  - workday
  - absence-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: hr-absence
    port: 8080
    tools:
    - name: get-absence-request-status
      description: Given a Workday absence request ID, return the current approval status, leave start/end dates, leave type, and approver name. Use for manager review or employee self-service.
      inputParameters:
      - name: absence_request_id
        in: body
        type: string
        description: The Workday absence request ID to look up.
      call: workday.get-absence-request
      with:
        request_id: '{{absence_request_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.data.approvalStatus
      - name: start_date
        type: string
        mapping: $.data.startDate
      - name: end_date
        type: string
        mapping: $.data.endDate
      - name: leave_type
        type: string
        mapping: $.data.leaveType
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: absence-requests
      path: /bankofamerica/absenceRequests/{{request_id}}
      inputParameters:
      - name: request_id
        in: path
      operations:
      - name: get-absence-request
        method: GET

Queries Azure Cost Management for the current month spend of a specified resource group.

naftiko: '0.5'
info:
  label: Azure Resource Group Cost Check
  description: Queries Azure Cost Management for the current month spend of a specified resource group.
  tags:
  - banking
  - cloud
  - azure
  - finops
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: cloud-finops
    port: 8080
    tools:
    - name: get-rg-cost
      description: Given an Azure resource group name, return the current month total cost and forecast.
      inputParameters:
      - name: resource_group
        in: body
        type: string
        description: Azure resource group name.
      call: azure-cost.get-cost
      with:
        resourceGroup: '{{resource_group}}'
      outputParameters:
      - name: total_cost
        type: number
        mapping: $.properties.rows[0][0]
      - name: forecast
        type: number
        mapping: $.properties.rows[0][1]
  consumes:
  - namespace: azure-cost
    type: http
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: cloud-finops
      path: /{{id}}
      operations:
      - name: get-cost
        method: GET

Generates a talent brand performance report by pulling LinkedIn analytics, comparing with Workday hiring data, and posting to Teams.

naftiko: '0.5'
info:
  label: LinkedIn Talent Brand Performance Report
  description: Generates a talent brand performance report by pulling LinkedIn analytics, comparing with Workday hiring data, and posting to Teams.
  tags:
  - banking
  - hr
  - talent-acquisition
  - linkedin
  - workday
capability:
  exposes:
  - type: mcp
    namespace: ta-ops
    port: 8080
    tools:
    - name: generate-talent-report
      description: Given a reporting week, pull LinkedIn employer brand metrics, compare against Workday requisitions, and post a digest to Teams.
      inputParameters:
      - name: week
        in: body
        type: string
        description: Reporting week.
      - name: region
        in: body
        type: string
        description: Region.
      - name: ta_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: get-metrics
        type: call
        call: linkedin.get-brand-metrics
        with:
          week: '{{week}}'
          region: '{{region}}'
      - name: get-reqs
        type: call
        call: workday.get-open-reqs
        with:
          region: '{{region}}'
      - name: post-digest
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{ta_channel_id}}'
          text: 'Talent Brand: {{week}} ({{region}}). Impressions: {{get-metrics.impressions}} | Open reqs: {{get-reqs.count}}'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: analytics
      path: /organizationalEntityShareStatistics
      operations:
      - name: get-brand-metrics
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/bofa/Recruiting/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: requisitions
      path: /job-requisitions
      operations:
      - name: get-open-reqs
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Compiles an executive KPI digest by pulling metrics from Snowflake, refreshing Power BI, and emailing the C-suite.

naftiko: '0.5'
info:
  label: Executive KPI Dashboard Digest
  description: Compiles an executive KPI digest by pulling metrics from Snowflake, refreshing Power BI, and emailing the C-suite.
  tags:
  - banking
  - reporting
  - analytics
  - snowflake
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: exec-reporting
    port: 8080
    tools:
    - name: generate-kpi-digest
      description: Given a reporting period, pull KPIs from Snowflake, refresh the Power BI executive dashboard, and email the digest.
      inputParameters:
      - name: period
        in: body
        type: string
        description: Reporting period.
      - name: exec_dl
        in: body
        type: string
        description: Executive DL email.
      steps:
      - name: get-kpis
        type: call
        call: snowflake.query-kpis
        with:
          period: '{{period}}'
      - name: refresh-pbi
        type: call
        call: powerbi.trigger-refresh
        with:
          datasetId: executive-dashboard
      - name: send-digest
        type: call
        call: msgraph.send-mail
        with:
          to: '{{exec_dl}}'
          subject: Executive KPI Digest — {{period}}
          body: Key metrics refreshed. Dashboard updated.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-kpis
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{datasetId}}/refreshes
      inputParameters:
      - name: datasetId
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@bofa.com/sendMail
      operations:
      - name: send-mail
        method: POST

Monitors regulatory filing deadlines by querying Snowflake, checking preparation status in ServiceNow, and alerting the compliance team in Teams.

naftiko: '0.5'
info:
  label: Regulatory Filing Deadline Monitor
  description: Monitors regulatory filing deadlines by querying Snowflake, checking preparation status in ServiceNow, and alerting the compliance team in Teams.
  tags:
  - banking
  - compliance
  - regulatory
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: regulatory-ops
    port: 8080
    tools:
    - name: track-filing-deadlines
      description: Given a jurisdiction and filing type, check the filing calendar in Snowflake, verify status in ServiceNow, and alert the compliance channel in Teams.
      inputParameters:
      - name: jurisdiction
        in: body
        type: string
        description: Jurisdiction.
      - name: filing_type
        in: body
        type: string
        description: Filing type.
      - name: compliance_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: get-deadlines
        type: call
        call: snowflake.query-filings
        with:
          jurisdiction: '{{jurisdiction}}'
      - name: check-status
        type: call
        call: snow.get-filing-status
        with:
          jurisdiction: '{{jurisdiction}}'
      - name: alert-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{compliance_channel_id}}'
          text: 'Filing deadline: {{filing_type}} for {{jurisdiction}} — Due: {{get-deadlines.next_deadline}} | Status: {{check-status.status}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-filings
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: filings
      path: /table/u_regulatory_filing?sysparm_query=jurisdiction={{jurisdiction}}
      inputParameters:
      - name: jurisdiction
        in: query
      operations:
      - name: get-filing-status
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

When a critical vulnerability is discovered, creates a Jira remediation ticket, updates the CMDB in ServiceNow, and alerts the security team via Teams.

naftiko: '0.5'
info:
  label: IT Security Vulnerability Remediation Workflow
  description: When a critical vulnerability is discovered, creates a Jira remediation ticket, updates the CMDB in ServiceNow, and alerts the security team via Teams.
  tags:
  - banking
  - security
  - vulnerability-management
  - jira
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: secops
    port: 8080
    tools:
    - name: remediate-vulnerability
      description: Given a CVE ID, severity, and affected system, create a Jira ticket, update the ServiceNow CMDB, and notify SecOps in Teams.
      inputParameters:
      - name: cve_id
        in: body
        type: string
        description: CVE identifier.
      - name: severity
        in: body
        type: string
        description: Severity level.
      - name: affected_system
        in: body
        type: string
        description: Affected system name.
      - name: secops_upn
        in: body
        type: string
        description: UPN of SecOps lead.
      steps:
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: SECOPS
          summary: Remediate {{cve_id}} — {{affected_system}}
          description: 'Severity: {{severity}} | System: {{affected_system}}'
      - name: update-cmdb
        type: call
        call: snow.update-ci
        with:
          ci_name: '{{affected_system}}'
          vulnerability: '{{cve_id}} — {{severity}}'
      - name: notify-secops
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{secops_upn}}'
          text: 'Vulnerability: {{cve_id}} ({{severity}}) on {{affected_system}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://bofa.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cmdb
      path: /table/cmdb_ci?sysparm_query=name={{ci_name}}
      inputParameters:
      - name: ci_name
        in: query
      operations:
      - name: update-ci
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the current state of a Terraform Cloud workspace, returning last run status and resource count.

naftiko: '0.5'
info:
  label: Terraform Workspace State Check
  description: Retrieves the current state of a Terraform Cloud workspace, returning last run status and resource count.
  tags:
  - banking
  - devops
  - terraform
  - infrastructure
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: infra-ops
    port: 8080
    tools:
    - name: get-workspace-state
      description: Given a Terraform Cloud workspace name, return the last run status and managed resource count.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: Terraform Cloud workspace name.
      call: tfc.get-workspace
      with:
        workspace: '{{workspace_name}}'
      outputParameters:
      - name: last_run_status
        type: string
        mapping: $.data.attributes.latest-run.status
      - name: resource_count
        type: integer
        mapping: $.data.attributes.resource-count
  consumes:
  - namespace: tfc
    type: http
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: infra-ops
      path: /{{id}}
      operations:
      - name: get-workspace
        method: GET

Retrieves the latest build run for an Azure DevOps pipeline, returning status and result.

naftiko: '0.5'
info:
  label: Azure DevOps Build Status Lookup
  description: Retrieves the latest build run for an Azure DevOps pipeline, returning status and result.
  tags:
  - banking
  - devops
  - azure-devops
  - cicd
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: cicd-ops
    port: 8080
    tools:
    - name: get-build-status
      description: Given an Azure DevOps project and pipeline ID, return the latest build status and result.
      inputParameters:
      - name: project
        in: body
        type: string
        description: Azure DevOps project name.
      - name: pipeline_id
        in: body
        type: string
        description: Pipeline ID.
      call: azdo.get-run
      with:
        project: '{{project}}'
        pipelineId: '{{pipeline_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.value[0].state
      - name: result
        type: string
        mapping: $.value[0].result
  consumes:
  - namespace: azdo
    type: http
    baseUri: https://dev.azure.com/bofa
    authentication:
      type: bearer
      token: $secrets.azdo_token
    resources:
    - name: cicd-ops
      path: /{{id}}
      operations:
      - name: get-run
        method: GET

Detects Terraform state drift, creates a Jira remediation ticket, and alerts the platform team in Teams.

naftiko: '0.5'
info:
  label: Terraform Drift Detection and Remediation
  description: Detects Terraform state drift, creates a Jira remediation ticket, and alerts the platform team in Teams.
  tags:
  - banking
  - devops
  - terraform
  - jira
  - infrastructure
capability:
  exposes:
  - type: mcp
    namespace: platform-drift
    port: 8080
    tools:
    - name: handle-terraform-drift
      description: Given a Terraform workspace, check for drift, create a Jira ticket if detected, and notify platform engineering in Teams.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: Terraform workspace name.
      - name: platform_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: check-drift
        type: call
        call: tfc.run-plan
        with:
          workspace: '{{workspace_name}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: PLATFORM
          summary: 'Drift detected: {{workspace_name}}'
          description: 'Changes: {{check-drift.resource_changes}}'
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{platform_channel_id}}'
          text: 'Terraform drift: {{workspace_name}} — {{check-drift.resource_changes}} changes. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: tfc
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /workspaces/{{workspace}}/runs
      inputParameters:
      - name: workspace
        in: path
      operations:
      - name: run-plan
        method: POST
  - type: http
    namespace: jira
    baseUri: https://bofa.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

When an AML alert fires, enriches from Snowflake, creates a SAR investigation in ServiceNow, and notifies the BSA officer.

naftiko: '0.5'
info:
  label: AML Transaction Monitoring Workflow
  description: When an AML alert fires, enriches from Snowflake, creates a SAR investigation in ServiceNow, and notifies the BSA officer.
  tags:
  - banking
  - aml
  - compliance
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: aml-ops
    port: 8080
    tools:
    - name: handle-aml-alert
      description: Given a transaction ID and alert type, enrich from Snowflake, create a SAR in ServiceNow, and notify BSA.
      inputParameters:
      - name: transaction_id
        in: body
        type: string
        description: Transaction ID.
      - name: alert_type
        in: body
        type: string
        description: Alert type.
      - name: bsa_upn
        in: body
        type: string
        description: BSA officer UPN.
      steps:
      - name: enrich
        type: call
        call: snowflake.get-transaction
        with:
          transaction_id: '{{transaction_id}}'
      - name: create-sar
        type: call
        call: snow.create-sar
        with:
          short_description: 'AML: {{transaction_id}} — {{alert_type}}'
          description: 'Amount: {{enrich.amount}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{bsa_upn}}'
          text: 'AML: {{transaction_id}} — {{alert_type}}. Amount: {{enrich.amount}}. SAR: {{create-sar.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: get-transaction
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: sar
      path: /table/u_sar_investigation
      operations:
      - name: create-sar
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Retrieves an employee profile from Workday by employee ID, returning name, department, title, and manager.

naftiko: '0.5'
info:
  label: Workday Employee Profile Lookup
  description: Retrieves an employee profile from Workday by employee ID, returning name, department, title, and manager.
  tags:
  - banking
  - hr
  - workday
  - employee-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: hr-ops
    port: 8080
    tools:
    - name: get-employee-profile
      description: Given a Workday employee ID, return the employee full name, department, job title, and manager name.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-worker
      with:
        Worker_ID: '{{employee_id}}'
      outputParameters:
      - name: full_name
        type: string
        mapping: $.Worker.Worker_Data.Personal_Data.Name_Data.Legal_Name
      - name: department
        type: string
        mapping: $.Worker.Worker_Data.Organization_Data.Organization_Name
      - name: title
        type: string
        mapping: $.Worker.Worker_Data.Job_Data.Position_Data.Business_Title
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/bofa/Human_Resources/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: hr-ops
      path: /{{id}}
      operations:
      - name: get-worker
        method: GET

Retrieves completed sprint metrics from Jira, calculates velocity, and publishes a sprint summary to the Engineering Microsoft Teams channel for agile retrospective.

naftiko: '0.5'
info:
  label: Jira Engineering Sprint Velocity Report
  description: Retrieves completed sprint metrics from Jira, calculates velocity, and publishes a sprint summary to the Engineering Microsoft Teams channel for agile retrospective.
  tags:
  - devops
  - jira
  - agile
  - reporting
  - microsoft-teams
  - engineering
capability:
  exposes:
  - type: mcp
    namespace: agile-reporting
    port: 8080
    tools:
    - name: publish-sprint-report
      description: Given a Jira board ID and sprint ID, retrieve sprint issue data, calculate velocity, and post a formatted sprint summary to the Engineering Teams channel.
      inputParameters:
      - name: board_id
        in: body
        type: integer
        description: The Jira software board ID.
      - name: sprint_id
        in: body
        type: integer
        description: The completed sprint ID to report on.
      steps:
      - name: get-sprint
        type: call
        call: jira.get-sprint
        with:
          board_id: '{{board_id}}'
          sprint_id: '{{sprint_id}}'
      - name: get-sprint-issues
        type: call
        call: jira.list-sprint-issues
        with:
          sprint_id: '{{sprint_id}}'
      - name: post-sprint-report
        type: call
        call: msteams.post-channel-message
        with:
          channel: engineering-metrics
          message: 'Sprint {{get-sprint.name}} complete: {{get-sprint-issues.completed_points}} pts delivered | {{get-sprint-issues.count}} issues closed | Velocity: {{get-sprint-issues.velocity}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://bankofamerica.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: sprints
      path: /board/{{board_id}}/sprint/{{sprint_id}}
      inputParameters:
      - name: board_id
        in: path
      - name: sprint_id
        in: path
      operations:
      - name: get-sprint
        method: GET
    - name: sprint-issues
      path: /sprint/{{sprint_id}}/issue
      inputParameters:
      - name: sprint_id
        in: path
      operations:
      - name: list-sprint-issues
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

When an employee termination is recorded in Workday, disables their Microsoft 365 account, revokes Okta sessions, and opens a ServiceNow offboarding checklist ticket to track hardware recovery.

naftiko: '0.5'
info:
  label: Employee Offboarding and Access Revocation
  description: When an employee termination is recorded in Workday, disables their Microsoft 365 account, revokes Okta sessions, and opens a ServiceNow offboarding checklist ticket to track hardware recovery.
  tags:
  - hr
  - offboarding
  - workday
  - okta
  - servicenow
  - microsoft-graph
  - access-revocation
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: trigger-employee-offboarding
      description: Given a Workday employee ID and termination date, disable the Microsoft 365 account, revoke all Okta sessions, and open a ServiceNow offboarding ticket.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the departing employee.
      - name: termination_date
        in: body
        type: string
        description: The employee's last working day in ISO 8601 format (YYYY-MM-DD).
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: disable-m365
        type: call
        call: msgraph.disable-user
        with:
          user_id: '{{get-worker.work_email}}'
      - name: revoke-okta
        type: call
        call: okta.revoke-user-sessions
        with:
          user_login: '{{get-worker.work_email}}'
      - name: create-offboarding-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Offboarding: {{get-worker.full_name}} — last day {{termination_date}}'
          category: hr_offboarding
          assignment_group: IT_Asset_Recovery
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /bankofamerica/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{user_id}}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: disable-user
        method: PATCH
  - type: http
    namespace: okta
    baseUri: https://bankofamerica.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user-sessions
      path: /users/{{user_login}}/sessions
      inputParameters:
      - name: user_login
        in: path
      operations:
      - name: revoke-user-sessions
        method: DELETE
  - type: http
    namespace: servicenow
    baseUri: https://bankofamerica.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST

On a pull request opened against a protected branch in a banking platform repository, posts a security checklist comment on GitHub and creates a Jira security review ticket.

naftiko: '0.5'
info:
  label: GitHub Pull Request Security Review Gate
  description: On a pull request opened against a protected branch in a banking platform repository, posts a security checklist comment on GitHub and creates a Jira security review ticket.
  tags:
  - devops
  - security
  - github
  - jira
  - ci-cd
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: pr-security
    port: 8080
    tools:
    - name: handle-pr-security-gate
      description: Given a GitHub repository, PR number, and commit SHA, post a security review checklist comment on the PR and open a Jira security ticket for mandatory review before merge.
      inputParameters:
      - name: repo_full_name
        in: body
        type: string
        description: GitHub repository full name, e.g. 'bankofamerica/payments-gateway'.
      - name: pr_number
        in: body
        type: integer
        description: The pull request number to gate.
      - name: commit_sha
        in: body
        type: string
        description: Head commit SHA for the pull request.
      steps:
      - name: get-pr
        type: call
        call: github.get-pull-request
        with:
          repo: '{{repo_full_name}}'
          pull_number: '{{pr_number}}'
      - name: post-checklist-comment
        type: call
        call: github.create-pr-comment
        with:
          repo: '{{repo_full_name}}'
          pull_number: '{{pr_number}}'
          body: Security review initiated for commit {{commit_sha}}. A Jira ticket has been created for mandatory security sign-off.
      - name: create-security-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: SEC
          issuetype: Task
          summary: 'Security review: {{repo_full_name}} PR #{{pr_number}}'
          description: 'Commit: {{commit_sha}} | PR: {{get-pr.html_url}} | Author: {{get-pr.user_login}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pull-requests
      path: /repos/{{repo}}/pulls/{{pull_number}}
      inputParameters:
      - name: repo
        in: path
      - name: pull_number
        in: path
      operations:
      - name: get-pull-request
        method: GET
    - name: pr-comments
      path: /repos/{{repo}}/issues/{{pull_number}}/comments
      inputParameters:
      - name: repo
        in: path
      - name: pull_number
        in: path
      operations:
      - name: create-pr-comment
        method: POST
  - type: http
    namespace: jira
    baseUri: https://bankofamerica.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Prepares a client portfolio review by pulling holdings from Snowflake, generating a performance summary, and distributing to the relationship manager via Teams.

naftiko: '0.5'
info:
  label: Client Portfolio Review Preparation
  description: Prepares a client portfolio review by pulling holdings from Snowflake, generating a performance summary, and distributing to the relationship manager via Teams.
  tags:
  - banking
  - wealth-management
  - portfolio
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: wealth-ops
    port: 8080
    tools:
    - name: prepare-portfolio-review
      description: Given a client ID, pull portfolio holdings from Snowflake, generate performance metrics, and notify the RM in Teams.
      inputParameters:
      - name: client_id
        in: body
        type: string
        description: Client ID.
      - name: rm_upn
        in: body
        type: string
        description: Relationship manager UPN.
      steps:
      - name: get-holdings
        type: call
        call: snowflake.query-portfolio
        with:
          client_id: '{{client_id}}'
      - name: update-sf
        type: call
        call: sf.update-review
        with:
          client_id: '{{client_id}}'
          performance: '{{get-holdings.ytd_return}}'
      - name: notify-rm
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{rm_upn}}'
          text: 'Portfolio review ready: {{client_id}} — YTD: {{get-holdings.ytd_return}}% | AUM: ${{get-holdings.total_aum}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-portfolio
        method: POST
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: reviews
      path: /sobjects/Portfolio_Review__c/{{client_id}}
      inputParameters:
      - name: client_id
        in: path
      operations:
      - name: update-review
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the current balance for a specified SAP general ledger account and company code.

naftiko: '0.5'
info:
  label: SAP General Ledger Balance Check
  description: Retrieves the current balance for a specified SAP general ledger account and company code.
  tags:
  - banking
  - finance
  - sap
  - accounting
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: gl-ops
    port: 8080
    tools:
    - name: get-gl-balance
      description: Given an SAP company code and GL account, return the current balance and currency.
      inputParameters:
      - name: company_code
        in: body
        type: string
        description: SAP company code.
      - name: gl_account
        in: body
        type: string
        description: GL account number.
      call: sap-fi.get-balance
      with:
        CompanyCode: '{{company_code}}'
        GLAccount: '{{gl_account}}'
      outputParameters:
      - name: balance
        type: number
        mapping: $.d.EndingBalanceAmtInCoCodeCrcy
      - name: currency
        type: string
        mapping: $.d.CompanyCodeCurrency
  consumes:
  - namespace: sap-fi
    type: http
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: gl-ops
      path: /{{id}}
      operations:
      - name: get-balance
        method: GET

Tracks loan document collection by checking Salesforce, sending reminders, and logging in ServiceNow.

naftiko: '0.5'
info:
  label: Loan Origination Document Tracker
  description: Tracks loan document collection by checking Salesforce, sending reminders, and logging in ServiceNow.
  tags:
  - banking
  - lending
  - salesforce
  - servicenow
  - document-management
capability:
  exposes:
  - type: mcp
    namespace: lending-ops
    port: 8080
    tools:
    - name: track-loan-documents
      description: Given a loan application ID, check document status, send reminders, and log progress.
      inputParameters:
      - name: application_id
        in: body
        type: string
        description: Application ID.
      - name: applicant_email
        in: body
        type: string
        description: Applicant email.
      - name: lo_upn
        in: body
        type: string
        description: Loan officer UPN.
      steps:
      - name: check-docs
        type: call
        call: sf.get-doc-status
        with:
          application_id: '{{application_id}}'
      - name: send-reminder
        type: call
        call: msgraph.send-mail
        with:
          to: '{{applicant_email}}'
          subject: 'Documents Needed: {{application_id}}'
          body: 'Missing: {{check-docs.missing_documents}}'
      - name: log-progress
        type: call
        call: snow.update-task
        with:
          short_description: 'Docs: {{application_id}}'
          description: 'Complete: {{check-docs.complete_count}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: applications
      path: /sobjects/Loan_Application__c/{{application_id}}
      operations:
      - name: get-doc-status
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@bofa.com/sendMail
      operations:
      - name: send-mail
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_loan_task
      operations:
      - name: update-task
        method: POST

Exports current headcount and salary band data from ADP by cost center, posts the report to SharePoint, and sends a summary digest to the HR Finance Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Payroll Headcount and Cost Center Report
  description: Exports current headcount and salary band data from ADP by cost center, posts the report to SharePoint, and sends a summary digest to the HR Finance Microsoft Teams channel.
  tags:
  - hr
  - finance
  - payroll
  - headcount
  - adp
  - sharepoint
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-finance
    port: 8080
    tools:
    - name: get-payroll-headcount-snapshot
      description: Export headcount and cost center data from ADP for a given report month, upload the report to SharePoint, and post a summary to the HR Finance Teams channel.
      inputParameters:
      - name: report_month
        in: body
        type: string
        description: The month to report on in YYYY-MM format, e.g. '2026-03'.
      - name: division
        in: body
        type: string
        description: Bank of America division to filter by, e.g. 'Global Banking', 'Merrill Lynch'.
      steps:
      - name: export-headcount
        type: call
        call: adp.export-workers
        with:
          asOfDate: '{{report_month}}'
          division: '{{division}}'
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          site_id: hr-finance
          folder: Headcount/{{report_month}}
          filename: headcount-{{division}}-{{report_month}}.csv
          content: '{{export-headcount.csv_data}}'
      - name: post-digest
        type: call
        call: msteams.post-channel-message
        with:
          channel: hr-finance-reporting
          message: 'Headcount snapshot for {{division}} ({{report_month}}): {{export-headcount.total_count}} employees. Report uploaded to SharePoint.'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: workers-export
      path: /hr/v2/workers/export
      operations:
      - name: export-workers
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /sites/{{site_id}}/drive/root:/{{folder}}/{{filename}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder
        in: path
      - name: filename
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Books a conference room via Microsoft Graph, creates the calendar event, and notifies attendees in Teams.

naftiko: '0.5'
info:
  label: Conference Room Booking Notification
  description: Books a conference room via Microsoft Graph, creates the calendar event, and notifies attendees in Teams.
  tags:
  - banking
  - facilities
  - microsoft-graph
  - microsoft-teams
  - scheduling
capability:
  exposes:
  - type: mcp
    namespace: facilities-ops
    port: 8080
    tools:
    - name: book-conference-room
      description: Given a room email, start/end times, and organizer, check availability, create the booking, and notify in Teams.
      inputParameters:
      - name: room_email
        in: body
        type: string
        description: Room resource email.
      - name: start_time
        in: body
        type: string
        description: Start time (ISO 8601).
      - name: end_time
        in: body
        type: string
        description: End time (ISO 8601).
      - name: organizer_upn
        in: body
        type: string
        description: Organizer UPN.
      steps:
      - name: check-availability
        type: call
        call: msgraph.get-schedule
        with:
          room: '{{room_email}}'
          start: '{{start_time}}'
      - name: create-booking
        type: call
        call: msgraph.create-event
        with:
          room: '{{room_email}}'
          start: '{{start_time}}'
          end: '{{end_time}}'
      - name: notify-organizer
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{organizer_upn}}'
          text: 'Room booked: {{room_email}} from {{start_time}} to {{end_time}}.'
  consumes:
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: schedules
      path: /users/{{room}}/calendar/getSchedule
      inputParameters:
      - name: room
        in: path
      operations:
      - name: get-schedule
        method: POST
    - name: events
      path: /users/{{organizer_upn}}/events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Looks up an Okta user by email and returns the account status, last login timestamp, and MFA enrollment state.

naftiko: '0.5'
info:
  label: Okta User Account Status Lookup
  description: Looks up an Okta user by email and returns the account status, last login timestamp, and MFA enrollment state.
  tags:
  - banking
  - security
  - okta
  - identity
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: identity-ops
    port: 8080
    tools:
    - name: get-user-status
      description: Given a user email, return the Okta account status, last login, and MFA enrollment status.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: User email address.
      call: okta.get-user
      with:
        login: '{{user_email}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: last_login
        type: string
        mapping: $.lastLogin
  consumes:
  - namespace: okta
    type: http
    baseUri: https://bofa.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: identity-ops
      path: /{{id}}
      operations:
      - name: get-user
        method: GET

When a complaint is received, creates a Salesforce case, opens a ServiceNow investigation task, and notifies the compliance officer via Teams.

naftiko: '0.5'
info:
  label: Customer Complaint Escalation Handler
  description: When a complaint is received, creates a Salesforce case, opens a ServiceNow investigation task, and notifies the compliance officer via Teams.
  tags:
  - banking
  - customer-service
  - salesforce
  - servicenow
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: complaints-ops
    port: 8080
    tools:
    - name: escalate-complaint
      description: Given complaint details, create a Salesforce case, open a ServiceNow task, and alert compliance via Teams.
      inputParameters:
      - name: customer_name
        in: body
        type: string
        description: Complainant name.
      - name: account_number
        in: body
        type: string
        description: Account or policy number.
      - name: complaint_category
        in: body
        type: string
        description: Complaint category.
      - name: compliance_upn
        in: body
        type: string
        description: UPN of compliance officer.
      steps:
      - name: create-case
        type: call
        call: sf.create-case
        with:
          Subject: Complaint — {{account_number}} — {{complaint_category}}
          Description: 'Customer: {{customer_name}} | Category: {{complaint_category}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'Complaint: {{account_number}}'
          description: 'SF Case: {{create-case.case_number}} | {{complaint_category}}'
      - name: notify-compliance
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{compliance_upn}}'
          text: 'Complaint escalation: {{customer_name}} — {{complaint_category}}. SF: {{create-case.case_number}} | SNOW: {{create-task.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sn_si_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Collects loan origination documents by tracking submission status in Salesforce, sending reminders via email, and logging progress in ServiceNow.

naftiko: '0.5'
info:
  label: Loan Origination Document Collection
  description: Collects loan origination documents by tracking submission status in Salesforce, sending reminders via email, and logging progress in ServiceNow.
  tags:
  - banking
  - lending
  - salesforce
  - servicenow
  - document-management
capability:
  exposes:
  - type: mcp
    namespace: lending-ops
    port: 8080
    tools:
    - name: collect-loan-documents
      description: Given a loan application ID, check document status in Salesforce, send reminders for missing docs, and log progress in ServiceNow.
      inputParameters:
      - name: application_id
        in: body
        type: string
        description: Loan application ID.
      - name: applicant_email
        in: body
        type: string
        description: Applicant email.
      - name: lo_upn
        in: body
        type: string
        description: Loan officer UPN.
      steps:
      - name: check-docs
        type: call
        call: sf.get-doc-status
        with:
          application_id: '{{application_id}}'
      - name: send-reminder
        type: call
        call: msgraph.send-mail
        with:
          to: '{{applicant_email}}'
          subject: 'Documents Needed: Loan Application {{application_id}}'
          body: 'Missing: {{check-docs.missing_documents}}'
      - name: log-progress
        type: call
        call: snow.update-task
        with:
          short_description: 'Doc collection: {{application_id}}'
          description: 'Complete: {{check-docs.complete_count}} | Missing: {{check-docs.missing_count}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: applications
      path: /sobjects/Loan_Application__c/{{application_id}}
      inputParameters:
      - name: application_id
        in: path
      operations:
      - name: get-doc-status
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@bofa.com/sendMail
      operations:
      - name: send-mail
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_loan_task
      operations:
      - name: update-task
        method: POST

When an employee termination is processed in Workday, disables their Okta account, revokes ServiceNow access, and notifies the HR business partner via Teams.

naftiko: '0.5'
info:
  label: Employee Termination Access Revocation
  description: When an employee termination is processed in Workday, disables their Okta account, revokes ServiceNow access, and notifies the HR business partner via Teams.
  tags:
  - banking
  - hr
  - security
  - workday
  - okta
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-security
    port: 8080
    tools:
    - name: revoke-terminated-access
      description: Given a Workday employee ID and termination date, disable the Okta account, close open ServiceNow tickets, and notify the HRBP via Teams.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: termination_date
        in: body
        type: string
        description: Termination date.
      - name: hrbp_upn
        in: body
        type: string
        description: UPN of the HRBP.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          employee_id: '{{employee_id}}'
      - name: disable-okta
        type: call
        call: okta.deactivate-user
        with:
          login: '{{get-employee.email}}'
      - name: notify-hrbp
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{hrbp_upn}}'
          text: Access revoked for {{get-employee.full_name}} ({{employee_id}}) effective {{termination_date}}.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/bofa/Human_Resources/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: workers
      path: /workers/{{employee_id}}
      inputParameters:
      - name: employee_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://bofa.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: users
      path: /users/{{login}}/lifecycle/deactivate
      inputParameters:
      - name: login
        in: path
      operations:
      - name: deactivate-user
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Queries SAP Concur for expense reports pending approval beyond the SLA threshold and sends reminder notifications to approving managers via Microsoft Teams.

naftiko: '0.5'
info:
  label: SAP Concur Expense Report Approval Reminder
  description: Queries SAP Concur for expense reports pending approval beyond the SLA threshold and sends reminder notifications to approving managers via Microsoft Teams.
  tags:
  - finance
  - expense-management
  - sap-concur
  - microsoft-teams
  - approval
capability:
  exposes:
  - type: mcp
    namespace: expense-approvals
    port: 8080
    tools:
    - name: send-expense-approval-reminders
      description: Query SAP Concur for expense reports in Pending Manager Approval status older than the specified threshold, then send a Teams reminder to the Finance Approvals channel.
      inputParameters:
      - name: days_pending
        in: body
        type: integer
        description: 'Days a report must be pending before sending a reminder. Default: 5.'
      steps:
      - name: get-pending-reports
        type: call
        call: concur.list-pending-reports
        with:
          approvalStatus: A_PEND
          daysOld: '{{days_pending}}'
      - name: notify-approvers
        type: call
        call: msteams.post-channel-message
        with:
          channel: finance-approvals
          message: '{{get-pending-reports.count}} expense reports pending approval for more than {{days_pending}} days. Please review in SAP Concur.'
  consumes:
  - type: http
    namespace: concur
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports
      operations:
      - name: list-pending-reports
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Looks up a user identity in SailPoint and returns current entitlements and certification status.

naftiko: '0.5'
info:
  label: SailPoint Identity Governance Lookup
  description: Looks up a user identity in SailPoint and returns current entitlements and certification status.
  tags:
  - banking
  - security
  - sailpoint
  - identity-governance
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: iam-ops
    port: 8080
    tools:
    - name: get-identity-access
      description: Given a SailPoint identity alias, return the display name, entitlement count, and last certification date.
      inputParameters:
      - name: identity_alias
        in: body
        type: string
        description: SailPoint identity alias or email.
      call: sailpoint.get-identity
      with:
        alias: '{{identity_alias}}'
      outputParameters:
      - name: display_name
        type: string
        mapping: $.displayName
      - name: entitlement_count
        type: integer
        mapping: $.entitlementCount
  consumes:
  - namespace: sailpoint
    type: http
    baseUri: https://bofa.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: iam-ops
      path: /{{id}}
      operations:
      - name: get-identity
        method: GET

Runs a Splunk search for security events matching a query and returns the result count.

naftiko: '0.5'
info:
  label: Splunk Security Event Query
  description: Runs a Splunk search for security events matching a query and returns the result count.
  tags:
  - banking
  - security
  - splunk
  - siem
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: security-ops
    port: 8080
    tools:
    - name: search-security-events
      description: Given a Splunk search query, execute the search and return the result count and top events.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: Splunk search query string.
      call: splunk.run-search
      with:
        search: '{{search_query}}'
      outputParameters:
      - name: result_count
        type: integer
        mapping: $.resultCount
  consumes:
  - namespace: splunk
    type: http
    baseUri: https://bofa-splunk.splunkcloud.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: security-ops
      path: /{{id}}
      operations:
      - name: run-search
        method: GET

Triggers a Terraform Cloud workspace run for cloud infrastructure provisioning or updates, and notifies the Platform Engineering team in Microsoft Teams with the run status.

naftiko: '0.5'
info:
  label: Terraform Cloud Infrastructure Provisioning Trigger
  description: Triggers a Terraform Cloud workspace run for cloud infrastructure provisioning or updates, and notifies the Platform Engineering team in Microsoft Teams with the run status.
  tags:
  - cloud
  - infrastructure
  - terraform
  - microsoft-teams
  - devops
  - provisioning
capability:
  exposes:
  - type: mcp
    namespace: infra-provisioning
    port: 8080
    tools:
    - name: trigger-terraform-run
      description: Given a Terraform Cloud workspace ID and a descriptive message, trigger an infrastructure plan-and-apply run and notify the Platform Engineering Teams channel.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: The Terraform Cloud workspace ID to run against.
      - name: run_message
        in: body
        type: string
        description: Description of the infrastructure change, e.g. 'Scale EKS node group for transaction processing'.
      steps:
      - name: trigger-run
        type: call
        call: terraform.create-run
        with:
          workspace_id: '{{workspace_id}}'
          message: '{{run_message}}'
      - name: notify-platform
        type: call
        call: msteams.post-channel-message
        with:
          channel: platform-engineering
          message: 'Terraform run triggered: {{run_message}} | Workspace: {{workspace_id}} | Run: {{trigger-run.id}}'
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: create-run
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Checks the refresh status of a Power BI dataset and returns the last refresh time and status.

naftiko: '0.5'
info:
  label: Power BI Dataset Refresh Status Check
  description: Checks the refresh status of a Power BI dataset and returns the last refresh time and status.
  tags:
  - banking
  - analytics
  - power-bi
  - reporting
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: bi-ops
    port: 8080
    tools:
    - name: get-dataset-refresh
      description: Given a Power BI dataset ID, return the last refresh timestamp and status.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset GUID.
      call: pbi.get-refresh
      with:
        datasetId: '{{dataset_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.value[0].status
      - name: end_time
        type: string
        mapping: $.value[0].endTime
  consumes:
  - namespace: pbi
    type: http
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: bi-ops
      path: /{{id}}
      operations:
      - name: get-refresh
        method: GET

Retrieves the current on-call engineer for a given PagerDuty escalation policy to support incident routing and stakeholder communication.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Engineer Lookup
  description: Retrieves the current on-call engineer for a given PagerDuty escalation policy to support incident routing and stakeholder communication.
  tags:
  - itsm
  - pagerduty
  - on-call
  - incident-response
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: oncall-lookup
    port: 8080
    tools:
    - name: get-current-oncall
      description: Given a PagerDuty escalation policy ID, return the name and email of the currently on-call engineer. Use when routing critical banking platform incidents.
      inputParameters:
      - name: escalation_policy_id
        in: body
        type: string
        description: The PagerDuty escalation policy ID for the relevant banking system team.
      call: pagerduty.get-oncall
      with:
        escalation_policy_id: '{{escalation_policy_id}}'
      outputParameters:
      - name: oncall_name
        type: string
        mapping: $.oncalls[0].user.summary
      - name: oncall_email
        type: string
        mapping: $.oncalls[0].user.email
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_api_key
      placement: header
    resources:
    - name: oncalls
      path: /oncalls
      operations:
      - name: get-oncall
        method: GET

Queries Workday for open positions by department, returning count and average days open.

naftiko: '0.5'
info:
  label: Workday Open Position Count Check
  description: Queries Workday for open positions by department, returning count and average days open.
  tags:
  - banking
  - hr
  - workday
  - talent-acquisition
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: ta-ops
    port: 8080
    tools:
    - name: get-open-positions
      description: Given a department name, return the open position count and average days since posting.
      inputParameters:
      - name: department
        in: body
        type: string
        description: Department name.
      call: workday.get-requisitions
      with:
        department: '{{department}}'
      outputParameters:
      - name: open_count
        type: integer
        mapping: $.total
      - name: avg_days_open
        type: number
        mapping: $.averageDaysOpen
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/bofa/Human_Resources/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: ta-ops
      path: /{{id}}
      operations:
      - name: get-requisitions
        method: GET

Processes KYC customer onboarding by verifying identity in Salesforce, running compliance checks in Snowflake, and creating an onboarding task in ServiceNow.

naftiko: '0.5'
info:
  label: KYC Customer Onboarding Workflow
  description: Processes KYC customer onboarding by verifying identity in Salesforce, running compliance checks in Snowflake, and creating an onboarding task in ServiceNow.
  tags:
  - banking
  - kyc
  - compliance
  - salesforce
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: kyc-ops
    port: 8080
    tools:
    - name: onboard-customer-kyc
      description: Given customer details, verify identity in Salesforce, run KYC checks in Snowflake, create onboarding task in ServiceNow, and notify compliance in Teams.
      inputParameters:
      - name: customer_name
        in: body
        type: string
        description: Customer name.
      - name: customer_id
        in: body
        type: string
        description: Customer ID.
      - name: compliance_upn
        in: body
        type: string
        description: Compliance officer UPN.
      steps:
      - name: verify-identity
        type: call
        call: sf.get-customer
        with:
          customer_id: '{{customer_id}}'
      - name: run-kyc
        type: call
        call: snowflake.run-kyc-check
        with:
          customer_name: '{{customer_name}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'KYC Onboarding: {{customer_name}}'
          description: 'ID: {{customer_id}} | KYC: {{run-kyc.status}}'
      - name: notify-compliance
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{compliance_upn}}'
          text: 'KYC onboarding: {{customer_name}} — Status: {{run-kyc.status}}. SNOW: {{create-task.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: customers
      path: /sobjects/Account/{{customer_id}}
      inputParameters:
      - name: customer_id
        in: path
      operations:
      - name: get-customer
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-kyc-check
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_kyc_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves a client account from Salesforce by account ID, returning relationship manager, account tier, and total assets under management.

naftiko: '0.5'
info:
  label: Salesforce Client Account Lookup
  description: Retrieves a client account from Salesforce by account ID, returning relationship manager, account tier, and total assets under management.
  tags:
  - banking
  - banking
  - salesforce
  - relationship-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: client-ops
    port: 8080
    tools:
    - name: get-client-account
      description: Given a Salesforce account ID, return the client name, relationship manager, account tier, and AUM.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Salesforce account ID.
      call: sf.get-account
      with:
        accountId: '{{account_id}}'
      outputParameters:
      - name: client_name
        type: string
        mapping: $.Name
      - name: rm
        type: string
        mapping: $.Owner.Name
      - name: tier
        type: string
        mapping: $.Tier__c
  consumes:
  - namespace: sf
    type: http
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: client-ops
      path: /{{id}}
      operations:
      - name: get-account
        method: GET

Enriches a Salesforce client account record with updated relationship manager assignment, segment classification, and AUM data, then syncs the update status to the Relationship Management Teams channel.

naftiko: '0.5'
info:
  label: Salesforce Client Account Enrichment
  description: Enriches a Salesforce client account record with updated relationship manager assignment, segment classification, and AUM data, then syncs the update status to the Relationship Management Teams channel.
  tags:
  - crm
  - salesforce
  - microsoft-teams
  - client-management
  - wealth-management
capability:
  exposes:
  - type: mcp
    namespace: client-management
    port: 8080
    tools:
    - name: enrich-client-account
      description: Given a Salesforce account ID, relationship manager ID, segment, and AUM value, update the client account record and notify the Relationship Management Teams channel of the change.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account ID to enrich.
      - name: relationship_manager_id
        in: body
        type: string
        description: The Salesforce user ID of the assigned relationship manager.
      - name: client_segment
        in: body
        type: string
        description: 'Client segment classification: ''Mass Affluent'', ''High Net Worth'', ''Ultra High Net Worth'', ''Institutional''.'
      - name: aum_usd
        in: body
        type: number
        description: Total assets under management for the client in USD.
      steps:
      - name: update-account
        type: call
        call: salesforce.update-account
        with:
          account_id: '{{account_id}}'
          owner_id: '{{relationship_manager_id}}'
          segment: '{{client_segment}}'
          aum: '{{aum_usd}}'
      - name: notify-rm-channel
        type: call
        call: msteams.post-channel-message
        with:
          channel: relationship-management
          message: 'Client account {{account_id}} updated: Segment {{client_segment}} | AUM ${{aum_usd}} | RM: {{relationship_manager_id}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://bankofamerica.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: update-account
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Screens customers against sanctions lists in Snowflake, logs in ServiceNow, and escalates matches.

naftiko: '0.5'
info:
  label: Sanctions Screening Handler
  description: Screens customers against sanctions lists in Snowflake, logs in ServiceNow, and escalates matches.
  tags:
  - banking
  - sanctions
  - compliance
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: sanctions-ops
    port: 8080
    tools:
    - name: screen-sanctions
      description: Given a customer name and country, screen in Snowflake, log in ServiceNow, and notify compliance.
      inputParameters:
      - name: customer_name
        in: body
        type: string
        description: Customer name.
      - name: country
        in: body
        type: string
        description: Country.
      - name: compliance_upn
        in: body
        type: string
        description: Compliance UPN.
      steps:
      - name: screen
        type: call
        call: snowflake.screen-sanctions
        with:
          customer: '{{customer_name}}'
          country: '{{country}}'
      - name: log
        type: call
        call: snow.create-record
        with:
          short_description: 'Sanctions: {{customer_name}}'
          description: 'Matches: {{screen.match_count}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{compliance_upn}}'
          text: 'Sanctions: {{customer_name}} ({{country}}) — {{screen.match_count}} matches. SNOW: {{log.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: screen-sanctions
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: screening
      path: /table/u_sanctions_screening
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Retrieves the current foreign exchange rate from Refinitiv for a specified currency pair.

naftiko: '0.5'
info:
  label: Refinitiv FX Rate Lookup
  description: Retrieves the current foreign exchange rate from Refinitiv for a specified currency pair.
  tags:
  - banking
  - refinitiv
  - foreign-exchange
  - trading
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: fx-ops
    port: 8080
    tools:
    - name: get-fx-rate
      description: Given a currency pair, return the current bid, ask, and mid rates.
      inputParameters:
      - name: currency_pair
        in: body
        type: string
        description: Currency pair, e.g. EURUSD.
      call: refinitiv.get-fx-rate
      with:
        pair: '{{currency_pair}}'
      outputParameters:
      - name: bid
        type: number
        mapping: $.data[0].bid
      - name: ask
        type: number
        mapping: $.data[0].ask
      - name: mid
        type: number
        mapping: $.data[0].mid
  consumes:
  - namespace: refinitiv
    type: http
    baseUri: https://api.refinitiv.com/data/pricing/v1
    authentication:
      type: bearer
      token: $secrets.refinitiv_token
    resources:
    - name: quotes
      path: /quotes/{{pair}}
      operations:
      - name: get-fx-rate
        method: GET

When an AML alert fires, enriches the transaction from Snowflake, creates a SAR investigation in ServiceNow, and notifies the BSA officer via Teams.

naftiko: '0.5'
info:
  label: AML Transaction Monitoring Alert
  description: When an AML alert fires, enriches the transaction from Snowflake, creates a SAR investigation in ServiceNow, and notifies the BSA officer via Teams.
  tags:
  - banking
  - aml
  - compliance
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: aml-ops
    port: 8080
    tools:
    - name: handle-aml-alert
      description: Given a transaction ID and alert type, enrich from Snowflake, create a SAR investigation in ServiceNow, and notify the BSA officer.
      inputParameters:
      - name: transaction_id
        in: body
        type: string
        description: Transaction ID.
      - name: alert_type
        in: body
        type: string
        description: AML alert type.
      - name: bsa_officer_upn
        in: body
        type: string
        description: BSA officer UPN.
      steps:
      - name: enrich-txn
        type: call
        call: snowflake.get-transaction
        with:
          transaction_id: '{{transaction_id}}'
      - name: create-sar
        type: call
        call: snow.create-sar
        with:
          short_description: 'AML Alert: {{transaction_id}} — {{alert_type}}'
          description: 'Amount: {{enrich-txn.amount}} | Customer: {{enrich-txn.customer_name}}'
      - name: notify-bsa
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{bsa_officer_upn}}'
          text: 'AML alert: {{transaction_id}} — {{alert_type}}. Amount: {{enrich-txn.amount}}. SAR: {{create-sar.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: get-transaction
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: sar
      path: /table/u_sar_investigation
      operations:
      - name: create-sar
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Looks up the most recent execution status of a named Snowflake task pipeline in the Bank of America data warehouse and returns run state, duration, and error message.

naftiko: '0.5'
info:
  label: Snowflake Pipeline Job Status Lookup
  description: Looks up the most recent execution status of a named Snowflake task pipeline in the Bank of America data warehouse and returns run state, duration, and error message.
  tags:
  - data
  - analytics
  - snowflake
  - monitoring
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: data-pipeline-lookup
    port: 8080
    tools:
    - name: get-pipeline-job-status
      description: Given a Snowflake database and task name, return the most recent task run state, scheduled time, completed time, and error message if failed.
      inputParameters:
      - name: database_name
        in: body
        type: string
        description: The Snowflake database name, e.g. 'BOA_RISK_PROD'.
      - name: task_name
        in: body
        type: string
        description: The Snowflake task name to query status for.
      call: snowflake.get-task-history
      with:
        database: '{{database_name}}'
        task_name: '{{task_name}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.data[0].STATE
      - name: scheduled_time
        type: string
        mapping: $.data[0].SCHEDULED_TIME
      - name: completed_time
        type: string
        mapping: $.data[0].COMPLETED_TIME
      - name: error_message
        type: string
        mapping: $.data[0].ERROR_MESSAGE
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bankofamerica.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: task-history
      path: /databases/{{database}}/schemas/information_schema/task_history
      inputParameters:
      - name: database
        in: path
      operations:
      - name: get-task-history
        method: GET

Retrieves an SAP Concur expense report by ID, returning the total amount, approval status, and owner.

naftiko: '0.5'
info:
  label: SAP Concur Expense Report Status Lookup
  description: Retrieves an SAP Concur expense report by ID, returning the total amount, approval status, and owner.
  tags:
  - banking
  - finance
  - sap-concur
  - expense-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: expense-ops
    port: 8080
    tools:
    - name: get-expense-report
      description: Given a Concur report ID, return the total, currency, approval status, and submitter name.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: SAP Concur expense report ID.
      call: concur.get-report
      with:
        reportId: '{{report_id}}'
      outputParameters:
      - name: total
        type: number
        mapping: $.Total
      - name: status
        type: string
        mapping: $.ApprovalStatusName
      - name: owner
        type: string
        mapping: $.OwnerName
  consumes:
  - namespace: concur
    type: http
    baseUri: https://api.bofa.com/v1
    authentication:
      type: bearer
      token: $secrets.api_token
    resources:
    - name: expense-ops
      path: /{{id}}
      operations:
      - name: get-report
        method: GET

When an AWS cost anomaly alert is triggered, annotates it in Datadog, opens a ServiceNow change request for FinOps review, and notifies the Cloud Cost Management team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Cloud Cost Anomaly Detection and Response
  description: When an AWS cost anomaly alert is triggered, annotates it in Datadog, opens a ServiceNow change request for FinOps review, and notifies the Cloud Cost Management team via Microsoft Teams.
  tags:
  - finops
  - cloud
  - aws
  - datadog
  - servicenow
  - cost-management
capability:
  exposes:
  - type: mcp
    namespace: finops
    port: 8080
    tools:
    - name: handle-cost-anomaly
      description: Given an AWS cost anomaly with service name and overage amount, create a Datadog annotation, open a ServiceNow change request, and alert the FinOps Teams channel.
      inputParameters:
      - name: aws_service
        in: body
        type: string
        description: The AWS service reporting the anomaly, e.g. 'Amazon EC2', 'AWS Lambda'.
      - name: overage_usd
        in: body
        type: number
        description: Estimated cost overage in USD.
      - name: account_id
        in: body
        type: string
        description: The AWS account ID where the anomaly was detected.
      steps:
      - name: annotate-datadog
        type: call
        call: datadog.create-event
        with:
          title: 'AWS Cost Anomaly: {{aws_service}}'
          text: 'Account {{account_id}} — overage: ${{overage_usd}}'
          alert_type: warning
      - name: open-change-request
        type: call
        call: servicenow.create-change
        with:
          short_description: 'FinOps review: {{aws_service}} overage ${{overage_usd}}'
          category: finops
          justification: AWS anomaly detected on account {{account_id}}
      - name: notify-finops
        type: call
        call: msteams.post-channel-message
        with:
          channel: cloud-cost-management
          message: 'AWS Cost Anomaly: {{aws_service}} | Account: {{account_id}} | Overage: ${{overage_usd}} | SNOW: {{open-change-request.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bankofamerica.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Analyzes interest rate risk by pulling balance sheet data from Snowflake, running scenarios, and distributing results via Teams.

naftiko: '0.5'
info:
  label: Interest Rate Risk Sensitivity Analysis
  description: Analyzes interest rate risk by pulling balance sheet data from Snowflake, running scenarios, and distributing results via Teams.
  tags:
  - banking
  - risk-management
  - interest-rate
  - snowflake
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: alm-ops
    port: 8080
    tools:
    - name: run-ir-sensitivity
      description: Given a scenario set and report date, pull balance sheet from Snowflake, run rate shock scenarios, and post results.
      inputParameters:
      - name: scenario_set
        in: body
        type: string
        description: Scenario set name.
      - name: report_date
        in: body
        type: string
        description: Report date.
      - name: alm_channel_id
        in: body
        type: string
        description: ALM channel.
      steps:
      - name: get-balances
        type: call
        call: snowflake.query-balances
        with:
          date: '{{report_date}}'
      - name: run-scenarios
        type: call
        call: snowflake.run-scenarios
        with:
          scenario: '{{scenario_set}}'
      - name: post-results
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{alm_channel_id}}'
          text: 'IR Sensitivity: {{scenario_set}} — {{report_date}}. NII impact: ${{run-scenarios.nii_impact}} | EVE impact: ${{run-scenarios.eve_impact}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-balances
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      operations:
      - name: post-channel
        method: POST

Prepares portfolio reviews by pulling holdings from Snowflake, updating Salesforce, and notifying the RM.

naftiko: '0.5'
info:
  label: Client Portfolio Review Preparer
  description: Prepares portfolio reviews by pulling holdings from Snowflake, updating Salesforce, and notifying the RM.
  tags:
  - banking
  - wealth-management
  - portfolio
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: wealth-ops
    port: 8080
    tools:
    - name: prepare-portfolio-review
      description: Given a client ID, pull portfolio from Snowflake, update Salesforce, and notify the RM.
      inputParameters:
      - name: client_id
        in: body
        type: string
        description: Client ID.
      - name: rm_upn
        in: body
        type: string
        description: RM UPN.
      steps:
      - name: get-holdings
        type: call
        call: snowflake.query-portfolio
        with:
          client_id: '{{client_id}}'
      - name: update-sf
        type: call
        call: sf.update-review
        with:
          client_id: '{{client_id}}'
          ytd: '{{get-holdings.ytd_return}}'
      - name: notify-rm
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{rm_upn}}'
          text: 'Portfolio ready: {{client_id}} — YTD: {{get-holdings.ytd_return}}%'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-portfolio
        method: POST
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: reviews
      path: /sobjects/Portfolio_Review__c/{{client_id}}
      operations:
      - name: update-review
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Performs a three-way match on a vendor invoice by verifying the PO in SAP, confirming goods receipt, and routing for approval with Teams notification.

naftiko: '0.5'
info:
  label: SAP Invoice Three-Way Match Workflow
  description: Performs a three-way match on a vendor invoice by verifying the PO in SAP, confirming goods receipt, and routing for approval with Teams notification.
  tags:
  - banking
  - finance
  - accounts-payable
  - sap
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: ap-ops
    port: 8080
    tools:
    - name: three-way-match
      description: Given an invoice and PO number, verify the PO in SAP, confirm goods receipt, create an approval in ServiceNow, and notify AP via Teams.
      inputParameters:
      - name: invoice_number
        in: body
        type: string
        description: Vendor invoice number.
      - name: po_number
        in: body
        type: string
        description: SAP purchase order number.
      - name: ap_manager_upn
        in: body
        type: string
        description: UPN of AP manager.
      steps:
      - name: verify-po
        type: call
        call: sap.get-po
        with:
          po_number: '{{po_number}}'
      - name: check-gr
        type: call
        call: sap.get-goods-receipt
        with:
          po_number: '{{po_number}}'
      - name: create-approval
        type: call
        call: snow.create-approval
        with:
          short_description: 'Invoice approval: {{invoice_number}} — PO {{po_number}}'
          description: 'PO Amount: {{verify-po.total_amount}} | GR: {{check-gr.status}}'
      - name: notify-ap
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{ap_manager_upn}}'
          text: 'Three-way match: Invoice {{invoice_number}} — PO {{po_number}}. GR: {{check-gr.status}}. Approval: {{create-approval.number}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET
    - name: goods-receipts
      path: /A_PurchaseOrder('{{po_number}}')/to_GoodsReceipt
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-goods-receipt
        method: GET
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: approvals
      path: /table/sysapproval_approver
      operations:
      - name: create-approval
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

When Dependabot alerts are raised, creates Jira tickets for remediation, logs in Snowflake, and alerts the AppSec team via Teams.

naftiko: '0.5'
info:
  label: GitHub Dependabot Alert Handler
  description: When Dependabot alerts are raised, creates Jira tickets for remediation, logs in Snowflake, and alerts the AppSec team via Teams.
  tags:
  - banking
  - security
  - github
  - jira
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: appsec-ops
    port: 8080
    tools:
    - name: handle-dependabot-alert
      description: Given a repo and alert severity, create a Jira ticket, log the vulnerability in Snowflake, and notify AppSec in Teams.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: GitHub repository.
      - name: cve_id
        in: body
        type: string
        description: CVE identifier.
      - name: severity
        in: body
        type: string
        description: Alert severity.
      - name: appsec_upn
        in: body
        type: string
        description: UPN of AppSec lead.
      steps:
      - name: create-jira
        type: call
        call: jira.create-issue
        with:
          project: APPSEC
          summary: 'Dependabot: {{cve_id}} in {{repo_name}}'
          description: 'Severity: {{severity}} | Repo: {{repo_name}}'
      - name: log-vuln
        type: call
        call: snowflake.insert-vuln
        with:
          repo: '{{repo_name}}'
          cve: '{{cve_id}}'
          severity: '{{severity}}'
      - name: notify-appsec
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{appsec_upn}}'
          text: 'Dependabot: {{cve_id}} ({{severity}}) in {{repo_name}}. Jira: {{create-jira.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://bofa.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-vuln
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Creates a ServiceNow change request for technology infrastructure changes at Bank of America, assigns it to the CAB review board, and notifies stakeholders via Microsoft Teams.

naftiko: '0.5'
info:
  label: ServiceNow IT Change Advisory Board Request
  description: Creates a ServiceNow change request for technology infrastructure changes at Bank of America, assigns it to the CAB review board, and notifies stakeholders via Microsoft Teams.
  tags:
  - itsm
  - change-management
  - servicenow
  - microsoft-teams
  - approval
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: submit-change-request
      description: Given a change title, description, risk level, and planned date, create a ServiceNow change request and notify the CAB via the Change Management Teams channel.
      inputParameters:
      - name: change_title
        in: body
        type: string
        description: Short description of the proposed infrastructure change.
      - name: change_description
        in: body
        type: string
        description: Full description including what is changing, business justification, and rollback plan.
      - name: risk_level
        in: body
        type: string
        description: 'Risk classification: ''low'', ''medium'', or ''high''.'
      - name: planned_date
        in: body
        type: string
        description: Planned implementation date in YYYY-MM-DD format.
      steps:
      - name: create-change
        type: call
        call: servicenow.create-change
        with:
          short_description: '{{change_title}}'
          description: '{{change_description}}'
          risk: '{{risk_level}}'
          planned_start_date: '{{planned_date}}'
      - name: notify-cab
        type: call
        call: msteams.post-channel-message
        with:
          channel: change-advisory-board
          message: 'New CAB request: {{change_title}} | Risk: {{risk_level}} | Planned: {{planned_date}} | SNOW: {{create-change.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://bankofamerica.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves a Zendesk support ticket by ID, returning subject, status, priority, and assignee.

naftiko: '0.5'
info:
  label: Zendesk Support Ticket Lookup
  description: Retrieves a Zendesk support ticket by ID, returning subject, status, priority, and assignee.
  tags:
  - customer-service
  - zendesk
  - support
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: support-ops
    port: 8080
    tools:
    - name: get-support-ticket
      description: Given a Zendesk ticket ID, return the subject, status, priority, and assigned agent name.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: Zendesk ticket ID.
      call: zendesk.get-ticket
      with:
        ticketId: '{{ticket_id}}'
      outputParameters:
      - name: subject
        type: string
        mapping: $.ticket.subject
      - name: status
        type: string
        mapping: $.ticket.status
      - name: priority
        type: string
        mapping: $.ticket.priority
  consumes:
  - namespace: zendesk
    type: http
    baseUri: https://bofa.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: tickets
      path: /tickets/{{ticketId}}
      operations:
      - name: get-ticket
        method: GET

Screens wire transfers for fraud by checking transaction patterns in Snowflake, creating a hold in SAP if suspicious, and alerting the fraud team via Teams.

naftiko: '0.5'
info:
  label: Wire Transfer Fraud Screening
  description: Screens wire transfers for fraud by checking transaction patterns in Snowflake, creating a hold in SAP if suspicious, and alerting the fraud team via Teams.
  tags:
  - banking
  - fraud-detection
  - payments
  - snowflake
  - sap
capability:
  exposes:
  - type: mcp
    namespace: fraud-ops
    port: 8080
    tools:
    - name: screen-wire-transfer
      description: Given a wire transfer ID and amount, check patterns in Snowflake, hold in SAP if suspicious, and alert the fraud team.
      inputParameters:
      - name: transfer_id
        in: body
        type: string
        description: Wire transfer ID.
      - name: amount
        in: body
        type: number
        description: Transfer amount.
      - name: fraud_channel_id
        in: body
        type: string
        description: Fraud team Teams channel.
      steps:
      - name: check-patterns
        type: call
        call: snowflake.check-wire-patterns
        with:
          transfer_id: '{{transfer_id}}'
          amount: '{{amount}}'
      - name: hold-payment
        type: call
        call: sap-fi.create-hold
        with:
          transfer_id: '{{transfer_id}}'
          reason: 'Fraud screening: {{check-patterns.risk_level}}'
      - name: alert-fraud
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{fraud_channel_id}}'
          text: 'Wire screening: {{transfer_id}} — ${{amount}}. Risk: {{check-patterns.risk_level}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: check-wire-patterns
        method: POST
  - type: http
    namespace: sap
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: holds
      path: /A_JournalEntry
      operations:
      - name: create-hold
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Handles trade settlement exceptions by pulling details from Snowflake, creating a ServiceNow ticket, and notifying operations.

naftiko: '0.5'
info:
  label: Trade Settlement Exception Workflow
  description: Handles trade settlement exceptions by pulling details from Snowflake, creating a ServiceNow ticket, and notifying operations.
  tags:
  - banking
  - trading
  - settlement
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: settlement-ops
    port: 8080
    tools:
    - name: handle-settlement-exception
      description: Given a trade ID and exception type, pull details, create a ticket, and notify operations.
      inputParameters:
      - name: trade_id
        in: body
        type: string
        description: Trade ID.
      - name: exception_type
        in: body
        type: string
        description: Exception type.
      - name: ops_channel_id
        in: body
        type: string
        description: Operations channel.
      steps:
      - name: get-trade
        type: call
        call: snowflake.get-trade
        with:
          trade_id: '{{trade_id}}'
      - name: create-ticket
        type: call
        call: snow.create-exception
        with:
          short_description: 'Settlement: {{trade_id}} — {{exception_type}}'
          description: 'Counterparty: {{get-trade.counterparty}}'
      - name: notify
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{ops_channel_id}}'
          text: 'Settlement exception: {{trade_id}} — {{exception_type}}. SNOW: {{create-ticket.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: get-trade
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: exceptions
      path: /table/u_trade_exception
      operations:
      - name: create-exception
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      operations:
      - name: post-channel
        method: POST

Verifies that a change request falls within the approved window by checking ServiceNow, validating service health in Datadog, and notifying the CAB via Teams.

naftiko: '0.5'
info:
  label: ServiceNow Change Window Compliance Validator
  description: Verifies that a change request falls within the approved window by checking ServiceNow, validating service health in Datadog, and notifying the CAB via Teams.
  tags:
  - banking
  - it-operations
  - change-management
  - servicenow
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: change-ops
    port: 8080
    tools:
    - name: check-change-compliance
      description: Given a change request number and proposed date, verify window compliance in ServiceNow, check Datadog service health, and notify the CAB in Teams.
      inputParameters:
      - name: change_number
        in: body
        type: string
        description: Change request number.
      - name: proposed_date
        in: body
        type: string
        description: Proposed date.
      - name: cab_channel_id
        in: body
        type: string
        description: Teams channel ID for CAB.
      steps:
      - name: check-window
        type: call
        call: snow.get-change-window
        with:
          change_number: '{{change_number}}'
      - name: check-health
        type: call
        call: datadog.get-status
        with:
          date: '{{proposed_date}}'
      - name: notify-cab
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{cab_channel_id}}'
          text: 'Change compliance: {{change_number}} for {{proposed_date}}. Window: {{check-window.status}} | Health: {{check-health.overall}}'
  consumes:
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request?sysparm_query=number={{change_number}}
      inputParameters:
      - name: change_number
        in: query
      operations:
      - name: get-change-window
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/groups
      operations:
      - name: get-status
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

When a Datadog SLO breach is detected, creates a ServiceNow incident, pages on-call via PagerDuty, and posts to the reliability channel.

naftiko: '0.5'
info:
  label: Datadog SLO Breach Incident Handler
  description: When a Datadog SLO breach is detected, creates a ServiceNow incident, pages on-call via PagerDuty, and posts to the reliability channel.
  tags:
  - banking
  - sre
  - datadog
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: sre-ops
    port: 8080
    tools:
    - name: handle-slo-breach
      description: Given an SLO name and current SLI value, create a ServiceNow incident, trigger a PagerDuty alert, and notify the SRE channel in Teams.
      inputParameters:
      - name: slo_name
        in: body
        type: string
        description: SLO name.
      - name: sli_value
        in: body
        type: number
        description: Current SLI value.
      - name: service_name
        in: body
        type: string
        description: Affected service.
      - name: sre_channel_id
        in: body
        type: string
        description: SRE Teams channel.
      steps:
      - name: create-incident
        type: call
        call: snow.create-incident
        with:
          short_description: 'SLO breach: {{slo_name}} — {{service_name}}'
          description: 'SLI: {{sli_value}}%'
          priority: '2'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: sre-team
          title: 'SLO breach: {{slo_name}} ({{sli_value}}%)'
      - name: notify-channel
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{sre_channel_id}}'
          text: 'SLO Breach: {{slo_name}} — {{service_name}} at {{sli_value}}%. SNOW: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Generates a quarterly financial report by querying Snowflake for KPIs, refreshing Power BI dashboards, and distributing via email to the executive team.

naftiko: '0.5'
info:
  label: Quarterly Financial Report Generator
  description: Generates a quarterly financial report by querying Snowflake for KPIs, refreshing Power BI dashboards, and distributing via email to the executive team.
  tags:
  - banking
  - finance
  - analytics
  - snowflake
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: finance-reporting
    port: 8080
    tools:
    - name: generate-financial-report
      description: Given a reporting quarter, query Snowflake for financial KPIs, trigger a Power BI refresh, and email the report link to executives.
      inputParameters:
      - name: quarter
        in: body
        type: string
        description: Reporting quarter.
      - name: exec_dl
        in: body
        type: string
        description: Executive distribution list email.
      steps:
      - name: query-kpis
        type: call
        call: snowflake.run-query
        with:
          query: SELECT * FROM financial_kpis WHERE quarter='{{quarter}}'
      - name: refresh-pbi
        type: call
        call: powerbi.trigger-refresh
        with:
          datasetId: financial-dashboard
      - name: send-report
        type: call
        call: msgraph.send-mail
        with:
          to: '{{exec_dl}}'
          subject: Financial Report — {{quarter}}
          body: 'Revenue: {{query-kpis.revenue}} | Expenses: {{query-kpis.expenses}}. Dashboard refreshed.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{datasetId}}/refreshes
      inputParameters:
      - name: datasetId
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/noreply@bofa.com/sendMail
      operations:
      - name: send-mail
        method: POST

Sends benefits open enrollment reminders by querying Workday for incomplete enrollments, sending emails via Microsoft Graph, and logging in ServiceNow.

naftiko: '0.5'
info:
  label: Workday Benefits Enrollment Reminder Workflow
  description: Sends benefits open enrollment reminders by querying Workday for incomplete enrollments, sending emails via Microsoft Graph, and logging in ServiceNow.
  tags:
  - banking
  - hr
  - benefits
  - workday
  - microsoft-graph
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: benefits-ops
    port: 8080
    tools:
    - name: send-enrollment-reminders
      description: Given an enrollment period and deadline, query Workday for incomplete enrollments, send reminder emails, and log the outreach in ServiceNow.
      inputParameters:
      - name: enrollment_period
        in: body
        type: string
        description: Enrollment period.
      - name: deadline_date
        in: body
        type: string
        description: Deadline in YYYY-MM-DD.
      steps:
      - name: get-incomplete
        type: call
        call: workday.get-incomplete-enrollment
        with:
          period: '{{enrollment_period}}'
      - name: send-reminders
        type: call
        call: msgraph.send-bulk-mail
        with:
          subject: Benefits Enrollment Deadline {{deadline_date}}
          body: Please complete enrollment by {{deadline_date}}.
      - name: log-outreach
        type: call
        call: snow.create-task
        with:
          short_description: 'Benefits reminders: {{enrollment_period}}'
          description: 'Incomplete: {{get-incomplete.count}} | Deadline: {{deadline_date}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/bofa/Benefits/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: enrollment
      path: /benefit-elections?status=incomplete
      operations:
      - name: get-incomplete-enrollment
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/benefits@bofa.com/sendMail
      operations:
      - name: send-bulk-mail
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_benefits_task
      operations:
      - name: create-task
        method: POST

Retrieves all Okta application assignments for a given user and posts a formatted access summary to the Cybersecurity Teams channel for quarterly access certification review.

naftiko: '0.5'
info:
  label: Okta Access Certification Workflow
  description: Retrieves all Okta application assignments for a given user and posts a formatted access summary to the Cybersecurity Teams channel for quarterly access certification review.
  tags:
  - identity
  - security
  - okta
  - microsoft-teams
  - access-review
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: access-certification
    port: 8080
    tools:
    - name: certify-user-access
      description: Given an Okta user login, retrieve all application assignments and group memberships, and post a structured access report to the Cybersecurity Teams channel for certification.
      inputParameters:
      - name: user_login
        in: body
        type: string
        description: The Okta user login (email) to certify access for.
      steps:
      - name: get-user-apps
        type: call
        call: okta.list-user-apps
        with:
          user_login: '{{user_login}}'
      - name: get-user-groups
        type: call
        call: okta.list-user-groups
        with:
          user_login: '{{user_login}}'
      - name: post-cert-report
        type: call
        call: msteams.post-channel-message
        with:
          channel: cybersecurity-access-certs
          message: 'Access cert for {{user_login}}: {{get-user-apps.count}} apps | {{get-user-groups.count}} groups | Apps: {{get-user-apps.names}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://bankofamerica.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: user-apps
      path: /users/{{user_login}}/appLinks
      inputParameters:
      - name: user_login
        in: path
      operations:
      - name: list-user-apps
        method: GET
    - name: user-groups
      path: /users/{{user_login}}/groups
      inputParameters:
      - name: user_login
        in: path
      operations:
      - name: list-user-groups
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves a regulatory filing or policy document from SharePoint and generates a structured executive summary using OpenAI GPT-4o, returning key findings for compliance review.

naftiko: '0.5'
info:
  label: AI-Assisted Regulatory Document Summarization
  description: Retrieves a regulatory filing or policy document from SharePoint and generates a structured executive summary using OpenAI GPT-4o, returning key findings for compliance review.
  tags:
  - ai
  - compliance
  - openai
  - sharepoint
  - document-processing
  - regulatory
capability:
  exposes:
  - type: mcp
    namespace: compliance-ai
    port: 8080
    tools:
    - name: summarize-regulatory-document
      description: Given a SharePoint site ID and document item ID, retrieve the document and generate a 5-point executive summary using OpenAI. Use for rapid review of regulatory filings, SEC documents, or policy updates.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The SharePoint site ID where the regulatory document is stored.
      - name: item_id
        in: body
        type: string
        description: The SharePoint drive item ID for the document.
      - name: document_type
        in: body
        type: string
        description: 'Document type context: ''SEC filing'', ''CCAR report'', ''compliance policy'', ''audit finding''.'
      steps:
      - name: get-document
        type: call
        call: sharepoint.get-document-content
        with:
          site_id: '{{site_id}}'
          item_id: '{{item_id}}'
      - name: generate-summary
        type: call
        call: openai.create-chat-completion
        with:
          model: gpt-4o
          system_prompt: You are a regulatory compliance analyst at a major US bank. Summarize the following {{document_type}} document in 5 key bullet points, highlighting risk factors, regulatory requirements, deadlines, and required actions.
          user_message: '{{get-document.content}}'
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: document-content
      path: /sites/{{site_id}}/drive/items/{{item_id}}/content
      inputParameters:
      - name: site_id
        in: path
      - name: item_id
        in: path
      operations:
      - name: get-document-content
        method: GET
  - type: http
    namespace: openai
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: chat-completions
      path: /chat/completions
      operations:
      - name: create-chat-completion
        method: POST

Processes KYC onboarding by verifying identity in Salesforce, running compliance checks in Snowflake, and creating an onboarding task in ServiceNow.

naftiko: '0.5'
info:
  label: KYC Customer Onboarding Handler
  description: Processes KYC onboarding by verifying identity in Salesforce, running compliance checks in Snowflake, and creating an onboarding task in ServiceNow.
  tags:
  - banking
  - kyc
  - compliance
  - salesforce
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: kyc-ops
    port: 8080
    tools:
    - name: onboard-customer-kyc
      description: Given customer details, verify in Salesforce, run KYC in Snowflake, create a ServiceNow task, and notify compliance.
      inputParameters:
      - name: customer_name
        in: body
        type: string
        description: Customer name.
      - name: customer_id
        in: body
        type: string
        description: Customer ID.
      - name: compliance_upn
        in: body
        type: string
        description: Compliance UPN.
      steps:
      - name: verify
        type: call
        call: sf.get-customer
        with:
          customer_id: '{{customer_id}}'
      - name: run-kyc
        type: call
        call: snowflake.run-kyc
        with:
          customer: '{{customer_name}}'
      - name: create-task
        type: call
        call: snow.create-task
        with:
          short_description: 'KYC: {{customer_name}}'
          description: 'Status: {{run-kyc.status}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{compliance_upn}}'
          text: 'KYC: {{customer_name}} — {{run-kyc.status}}. SNOW: {{create-task.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: customers
      path: /sobjects/Account/{{customer_id}}
      operations:
      - name: get-customer
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-kyc
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/u_kyc_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Checks regulatory capital adequacy by pulling risk-weighted assets from Snowflake, comparing against SAP capital accounts, and reporting to compliance.

naftiko: '0.5'
info:
  label: Regulatory Capital Adequacy Check
  description: Checks regulatory capital adequacy by pulling risk-weighted assets from Snowflake, comparing against SAP capital accounts, and reporting to compliance.
  tags:
  - banking
  - regulatory
  - capital
  - snowflake
  - sap
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: capital-ops
    port: 8080
    tools:
    - name: check-capital-adequacy
      description: Given a reporting date, pull RWA from Snowflake, compare with SAP capital, and notify the compliance team in Teams.
      inputParameters:
      - name: report_date
        in: body
        type: string
        description: Report date.
      - name: compliance_channel_id
        in: body
        type: string
        description: Compliance Teams channel.
      steps:
      - name: get-rwa
        type: call
        call: snowflake.query-rwa
        with:
          date: '{{report_date}}'
      - name: get-capital
        type: call
        call: sap-fi.get-capital-accounts
        with:
          date: '{{report_date}}'
      - name: notify-compliance
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{compliance_channel_id}}'
          text: 'Capital adequacy: RWA: ${{get-rwa.total}} | Capital: ${{get-capital.total}} | Ratio: {{get-capital.ratio}}%'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-rwa
        method: POST
  - type: http
    namespace: sap
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: capital
      path: /A_JournalEntry?$filter=PostingDate eq '{{date}}'
      inputParameters:
      - name: date
        in: query
      operations:
      - name: get-capital-accounts
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Retrieves the current on-call engineer for a PagerDuty schedule.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Schedule Lookup
  description: Retrieves the current on-call engineer for a PagerDuty schedule.
  tags:
  - banking
  - it-operations
  - pagerduty
  - incident-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: incident-ops
    port: 8080
    tools:
    - name: get-on-call
      description: Given a PagerDuty schedule ID, return the currently on-call user name and email.
      inputParameters:
      - name: schedule_id
        in: body
        type: string
        description: PagerDuty schedule ID.
      call: pagerduty.get-oncall
      with:
        schedule_id: '{{schedule_id}}'
      outputParameters:
      - name: user_name
        type: string
        mapping: $.oncalls[0].user.name
      - name: user_email
        type: string
        mapping: $.oncalls[0].user.email
  consumes:
  - namespace: pagerduty
    type: http
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incident-ops
      path: /{{id}}
      operations:
      - name: get-oncall
        method: GET

Performs a credit risk assessment by pulling customer financials from Snowflake, running the risk model, and updating the Salesforce opportunity with the risk rating.

naftiko: '0.5'
info:
  label: Credit Risk Assessment Workflow
  description: Performs a credit risk assessment by pulling customer financials from Snowflake, running the risk model, and updating the Salesforce opportunity with the risk rating.
  tags:
  - banking
  - credit-risk
  - risk-management
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: credit-ops
    port: 8080
    tools:
    - name: assess-credit-risk
      description: Given a customer ID and loan amount, pull financials from Snowflake, compute risk score, and update the Salesforce opportunity.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: Customer ID.
      - name: loan_amount
        in: body
        type: number
        description: Requested loan amount.
      - name: rm_upn
        in: body
        type: string
        description: Relationship manager UPN.
      steps:
      - name: get-financials
        type: call
        call: snowflake.query-financials
        with:
          customer_id: '{{customer_id}}'
      - name: update-opportunity
        type: call
        call: sf.update-risk-rating
        with:
          customer_id: '{{customer_id}}'
          risk_score: '{{get-financials.risk_score}}'
      - name: notify-rm
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{rm_upn}}'
          text: 'Credit assessment: {{customer_id}} — Risk score: {{get-financials.risk_score}} | Loan: ${{loan_amount}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-financials
        method: POST
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{customer_id}}
      inputParameters:
      - name: customer_id
        in: path
      operations:
      - name: update-risk-rating
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Performs credit risk assessment by pulling financials from Snowflake, computing risk, and updating Salesforce.

naftiko: '0.5'
info:
  label: Credit Risk Assessment Handler
  description: Performs credit risk assessment by pulling financials from Snowflake, computing risk, and updating Salesforce.
  tags:
  - banking
  - credit-risk
  - risk-management
  - snowflake
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: credit-ops
    port: 8080
    tools:
    - name: assess-credit-risk
      description: Given a customer ID and loan amount, pull financials from Snowflake, update Salesforce, and notify the RM.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: Customer ID.
      - name: loan_amount
        in: body
        type: number
        description: Loan amount.
      - name: rm_upn
        in: body
        type: string
        description: RM UPN.
      steps:
      - name: get-financials
        type: call
        call: snowflake.query-financials
        with:
          customer_id: '{{customer_id}}'
      - name: update-sf
        type: call
        call: sf.update-risk
        with:
          customer_id: '{{customer_id}}'
          risk_score: '{{get-financials.risk_score}}'
      - name: notify-rm
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{rm_upn}}'
          text: 'Credit: {{customer_id}} — Risk: {{get-financials.risk_score}} | Loan: ${{loan_amount}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-financials
        method: POST
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{customer_id}}
      operations:
      - name: update-risk
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      operations:
      - name: send-message
        method: POST

Retrieves contractor engagement status from Workday, returning contract end date, rate, and hiring manager.

naftiko: '0.5'
info:
  label: Workday Contractor Status Lookup
  description: Retrieves contractor engagement status from Workday, returning contract end date, rate, and hiring manager.
  tags:
  - hr
  - workday
  - contractor-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: contractor-ops
    port: 8080
    tools:
    - name: get-contractor-status
      description: Given a contractor worker ID, return the contract end date, billing rate, and hiring manager name.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: Workday contingent worker ID.
      call: workday.get-contingent-worker
      with:
        Worker_ID: '{{worker_id}}'
      outputParameters:
      - name: end_date
        type: string
        mapping: $.Worker.Contract_End_Date
      - name: billing_rate
        type: number
        mapping: $.Worker.Bill_Rate
      - name: manager
        type: string
        mapping: $.Worker.Manager_Name
  consumes:
  - namespace: workday
    type: http
    baseUri: https://wd5-impl-services1.workday.com/ccx/service/bofa/Human_Resources/v40.1
    authentication:
      type: basic
      username: $secrets.workday_user
      password: $secrets.workday_password
    resources:
    - name: contingent-workers
      path: /contingent-workers/{{Worker_ID}}
      operations:
      - name: get-contingent-worker
        method: GET

Handles trade settlement exceptions by pulling trade details from Snowflake, creating an exception ticket in ServiceNow, and notifying operations via Teams.

naftiko: '0.5'
info:
  label: Trade Settlement Exception Handler
  description: Handles trade settlement exceptions by pulling trade details from Snowflake, creating an exception ticket in ServiceNow, and notifying operations via Teams.
  tags:
  - banking
  - trading
  - settlement
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: settlement-ops
    port: 8080
    tools:
    - name: handle-settlement-exception
      description: Given a trade ID and exception type, pull details from Snowflake, create a ServiceNow ticket, and notify operations.
      inputParameters:
      - name: trade_id
        in: body
        type: string
        description: Trade ID.
      - name: exception_type
        in: body
        type: string
        description: Exception type.
      - name: ops_channel_id
        in: body
        type: string
        description: Operations Teams channel.
      steps:
      - name: get-trade
        type: call
        call: snowflake.get-trade-details
        with:
          trade_id: '{{trade_id}}'
      - name: create-ticket
        type: call
        call: snow.create-exception
        with:
          short_description: 'Settlement exception: {{trade_id}} — {{exception_type}}'
          description: 'Counterparty: {{get-trade.counterparty}} | Amount: {{get-trade.amount}}'
      - name: notify-ops
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{ops_channel_id}}'
          text: 'Settlement exception: {{trade_id}} — {{exception_type}}. Counterparty: {{get-trade.counterparty}}. SNOW: {{create-ticket.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: get-trade-details
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: exceptions
      path: /table/u_trade_exception
      operations:
      - name: create-exception
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

When a new hire is created in Workday, provisions an Active Directory account via Microsoft Graph, opens a ServiceNow IT onboarding ticket, and sends a Microsoft Teams welcome message to the new employee.

naftiko: '0.5'
info:
  label: New Employee Onboarding Orchestrator
  description: When a new hire is created in Workday, provisions an Active Directory account via Microsoft Graph, opens a ServiceNow IT onboarding ticket, and sends a Microsoft Teams welcome message to the new employee.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - microsoft-graph
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-employee-onboarding
      description: Given a Workday employee ID and start date, provision an Active Directory account via Microsoft Graph, open a ServiceNow IT onboarding ticket, and send a Teams welcome message to the new hire.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: 'The Workday worker ID for the new hire. Format: WID-XXXXXXXX.'
      - name: start_date
        in: body
        type: string
        description: The employee's first day in ISO 8601 format (YYYY-MM-DD).
      - name: business_line
        in: body
        type: string
        description: The Bank of America business line the employee is joining, e.g. 'Global Markets', 'Consumer Banking'.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: provision-ad
        type: call
        call: msgraph.create-user
        with:
          displayName: '{{get-worker.full_name}}'
          userPrincipalName: '{{get-worker.work_email}}'
          department: '{{business_line}}'
      - name: create-it-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'IT Onboarding: {{get-worker.full_name}} — starts {{start_date}}'
          category: hr_onboarding
          assignment_group: IT_Onboarding
      - name: send-welcome
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-worker.work_email}}'
          message: Welcome to Bank of America, {{get-worker.first_name}}! Your IT setup ticket is {{create-it-ticket.number}}.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /bankofamerica/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bankofamerica.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Generates a daily treasury cash position report by pulling balances from SAP, enriching with market rates from Snowflake, and distributing via Teams.

naftiko: '0.5'
info:
  label: Treasury Cash Position Report
  description: Generates a daily treasury cash position report by pulling balances from SAP, enriching with market rates from Snowflake, and distributing via Teams.
  tags:
  - banking
  - treasury
  - finance
  - sap
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: treasury-ops
    port: 8080
    tools:
    - name: generate-cash-report
      description: Given a reporting date, pull cash balances from SAP, get market rates from Snowflake, and post the treasury report to Teams.
      inputParameters:
      - name: report_date
        in: body
        type: string
        description: Report date.
      - name: treasury_channel_id
        in: body
        type: string
        description: Treasury Teams channel.
      steps:
      - name: get-balances
        type: call
        call: sap-fi.get-cash-balances
        with:
          date: '{{report_date}}'
      - name: get-rates
        type: call
        call: snowflake.get-market-rates
        with:
          date: '{{report_date}}'
      - name: post-report
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{treasury_channel_id}}'
          text: 'Treasury Report {{report_date}}: Cash: ${{get-balances.total}} | USD/EUR: {{get-rates.usd_eur}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: balances
      path: /A_JournalEntry?$filter=PostingDate eq '{{date}}'
      inputParameters:
      - name: date
        in: query
      operations:
      - name: get-cash-balances
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: get-market-rates
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Runs data quality validation queries against Bank of America's Snowflake risk data warehouse to detect anomalies, nulls, and stale data, posting results to the Risk Analytics Teams channel.

naftiko: '0.5'
info:
  label: Snowflake Risk Data Warehouse Quality Check
  description: Runs data quality validation queries against Bank of America's Snowflake risk data warehouse to detect anomalies, nulls, and stale data, posting results to the Risk Analytics Teams channel.
  tags:
  - data
  - analytics
  - snowflake
  - data-quality
  - risk
  - finance
capability:
  exposes:
  - type: mcp
    namespace: risk-data
    port: 8080
    tools:
    - name: run-risk-data-quality-check
      description: Given a Snowflake table name and check date, execute data quality validation SQL and post a pass/fail quality report to the Risk Analytics Teams channel.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: Fully qualified Snowflake table, e.g. 'BOA_RISK_PROD.CREDIT.LOAN_POSITIONS'.
      - name: check_date
        in: body
        type: string
        description: The business date to validate in YYYY-MM-DD format.
      steps:
      - name: run-dq-check
        type: call
        call: snowflake.execute-statement
        with:
          statement: SELECT COUNT(*) as total, COUNT_IF(exposure IS NULL) as null_exposure FROM {{table_name}} WHERE position_date = '{{check_date}}'
      - name: post-results
        type: call
        call: msteams.post-channel-message
        with:
          channel: risk-analytics
          message: 'DQ check on {{table_name}} for {{check_date}}: {{run-dq-check.total}} rows, {{run-dq-check.null_exposure}} null exposures'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bankofamerica.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves vendor master data from SAP by vendor number, returning company name, payment terms, and tax ID.

naftiko: '0.5'
info:
  label: SAP Vendor Master Data Lookup
  description: Retrieves vendor master data from SAP by vendor number, returning company name, payment terms, and tax ID.
  tags:
  - banking
  - finance
  - sap
  - procurement
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: vendor-ops
    port: 8080
    tools:
    - name: get-vendor
      description: Given an SAP vendor number, return the vendor name, payment terms, and tax ID.
      inputParameters:
      - name: vendor_number
        in: body
        type: string
        description: SAP vendor account number.
      call: sap.get-vendor
      with:
        Supplier: '{{vendor_number}}'
      outputParameters:
      - name: vendor_name
        type: string
        mapping: $.d.SupplierName
      - name: payment_terms
        type: string
        mapping: $.d.PaymentTerms
  consumes:
  - namespace: sap
    type: http
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: vendor-ops
      path: /{{id}}
      operations:
      - name: get-vendor
        method: GET

Initiates the annual performance review cycle in Workday for a given division, creates ServiceNow tracking tasks for HR, and notifies managers via Microsoft Teams.

naftiko: '0.5'
info:
  label: Workday Performance Review Cycle Launch
  description: Initiates the annual performance review cycle in Workday for a given division, creates ServiceNow tracking tasks for HR, and notifies managers via Microsoft Teams.
  tags:
  - hr
  - performance
  - workday
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-performance
    port: 8080
    tools:
    - name: launch-performance-review-cycle
      description: Given a department ID and review year, start the Workday performance review process, create ServiceNow HR tracking tasks, and notify managers in Teams.
      inputParameters:
      - name: department_id
        in: body
        type: string
        description: The Workday organization unit ID for the performance review cycle.
      - name: review_year
        in: body
        type: string
        description: The performance review year, e.g. '2026'.
      steps:
      - name: initiate-review
        type: call
        call: workday.initiate-review
        with:
          department_id: '{{department_id}}'
          review_period: '{{review_year}}'
      - name: create-hr-task
        type: call
        call: servicenow.create-task
        with:
          short_description: Performance review {{review_year}} — {{department_id}}
          assignment_group: HR_Operations
          due_date: '{{initiate-review.deadline}}'
      - name: notify-managers
        type: call
        call: msteams.post-channel-message
        with:
          channel: hr-announcements
          message: Performance review cycle {{review_year}} launched for department {{department_id}}. Complete reviews by {{initiate-review.deadline}}.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: performance-reviews
      path: /bankofamerica/performanceReviews
      operations:
      - name: initiate-review
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bankofamerica.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Screens customers against sanctions lists by querying Snowflake, logging results in ServiceNow, and escalating matches to the compliance team via Teams.

naftiko: '0.5'
info:
  label: Sanctions Screening Workflow
  description: Screens customers against sanctions lists by querying Snowflake, logging results in ServiceNow, and escalating matches to the compliance team via Teams.
  tags:
  - banking
  - sanctions
  - compliance
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: sanctions-ops
    port: 8080
    tools:
    - name: screen-sanctions
      description: Given a customer name and country, run sanctions screening in Snowflake, log in ServiceNow, and escalate matches to compliance.
      inputParameters:
      - name: customer_name
        in: body
        type: string
        description: Customer name.
      - name: country
        in: body
        type: string
        description: Customer country.
      - name: compliance_upn
        in: body
        type: string
        description: Compliance officer UPN.
      steps:
      - name: run-screening
        type: call
        call: snowflake.screen-sanctions
        with:
          customer: '{{customer_name}}'
          country: '{{country}}'
      - name: log-result
        type: call
        call: snow.create-screening-record
        with:
          short_description: 'Sanctions: {{customer_name}} ({{country}})'
          description: 'Match count: {{run-screening.match_count}}'
      - name: notify-compliance
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{compliance_upn}}'
          text: 'Sanctions screening: {{customer_name}} ({{country}}) — Matches: {{run-screening.match_count}}. SNOW: {{log-result.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: screen-sanctions
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: screening
      path: /table/u_sanctions_screening
      operations:
      - name: create-screening-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Queries Datadog for SLO compliance across Bank of America's critical banking platforms and posts a daily availability digest to the Engineering Operations Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Datadog Platform SLO Digest
  description: Queries Datadog for SLO compliance across Bank of America's critical banking platforms and posts a daily availability digest to the Engineering Operations Microsoft Teams channel.
  tags:
  - observability
  - monitoring
  - datadog
  - slo
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: observability-reporting
    port: 8080
    tools:
    - name: digest-platform-slos
      description: Query Datadog for SLO compliance metrics for the specified environment and time window, then post a structured report to the Engineering Ops Teams channel.
      inputParameters:
      - name: environment
        in: body
        type: string
        description: 'Target environment to report on: ''production'', ''staging'', or ''dr''.'
      - name: time_window_hours
        in: body
        type: integer
        description: Look-back window in hours for SLO metrics. Typically 24.
      steps:
      - name: get-slos
        type: call
        call: datadog.list-slos
        with:
          tags: env:{{environment}}
          limit: '100'
      - name: post-digest
        type: call
        call: msteams.post-channel-message
        with:
          channel: engineering-ops
          message: 'Daily SLO Report ({{environment}}, last {{time_window_hours}}h): {{get-slos.passing}} passing, {{get-slos.failing}} failing. Overall compliance: {{get-slos.compliance_pct}}%'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: slos
      path: /slo
      operations:
      - name: list-slos
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Queries Salesforce for open client opportunities closing in the current quarter, aggregates by relationship manager and product, and posts a pipeline digest to the Sales Leadership Teams channel.

naftiko: '0.5'
info:
  label: Salesforce Client Opportunity Pipeline Digest
  description: Queries Salesforce for open client opportunities closing in the current quarter, aggregates by relationship manager and product, and posts a pipeline digest to the Sales Leadership Teams channel.
  tags:
  - sales
  - crm
  - salesforce
  - microsoft-teams
  - reporting
  - finance
capability:
  exposes:
  - type: mcp
    namespace: sales-pipeline
    port: 8080
    tools:
    - name: digest-opportunity-pipeline
      description: Query Salesforce for opportunities closing this quarter, group by relationship manager and product type, and post a pipeline summary to the Sales Leadership Teams channel.
      inputParameters:
      - name: fiscal_quarter
        in: body
        type: string
        description: Fiscal quarter to report on, e.g. '2026-Q1'.
      - name: business_segment
        in: body
        type: string
        description: Bank of America business segment, e.g. 'Global Banking', 'Business Banking'.
      steps:
      - name: query-pipeline
        type: call
        call: salesforce.query-opportunities
        with:
          quarter: '{{fiscal_quarter}}'
          segment: '{{business_segment}}'
      - name: post-digest
        type: call
        call: msteams.post-channel-message
        with:
          channel: sales-leadership
          message: 'Q{{fiscal_quarter}} Pipeline ({{business_segment}}): {{query-pipeline.count}} opportunities | Total value: ${{query-pipeline.total_value}} | Weighted: ${{query-pipeline.weighted_value}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://bankofamerica.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunity-query
      path: /query
      inputParameters:
      - name: q
        in: query
      operations:
      - name: query-opportunities
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Searches Confluence for a knowledge article by keyword and returns the page title, space, and URL.

naftiko: '0.5'
info:
  label: Confluence Knowledge Article Search
  description: Searches Confluence for a knowledge article by keyword and returns the page title, space, and URL.
  tags:
  - banking
  - knowledge-management
  - confluence
  - documentation
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: km-ops
    port: 8080
    tools:
    - name: search-article
      description: Given a keyword, search Confluence for matching articles and return the top result title, space, and URL.
      inputParameters:
      - name: keyword
        in: body
        type: string
        description: Search keyword.
      call: confluence.search-content
      with:
        cql: type=page AND title~{{keyword}}
      outputParameters:
      - name: title
        type: string
        mapping: $.results[0].title
      - name: space
        type: string
        mapping: $.results[0].space.name
  consumes:
  - namespace: confluence
    type: http
    baseUri: https://bofa.atlassian.net/wiki/rest/api
    authentication:
      type: bearer
      token: $secrets.confluence_api_token
    resources:
    - name: km-ops
      path: /{{id}}
      operations:
      - name: search-content
        method: GET

Processes a data subject access request by searching Salesforce and Snowflake for personal data, compiling results, and logging in ServiceNow.

naftiko: '0.5'
info:
  label: Data Privacy Subject Access Request Handler
  description: Processes a data subject access request by searching Salesforce and Snowflake for personal data, compiling results, and logging in ServiceNow.
  tags:
  - banking
  - compliance
  - data-privacy
  - salesforce
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: privacy-ops
    port: 8080
    tools:
    - name: process-dsar
      description: Given a data subject email, search for personal data across Salesforce and Snowflake, log the DSAR in ServiceNow, and notify the privacy officer via Teams.
      inputParameters:
      - name: subject_email
        in: body
        type: string
        description: Data subject email.
      - name: request_type
        in: body
        type: string
        description: 'DSAR type: access, deletion.'
      - name: privacy_officer_upn
        in: body
        type: string
        description: UPN of privacy officer.
      steps:
      - name: search-sf
        type: call
        call: sf.search-person
        with:
          email: '{{subject_email}}'
      - name: search-snowflake
        type: call
        call: snowflake.search-pii
        with:
          email: '{{subject_email}}'
      - name: log-dsar
        type: call
        call: snow.create-dsar
        with:
          short_description: 'DSAR: {{request_type}} — {{subject_email}}'
          description: 'SF: {{search-sf.record_count}} | Snowflake: {{search-snowflake.record_count}}'
      - name: notify-officer
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{privacy_officer_upn}}'
          text: 'DSAR: {{request_type}} for {{subject_email}}. SF: {{search-sf.record_count}}, SF: {{search-snowflake.record_count}}. SNOW: {{log-dsar.number}}'
  consumes:
  - type: http
    namespace: sf
    baseUri: https://bofa.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: search
      path: /parameterizedSearch/?q={{email}}
      inputParameters:
      - name: email
        in: query
      operations:
      - name: search-person
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://bofa.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: search-pii
        method: POST
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: dsar
      path: /table/u_dsar_request
      operations:
      - name: create-dsar
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Responds to AKS scaling alerts by checking Datadog metrics, triggering node pool scaling via Azure, and notifying the platform team in Teams.

naftiko: '0.5'
info:
  label: Azure Kubernetes Cluster Scaling Handler
  description: Responds to AKS scaling alerts by checking Datadog metrics, triggering node pool scaling via Azure, and notifying the platform team in Teams.
  tags:
  - banking
  - devops
  - kubernetes
  - azure
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: platform-ops
    port: 8080
    tools:
    - name: handle-aks-scaling
      description: Given an AKS cluster name and CPU utilization, check Datadog metrics, scale Azure node pool, and notify platform team in Teams.
      inputParameters:
      - name: cluster_name
        in: body
        type: string
        description: AKS cluster name.
      - name: cpu_utilization
        in: body
        type: number
        description: CPU utilization percentage.
      - name: platform_channel_id
        in: body
        type: string
        description: Teams channel ID.
      steps:
      - name: check-metrics
        type: call
        call: datadog.get-cluster-metrics
        with:
          cluster: '{{cluster_name}}'
      - name: scale-nodes
        type: call
        call: azure.scale-nodepool
        with:
          cluster: '{{cluster_name}}'
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          channel_id: '{{platform_channel_id}}'
          text: 'AKS scaling: {{cluster_name}} — CPU: {{cpu_utilization}}%. Trend: {{check-metrics.trend}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query?query=kubernetes.cpu.usage{{cluster}}
      inputParameters:
      - name: cluster
        in: query
      operations:
      - name: get-cluster-metrics
        method: GET
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: nodepools
      path: /subscriptions/{{subId}}/resourceGroups/aks-rg/providers/Microsoft.ContainerService/managedClusters/{{cluster}}/agentPools/default
      inputParameters:
      - name: cluster
        in: path
      operations:
      - name: scale-nodepool
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: channels
      path: /teams/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST

Manages IT asset retirement by updating the ServiceNow CMDB, revoking Okta access, and logging disposal in SAP fixed assets.

naftiko: '0.5'
info:
  label: IT Asset Lifecycle Retirement Workflow
  description: Manages IT asset retirement by updating the ServiceNow CMDB, revoking Okta access, and logging disposal in SAP fixed assets.
  tags:
  - banking
  - it-operations
  - asset-management
  - servicenow
  - okta
  - sap
capability:
  exposes:
  - type: mcp
    namespace: asset-ops
    port: 8080
    tools:
    - name: retire-it-asset
      description: Given a CI name and asset tag, mark as retired in ServiceNow CMDB, revoke Okta access, create SAP disposal entry, and notify IT manager in Teams.
      inputParameters:
      - name: ci_name
        in: body
        type: string
        description: ServiceNow CI name.
      - name: asset_tag
        in: body
        type: string
        description: Asset tag number.
      - name: it_manager_upn
        in: body
        type: string
        description: UPN of IT asset manager.
      steps:
      - name: retire-cmdb
        type: call
        call: snow.update-ci-status
        with:
          ci_name: '{{ci_name}}'
          status: Retired
      - name: revoke-access
        type: call
        call: okta.remove-app-assignment
        with:
          app_label: '{{ci_name}}'
      - name: log-disposal
        type: call
        call: sap.create-disposal
        with:
          asset_number: '{{asset_tag}}'
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{it_manager_upn}}'
          text: 'Asset retired: {{ci_name}} ({{asset_tag}}). CMDB updated, access revoked.'
  consumes:
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cmdb
      path: /table/cmdb_ci?sysparm_query=name={{ci_name}}
      inputParameters:
      - name: ci_name
        in: query
      operations:
      - name: update-ci-status
        method: PATCH
  - type: http
    namespace: okta
    baseUri: https://bofa.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: apps
      path: /apps?q={{app_label}}
      inputParameters:
      - name: app_label
        in: query
      operations:
      - name: remove-app-assignment
        method: DELETE
  - type: http
    namespace: sap
    baseUri: https://bofa-s4.sap.com/sap/opu/odata/sap/API_FIXEDASSET_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: disposals
      path: /A_FixedAsset
      operations:
      - name: create-disposal
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Performs a vendor risk assessment by pulling vendor details from SAP Ariba, checking compliance in ServiceNow GRC, and notifying procurement via Teams.

naftiko: '0.5'
info:
  label: Third-Party Vendor Risk Assessment Workflow
  description: Performs a vendor risk assessment by pulling vendor details from SAP Ariba, checking compliance in ServiceNow GRC, and notifying procurement via Teams.
  tags:
  - banking
  - procurement
  - risk-management
  - sap-ariba
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: vendor-risk
    port: 8080
    tools:
    - name: assess-vendor-risk
      description: Given a vendor ID, retrieve the vendor profile from SAP Ariba, check GRC compliance in ServiceNow, and send the risk summary to procurement in Teams.
      inputParameters:
      - name: vendor_id
        in: body
        type: string
        description: SAP Ariba supplier ID.
      - name: procurement_lead_upn
        in: body
        type: string
        description: UPN of procurement lead.
      steps:
      - name: get-vendor
        type: call
        call: ariba.get-supplier
        with:
          vendorId: '{{vendor_id}}'
      - name: check-grc
        type: call
        call: snow.get-compliance
        with:
          vendor_name: '{{get-vendor.SupplierName}}'
      - name: notify-lead
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{procurement_lead_upn}}'
          text: 'Vendor Risk: {{get-vendor.SupplierName}} — GRC: {{check-grc.compliance_status}} | Score: {{check-grc.risk_score}}'
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/supplier-management/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: suppliers
      path: /suppliers/{{vendorId}}
      inputParameters:
      - name: vendorId
        in: path
      operations:
      - name: get-supplier
        method: GET
  - type: http
    namespace: snow
    baseUri: https://bofa.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: grc
      path: /table/sn_grc_profile?sysparm_query=name={{vendor_name}}
      inputParameters:
      - name: vendor_name
        in: query
      operations:
      - name: get-compliance
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msteams_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the status of a DocuSign envelope by ID, returning signing status and sent date.

naftiko: '0.5'
info:
  label: DocuSign Envelope Tracking Lookup
  description: Retrieves the status of a DocuSign envelope by ID, returning signing status and sent date.
  tags:
  - banking
  - legal
  - docusign
  - document-management
  - lookup
capability:
  exposes:
  - type: mcp
    namespace: doc-ops
    port: 8080
    tools:
    - name: get-envelope-status
      description: Given a DocuSign envelope ID, return the status, sent date, and recipient count.
      inputParameters:
      - name: envelope_id
        in: body
        type: string
        description: DocuSign envelope ID.
      call: docusign.get-envelope
      with:
        envelopeId: '{{envelope_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: sent_date
        type: string
        mapping: $.sentDateTime
  consumes:
  - namespace: docusign
    type: http
    baseUri: https://na4.docusign.net/restapi/v2.1
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: doc-ops
      path: /{{id}}
      operations:
      - name: get-envelope
        method: GET

Searches application logs for matching patterns. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Log Search Query
  description: Searches application logs for matching patterns. Used by Barclays teams.
  tags:
  - banking
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: salesforce
    port: 8080
    tools:
    - name: get-log_search_query
      description: Searches application logs for matching patterns. Used by Barclays teams.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The search_query to look up.
      call: salesforce.get-search_query
      with:
        search_query: '{{search_query}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_salesforce_log_search
        method: GET

Detects security incidents, enriches with context, creates response tickets, and notifies the SOC.

naftiko: '0.5'
info:
  label: Security Incident Response Pipeline
  description: Detects security incidents, enriches with context, creates response tickets, and notifies the SOC.
  tags:
  - security
  - splunk
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: barclays_security_incident_response_pipe
      description: Orchestrate security incident response pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-splunk
        type: call
        call: splunk.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-splunk.result}}'
      - name: create-pagerduty
        type: call
        call: pagerduty.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Security Incident Response Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://barclays-splunk.com/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: splunk-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST

Orchestrates Politically Exposed Persons screening by pulling client data from Salesforce, running PEP screening in Refinitiv, storing the result in Oracle, and creating a compliance review task in Jira if flagged.

naftiko: '0.5'
info:
  label: PEP Screening Workflow
  description: Orchestrates Politically Exposed Persons screening by pulling client data from Salesforce, running PEP screening in Refinitiv, storing the result in Oracle, and creating a compliance review task in Jira if flagged.
  tags:
  - compliance
  - pep-screening
  - salesforce
  - refinitiv
  - oracle-database
  - jira
capability:
  exposes:
  - type: mcp
    namespace: pep-screening
    port: 8080
    tools:
    - name: screen-pep
      description: Run PEP screening for a client with automated escalation on positive matches.
      inputParameters:
      - name: client_id
        in: body
        type: string
        description: Salesforce client account ID.
      steps:
      - name: get-client
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{client_id}}'
      - name: run-screening
        type: call
        call: refinitiv.screen-entity
        with:
          entity_name: '{{get-client.Name}}'
          entity_type: individual
          screening_type: pep
      - name: store-result
        type: call
        call: oracle.insert-screening-result
        with:
          client_id: '{{client_id}}'
          screening_type: PEP
          result: '{{run-screening.overallResult}}'
          match_count: '{{run-screening.matchCount}}'
      - name: create-review
        type: call
        call: jira.create-issue
        with:
          project: COMP
          issue_type: Review
          summary: 'PEP Screening Review: {{get-client.Name}} - {{run-screening.overallResult}}'
          description: 'Client: {{get-client.Name}}. PEP matches: {{run-screening.matchCount}}. Result: {{run-screening.overallResult}}.'
          priority: High
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: refinitiv
    baseUri: https://rms-world-check-one-api-pilot.thomsonreuters.com/v2
    authentication:
      type: bearer
      token: $secrets.refinitiv_api_key
    resources:
    - name: screening
      path: /cases/screeningRequest
      operations:
      - name: screen-entity
        method: POST
  - type: http
    namespace: oracle
    baseUri: https://barclays-ords.db.oracle.com/ords/compliance/v1
    authentication:
      type: bearer
      token: $secrets.oracle_ords_token
    resources:
    - name: screening-results
      path: /screening-results
      operations:
      - name: insert-screening-result
        method: POST
  - type: http
    namespace: jira
    baseUri: https://barclays.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Checks the current status of a project. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Project Status Check
  description: Checks the current status of a project. Used by Barclays teams.
  tags:
  - banking
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: snowflake
    port: 8080
    tools:
    - name: get-project_status_check
      description: Checks the current status of a project. Used by Barclays teams.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: The project_key to look up.
      call: snowflake.get-project_key
      with:
        project_key: '{{project_key}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_project_status_check
        method: GET

Monitors portfolio exposures, calculates VaR, detects limit breaches, and alerts risk management.

naftiko: '0.5'
info:
  label: Market Risk Monitoring Pipeline
  description: Monitors portfolio exposures, calculates VaR, detects limit breaches, and alerts risk management.
  tags:
  - risk
  - snowflake
  - grafana
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: risk
    port: 8080
    tools:
    - name: market_risk_monitoring_pipeline
      description: Orchestrate market risk monitoring pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-grafana
        type: call
        call: grafana.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-pagerduty
        type: call
        call: pagerduty.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Market Risk Monitoring Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://barclays-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST

Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers.

naftiko: '0.5'
info:
  label: Employee Onboarding Automation Pipeline
  description: Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers.
  tags:
  - hr
  - workday
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: barclays_employee_onboarding_automation
      description: Orchestrate employee onboarding automation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-workday
        type: call
        call: workday.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-workday.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Employee Onboarding Automation Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/barclays
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Assesses counterparty credit risk by pulling entity data from Refinitiv, querying exposure from Snowflake, computing risk metrics via Azure Machine Learning, and filing the assessment in SharePoint.

naftiko: '0.5'
info:
  label: Counterparty Risk Assessment
  description: Assesses counterparty credit risk by pulling entity data from Refinitiv, querying exposure from Snowflake, computing risk metrics via Azure Machine Learning, and filing the assessment in SharePoint.
  tags:
  - risk-management
  - counterparty-risk
  - refinitiv
  - snowflake
  - azure-machine-learning
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: counterparty-risk
    port: 8080
    tools:
    - name: assess-counterparty
      description: Run a full counterparty risk assessment including exposure analysis and credit scoring.
      inputParameters:
      - name: counterparty_name
        in: body
        type: string
        description: Legal name of the counterparty.
      - name: counterparty_lei
        in: body
        type: string
        description: Legal Entity Identifier.
      steps:
      - name: screen-entity
        type: call
        call: refinitiv.screen-entity
        with:
          entity_name: '{{counterparty_name}}'
          entity_type: organisation
          lei: '{{counterparty_lei}}'
      - name: get-exposure
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT SUM(current_exposure) as total_exposure, SUM(potential_future_exposure) as pfe FROM risk.counterparty_exposure WHERE counterparty_lei = '{{counterparty_lei}}'
          warehouse: RISK_WH
          database: RISK_DB
      - name: compute-risk
        type: call
        call: azure-ml.score-model
        with:
          model_name: counterparty-risk-model
          input_data: '{"name":"{{counterparty_name}}","lei":"{{counterparty_lei}}","screening_result":"{{screen-entity.overallResult}}","exposure":"{{get-exposure.total_exposure}}"}'
      - name: store-assessment
        type: call
        call: sharepoint.upload-file
        with:
          site_id: risk_management
          folder_path: Counterparty_Assessments/{{counterparty_lei}}
          file_name: assessment_{{counterparty_lei}}.json
  consumes:
  - type: http
    namespace: refinitiv
    baseUri: https://rms-world-check-one-api-pilot.thomsonreuters.com/v2
    authentication:
      type: bearer
      token: $secrets.refinitiv_api_key
    resources:
    - name: screening
      path: /cases/screeningRequest
      operations:
      - name: screen-entity
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: azure-ml
    baseUri: https://barclays-ml.westeurope.inference.ml.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_ml_token
    resources:
    - name: scoring
      path: /score
      operations:
      - name: score-model
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT

Checks the health status of a monitored service. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Service Health Check
  description: Checks the health status of a monitored service. Used by Barclays teams.
  tags:
  - banking
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: servicenow
    port: 8080
    tools:
    - name: get-service_health_check
      description: Checks the health status of a monitored service. Used by Barclays teams.
      inputParameters:
      - name: health_target
        in: body
        type: string
        description: The health_target to look up.
      call: servicenow.get-health_target
      with:
        health_target: '{{health_target}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_service_health_check
        method: GET

Tracks asset lifecycle stages, schedules replacements, manages disposal, and updates CMDB.

naftiko: '0.5'
info:
  label: IT Asset Lifecycle Pipeline
  description: Tracks asset lifecycle stages, schedules replacements, manages disposal, and updates CMDB.
  tags:
  - operations
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: it_asset_lifecycle_pipeline
      description: Orchestrate it asset lifecycle pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: IT Asset Lifecycle Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves current monitoring alert status. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Alert Status Check
  description: Retrieves current monitoring alert status. Used by Barclays teams.
  tags:
  - banking
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: confluence
    port: 8080
    tools:
    - name: get-alert_status_check
      description: Retrieves current monitoring alert status. Used by Barclays teams.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The alert_id to look up.
      call: confluence.get-alert_id
      with:
        alert_id: '{{alert_id}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://barclays.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_alert_status_check
        method: GET

Orchestrates employee offboarding by terminating Workday record, revoking access in SailPoint, deactivating Azure AD account, and creating a ServiceNow decommission ticket.

naftiko: '0.5'
info:
  label: Employee Offboarding Orchestrator
  description: Orchestrates employee offboarding by terminating Workday record, revoking access in SailPoint, deactivating Azure AD account, and creating a ServiceNow decommission ticket.
  tags:
  - hr
  - offboarding
  - workday
  - sailpoint
  - azure-active-directory
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: offboard-employee
      description: Orchestrate full employee offboarding across HR, identity, and IT systems.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: Workday worker ID.
      - name: termination_date
        in: body
        type: string
        description: Last working date (YYYY-MM-DD).
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{worker_id}}'
      - name: revoke-access
        type: call
        call: sailpoint.disable-identity
        with:
          identity_id: '{{get-employee.sailpoint_id}}'
      - name: disable-ad
        type: call
        call: azure-ad.disable-user
        with:
          user_principal_name: '{{get-employee.work_email}}'
      - name: create-ticket
        type: call
        call: servicenow.create-record
        with:
          table: sc_request
          short_description: 'Offboarding: {{get-employee.full_name}} - equipment return and access cleanup'
          description: 'Termination date: {{termination_date}}. Revoke all access and arrange equipment collection.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1/barclays
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: sailpoint
    baseUri: https://barclays.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: identities
      path: /accounts/{{identity_id}}/disable
      inputParameters:
      - name: identity_id
        in: path
      operations:
      - name: disable-identity
        method: POST
  - type: http
    namespace: azure-ad
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{user_principal_name}}
      inputParameters:
      - name: user_principal_name
        in: path
      operations:
      - name: disable-user
        method: PATCH
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: table-records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

Retrieves pending access certification items from SailPoint for a given reviewer. Returns identity name, entitlement, and application for each pending review.

naftiko: '0.5'
info:
  label: SailPoint Access Certification Review
  description: Retrieves pending access certification items from SailPoint for a given reviewer. Returns identity name, entitlement, and application for each pending review.
  tags:
  - security
  - identity-governance
  - sailpoint
capability:
  exposes:
  - type: mcp
    namespace: identity-governance
    port: 8080
    tools:
    - name: get-pending-certifications
      description: Retrieve pending access certification items for a reviewer.
      inputParameters:
      - name: reviewer_id
        in: body
        type: string
        description: SailPoint reviewer identity ID.
      call: sailpoint.get-certifications
      with:
        reviewer_id: '{{reviewer_id}}'
      outputParameters:
      - name: pending_items
        type: array
        mapping: $.items
  consumes:
  - type: http
    namespace: sailpoint
    baseUri: https://barclays.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: certifications
      path: /certifications?filters=reviewer.id eq "{{reviewer_id}}" and phase eq "ACTIVE"
      inputParameters:
      - name: reviewer_id
        in: query
      operations:
      - name: get-certifications
        method: GET

Retrieves code repository information. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Repository Info Lookup
  description: Retrieves code repository information. Used by Barclays teams.
  tags:
  - banking
  - workday
capability:
  exposes:
  - type: mcp
    namespace: workday
    port: 8080
    tools:
    - name: get-repository_info_lookup
      description: Retrieves code repository information. Used by Barclays teams.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The repo_name to look up.
      call: workday.get-repo_name
      with:
        repo_name: '{{repo_name}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/barclays
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_repository_info_looku
        method: GET

Orchestrates a real-time payment through the Faster Payments network by validating the payee in Avaloq, debiting the account, dispatching to the payments gateway via Amazon SQS, and logging to Splunk.

naftiko: '0.5'
info:
  label: Real-Time Payments Processing
  description: Orchestrates a real-time payment through the Faster Payments network by validating the payee in Avaloq, debiting the account, dispatching to the payments gateway via Amazon SQS, and logging to Splunk.
  tags:
  - payments
  - real-time-payments
  - avaloq
  - amazon-sqs
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: rtp-processing
    port: 8080
    tools:
    - name: process-faster-payment
      description: Process a Faster Payment through validation, debit, dispatch, and audit logging.
      inputParameters:
      - name: payer_account
        in: body
        type: string
        description: Payer account number.
      - name: payee_account
        in: body
        type: string
        description: Payee account number.
      - name: payee_sort_code
        in: body
        type: string
        description: Payee sort code.
      - name: amount
        in: body
        type: string
        description: Payment amount in GBP.
      - name: reference
        in: body
        type: string
        description: Payment reference.
      steps:
      - name: validate-payee
        type: call
        call: avaloq.validate-account
        with:
          account_number: '{{payee_account}}'
          sort_code: '{{payee_sort_code}}'
      - name: debit-account
        type: call
        call: avaloq.create-debit
        with:
          account_number: '{{payer_account}}'
          amount: '{{amount}}'
          currency: GBP
          reference: '{{reference}}'
      - name: dispatch-payment
        type: call
        call: sqs.send-message
        with:
          queue_url: https://sqs.eu-west-2.amazonaws.com/barclays/faster-payments-outbound
          message_body: '{"payerAccount":"{{payer_account}}","payeeAccount":"{{payee_account}}","sortCode":"{{payee_sort_code}}","amount":"{{amount}}","reference":"{{reference}}","debitRef":"{{debit-account.transaction_id}}"}'
      - name: audit-log
        type: call
        call: splunk.send-event
        with:
          index: payments
          source: faster-payments
          event: '{"type":"FPS","payer":"{{payer_account}}","payee":"{{payee_account}}","amount":"{{amount}}","status":"dispatched"}'
  consumes:
  - type: http
    namespace: avaloq
    baseUri: https://barclays-avaloq.internal.barclays.com/api/v1
    authentication:
      type: bearer
      token: $secrets.avaloq_token
    resources:
    - name: account-validation
      path: /accounts/{{account_number}}/validate
      inputParameters:
      - name: account_number
        in: path
      operations:
      - name: validate-account
        method: GET
    - name: debits
      path: /accounts/{{account_number}}/debits
      inputParameters:
      - name: account_number
        in: path
      operations:
      - name: create-debit
        method: POST
  - type: http
    namespace: sqs
    baseUri: https://sqs.eu-west-2.amazonaws.com
    authentication:
      type: aws-sigv4
      region: eu-west-2
      access_key: $secrets.aws_access_key
      secret_key: $secrets.aws_secret_key
    resources:
    - name: messages
      path: /barclays/faster-payments-outbound
      operations:
      - name: send-message
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://barclays-splunk.splunkcloud.com:8088
    authentication:
      type: bearer
      token: $secrets.splunk_hec_token
    resources:
    - name: events
      path: /services/collector/event
      operations:
      - name: send-event
        method: POST

Validates change requests, routes for approval, schedules implementation, and notifies stakeholders.

naftiko: '0.5'
info:
  label: Change Management Approval Pipeline
  description: Validates change requests, routes for approval, schedules implementation, and notifies stakeholders.
  tags:
  - itsm
  - servicenow
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: change_management_approval_pipeline
      description: Orchestrate change management approval pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Change Management Approval Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://barclays.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Queries Geneos monitoring for the health status of a managed entity. Returns severity, component name, and active alert count.

naftiko: '0.5'
info:
  label: Geneos System Health Status
  description: Queries Geneos monitoring for the health status of a managed entity. Returns severity, component name, and active alert count.
  tags:
  - operations
  - monitoring
  - geneos
capability:
  exposes:
  - type: mcp
    namespace: system-health
    port: 8080
    tools:
    - name: get-system-health
      description: Check Geneos managed entity health status.
      inputParameters:
      - name: managed_entity
        in: body
        type: string
        description: Geneos managed entity name.
      call: geneos.get-entity-status
      with:
        entity: '{{managed_entity}}'
      outputParameters:
      - name: severity
        type: string
        mapping: $.entity.severity
      - name: active_alerts
        type: string
        mapping: $.entity.activeAlertCount
  consumes:
  - type: http
    namespace: geneos
    baseUri: https://barclays-geneos.internal.barclays.com/api/v1
    authentication:
      type: bearer
      token: $secrets.geneos_token
    resources:
    - name: entities
      path: /managedEntities/{{entity}}/status
      inputParameters:
      - name: entity
        in: path
      operations:
      - name: get-entity-status
        method: GET

Searches Splunk for security events matching a given query string and time range. Used by the SOC team for rapid threat investigation.

naftiko: '0.5'
info:
  label: Splunk Security Event Search
  description: Searches Splunk for security events matching a given query string and time range. Used by the SOC team for rapid threat investigation.
  tags:
  - security
  - siem
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: security-monitoring
    port: 8080
    tools:
    - name: search-security-events
      description: Search Splunk for security events by query and time range.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: Splunk search query (SPL).
      - name: earliest_time
        in: body
        type: string
        description: Earliest time for search (e.g. -24h, -7d).
      call: splunk.create-search
      with:
        search: '{{search_query}}'
        earliest_time: '{{earliest_time}}'
        latest_time: now
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://barclays-splunk.splunkcloud.com:8089
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search-jobs
      path: /services/search/jobs
      operations:
      - name: create-search
        method: POST

Retrieves the latest economic indicator value from Bloomberg Economics by indicator code. Returns value, date, and prior reading for macro research.

naftiko: '0.5'
info:
  label: Bloomberg Economics Indicator Fetch
  description: Retrieves the latest economic indicator value from Bloomberg Economics by indicator code. Returns value, date, and prior reading for macro research.
  tags:
  - research
  - economics
  - bloomberg-economics
capability:
  exposes:
  - type: mcp
    namespace: macro-research
    port: 8080
    tools:
    - name: get-economic-indicator
      description: Fetch an economic indicator from Bloomberg Economics.
      inputParameters:
      - name: indicator_code
        in: body
        type: string
        description: Bloomberg Economics indicator code (e.g. GDP CQOQ Index).
      call: bloomberg-econ.get-indicator
      with:
        indicator: '{{indicator_code}}'
      outputParameters:
      - name: value
        type: string
        mapping: $.data.value
      - name: date
        type: string
        mapping: $.data.date
      - name: prior
        type: string
        mapping: $.data.prior
  consumes:
  - type: http
    namespace: bloomberg-econ
    baseUri: https://bql.data.bloomberg.com/api/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_api_key
    resources:
    - name: economics
      path: /economics/{{indicator}}
      inputParameters:
      - name: indicator
        in: path
      operations:
      - name: get-indicator
        method: GET

Orchestrates expense report processing by pulling the report from SAP Concur, validating against policy limits in Oracle, logging the approval in ServiceNow, and notifying the submitter via Microsoft Teams.

naftiko: '0.5'
info:
  label: SAP Concur Expense Report Approval
  description: Orchestrates expense report processing by pulling the report from SAP Concur, validating against policy limits in Oracle, logging the approval in ServiceNow, and notifying the submitter via Microsoft Teams.
  tags:
  - finance
  - expense-management
  - sap-concur
  - oracle-database
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: expense-management
    port: 8080
    tools:
    - name: process-expense-report
      description: Process and approve an expense report with policy validation and audit logging.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: SAP Concur expense report ID.
      steps:
      - name: get-report
        type: call
        call: concur.get-expense-report
        with:
          report_id: '{{report_id}}'
      - name: validate-policy
        type: call
        call: oracle.validate-expense-policy
        with:
          department: '{{get-report.department}}'
          total_amount: '{{get-report.totalAmount}}'
          expense_type: '{{get-report.expenseType}}'
      - name: log-approval
        type: call
        call: servicenow.create-record
        with:
          table: u_expense_approvals
          short_description: 'Expense approval: {{get-report.employeeName}} - {{get-report.totalAmount}} {{get-report.currency}}'
          description: 'Report {{report_id}}. Policy check: {{validate-policy.result}}.'
      - name: notify-submitter
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-report.employeeEmail}}'
          text: 'Your expense report {{report_id}} ({{get-report.totalAmount}} {{get-report.currency}}) has been {{validate-policy.result}}. Reference: {{log-approval.number}}.'
  consumes:
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports/{{report_id}}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-expense-report
        method: GET
  - type: http
    namespace: oracle
    baseUri: https://barclays-ords.db.oracle.com/ords/finance/v1
    authentication:
      type: bearer
      token: $secrets.oracle_ords_token
    resources:
    - name: policy-validation
      path: /expense-policy/validate
      operations:
      - name: validate-expense-policy
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: table-records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Tests DR procedures, validates backup integrity, generates readiness reports, and notifies leadership.

naftiko: '0.5'
info:
  label: Disaster Recovery Readiness Pipeline
  description: Tests DR procedures, validates backup integrity, generates readiness reports, and notifies leadership.
  tags:
  - disaster-recovery
  - servicenow
  - confluence
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: disaster-recovery
    port: 8080
    tools:
    - name: disaster_recovery_readiness_pipeline
      description: Orchestrate disaster recovery readiness pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-pagerduty
        type: call
        call: pagerduty.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Disaster Recovery Readiness Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://barclays.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST

Monitors service levels, detects SLA breaches, creates escalation tickets, and reports to management.

naftiko: '0.5'
info:
  label: SLA Compliance Monitoring Pipeline
  description: Monitors service levels, detects SLA breaches, creates escalation tickets, and reports to management.
  tags:
  - operations
  - datadog
  - servicenow
  - powerbi
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: sla_compliance_monitoring_pipeline
      description: Orchestrate sla compliance monitoring pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-datadog
        type: call
        call: datadog.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-datadog.result}}'
      - name: create-powerbi
        type: call
        call: powerbi.create-resource
        with:
          channel: '{{notification_channel}}'
          text: SLA Compliance Monitoring Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST

Retrieves company financial summary data from FactSet for a given ticker, returning revenue, EPS, market cap, and P/E ratio for analyst research.

naftiko: '0.5'
info:
  label: FactSet Company Financials Lookup
  description: Retrieves company financial summary data from FactSet for a given ticker, returning revenue, EPS, market cap, and P/E ratio for analyst research.
  tags:
  - research
  - market-data
  - factset
capability:
  exposes:
  - type: mcp
    namespace: research-data
    port: 8080
    tools:
    - name: get-company-financials
      description: Fetch company financial summary from FactSet by ticker.
      inputParameters:
      - name: ticker
        in: body
        type: string
        description: FactSet ticker identifier.
      call: factset.get-fundamentals
      with:
        ticker: '{{ticker}}'
      outputParameters:
      - name: revenue
        type: string
        mapping: $.data.revenue
      - name: eps
        type: string
        mapping: $.data.eps
      - name: market_cap
        type: string
        mapping: $.data.marketCap
      - name: pe_ratio
        type: string
        mapping: $.data.peRatio
  consumes:
  - type: http
    namespace: factset
    baseUri: https://api.factset.com/content/factset-fundamentals/v2
    authentication:
      type: basic
      username: $secrets.factset_user
      password: $secrets.factset_password
    resources:
    - name: fundamentals
      path: /fundamentals?ids={{ticker}}
      inputParameters:
      - name: ticker
        in: query
      operations:
      - name: get-fundamentals
        method: GET

Checks availability of an API endpoint. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays API Endpoint Status
  description: Checks availability of an API endpoint. Used by Barclays teams.
  tags:
  - banking
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: datadog
    port: 8080
    tools:
    - name: get-api_endpoint_status
      description: Checks availability of an API endpoint. Used by Barclays teams.
      inputParameters:
      - name: endpoint_url
        in: body
        type: string
        description: The endpoint_url to look up.
      call: datadog.get-endpoint_url
      with:
        endpoint_url: '{{endpoint_url}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_api_endpoint_status
        method: GET

Collects audit events, validates against policies, generates compliance reports, and notifies auditors.

naftiko: '0.5'
info:
  label: Compliance Audit Trail Pipeline
  description: Collects audit events, validates against policies, generates compliance reports, and notifies auditors.
  tags:
  - compliance
  - elasticsearch
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: compliance_audit_trail_pipeline
      description: Orchestrate compliance audit trail pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-elasticsearch
        type: call
        call: elasticsearch.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-elasticsearch.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Compliance Audit Trail Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://barclays-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: elasticsearch-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://barclays.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Orchestrates an IRS trade by capturing terms from Tradeweb, booking in Bloomberg AIM, calculating initial margin via Azure Machine Learning, and dispatching the confirmation to the counterparty via IBM MQ.

naftiko: '0.5'
info:
  label: Interest Rate Swap Lifecycle
  description: Orchestrates an IRS trade by capturing terms from Tradeweb, booking in Bloomberg AIM, calculating initial margin via Azure Machine Learning, and dispatching the confirmation to the counterparty via IBM MQ.
  tags:
  - trading
  - derivatives
  - tradeweb
  - bloomberg-aim
  - azure-machine-learning
  - ibm-mq
capability:
  exposes:
  - type: mcp
    namespace: derivatives-trading
    port: 8080
    tools:
    - name: process-irs-trade
      description: Process an interest rate swap from execution through margin calculation and confirmation.
      inputParameters:
      - name: trade_id
        in: body
        type: string
        description: Tradeweb IRS trade identifier.
      steps:
      - name: get-trade
        type: call
        call: tradeweb.get-trade
        with:
          trade_id: '{{trade_id}}'
      - name: book-swap
        type: call
        call: bloomberg-aim.create-order
        with:
          portfolio_id: '{{get-trade.portfolio_id}}'
          security: '{{get-trade.swap_identifier}}'
          side: '{{get-trade.side}}'
          quantity: '{{get-trade.notional}}'
          price: '{{get-trade.fixed_rate}}'
      - name: calc-margin
        type: call
        call: azure-ml.score-model
        with:
          model_name: initial-margin-calculator
          input_data: '{"notional":"{{get-trade.notional}}","fixed_rate":"{{get-trade.fixed_rate}}","tenor":"{{get-trade.tenor}}","currency":"{{get-trade.currency}}"}'
      - name: send-confirmation
        type: call
        call: ibmmq.send-message
        with:
          queue: DERIVATIVES.CONFIRMATIONS.OUT
          body: '{"tradeId":"{{trade_id}}","type":"IRS","notional":"{{get-trade.notional}}","fixedRate":"{{get-trade.fixed_rate}}","floatingIndex":"{{get-trade.floating_index}}","initialMargin":"{{calc-margin.margin_amount}}"}'
  consumes:
  - type: http
    namespace: tradeweb
    baseUri: https://api.tradeweb.com/v1
    authentication:
      type: bearer
      token: $secrets.tradeweb_api_key
    resources:
    - name: trades
      path: /trades/{{trade_id}}
      inputParameters:
      - name: trade_id
        in: path
      operations:
      - name: get-trade
        method: GET
  - type: http
    namespace: bloomberg-aim
    baseUri: https://aim.bloomberg.com/api/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_aim_token
    resources:
    - name: orders
      path: /orders
      operations:
      - name: create-order
        method: POST
  - type: http
    namespace: azure-ml
    baseUri: https://barclays-ml.westeurope.inference.ml.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_ml_token
    resources:
    - name: scoring
      path: /score
      operations:
      - name: score-model
        method: POST
  - type: http
    namespace: ibmmq
    baseUri: https://barclays-mq.ibm.com/ibmmq/rest/v2
    authentication:
      type: basic
      username: $secrets.ibmmq_user
      password: $secrets.ibmmq_password
    resources:
    - name: messages
      path: /messaging/qmgr/BARCMQ01/queue/{{queue}}/message
      inputParameters:
      - name: queue
        in: path
      operations:
      - name: send-message
        method: POST

Audits license usage, identifies underutilized licenses, recommends optimization, and notifies IT.

naftiko: '0.5'
info:
  label: Software License Optimization Pipeline
  description: Audits license usage, identifies underutilized licenses, recommends optimization, and notifies IT.
  tags:
  - operations
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: software_license_optimization
      description: Orchestrate software license optimization pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Software License Optimization Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

When an AML alert fires, pulls transaction details from Oracle Database, enriches with customer profile from Salesforce, runs risk scoring, and creates a JIRA investigation case for the compliance team.

naftiko: '0.5'
info:
  label: AML Transaction Alert Triage
  description: When an AML alert fires, pulls transaction details from Oracle Database, enriches with customer profile from Salesforce, runs risk scoring, and creates a JIRA investigation case for the compliance team.
  tags:
  - aml
  - compliance
  - oracle-database
  - salesforce
  - jira
capability:
  exposes:
  - type: mcp
    namespace: aml-triage
    port: 8080
    tools:
    - name: triage-aml-alert
      description: Triage an AML transaction alert by enriching with customer data and opening an investigation ticket.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The AML alert identifier from the monitoring system.
      - name: transaction_id
        in: body
        type: string
        description: The transaction reference to investigate.
      steps:
      - name: get-transaction
        type: call
        call: oracle.get-transaction
        with:
          transaction_id: '{{transaction_id}}'
      - name: get-customer-profile
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{get-transaction.customer_account_id}}'
      - name: create-investigation
        type: call
        call: jira.create-issue
        with:
          project: AML
          issue_type: Investigation
          summary: AML Alert {{alert_id}} - {{get-customer-profile.Name}}
          description: 'Transaction {{transaction_id}} amount {{get-transaction.amount}} {{get-transaction.currency}}. Customer risk: {{get-customer-profile.Risk_Rating__c}}.'
          priority: High
  consumes:
  - type: http
    namespace: oracle
    baseUri: https://barclays-ords.db.oracle.com/ords/aml/v1
    authentication:
      type: bearer
      token: $secrets.oracle_ords_token
    resources:
    - name: transactions
      path: /transactions/{{transaction_id}}
      inputParameters:
      - name: transaction_id
        in: path
      operations:
      - name: get-transaction
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: jira
    baseUri: https://barclays.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Retrieves the details of a support ticket. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Ticket Details Lookup
  description: Retrieves the details of a support ticket. Used by Barclays teams.
  tags:
  - banking
  - powerbi
capability:
  exposes:
  - type: mcp
    namespace: powerbi
    port: 8080
    tools:
    - name: get-ticket_details_lookup
      description: Retrieves the details of a support ticket. Used by Barclays teams.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: The ticket_id to look up.
      call: powerbi.get-ticket_id
      with:
        ticket_id: '{{ticket_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_ticket_details_lookup
        method: GET

Orchestrates institutional client onboarding by creating the client in Salesforce, provisioning access in SailPoint, setting up document storage in Box, and sending welcome instructions via Microsoft Teams.

naftiko: '0.5'
info:
  label: Client Onboarding Orchestrator
  description: Orchestrates institutional client onboarding by creating the client in Salesforce, provisioning access in SailPoint, setting up document storage in Box, and sending welcome instructions via Microsoft Teams.
  tags:
  - client-onboarding
  - salesforce
  - sailpoint
  - box
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: client-onboarding
    port: 8080
    tools:
    - name: onboard-institutional-client
      description: Onboard a new institutional client across CRM, identity, document storage, and communications.
      inputParameters:
      - name: client_name
        in: body
        type: string
        description: Legal name of the client entity.
      - name: client_type
        in: body
        type: string
        description: Client type (hedge_fund, pension, corporate, sovereign).
      - name: relationship_manager
        in: body
        type: string
        description: Email of the assigned relationship manager.
      steps:
      - name: create-account
        type: call
        call: salesforce.create-account
        with:
          name: '{{client_name}}'
          type: '{{client_type}}'
          owner_email: '{{relationship_manager}}'
      - name: provision-identity
        type: call
        call: sailpoint.create-identity
        with:
          name: '{{client_name}}'
          type: service_account
          source: institutional_clients
      - name: create-folder
        type: call
        call: box.create-folder
        with:
          parent_id: '0'
          name: Client_{{create-account.id}}_{{client_name}}
      - name: notify-rm
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{relationship_manager}}'
          text: 'New client onboarded: {{client_name}} ({{client_type}}). Salesforce ID: {{create-account.id}}. Document folder: {{create-folder.url}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account
      operations:
      - name: create-account
        method: POST
  - type: http
    namespace: sailpoint
    baseUri: https://barclays.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: identities
      path: /accounts
      operations:
      - name: create-identity
        method: POST
  - type: http
    namespace: box
    baseUri: https://api.box.com/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: folders
      path: /folders
      operations:
      - name: create-folder
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Monitors transactions for suspicious patterns, scores risk, creates alerts, and notifies compliance.

naftiko: '0.5'
info:
  label: Transaction Monitoring Pipeline
  description: Monitors transactions for suspicious patterns, scores risk, creates alerts, and notifies compliance.
  tags:
  - compliance
  - snowflake
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: barclays_transaction_monitoring_pipeline
      description: Orchestrate transaction monitoring pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Transaction Monitoring Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Identifies KYC records due for review, collects updated information, validates identity, and updates records.

naftiko: '0.5'
info:
  label: Client KYC Refresh Pipeline
  description: Identifies KYC records due for review, collects updated information, validates identity, and updates records.
  tags:
  - compliance
  - salesforce
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: client_kyc_refresh_pipeline
      description: Orchestrate client kyc refresh pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-salesforce
        type: call
        call: salesforce.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-salesforce.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Client KYC Refresh Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves user account details from the directory. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays User Account Lookup
  description: Retrieves user account details from the directory. Used by Barclays teams.
  tags:
  - banking
  - jira
capability:
  exposes:
  - type: mcp
    namespace: jira
    port: 8080
    tools:
    - name: get-user_account_lookup
      description: Retrieves user account details from the directory. Used by Barclays teams.
      inputParameters:
      - name: user_id
        in: body
        type: string
        description: The user_id to look up.
      call: jira.get-user_id
      with:
        user_id: '{{user_id}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://barclays.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_user_account_lookup
        method: GET

Orchestrates a Value-at-Risk calculation by pulling positions from Bloomberg AIM, computing VaR via Azure Databricks, storing results in Snowflake, and sending a breach alert to Microsoft Teams if the limit is exceeded.

naftiko: '0.5'
info:
  label: Market Risk VaR Calculation Pipeline
  description: Orchestrates a Value-at-Risk calculation by pulling positions from Bloomberg AIM, computing VaR via Azure Databricks, storing results in Snowflake, and sending a breach alert to Microsoft Teams if the limit is exceeded.
  tags:
  - risk-management
  - var
  - bloomberg-aim
  - azure-databricks
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: market-risk
    port: 8080
    tools:
    - name: calculate-var
      description: Run Value-at-Risk calculation for a trading book and alert on breaches.
      inputParameters:
      - name: book_id
        in: body
        type: string
        description: Trading book identifier.
      - name: confidence_level
        in: body
        type: string
        description: VaR confidence level (e.g. 99, 95).
      - name: horizon_days
        in: body
        type: string
        description: Holding period in days.
      steps:
      - name: get-positions
        type: call
        call: bloomberg-aim.get-positions
        with:
          portfolio_id: '{{book_id}}'
      - name: compute-var
        type: call
        call: databricks.run-job
        with:
          job_id: var-calculator
          parameters: '{"positions":{{get-positions.holdings}},"confidence":"{{confidence_level}}","horizon":"{{horizon_days}}"}'
      - name: store-result
        type: call
        call: snowflake.execute-query
        with:
          statement: INSERT INTO risk.var_results (book_id, var_amount, confidence, horizon, calc_date) VALUES ('{{book_id}}', '{{compute-var.var_amount}}', '{{confidence_level}}', '{{horizon_days}}', CURRENT_DATE())
          warehouse: RISK_WH
          database: RISK_DB
      - name: alert-breach
        type: call
        call: msteams.send-channel-message
        with:
          team_id: market-risk
          channel_id: var-alerts
          text: 'VaR Report - Book {{book_id}}: {{compute-var.var_amount}} ({{confidence_level}}% / {{horizon_days}}d). Limit utilization: {{compute-var.limit_utilization}}%.'
  consumes:
  - type: http
    namespace: bloomberg-aim
    baseUri: https://aim.bloomberg.com/api/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_aim_token
    resources:
    - name: positions
      path: /portfolios/{{portfolio_id}}/positions
      inputParameters:
      - name: portfolio_id
        in: path
      operations:
      - name: get-positions
        method: GET
  - type: http
    namespace: databricks
    baseUri: https://barclays.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Queries cost and spending data. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Cost Report Query
  description: Queries cost and spending data. Used by Barclays teams.
  tags:
  - banking
  - github
capability:
  exposes:
  - type: mcp
    namespace: github
    port: 8080
    tools:
    - name: get-cost_report_query
      description: Queries cost and spending data. Used by Barclays teams.
      inputParameters:
      - name: cost_center
        in: body
        type: string
        description: The cost_center to look up.
      call: github.get-cost_center
      with:
        cost_center: '{{cost_center}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_cost_report_query
        method: GET

Retrieves the latest build status for a Jenkins job. Returns build number, result, duration, and timestamp.

naftiko: '0.5'
info:
  label: Jenkins Build Status Check
  description: Retrieves the latest build status for a Jenkins job. Returns build number, result, duration, and timestamp.
  tags:
  - devops
  - ci-cd
  - jenkins
capability:
  exposes:
  - type: mcp
    namespace: ci-monitoring
    port: 8080
    tools:
    - name: get-build-status
      description: Check the latest Jenkins build status for a job.
      inputParameters:
      - name: job_name
        in: body
        type: string
        description: Jenkins job name (can include folder path).
      call: jenkins.get-last-build
      with:
        job_name: '{{job_name}}'
      outputParameters:
      - name: build_number
        type: string
        mapping: $.number
      - name: result
        type: string
        mapping: $.result
      - name: duration
        type: string
        mapping: $.duration
  consumes:
  - type: http
    namespace: jenkins
    baseUri: https://jenkins.barclays.com
    authentication:
      type: basic
      username: $secrets.jenkins_user
      password: $secrets.jenkins_api_token
    resources:
    - name: builds
      path: /job/{{job_name}}/lastBuild/api/json
      inputParameters:
      - name: job_name
        in: path
      operations:
      - name: get-last-build
        method: GET

Retrieves real-time market data for a given security from Bloomberg Enterprise Data, returning price, volume, and daily change. Used by traders and portfolio managers for quick instrument checks.

naftiko: '0.5'
info:
  label: Bloomberg Market Data Lookup
  description: Retrieves real-time market data for a given security from Bloomberg Enterprise Data, returning price, volume, and daily change. Used by traders and portfolio managers for quick instrument checks.
  tags:
  - trading
  - market-data
  - bloomberg-enterprise-data
capability:
  exposes:
  - type: mcp
    namespace: market-data
    port: 8080
    tools:
    - name: get-security-price
      description: Fetch real-time price, volume, and change for a Bloomberg security identifier.
      inputParameters:
      - name: ticker
        in: body
        type: string
        description: Bloomberg ticker symbol (e.g. BARC LN Equity).
      call: bloomberg.get-security
      with:
        ticker: '{{ticker}}'
      outputParameters:
      - name: last_price
        type: string
        mapping: $.data.lastPrice
      - name: volume
        type: string
        mapping: $.data.volume
      - name: change_pct
        type: string
        mapping: $.data.changePct
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://bql.data.bloomberg.com/api/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_api_key
    resources:
    - name: securities
      path: /data/{{ticker}}
      inputParameters:
      - name: ticker
        in: path
      operations:
      - name: get-security
        method: GET

Orchestrates a portfolio reconciliation by extracting positions from Bloomberg AIM, running the reconciliation on Trioptima, logging discrepancies in Snowflake, and creating a Jira task for the operations team.

naftiko: '0.5'
info:
  label: Trioptima Portfolio Reconciliation
  description: Orchestrates a portfolio reconciliation by extracting positions from Bloomberg AIM, running the reconciliation on Trioptima, logging discrepancies in Snowflake, and creating a Jira task for the operations team.
  tags:
  - operations
  - reconciliation
  - bloomberg-aim
  - trioptima
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: portfolio-recon
    port: 8080
    tools:
    - name: reconcile-portfolio
      description: Run portfolio reconciliation between internal positions and Trioptima, logging breaks.
      inputParameters:
      - name: portfolio_id
        in: body
        type: string
        description: Bloomberg AIM portfolio identifier.
      - name: recon_date
        in: body
        type: string
        description: Reconciliation date (YYYY-MM-DD).
      steps:
      - name: get-positions
        type: call
        call: bloomberg-aim.get-positions
        with:
          portfolio_id: '{{portfolio_id}}'
      - name: run-recon
        type: call
        call: trioptima.submit-reconciliation
        with:
          portfolio_id: '{{portfolio_id}}'
          as_of_date: '{{recon_date}}'
          positions: '{{get-positions.holdings}}'
      - name: log-breaks
        type: call
        call: snowflake.execute-query
        with:
          statement: INSERT INTO ops.recon_breaks SELECT * FROM TABLE(RESULT_SCAN('{{run-recon.query_id}}')) WHERE status = 'BREAK'
          warehouse: OPS_WH
          database: OPS_DB
      - name: create-task
        type: call
        call: jira.create-issue
        with:
          project: OPS
          issue_type: Task
          summary: 'Recon breaks: Portfolio {{portfolio_id}} as of {{recon_date}}'
          description: '{{run-recon.break_count}} breaks found. Review in Snowflake OPS_DB.ops.recon_breaks.'
  consumes:
  - type: http
    namespace: bloomberg-aim
    baseUri: https://aim.bloomberg.com/api/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_aim_token
    resources:
    - name: positions
      path: /portfolios/{{portfolio_id}}/positions
      inputParameters:
      - name: portfolio_id
        in: path
      operations:
      - name: get-positions
        method: GET
  - type: http
    namespace: trioptima
    baseUri: https://api.trioptima.com/v1
    authentication:
      type: bearer
      token: $secrets.trioptima_token
    resources:
    - name: reconciliations
      path: /reconciliations
      operations:
      - name: submit-reconciliation
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://barclays.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Orchestrates quarterly regulatory report generation by extracting data from Snowflake, generating the report in Power BI, uploading to SharePoint, and creating a Jira sign-off task for the compliance officer.

naftiko: '0.5'
info:
  label: Regulatory Report Generation
  description: Orchestrates quarterly regulatory report generation by extracting data from Snowflake, generating the report in Power BI, uploading to SharePoint, and creating a Jira sign-off task for the compliance officer.
  tags:
  - compliance
  - regulatory-reporting
  - snowflake
  - power-bi
  - sharepoint
  - jira
capability:
  exposes:
  - type: mcp
    namespace: regulatory-reporting
    port: 8080
    tools:
    - name: generate-regulatory-report
      description: Generate and distribute a quarterly regulatory report with sign-off tracking.
      inputParameters:
      - name: report_type
        in: body
        type: string
        description: Report type (e.g. COREP, FINREP, LCR, NSFR).
      - name: reporting_period
        in: body
        type: string
        description: Reporting period in YYYY-QN format.
      steps:
      - name: extract-data
        type: call
        call: snowflake.execute-query
        with:
          statement: CALL regulatory.generate_report_data('{{report_type}}', '{{reporting_period}}')
          warehouse: REGULATORY_WH
          database: REGULATORY_DB
      - name: refresh-report
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: regulatory-reports
          dataset_id: '{{report_type}}-dataset'
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          site_id: regulatory_reporting
          folder_path: Reports/{{reporting_period}}/{{report_type}}
          file_name: '{{report_type}}_{{reporting_period}}.pdf'
      - name: create-signoff
        type: call
        call: jira.create-issue
        with:
          project: REG
          issue_type: Task
          summary: 'Sign-off required: {{report_type}} report for {{reporting_period}}'
          description: Report available at {{upload-report.url}}. Please review and approve.
          priority: High
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: jira
    baseUri: https://barclays.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Triggers a Power BI dataset refresh for a specified workspace and dataset. Used by analysts to ensure dashboards display the latest data.

naftiko: '0.5'
info:
  label: Power BI Dashboard Refresh
  description: Triggers a Power BI dataset refresh for a specified workspace and dataset. Used by analysts to ensure dashboards display the latest data.
  tags:
  - analytics
  - reporting
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: analytics-reporting
    port: 8080
    tools:
    - name: refresh-dashboard
      description: Trigger a Power BI dataset refresh.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: Power BI workspace (group) ID.
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset ID.
      call: powerbi.refresh-dataset
      with:
        group_id: '{{workspace_id}}'
        dataset_id: '{{dataset_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

After a trade is executed on Tradeweb, fetches the trade details, retrieves counterparty data from Salesforce, publishes a settlement instruction to IBM MQ, and updates the position in Bloomberg AIM.

naftiko: '0.5'
info:
  label: Trade Execution Post-Trade Enrichment
  description: After a trade is executed on Tradeweb, fetches the trade details, retrieves counterparty data from Salesforce, publishes a settlement instruction to IBM MQ, and updates the position in Bloomberg AIM.
  tags:
  - trading
  - post-trade
  - tradeweb
  - salesforce
  - ibm-mq
  - bloomberg-aim
capability:
  exposes:
  - type: mcp
    namespace: trade-enrichment
    port: 8080
    tools:
    - name: enrich-trade
      description: Enrich a completed trade with counterparty data, publish settlement instruction, and update portfolio position.
      inputParameters:
      - name: trade_id
        in: body
        type: string
        description: The Tradeweb trade identifier.
      steps:
      - name: get-trade
        type: call
        call: tradeweb.get-trade
        with:
          trade_id: '{{trade_id}}'
      - name: get-counterparty
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{get-trade.counterparty_id}}'
      - name: publish-settlement
        type: call
        call: ibmmq.send-message
        with:
          queue: SETTLEMENT.INSTRUCTIONS
          body: '{"tradeId":"{{trade_id}}","counterparty":"{{get-counterparty.Name}}","amount":"{{get-trade.notional}}","currency":"{{get-trade.currency}}","settleDate":"{{get-trade.settlement_date}}"}'
      - name: update-aim
        type: call
        call: bloomberg-aim.update-position
        with:
          portfolio_id: '{{get-trade.portfolio_id}}'
          security: '{{get-trade.security}}'
          quantity: '{{get-trade.quantity}}'
  consumes:
  - type: http
    namespace: tradeweb
    baseUri: https://api.tradeweb.com/v1
    authentication:
      type: bearer
      token: $secrets.tradeweb_api_key
    resources:
    - name: trades
      path: /trades/{{trade_id}}
      inputParameters:
      - name: trade_id
        in: path
      operations:
      - name: get-trade
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: ibmmq
    baseUri: https://barclays-mq.ibm.com/ibmmq/rest/v2
    authentication:
      type: basic
      username: $secrets.ibmmq_user
      password: $secrets.ibmmq_password
    resources:
    - name: messages
      path: /messaging/qmgr/BARCMQ01/queue/{{queue}}/message
      inputParameters:
      - name: queue
        in: path
      operations:
      - name: send-message
        method: POST
  - type: http
    namespace: bloomberg-aim
    baseUri: https://aim.bloomberg.com/api/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_aim_token
    resources:
    - name: positions
      path: /portfolios/{{portfolio_id}}/positions
      inputParameters:
      - name: portfolio_id
        in: path
      operations:
      - name: update-position
        method: PUT

Orchestrates a wealth management suitability assessment by pulling client profile from Salesforce, risk questionnaire results from Oracle, running the suitability model on Azure Machine Learning, and storing the assessment in SharePoint.

naftiko: '0.5'
info:
  label: Client Suitability Assessment
  description: Orchestrates a wealth management suitability assessment by pulling client profile from Salesforce, risk questionnaire results from Oracle, running the suitability model on Azure Machine Learning, and storing the assessment in SharePoint.
  tags:
  - wealth-management
  - suitability
  - salesforce
  - oracle-database
  - azure-machine-learning
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: wealth-suitability
    port: 8080
    tools:
    - name: assess-suitability
      description: Run a suitability assessment for a wealth management client.
      inputParameters:
      - name: client_id
        in: body
        type: string
        description: Salesforce client account ID.
      - name: product_type
        in: body
        type: string
        description: Investment product type being assessed.
      steps:
      - name: get-client
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{client_id}}'
      - name: get-risk-questionnaire
        type: call
        call: oracle.get-risk-questionnaire
        with:
          client_id: '{{client_id}}'
      - name: run-suitability-model
        type: call
        call: azure-ml.score-model
        with:
          model_name: suitability-assessor
          input_data: '{"client_type":"{{get-client.Type}}","risk_tolerance":"{{get-risk-questionnaire.risk_tolerance}}","investment_horizon":"{{get-risk-questionnaire.investment_horizon}}","product_type":"{{product_type}}"}'
      - name: store-assessment
        type: call
        call: sharepoint.upload-file
        with:
          site_id: wealth_management
          folder_path: Suitability/{{client_id}}
          file_name: suitability_{{product_type}}.json
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: oracle
    baseUri: https://barclays-ords.db.oracle.com/ords/wealth/v1
    authentication:
      type: bearer
      token: $secrets.oracle_ords_token
    resources:
    - name: risk-questionnaires
      path: /risk-questionnaires/{{client_id}}
      inputParameters:
      - name: client_id
        in: path
      operations:
      - name: get-risk-questionnaire
        method: GET
  - type: http
    namespace: azure-ml
    baseUri: https://barclays-ml.westeurope.inference.ml.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_ml_token
    resources:
    - name: scoring
      path: /score
      operations:
      - name: score-model
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT

Checks the status of a Mastercard payment transaction by reference ID. Returns authorization status, amount, and settlement state.

naftiko: '0.5'
info:
  label: Mastercard Payment Gateway Status
  description: Checks the status of a Mastercard payment transaction by reference ID. Returns authorization status, amount, and settlement state.
  tags:
  - payments
  - card-processing
  - mastercard
capability:
  exposes:
  - type: mcp
    namespace: card-payments
    port: 8080
    tools:
    - name: get-payment-status
      description: Check a Mastercard payment transaction status.
      inputParameters:
      - name: transaction_ref
        in: body
        type: string
        description: Mastercard transaction reference.
      call: mastercard.get-transaction
      with:
        transaction_ref: '{{transaction_ref}}'
      outputParameters:
      - name: auth_status
        type: string
        mapping: $.transaction.authorizationStatus
      - name: amount
        type: string
        mapping: $.transaction.amount
      - name: settlement_status
        type: string
        mapping: $.transaction.settlementStatus
  consumes:
  - type: http
    namespace: mastercard
    baseUri: https://sandbox.api.mastercard.com/mcob/v1
    authentication:
      type: oauth2
      token: $secrets.mastercard_oauth_token
    resources:
    - name: transactions
      path: /transactions/{{transaction_ref}}
      inputParameters:
      - name: transaction_ref
        in: path
      operations:
      - name: get-transaction
        method: GET

Identifies deprecated API consumers, sends migration notices, tracks adoption, and reports progress.

naftiko: '0.5'
info:
  label: API Deprecation Notice Pipeline
  description: Identifies deprecated API consumers, sends migration notices, tracks adoption, and reports progress.
  tags:
  - engineering
  - datadog
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: api_deprecation_notice_pipeline
      description: Orchestrate api deprecation notice pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-datadog
        type: call
        call: datadog.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-datadog.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: API Deprecation Notice Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://barclays.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Orchestrates a fixed income order by placing the order on Tradeweb, confirming execution, booking in Bloomberg AIM, and publishing the fill event to Apache Kafka for trade reporting.

naftiko: '0.5'
info:
  label: Fixed Income Order Execution
  description: Orchestrates a fixed income order by placing the order on Tradeweb, confirming execution, booking in Bloomberg AIM, and publishing the fill event to Apache Kafka for trade reporting.
  tags:
  - trading
  - fixed-income
  - tradeweb
  - bloomberg-aim
  - apache-kafka
capability:
  exposes:
  - type: mcp
    namespace: fi-trading
    port: 8080
    tools:
    - name: execute-fi-order
      description: Execute a fixed income order through placement, booking, and event publication.
      inputParameters:
      - name: security_id
        in: body
        type: string
        description: Bond ISIN or identifier.
      - name: side
        in: body
        type: string
        description: Order side (buy, sell).
      - name: quantity
        in: body
        type: string
        description: Face value / quantity.
      - name: portfolio_id
        in: body
        type: string
        description: Target portfolio ID.
      steps:
      - name: place-order
        type: call
        call: tradeweb.create-order
        with:
          security_id: '{{security_id}}'
          side: '{{side}}'
          quantity: '{{quantity}}'
          order_type: limit
      - name: book-trade
        type: call
        call: bloomberg-aim.create-order
        with:
          portfolio_id: '{{portfolio_id}}'
          security: '{{security_id}}'
          side: '{{side}}'
          quantity: '{{quantity}}'
          price: '{{place-order.execution_price}}'
      - name: publish-fill
        type: call
        call: kafka.produce
        with:
          topic: fi.trades.fills
          key: '{{place-order.trade_id}}'
          value: '{"tradeId":"{{place-order.trade_id}}","security":"{{security_id}}","side":"{{side}}","quantity":"{{quantity}}","price":"{{place-order.execution_price}}"}'
  consumes:
  - type: http
    namespace: tradeweb
    baseUri: https://api.tradeweb.com/v1
    authentication:
      type: bearer
      token: $secrets.tradeweb_api_key
    resources:
    - name: orders
      path: /orders
      operations:
      - name: create-order
        method: POST
  - type: http
    namespace: bloomberg-aim
    baseUri: https://aim.bloomberg.com/api/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_aim_token
    resources:
    - name: orders
      path: /orders
      operations:
      - name: create-order
        method: POST
  - type: http
    namespace: kafka
    baseUri: https://barclays-kafka.confluent.cloud/kafka/v3/clusters/barclays-prod
    authentication:
      type: basic
      username: $secrets.kafka_api_key
      password: $secrets.kafka_api_secret
    resources:
    - name: records
      path: /topics/{{topic}}/records
      inputParameters:
      - name: topic
        in: path
      operations:
      - name: produce
        method: POST

Retrieves a ServiceNow incident by number and returns its state, priority, assignment group, and short description. Used by support teams for quick incident lookups.

naftiko: '0.5'
info:
  label: ServiceNow Incident Status
  description: Retrieves a ServiceNow incident by number and returns its state, priority, assignment group, and short description. Used by support teams for quick incident lookups.
  tags:
  - operations
  - itsm
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: itsm-support
    port: 8080
    tools:
    - name: get-incident-status
      description: Look up a ServiceNow incident by number.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number (e.g. INC0012345).
      call: servicenow.get-incident
      with:
        incident_number: '{{incident_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.result.state
      - name: priority
        type: string
        mapping: $.result.priority
      - name: assigned_to
        type: string
        mapping: $.result.assigned_to.display_value
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident?sysparm_query=number={{incident_number}}
      inputParameters:
      - name: incident_number
        in: query
      operations:
      - name: get-incident
        method: GET

Collects access entitlements, routes for review, revokes expired access, and creates audit records.

naftiko: '0.5'
info:
  label: Access Review Certification Pipeline
  description: Collects access entitlements, routes for review, revokes expired access, and creates audit records.
  tags:
  - security
  - okta
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: access_review_certification_pipeline
      description: Orchestrate access review certification pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-okta
        type: call
        call: okta.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-okta.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Access Review Certification Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: okta
    baseUri: https://barclays.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: okta-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Aggregates customer data from multiple sources, deduplicates, enriches profiles, and syncs to CRM.

naftiko: '0.5'
info:
  label: Customer 360 Data Sync Pipeline
  description: Aggregates customer data from multiple sources, deduplicates, enriches profiles, and syncs to CRM.
  tags:
  - data
  - snowflake
  - salesforce
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data
    port: 8080
    tools:
    - name: customer_360_data_sync_pipeline
      description: Orchestrate customer 360 data sync pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-salesforce
        type: call
        call: salesforce.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Customer 360 Data Sync Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Orchestrates an international payment by validating the beneficiary in Oracle Database, formatting a SWIFT MT103 message, dispatching via IBM MQ, and logging the payment event to Splunk for monitoring.

naftiko: '0.5'
info:
  label: Payment Processing SWIFT Dispatch
  description: Orchestrates an international payment by validating the beneficiary in Oracle Database, formatting a SWIFT MT103 message, dispatching via IBM MQ, and logging the payment event to Splunk for monitoring.
  tags:
  - payments
  - swift
  - oracle-database
  - ibm-mq
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: payments-processing
    port: 8080
    tools:
    - name: dispatch-swift-payment
      description: Validate, format, and dispatch a SWIFT MT103 international payment with audit logging.
      inputParameters:
      - name: payment_ref
        in: body
        type: string
        description: Internal payment reference.
      - name: beneficiary_account
        in: body
        type: string
        description: Beneficiary account number.
      - name: amount
        in: body
        type: string
        description: Payment amount.
      - name: currency
        in: body
        type: string
        description: ISO currency code.
      - name: beneficiary_bic
        in: body
        type: string
        description: Beneficiary bank SWIFT BIC.
      steps:
      - name: validate-beneficiary
        type: call
        call: oracle.get-beneficiary
        with:
          account_number: '{{beneficiary_account}}'
      - name: send-swift
        type: call
        call: ibmmq.send-message
        with:
          queue: SWIFT.MT103.OUT
          body: '{"ref":"{{payment_ref}}","beneficiary":"{{validate-beneficiary.account_holder}}","bic":"{{beneficiary_bic}}","amount":"{{amount}}","currency":"{{currency}}"}'
      - name: log-event
        type: call
        call: splunk.send-event
        with:
          index: payments
          source: swift-gateway
          event: '{"payment_ref":"{{payment_ref}}","status":"dispatched","amount":"{{amount}}","currency":"{{currency}}"}'
  consumes:
  - type: http
    namespace: oracle
    baseUri: https://barclays-ords.db.oracle.com/ords/payments/v1
    authentication:
      type: bearer
      token: $secrets.oracle_ords_token
    resources:
    - name: beneficiaries
      path: /beneficiaries/{{account_number}}
      inputParameters:
      - name: account_number
        in: path
      operations:
      - name: get-beneficiary
        method: GET
  - type: http
    namespace: ibmmq
    baseUri: https://barclays-mq.ibm.com/ibmmq/rest/v2
    authentication:
      type: basic
      username: $secrets.ibmmq_user
      password: $secrets.ibmmq_password
    resources:
    - name: messages
      path: /messaging/qmgr/BARCMQ01/queue/{{queue}}/message
      inputParameters:
      - name: queue
        in: path
      operations:
      - name: send-message
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://barclays-splunk.splunkcloud.com:8088
    authentication:
      type: bearer
      token: $secrets.splunk_hec_token
    resources:
    - name: events
      path: /services/collector/event
      operations:
      - name: send-event
        method: POST

Retrieves compliance check status. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Compliance Check Status
  description: Retrieves compliance check status. Used by Barclays teams.
  tags:
  - banking
  - okta
capability:
  exposes:
  - type: mcp
    namespace: okta
    port: 8080
    tools:
    - name: get-compliance_check_status
      description: Retrieves compliance check status. Used by Barclays teams.
      inputParameters:
      - name: check_id
        in: body
        type: string
        description: The check_id to look up.
      call: okta.get-check_id
      with:
        check_id: '{{check_id}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://barclays.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_compliance_check_stat
        method: GET

Retrieves the latest Bloomberg news articles for a given topic or security. Returns headlines, timestamps, and article summaries for research analysts.

naftiko: '0.5'
info:
  label: Bloomberg News Feed
  description: Retrieves the latest Bloomberg news articles for a given topic or security. Returns headlines, timestamps, and article summaries for research analysts.
  tags:
  - research
  - news
  - bloomberg-news
capability:
  exposes:
  - type: mcp
    namespace: research-news
    port: 8080
    tools:
    - name: get-bloomberg-news
      description: Fetch latest Bloomberg news by topic or security.
      inputParameters:
      - name: topic
        in: body
        type: string
        description: News topic or Bloomberg ticker.
      call: bloomberg-news.search-articles
      with:
        query: '{{topic}}'
      outputParameters:
      - name: articles
        type: array
        mapping: $.articles
  consumes:
  - type: http
    namespace: bloomberg-news
    baseUri: https://bql.data.bloomberg.com/api/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_api_key
    resources:
    - name: news
      path: /news/search?query={{query}}
      inputParameters:
      - name: query
        in: query
      operations:
      - name: search-articles
        method: GET

Runs data quality checks, scores datasets, creates remediation tickets, and publishes scorecards.

naftiko: '0.5'
info:
  label: Data Quality Monitoring Pipeline
  description: Runs data quality checks, scores datasets, creates remediation tickets, and publishes scorecards.
  tags:
  - data-quality
  - snowflake
  - jira
  - grafana
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: data_quality_monitoring_pipeline
      description: Orchestrate data quality monitoring pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-grafana
        type: call
        call: grafana.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Data Quality Monitoring Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://barclays.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://barclays-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST

Orchestrates a service health check by querying Datadog for active alerts, pulling recent error logs from Splunk, and posting a consolidated health summary to Microsoft Teams for the on-call team.

naftiko: '0.5'
info:
  label: Datadog Service Health Dashboard
  description: Orchestrates a service health check by querying Datadog for active alerts, pulling recent error logs from Splunk, and posting a consolidated health summary to Microsoft Teams for the on-call team.
  tags:
  - operations
  - monitoring
  - datadog
  - splunk
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: service-health
    port: 8080
    tools:
    - name: check-service-health
      description: Run a consolidated service health check across monitoring and logging systems.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: Service name to check.
      steps:
      - name: check-alerts
        type: call
        call: datadog.search-monitors
        with:
          query: tag:service:{{service_name}} status:alert
      - name: search-errors
        type: call
        call: splunk.create-search
        with:
          search: index=applications service={{service_name}} level=ERROR earliest=-1h
          earliest_time: -1h
          latest_time: now
      - name: post-summary
        type: call
        call: msteams.send-channel-message
        with:
          team_id: platform-engineering
          channel_id: service-health
          text: 'Service Health: {{service_name}}. Active alerts: {{check-alerts.total_count}}. Errors (1h): {{search-errors.result_count}}.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.eu/api/v1
    authentication:
      type: apiKey
      name: DD-API-KEY
      in: header
      value: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/search
      operations:
      - name: search-monitors
        method: GET
  - type: http
    namespace: splunk
    baseUri: https://barclays-splunk.splunkcloud.com:8089
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search-jobs
      path: /services/search/jobs
      operations:
      - name: create-search
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Orchestrates capital adequacy reporting by aggregating risk-weighted assets from Snowflake, computing capital ratios via Azure Databricks, generating the report in Power BI, uploading to SharePoint, and notifying the CFO office via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Capital Adequacy Report Pipeline
  description: Orchestrates capital adequacy reporting by aggregating risk-weighted assets from Snowflake, computing capital ratios via Azure Databricks, generating the report in Power BI, uploading to SharePoint, and notifying the CFO office via Microsoft Outlook.
  tags:
  - risk-management
  - capital-adequacy
  - snowflake
  - azure-databricks
  - power-bi
  - sharepoint
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: capital-reporting
    port: 8080
    tools:
    - name: generate-capital-report
      description: Generate and distribute a capital adequacy report with ratio calculations.
      inputParameters:
      - name: reporting_date
        in: body
        type: string
        description: Reporting date (YYYY-MM-DD).
      steps:
      - name: get-rwa
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT risk_category, SUM(rwa) as total_rwa FROM risk.risk_weighted_assets WHERE as_of_date = '{{reporting_date}}' GROUP BY risk_category
          warehouse: RISK_WH
          database: RISK_DB
      - name: compute-ratios
        type: call
        call: databricks.run-job
        with:
          job_id: capital-ratio-calculator
          parameters: '{"reporting_date":"{{reporting_date}}"}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: capital-reporting
          dataset_id: capital-adequacy
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          site_id: finance_reporting
          folder_path: Capital_Adequacy/{{reporting_date}}
          file_name: capital_adequacy_{{reporting_date}}.pdf
      - name: notify-cfo
        type: call
        call: outlook.send-mail
        with:
          to: cfo-office@barclays.com
          subject: Capital Adequacy Report - {{reporting_date}}
          body: 'CET1 Ratio: {{compute-ratios.cet1_ratio}}%. Tier 1: {{compute-ratios.tier1_ratio}}%. Total Capital: {{compute-ratios.total_capital_ratio}}%. Report: {{upload-report.url}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://barclays.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/finance-reporting@barclays.com/sendMail
      operations:
      - name: send-mail
        method: POST

Orchestrates a BACS batch payment submission by generating the payment file from Oracle, validating entries against Avaloq, submitting via Amazon SQS to the BACS gateway, and notifying treasury operations in Microsoft Teams.

naftiko: '0.5'
info:
  label: BACS Payment Batch Submission
  description: Orchestrates a BACS batch payment submission by generating the payment file from Oracle, validating entries against Avaloq, submitting via Amazon SQS to the BACS gateway, and notifying treasury operations in Microsoft Teams.
  tags:
  - payments
  - bacs
  - oracle-database
  - avaloq
  - amazon-sqs
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: bacs-payments
    port: 8080
    tools:
    - name: submit-bacs-batch
      description: Generate, validate, and submit a BACS payment batch with operations notification.
      inputParameters:
      - name: batch_id
        in: body
        type: string
        description: Payment batch identifier.
      - name: processing_date
        in: body
        type: string
        description: BACS processing date (YYYY-MM-DD).
      steps:
      - name: generate-file
        type: call
        call: oracle.generate-bacs-file
        with:
          batch_id: '{{batch_id}}'
          processing_date: '{{processing_date}}'
      - name: validate-accounts
        type: call
        call: avaloq.validate-batch
        with:
          batch_id: '{{batch_id}}'
          payment_count: '{{generate-file.payment_count}}'
      - name: submit-batch
        type: call
        call: sqs.send-message
        with:
          queue_url: https://sqs.eu-west-2.amazonaws.com/barclays/bacs-submissions
          message_body: '{"batchId":"{{batch_id}}","processingDate":"{{processing_date}}","paymentCount":"{{generate-file.payment_count}}","totalAmount":"{{generate-file.total_amount}}"}'
      - name: notify-ops
        type: call
        call: msteams.send-channel-message
        with:
          team_id: treasury-operations
          channel_id: bacs-processing
          text: 'BACS batch {{batch_id}} submitted for {{processing_date}}. Payments: {{generate-file.payment_count}}. Total: GBP {{generate-file.total_amount}}. Validation: {{validate-accounts.status}}.'
  consumes:
  - type: http
    namespace: oracle
    baseUri: https://barclays-ords.db.oracle.com/ords/payments/v1
    authentication:
      type: bearer
      token: $secrets.oracle_ords_token
    resources:
    - name: bacs-files
      path: /bacs/generate
      operations:
      - name: generate-bacs-file
        method: POST
  - type: http
    namespace: avaloq
    baseUri: https://barclays-avaloq.internal.barclays.com/api/v1
    authentication:
      type: bearer
      token: $secrets.avaloq_token
    resources:
    - name: batch-validation
      path: /payments/validate-batch
      operations:
      - name: validate-batch
        method: POST
  - type: http
    namespace: sqs
    baseUri: https://sqs.eu-west-2.amazonaws.com
    authentication:
      type: aws-sigv4
      region: eu-west-2
      access_key: $secrets.aws_access_key
      secret_key: $secrets.aws_secret_key
    resources:
    - name: messages
      path: /barclays/bacs-submissions
      operations:
      - name: send-message
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Orchestrates trade surveillance by pulling suspicious trade patterns from Snowflake, enriching with trader details from Workday, screening the counterparty in Refinitiv, and filing a compliance report in ServiceNow.

naftiko: '0.5'
info:
  label: Trade Surveillance Alert Processing
  description: Orchestrates trade surveillance by pulling suspicious trade patterns from Snowflake, enriching with trader details from Workday, screening the counterparty in Refinitiv, and filing a compliance report in ServiceNow.
  tags:
  - compliance
  - trade-surveillance
  - snowflake
  - workday
  - refinitiv
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: trade-surveillance
    port: 8080
    tools:
    - name: process-surveillance-alert
      description: Process a trade surveillance alert with enrichment and compliance filing.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Surveillance alert identifier.
      - name: trader_id
        in: body
        type: string
        description: Workday worker ID of the trader.
      steps:
      - name: get-alert-details
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT * FROM compliance.surveillance_alerts WHERE alert_id = '{{alert_id}}'
          warehouse: COMPLIANCE_WH
          database: COMPLIANCE_DB
      - name: get-trader
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{trader_id}}'
      - name: screen-counterparty
        type: call
        call: refinitiv.screen-entity
        with:
          entity_name: '{{get-alert-details.counterparty_name}}'
          entity_type: organisation
      - name: file-report
        type: call
        call: servicenow.create-record
        with:
          table: u_surveillance_reports
          short_description: 'Surveillance Alert {{alert_id}} - Trader: {{get-trader.full_name}}'
          description: 'Pattern: {{get-alert-details.pattern_type}}. Counterparty screening: {{screen-counterparty.overallResult}}. Trade volume: {{get-alert-details.trade_volume}}.'
          priority: '2'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1/barclays
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: refinitiv
    baseUri: https://rms-world-check-one-api-pilot.thomsonreuters.com/v2
    authentication:
      type: bearer
      token: $secrets.refinitiv_api_key
    resources:
    - name: screening
      path: /cases/screeningRequest
      operations:
      - name: screen-entity
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: table-records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

Queries metric values from a monitoring dashboard. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Metric Dashboard Query
  description: Queries metric values from a monitoring dashboard. Used by Barclays teams.
  tags:
  - banking
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: splunk
    port: 8080
    tools:
    - name: get-metric_dashboard_query
      description: Queries metric values from a monitoring dashboard. Used by Barclays teams.
      inputParameters:
      - name: metric_name
        in: body
        type: string
        description: The metric_name to look up.
      call: splunk.get-metric_name
      with:
        metric_name: '{{metric_name}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://barclays-splunk.com/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_metric_dashboard_quer
        method: GET

Identifies stale articles, assigns review tasks, tracks updates, and publishes freshness reports.

naftiko: '0.5'
info:
  label: Knowledge Base Freshness Pipeline
  description: Identifies stale articles, assigns review tasks, tracks updates, and publishes freshness reports.
  tags:
  - knowledge
  - confluence
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: knowledge
    port: 8080
    tools:
    - name: knowledge_base_freshness_pipeline
      description: Orchestrate knowledge base freshness pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-confluence
        type: call
        call: confluence.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-confluence.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Knowledge Base Freshness Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://barclays.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://barclays.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Orchestrates credit risk scoring by pulling applicant data from Salesforce, running the credit model on Azure Databricks, storing results in Snowflake, and notifying the credit committee via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Credit Risk Model Scoring
  description: Orchestrates credit risk scoring by pulling applicant data from Salesforce, running the credit model on Azure Databricks, storing results in Snowflake, and notifying the credit committee via Microsoft Outlook.
  tags:
  - risk-management
  - credit-risk
  - salesforce
  - azure-databricks
  - snowflake
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: credit-risk
    port: 8080
    tools:
    - name: score-credit-risk
      description: Run credit risk model scoring for a loan applicant.
      inputParameters:
      - name: applicant_id
        in: body
        type: string
        description: Salesforce contact ID for the applicant.
      - name: loan_amount
        in: body
        type: string
        description: Requested loan amount.
      steps:
      - name: get-applicant
        type: call
        call: salesforce.get-contact
        with:
          contact_id: '{{applicant_id}}'
      - name: run-model
        type: call
        call: databricks.run-job
        with:
          job_id: credit-risk-scorer
          parameters: '{"name":"{{get-applicant.Name}}","income":"{{get-applicant.Annual_Income__c}}","loan_amount":"{{loan_amount}}"}'
      - name: store-result
        type: call
        call: snowflake.execute-query
        with:
          statement: INSERT INTO credit.risk_scores (applicant_id, score, pd, lgd, timestamp) VALUES ('{{applicant_id}}', '{{run-model.score}}', '{{run-model.pd}}', '{{run-model.lgd}}', CURRENT_TIMESTAMP())
          warehouse: RISK_WH
          database: RISK_DB
      - name: send-notification
        type: call
        call: outlook.send-mail
        with:
          to: credit-committee@barclays.com
          subject: 'Credit Risk Score: {{get-applicant.Name}} - {{run-model.score}}'
          body: 'Applicant: {{get-applicant.Name}}. Loan: {{loan_amount}}. PD: {{run-model.pd}}. LGD: {{run-model.lgd}}. Score: {{run-model.score}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /sobjects/Contact/{{contact_id}}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: get-contact
        method: GET
  - type: http
    namespace: databricks
    baseUri: https://barclays.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/credit-service@barclays.com/sendMail
      operations:
      - name: send-mail
        method: POST

Initiates review cycles, collects feedback, aggregates scores, and distributes to managers.

naftiko: '0.5'
info:
  label: Performance Review Cycle Pipeline
  description: Initiates review cycles, collects feedback, aggregates scores, and distributes to managers.
  tags:
  - hr
  - workday
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: performance_review_cycle_pipeline
      description: Orchestrate performance review cycle pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-workday
        type: call
        call: workday.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-workday.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Performance Review Cycle Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/barclays
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://barclays.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Orchestrates sanctions list updates by fetching the latest list from Refinitiv, updating the screening database in Snowflake, triggering a re-screening batch on Azure Databricks, and notifying compliance via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Sanctions List Update Propagation
  description: Orchestrates sanctions list updates by fetching the latest list from Refinitiv, updating the screening database in Snowflake, triggering a re-screening batch on Azure Databricks, and notifying compliance via Microsoft Outlook.
  tags:
  - compliance
  - sanctions
  - refinitiv
  - snowflake
  - azure-databricks
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: sanctions-management
    port: 8080
    tools:
    - name: propagate-sanctions-update
      description: Propagate a sanctions list update across screening infrastructure and notify compliance.
      inputParameters:
      - name: list_type
        in: body
        type: string
        description: Sanctions list type (OFAC, EU, UN, HMT).
      steps:
      - name: fetch-list
        type: call
        call: refinitiv.get-sanctions-list
        with:
          list_type: '{{list_type}}'
      - name: update-database
        type: call
        call: snowflake.execute-query
        with:
          statement: CALL compliance.update_sanctions_list('{{list_type}}', '{{fetch-list.version}}')
          warehouse: COMPLIANCE_WH
          database: COMPLIANCE_DB
      - name: trigger-rescreening
        type: call
        call: databricks.run-job
        with:
          job_id: sanctions-rescreening
          parameters: '{"list_type":"{{list_type}}","version":"{{fetch-list.version}}"}'
      - name: notify-compliance
        type: call
        call: outlook.send-mail
        with:
          to: sanctions-team@barclays.com
          subject: 'Sanctions List Updated: {{list_type}} v{{fetch-list.version}}'
          body: '{{list_type}} sanctions list updated to version {{fetch-list.version}}. Rescreening batch initiated. {{trigger-rescreening.affected_entities}} entities queued for review.'
  consumes:
  - type: http
    namespace: refinitiv
    baseUri: https://rms-world-check-one-api-pilot.thomsonreuters.com/v2
    authentication:
      type: bearer
      token: $secrets.refinitiv_api_key
    resources:
    - name: sanctions-lists
      path: /lists/{{list_type}}
      inputParameters:
      - name: list_type
        in: path
      operations:
      - name: get-sanctions-list
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://barclays.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /users/compliance-notices@barclays.com/sendMail
      operations:
      - name: send-mail
        method: POST

Retrieves a signed URL for a report file stored in Amazon S3. Used by compliance and audit teams to access archived regulatory reports.

naftiko: '0.5'
info:
  label: Amazon S3 Report Archive Retrieval
  description: Retrieves a signed URL for a report file stored in Amazon S3. Used by compliance and audit teams to access archived regulatory reports.
  tags:
  - storage
  - archive
  - amazon-s3
capability:
  exposes:
  - type: mcp
    namespace: report-archive
    port: 8080
    tools:
    - name: get-archived-report
      description: Generate a pre-signed URL for an S3 archived report.
      inputParameters:
      - name: bucket
        in: body
        type: string
        description: S3 bucket name.
      - name: object_key
        in: body
        type: string
        description: S3 object key (file path).
      call: s3.get-presigned-url
      with:
        bucket: '{{bucket}}'
        key: '{{object_key}}'
  consumes:
  - type: http
    namespace: s3
    baseUri: https://s3.eu-west-2.amazonaws.com
    authentication:
      type: aws-sigv4
      region: eu-west-2
      access_key: $secrets.aws_access_key
      secret_key: $secrets.aws_secret_key
    resources:
    - name: objects
      path: /{{bucket}}/{{key}}
      inputParameters:
      - name: bucket
        in: path
      - name: key
        in: path
      operations:
      - name: get-presigned-url
        method: GET

Orchestrates a production deployment by triggering the GitHub Actions workflow, running smoke tests via Postman, checking Datadog health monitors, and posting the deployment result to Microsoft Teams.

naftiko: '0.5'
info:
  label: Deployment Pipeline Orchestrator
  description: Orchestrates a production deployment by triggering the GitHub Actions workflow, running smoke tests via Postman, checking Datadog health monitors, and posting the deployment result to Microsoft Teams.
  tags:
  - devops
  - ci-cd
  - github-actions
  - postman
  - datadog
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: deployment-pipeline
    port: 8080
    tools:
    - name: deploy-to-production
      description: Trigger a full production deployment with smoke tests, health checks, and team notification.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository (owner/repo).
      - name: workflow_id
        in: body
        type: string
        description: GitHub Actions workflow file name.
      - name: ref
        in: body
        type: string
        description: Git ref to deploy (branch or tag).
      steps:
      - name: trigger-deploy
        type: call
        call: github.trigger-workflow
        with:
          repo: '{{repo}}'
          workflow_id: '{{workflow_id}}'
          ref: '{{ref}}'
      - name: run-smoke-tests
        type: call
        call: postman.run-collection
        with:
          collection_id: smoke-tests-production
          environment: production
      - name: check-health
        type: call
        call: datadog.search-monitors
        with:
          query: tag:service:{{repo}} status:alert
      - name: notify-team
        type: call
        call: msteams.send-channel-message
        with:
          team_id: platform-engineering
          channel_id: deployments
          text: 'Deployment of {{repo}}@{{ref}} complete. Smoke tests: {{run-smoke-tests.status}}. Active alerts: {{check-health.total_count}}.'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-dispatches
      path: /repos/{{repo}}/actions/workflows/{{workflow_id}}/dispatches
      inputParameters:
      - name: repo
        in: path
      - name: workflow_id
        in: path
      operations:
      - name: trigger-workflow
        method: POST
  - type: http
    namespace: postman
    baseUri: https://api.getpostman.com
    authentication:
      type: apiKey
      name: X-Api-Key
      in: header
      value: $secrets.postman_api_key
    resources:
    - name: collection-runs
      path: /collections/{{collection_id}}/runs
      inputParameters:
      - name: collection_id
        in: path
      operations:
      - name: run-collection
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.eu/api/v1
    authentication:
      type: apiKey
      name: DD-API-KEY
      in: header
      value: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/search
      operations:
      - name: search-monitors
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Executes a read-only analytics query. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Database Query Runner
  description: Executes a read-only analytics query. Used by Barclays teams.
  tags:
  - banking
  - elasticsearch
capability:
  exposes:
  - type: mcp
    namespace: elasticsearc
    port: 8080
    tools:
    - name: get-database_query_runner
      description: Executes a read-only analytics query. Used by Barclays teams.
      inputParameters:
      - name: sql_query
        in: body
        type: string
        description: The sql_query to look up.
      call: elasticsearch.get-sql_query
      with:
        sql_query: '{{sql_query}}'
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://barclays-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_database_query_runner
        method: GET

Orchestrates customer identity verification during onboarding by pulling customer data from Salesforce, running sanctions screening via Refinitiv World-Check, and logging the verification result in ServiceNow for audit trail.

naftiko: '0.5'
info:
  label: KYC Customer Identity Verification
  description: Orchestrates customer identity verification during onboarding by pulling customer data from Salesforce, running sanctions screening via Refinitiv World-Check, and logging the verification result in ServiceNow for audit trail.
  tags:
  - kyc
  - compliance
  - salesforce
  - refinitiv
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: kyc-verification
    port: 8080
    tools:
    - name: verify-customer-identity
      description: Run full KYC identity verification for a customer, including sanctions screening and audit logging.
      inputParameters:
      - name: customer_id
        in: body
        type: string
        description: The Salesforce customer account ID.
      steps:
      - name: fetch-customer
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{customer_id}}'
      - name: screen-sanctions
        type: call
        call: refinitiv.screen-entity
        with:
          entity_name: '{{fetch-customer.Name}}'
          entity_type: individual
          date_of_birth: '{{fetch-customer.PersonBirthdate}}'
      - name: log-result
        type: call
        call: servicenow.create-record
        with:
          table: u_kyc_verification
          short_description: KYC screening for {{fetch-customer.Name}}
          result: '{{screen-sanctions.overallResult}}'
          risk_score: '{{screen-sanctions.riskScore}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://barclays.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: refinitiv
    baseUri: https://rms-world-check-one-api-pilot.thomsonreuters.com/v2
    authentication:
      type: bearer
      token: $secrets.refinitiv_api_key
    resources:
    - name: screening
      path: /cases/screeningRequest
      operations:
      - name: screen-entity
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://barclays.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: table-records
      path: /table/{{table}}
      inputParameters:
      - name: table
        in: path
      operations:
      - name: create-record
        method: POST

Orchestrates publishing enriched trade events to Apache Kafka by pulling trade details from Tradeweb, enriching with Bloomberg market data, and producing the composite event to the trade events topic.

naftiko: '0.5'
info:
  label: Kafka Trade Event Stream Publishing
  description: Orchestrates publishing enriched trade events to Apache Kafka by pulling trade details from Tradeweb, enriching with Bloomberg market data, and producing the composite event to the trade events topic.
  tags:
  - trading
  - event-streaming
  - tradeweb
  - bloomberg-enterprise-data
  - apache-kafka
capability:
  exposes:
  - type: mcp
    namespace: trade-events
    port: 8080
    tools:
    - name: publish-enriched-trade-event
      description: Enrich a trade with market data and publish to the Kafka trade events stream.
      inputParameters:
      - name: trade_id
        in: body
        type: string
        description: Tradeweb trade identifier.
      steps:
      - name: get-trade
        type: call
        call: tradeweb.get-trade
        with:
          trade_id: '{{trade_id}}'
      - name: get-market-data
        type: call
        call: bloomberg.get-security
        with:
          ticker: '{{get-trade.security}}'
      - name: publish-event
        type: call
        call: kafka.produce
        with:
          topic: trades.enriched
          key: '{{trade_id}}'
          value: '{"tradeId":"{{trade_id}}","security":"{{get-trade.security}}","notional":"{{get-trade.notional}}","lastPrice":"{{get-market-data.lastPrice}}","volume":"{{get-market-data.volume}}"}'
  consumes:
  - type: http
    namespace: tradeweb
    baseUri: https://api.tradeweb.com/v1
    authentication:
      type: bearer
      token: $secrets.tradeweb_api_key
    resources:
    - name: trades
      path: /trades/{{trade_id}}
      inputParameters:
      - name: trade_id
        in: path
      operations:
      - name: get-trade
        method: GET
  - type: http
    namespace: bloomberg
    baseUri: https://bql.data.bloomberg.com/api/v1
    authentication:
      type: bearer
      token: $secrets.bloomberg_api_key
    resources:
    - name: securities
      path: /data/{{ticker}}
      inputParameters:
      - name: ticker
        in: path
      operations:
      - name: get-security
        method: GET
  - type: http
    namespace: kafka
    baseUri: https://barclays-kafka.confluent.cloud/kafka/v3/clusters/barclays-prod
    authentication:
      type: basic
      username: $secrets.kafka_api_key
      password: $secrets.kafka_api_secret
    resources:
    - name: records
      path: /topics/{{topic}}/records
      inputParameters:
      - name: topic
        in: path
      operations:
      - name: produce
        method: POST

Executes a parameterized query against the Snowflake risk data warehouse to retrieve portfolio exposure by asset class. Used by risk managers for daily limit checks.

naftiko: '0.5'
info:
  label: Snowflake Risk Exposure Query
  description: Executes a parameterized query against the Snowflake risk data warehouse to retrieve portfolio exposure by asset class. Used by risk managers for daily limit checks.
  tags:
  - risk-management
  - data-warehouse
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: risk-analytics
    port: 8080
    tools:
    - name: query-risk-exposure
      description: Run a portfolio exposure query on Snowflake by portfolio ID and asset class.
      inputParameters:
      - name: portfolio_id
        in: body
        type: string
        description: Portfolio identifier.
      - name: asset_class
        in: body
        type: string
        description: Asset class filter (e.g. equities, fixed_income, fx).
      call: snowflake.execute-query
      with:
        statement: SELECT asset_class, SUM(notional) as total_exposure, SUM(pnl) as total_pnl FROM risk.positions WHERE portfolio_id = '{{portfolio_id}}' AND asset_class = '{{asset_class}}' GROUP BY asset_class
        warehouse: RISK_WH
        database: RISK_DB
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://barclays.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST

Retrieves vulnerability scan results. Used by Barclays teams.

naftiko: '0.5'
info:
  label: Barclays Security Scan Results
  description: Retrieves vulnerability scan results. Used by Barclays teams.
  tags:
  - banking
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: pagerduty
    port: 8080
    tools:
    - name: get-security_scan_results
      description: Retrieves vulnerability scan results. Used by Barclays teams.
      inputParameters:
      - name: scan_id
        in: body
        type: string
        description: The scan_id to look up.
      call: pagerduty.get-scan_id
      with:
        scan_id: '{{scan_id}}'
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: barclays_security_scan_results
        method: GET

Tracks mandatory training completion, sends reminders, escalates non-compliance, and reports status.